From fc9eec3626fcb9a3d4043d779462c4fc39cd51ae Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 15 Sep 2011 16:54:33 +0200
Subject: Removed the AC interface (gcry_ac_*)

This interface has long been deprecated.  It was also initially only
declared as an experimental interface.  It added its own kind of
complexity and we found that it does not make applications easier to
read.  Modern features of Libgcrypt were not supported and its removal
reduces the SLOC which is a Good Thing from a security POV.
---
 ChangeLog          |    2 +
 NEWS               |    5 +
 cipher/ChangeLog   |    4 +
 cipher/Makefile.am |    2 +-
 cipher/ac.c        | 3301 ----------------------------------------------------
 configure.ac       |    9 +-
 doc/ChangeLog      |    4 +
 doc/gcrypt.texi    |  549 ---------
 src/ChangeLog      |   11 +
 src/g10lib.h       |    1 -
 src/gcrypt.h.in    |  408 -------
 src/global.c       |    9 -
 src/libgcrypt.def  |   41 +-
 src/libgcrypt.vers |   20 +-
 src/visibility.c   |  281 -----
 src/visibility.h   |  218 +---
 tests/ChangeLog    |    4 +
 tests/Makefile.am  |    2 +-
 tests/ac-data.c    |  208 ----
 tests/ac-schemes.c |  347 ------
 tests/ac.c         |  162 ---
 21 files changed, 48 insertions(+), 5540 deletions(-)
 delete mode 100644 cipher/ac.c
 delete mode 100644 tests/ac-data.c
 delete mode 100644 tests/ac-schemes.c
 delete mode 100644 tests/ac.c

diff --git a/ChangeLog b/ChangeLog
index 36ea7bf9..4bd3ee2a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
 2011-09-15  Werner Koch  <wk@g10code.com>
 
+	* configure.ac: Bump LT version at C19/A0/R0 due to the ABI change.
+
 	* configure.ac (CC_FOR_BUILD): New.
 
 2011-06-29  Werner Koch  <wk@g10code.com>
diff --git a/NEWS b/NEWS
index 0a01c325..d3e4eb68 100644
--- a/NEWS
+++ b/NEWS
@@ -1,8 +1,13 @@
 Noteworthy changes in version 1.6.0 (unreleased)
 ------------------------------------------------
 
+ * Removed the long deprecated gcry_ac interface.  Thus Libgcrypt is
+   not anymore ABI compatible too previous versions.
+
  * Interface changes relative to the 1.5.0 release:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ gcry_ac_*             REMOVED.
+ GCRY_AC_*             REMOVED.
 
 
 Noteworthy changes in version 1.5.0 (2011-06-29)
diff --git a/cipher/ChangeLog b/cipher/ChangeLog
index f061d01f..a885443f 100644
--- a/cipher/ChangeLog
+++ b/cipher/ChangeLog
@@ -1,3 +1,7 @@
+2011-09-15  Werner Koch  <wk@g10code.com>
+
+	* ac.c: Remove.
+
 2011-06-29  Werner Koch  <wk@g10code.com>
 
 	* cipher.c (cipher_get_keylen): Return zero for an invalid algorithm.
diff --git a/cipher/Makefile.am b/cipher/Makefile.am
index cbeace87..eb2ce289 100644
--- a/cipher/Makefile.am
+++ b/cipher/Makefile.am
@@ -35,7 +35,7 @@ libcipher_la_DEPENDENCIES = $(GCRYPT_MODULES)
 libcipher_la_LIBADD = $(GCRYPT_MODULES)
 
 libcipher_la_SOURCES = \
-cipher.c pubkey.c ac.c md.c kdf.c \
+cipher.c pubkey.c md.c kdf.c \
 hmac-tests.c \
 bithelp.h  \
 primegen.c  \
diff --git a/cipher/ac.c b/cipher/ac.c
deleted file mode 100644
index f5e946a2..00000000
--- a/cipher/ac.c
+++ /dev/null
@@ -1,3301 +0,0 @@
-/* ac.c - Alternative interface for asymmetric cryptography.
-   Copyright (C) 2003, 2004, 2005, 2006
-                 2007, 2008  Free Software Foundation, Inc.
-
-   This file is part of Libgcrypt.
-
-   Libgcrypt is free software; you can redistribute it and/or modify
-   it under the terms of the GNU Lesser general Public License as
-   published by the Free Software Foundation; either version 2.1 of
-   the License, or (at your option) any later version.
-
-   Libgcrypt is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU Lesser General Public License for more details.
-
-   You should have received a copy of the GNU Lesser General Public
-   License along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <config.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
-#include <stddef.h>
-
-#include "g10lib.h"
-#include "cipher.h"
-#include "mpi.h"
-
-
-
-/* At the moment the ac interface is a wrapper around the pk
-   interface, but this might change somewhen in the future, depending
-   on how many people prefer the ac interface.  */
-
-/* Mapping of flag numbers to the according strings as it is expected
-   for S-expressions.  */
-static struct number_string
-{
-  int number;
-  const char *string;
-} ac_flags[] =
-  {
-    { GCRY_AC_FLAG_NO_BLINDING, "no-blinding" },
-  };
-
-/* The positions in this list correspond to the values contained in
-   the gcry_ac_key_type_t enumeration list.  */
-static const char *ac_key_identifiers[] =
-  {
-    "private-key",
-    "public-key"
-  };
-
-/* These specifications are needed for key-pair generation; the caller
-   is allowed to pass additional, algorithm-specific `specs' to
-   gcry_ac_key_pair_generate.  This list is used for decoding the
-   provided values according to the selected algorithm.  */
-struct gcry_ac_key_generate_spec
-{
-  int algorithm;		/* Algorithm for which this flag is
-				   relevant.  */
-  const char *name;		/* Name of this flag.  */
-  size_t offset;		/* Offset in the cipher-specific spec
-				   structure at which the MPI value
-				   associated with this flag is to be
-				   found.  */
-} ac_key_generate_specs[] =
-  {
-    { GCRY_AC_RSA, "rsa-use-e", offsetof (gcry_ac_key_spec_rsa_t, e) },
-    { 0 }
-  };
-
-/* Handle structure.  */
-struct gcry_ac_handle
-{
-  int algorithm;		/* Algorithm ID associated with this
-				   handle.  */
-  const char *algorithm_name;	/* Name of the algorithm.  */
-  unsigned int flags;		/* Flags, not used yet.  */
-  gcry_module_t module;	        /* Reference to the algorithm
-				   module.  */
-};
-
-/* A named MPI value.  */
-typedef struct gcry_ac_mpi
-{
-  char *name;			/* Self-maintained copy of name.  */
-  gcry_mpi_t mpi;		/* MPI value.         */
-  unsigned int flags;		/* Flags.             */
-} gcry_ac_mpi_t;
-
-/* A data set, that is simply a list of named MPI values.  */
-struct gcry_ac_data
-{
-  gcry_ac_mpi_t *data;		/* List of named values.      */
-  unsigned int data_n;		/* Number of values in DATA.  */
-};
-
-/* A single key.  */
-struct gcry_ac_key
-{
-  gcry_ac_data_t data;		/* Data in native ac structure.  */
-  gcry_ac_key_type_t type;	/* Type of the key.              */
-};
-
-/* A key pair.  */
-struct gcry_ac_key_pair
-{
-  gcry_ac_key_t public;
-  gcry_ac_key_t secret;
-};
-
-
-
-/*
- * Functions for working with data sets.
- */
-
-/* Creates a new, empty data set and store it in DATA.  */
-gcry_error_t
-_gcry_ac_data_new (gcry_ac_data_t *data)
-{
-  gcry_ac_data_t data_new;
-  gcry_error_t err;
-
-  if (fips_mode ())
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  data_new = gcry_malloc (sizeof (*data_new));
-  if (! data_new)
-    {
-      err = gcry_error_from_errno (errno);
-      goto out;
-    }
-
-  data_new->data = NULL;
-  data_new->data_n = 0;
-  *data = data_new;
-  err = 0;
-
- out:
-
-  return err;
-}
-
-/* Destroys all the entries in DATA, but not DATA itself.  */
-static void
-ac_data_values_destroy (gcry_ac_data_t data)
-{
-  unsigned int i;
-
-  for (i = 0; i < data->data_n; i++)
-    if (data->data[i].flags & GCRY_AC_FLAG_DEALLOC)
-      {
-	gcry_mpi_release (data->data[i].mpi);
-	gcry_free (data->data[i].name);
-      }
-}
-
-/* Destroys the data set DATA.  */
-void
-_gcry_ac_data_destroy (gcry_ac_data_t data)
-{
-  if (data)
-    {
-      ac_data_values_destroy (data);
-      gcry_free (data->data);
-      gcry_free (data);
-    }
-}
-
-/* This function creates a copy of the array of named MPIs DATA_MPIS,
-   which is of length DATA_MPIS_N; the copy is stored in
-   DATA_MPIS_CP.  */
-static gcry_error_t
-ac_data_mpi_copy (gcry_ac_mpi_t *data_mpis, unsigned int data_mpis_n,
-		  gcry_ac_mpi_t **data_mpis_cp)
-{
-  gcry_ac_mpi_t *data_mpis_new;
-  gcry_error_t err;
-  unsigned int i;
-  gcry_mpi_t mpi;
-  char *label;
-
-  data_mpis_new = gcry_malloc (sizeof (*data_mpis_new) * data_mpis_n);
-  if (! data_mpis_new)
-    {
-      err = gcry_error_from_errno (errno);
-      goto out;
-    }
-  memset (data_mpis_new, 0, sizeof (*data_mpis_new) * data_mpis_n);
-
-  err = 0;
-  for (i = 0; i < data_mpis_n; i++)
-    {
-      /* Copy values.  */
-
-      label = gcry_strdup (data_mpis[i].name);
-      mpi = gcry_mpi_copy (data_mpis[i].mpi);
-      if (! (label && mpi))
-	{
-	  err = gcry_error_from_errno (errno);
-	  gcry_mpi_release (mpi);
-	  gcry_free (label);
-	  break;
-	}
-
-      data_mpis_new[i].flags = GCRY_AC_FLAG_DEALLOC;
-      data_mpis_new[i].name = label;
-      data_mpis_new[i].mpi = mpi;
-    }
-  if (err)
-    goto out;
-
-  *data_mpis_cp = data_mpis_new;
-  err = 0;
-
- out:
-
-  if (err)
-    if (data_mpis_new)
-      {
-	for (i = 0; i < data_mpis_n; i++)
-	  {
-	    gcry_mpi_release (data_mpis_new[i].mpi);
-	    gcry_free (data_mpis_new[i].name);
-	  }
-	gcry_free (data_mpis_new);
-      }
-
-  return err;
-}
-
-/* Create a copy of the data set DATA and store it in DATA_CP.  */
-gcry_error_t
-_gcry_ac_data_copy (gcry_ac_data_t *data_cp, gcry_ac_data_t data)
-{
-  gcry_ac_mpi_t *data_mpis = NULL;
-  gcry_ac_data_t data_new;
-  gcry_error_t err;
-
-  if (fips_mode ())
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  /* Allocate data set.  */
-  data_new = gcry_malloc (sizeof (*data_new));
-  if (! data_new)
-    {
-      err = gcry_error_from_errno (errno);
-      goto out;
-    }
-
-  err = ac_data_mpi_copy (data->data, data->data_n, &data_mpis);
-  if (err)
-    goto out;
-
-  data_new->data_n = data->data_n;
-  data_new->data = data_mpis;
-  *data_cp = data_new;
-
- out:
-
-  if (err)
-    gcry_free (data_new);
-
-  return err;
-}
-
-/* Returns the number of named MPI values inside of the data set
-   DATA.  */
-unsigned int
-_gcry_ac_data_length (gcry_ac_data_t data)
-{
-  return data->data_n;
-}
-
-
-/* Add the value MPI to DATA with the label NAME.  If FLAGS contains
-   GCRY_AC_FLAG_COPY, the data set will contain copies of NAME
-   and MPI.  If FLAGS contains GCRY_AC_FLAG_DEALLOC or
-   GCRY_AC_FLAG_COPY, the values contained in the data set will
-   be deallocated when they are to be removed from the data set.  */
-gcry_error_t
-_gcry_ac_data_set (gcry_ac_data_t data, unsigned int flags,
-		   const char *name, gcry_mpi_t mpi)
-{
-  gcry_error_t err;
-  gcry_mpi_t mpi_cp;
-  char *name_cp;
-  unsigned int i;
-
-  name_cp = NULL;
-  mpi_cp = NULL;
-
-  if (fips_mode ())
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  if (flags & ~(GCRY_AC_FLAG_DEALLOC | GCRY_AC_FLAG_COPY))
-    {
-      err = gcry_error (GPG_ERR_INV_ARG);
-      goto out;
-    }
-
-  if (flags & GCRY_AC_FLAG_COPY)
-    {
-      /* Create copies.  */
-
-      flags |= GCRY_AC_FLAG_DEALLOC;
-      name_cp = gcry_strdup (name);
-      mpi_cp = gcry_mpi_copy (mpi);
-      if (! (name_cp && mpi_cp))
-	{
-	  err = gcry_error_from_errno (errno);
-	  goto out;
-	}
-    }
-
-  /* Search for existing entry.  */
-  for (i = 0; i < data->data_n; i++)
-    if (! strcmp (name, data->data[i].name))
-      break;
-  if (i < data->data_n)
-    {
-      /* An entry for NAME does already exist.  */
-      if (data->data[i].flags & GCRY_AC_FLAG_DEALLOC)
-	{
-	  gcry_mpi_release (data->data[i].mpi);
-	  gcry_free (data->data[i].name);
-	}
-    }
-  else
-    {
-      /* Create a new entry.  */
-
-      gcry_ac_mpi_t *ac_mpis;
-
-      ac_mpis = gcry_realloc (data->data,
-			      sizeof (*data->data) * (data->data_n + 1));
-      if (! ac_mpis)
-	{
-	  err = gcry_error_from_errno (errno);
-	  goto out;
-	}
-
-      if (data->data != ac_mpis)
-	data->data = ac_mpis;
-      data->data_n++;
-    }
-
-  data->data[i].name = name_cp ? name_cp : ((char *) name);
-  data->data[i].mpi = mpi_cp ? mpi_cp : mpi;
-  data->data[i].flags = flags;
-  err = 0;
-
- out:
-
-  if (err)
-    {
-      gcry_mpi_release (mpi_cp);
-      gcry_free (name_cp);
-    }
-
-  return err;
-}
-
-/* Stores the value labelled with NAME found in the data set DATA in
-   MPI.  The returned MPI value will be released in case
-   gcry_ac_data_set is used to associate the label NAME with a
-   different MPI value.  */
-gcry_error_t
-_gcry_ac_data_get_name (gcry_ac_data_t data, unsigned int flags,
-			const char *name, gcry_mpi_t *mpi)
-{
-  gcry_mpi_t mpi_return;
-  gcry_error_t err;
-  unsigned int i;
-
-  if (fips_mode ())
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  if (flags & ~(GCRY_AC_FLAG_COPY))
-    {
-      err = gcry_error (GPG_ERR_INV_ARG);
-      goto out;
-    }
-
-  for (i = 0; i < data->data_n; i++)
-    if (! strcmp (name, data->data[i].name))
-      break;
-  if (i == data->data_n)
-    {
-      err = gcry_error (GPG_ERR_NOT_FOUND);
-      goto out;
-    }
-
-  if (flags & GCRY_AC_FLAG_COPY)
-    {
-      mpi_return = gcry_mpi_copy (data->data[i].mpi);
-      if (! mpi_return)
-	{
-	  err = gcry_error_from_errno (errno); /* FIXME? */
-	  goto out;
-	}
-    }
-  else
-    mpi_return = data->data[i].mpi;
-
-  *mpi = mpi_return;
-  err = 0;
-
- out:
-
-  return err;
-}
-
-/* Stores in NAME and MPI the named MPI value contained in the data
-   set DATA with the index IDX.  NAME or MPI may be NULL.  The
-   returned MPI value will be released in case gcry_ac_data_set is
-   used to associate the label NAME with a different MPI value.  */
-gcry_error_t
-_gcry_ac_data_get_index (gcry_ac_data_t data, unsigned int flags,
-			 unsigned int idx,
-			 const char **name, gcry_mpi_t *mpi)
-{
-  gcry_error_t err;
-  gcry_mpi_t mpi_cp;
-  char *name_cp;
-
-  name_cp = NULL;
-  mpi_cp = NULL;
-
-  if (fips_mode ())
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  if (flags & ~(GCRY_AC_FLAG_COPY))
-    {
-      err = gcry_error (GPG_ERR_INV_ARG);
-      goto out;
-    }
-
-  if (idx >= data->data_n)
-    {
-      err = gcry_error (GPG_ERR_INV_ARG);
-      goto out;
-    }
-
-  if (flags & GCRY_AC_FLAG_COPY)
-    {
-      /* Return copies to the user.  */
-      if (name)
-	{
-	  name_cp = gcry_strdup (data->data[idx].name);
-	  if (! name_cp)
-	    {
-	      err = gcry_error_from_errno (errno);
-	      goto out;
-	    }
-	}
-      if (mpi)
-	{
-	  mpi_cp = gcry_mpi_copy (data->data[idx].mpi);
-	  if (! mpi_cp)
-	    {
-	      err = gcry_error_from_errno (errno);
-	      goto out;
-	    }
-	}
-    }
-
-  if (name)
-    *name = name_cp ? name_cp : data->data[idx].name;
-  if (mpi)
-    *mpi = mpi_cp ? mpi_cp : data->data[idx].mpi;
-  err = 0;
-
- out:
-
-  if (err)
-    {
-      gcry_mpi_release (mpi_cp);
-      gcry_free (name_cp);
-    }
-
-  return err;
-}
-
-/* Convert the data set DATA into a new S-Expression, which is to be
-   stored in SEXP, according to the identifiers contained in
-   IDENTIFIERS.  */
-gcry_error_t
-_gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp,
-		       const char **identifiers)
-{
-  gcry_sexp_t sexp_new;
-  gcry_error_t err;
-  char *sexp_buffer;
-  size_t sexp_buffer_n;
-  size_t identifiers_n;
-  const char *label;
-  gcry_mpi_t mpi;
-  void **arg_list;
-  size_t data_n;
-  unsigned int i;
-
-  sexp_buffer_n = 1;
-  sexp_buffer = NULL;
-  arg_list = NULL;
-  err = 0;
-
-  if (fips_mode ())
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  /* Calculate size of S-expression representation.  */
-
-  i = 0;
-  if (identifiers)
-    while (identifiers[i])
-      {
-	/* For each identifier, we add "(<IDENTIFIER>)".  */
-	sexp_buffer_n += 1 + strlen (identifiers[i]) + 1;
-	i++;
-      }
-  identifiers_n = i;
-
-  if (! identifiers_n)
-    /* If there are NO identifiers, we still add surrounding braces so
-       that we have a list of named MPI value lists.  Otherwise it
-       wouldn't be too much fun to process these lists.  */
-    sexp_buffer_n += 2;
-
-  data_n = _gcry_ac_data_length (data);
-  for (i = 0; i < data_n; i++)
-    {
-      err = gcry_ac_data_get_index (data, 0, i, &label, NULL);
-      if (err)
-	break;
-      /* For each MPI we add "(<LABEL> %m)".  */
-      sexp_buffer_n += 1 + strlen (label) + 4;
-    }
-  if (err)
-    goto out;
-
-  /* Allocate buffer.  */
-
-  sexp_buffer = gcry_malloc (sexp_buffer_n);
-  if (! sexp_buffer)
-    {
-      err = gcry_error_from_errno (errno);
-      goto out;
-    }
-
-  /* Fill buffer.  */
-
-  *sexp_buffer = 0;
-  sexp_buffer_n = 0;
-
-  /* Add identifiers: (<IDENTIFIER0>(<IDENTIFIER1>...)).  */
-  if (identifiers_n)
-    {
-      /* Add nested identifier lists as usual.  */
-      for (i = 0; i < identifiers_n; i++)
-	sexp_buffer_n += sprintf (sexp_buffer + sexp_buffer_n, "(%s",
-				  identifiers[i]);
-    }
-  else
-    {
-      /* Add special list.  */
-      sexp_buffer_n += sprintf (sexp_buffer + sexp_buffer_n, "(");
-    }
-
-  /* Add MPI list.  */
-  arg_list = gcry_malloc (sizeof (*arg_list) * (data_n + 1));
-  if (! arg_list)
-    {
-      err = gcry_error_from_errno (errno);
-      goto out;
-    }
-  for (i = 0; i < data_n; i++)
-    {
-      err = gcry_ac_data_get_index (data, 0, i, &label, &mpi);
-      if (err)
-	break;
-      sexp_buffer_n += sprintf (sexp_buffer + sexp_buffer_n,
-				"(%s %%m)", label);
-      arg_list[i] = &data->data[i].mpi;
-    }
-  if (err)
-    goto out;
-
-  if (identifiers_n)
-    {
-      /* Add closing braces for identifier lists as usual.  */
-      for (i = 0; i < identifiers_n; i++)
-	sexp_buffer_n += sprintf (sexp_buffer + sexp_buffer_n, ")");
-    }
-  else
-    {
-      /* Add closing braces for special list.  */
-      sexp_buffer_n += sprintf (sexp_buffer + sexp_buffer_n, ")");
-    }
-
-  /* Construct.  */
-  err = gcry_sexp_build_array (&sexp_new, NULL, sexp_buffer, arg_list);
-  if (err)
-    goto out;
-
-  *sexp = sexp_new;
-
- out:
-
-  gcry_free (sexp_buffer);
-  gcry_free (arg_list);
-
-  return err;
-}
-
-/* Create a new data set, which is to be stored in DATA_SET, from the
-   S-Expression SEXP, according to the identifiers contained in
-   IDENTIFIERS.  */
-gcry_error_t
-_gcry_ac_data_from_sexp (gcry_ac_data_t *data_set, gcry_sexp_t sexp,
-			 const char **identifiers)
-{
-  gcry_ac_data_t data_set_new;
-  gcry_error_t err;
-  gcry_sexp_t sexp_cur;
-  gcry_sexp_t sexp_tmp;
-  gcry_mpi_t mpi;
-  char *string;
-  const char *data;
-  size_t data_n;
-  size_t sexp_n;
-  unsigned int i;
-  int skip_name;
-
-  data_set_new = NULL;
-  sexp_cur = sexp;
-  sexp_tmp = NULL;
-  string = NULL;
-  mpi = NULL;
-  err = 0;
-
-  if (fips_mode ())
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  /* Process S-expression/identifiers.  */
-
-  if (identifiers)
-    {
-      for (i = 0; identifiers[i]; i++)
-	{
-	  /* Next identifier.  Extract first data item from
-	     SEXP_CUR.  */
-	  data = gcry_sexp_nth_data (sexp_cur, 0, &data_n);
-
-	  if (! ((data_n == strlen (identifiers[i]))
-		 && (! strncmp (data, identifiers[i], data_n))))
-	    {
-	      /* Identifier mismatch -> error.  */
-	      err = gcry_error (GPG_ERR_INV_SEXP);
-	      break;
-	    }
-
-	  /* Identifier matches.  Now we have to distinguish two
-	     cases:
-
-	     (i)  we are at the last identifier:
-	     leave loop
-
-	     (ii) we are not at the last identifier:
-	     extract next element, which is supposed to be a
-	     sublist.  */
-
-	  if (! identifiers[i + 1])
-	    /* Last identifier.  */
-	    break;
-	  else
-	    {
-	      /* Not the last identifier, extract next sublist.  */
-
-	      sexp_tmp = gcry_sexp_nth (sexp_cur, 1);
-	      if (! sexp_tmp)
-		{
-		  /* Missing sublist.  */
-		  err = gcry_error (GPG_ERR_INV_SEXP);
-		  break;
-		}
-
-	      /* Release old SEXP_CUR, in case it is not equal to the
-		 original SEXP.  */
-	      if (sexp_cur != sexp)
-		gcry_sexp_release (sexp_cur);
-
-	      /* Make SEXP_CUR point to the new current sublist.  */
-	      sexp_cur = sexp_tmp;
-              sexp_tmp = NULL;
-	    }
-	}
-      if (err)
-	goto out;
-
-      if (i)
-        {
-          /* We have at least one identifier in the list, this means
-             the the list of named MPI values is prefixed, this means
-             that we need to skip the first item (the list name), when
-             processing the MPI values.  */
-          skip_name = 1;
-        }
-      else
-        {
-          /* Since there is no identifiers list, the list of named MPI
-             values is not prefixed with a list name, therefore the
-             offset to use is zero.  */
-          skip_name = 0;
-        }
-    }
-  else
-    /* Since there is no identifiers list, the list of named MPI
-       values is not prefixed with a list name, therefore the offset
-       to use is zero.  */
-    skip_name = 0;
-
-  /* Create data set from S-expression data.  */
-
-  err = gcry_ac_data_new (&data_set_new);
-  if (err)
-    goto out;
-
-  /* Figure out amount of named MPIs in SEXP_CUR.  */
-  if (sexp_cur)
-    sexp_n = gcry_sexp_length (sexp_cur) - skip_name;
-  else
-    sexp_n = 0;
-
-  /* Extracte the named MPIs sequentially.  */
-  for (i = 0; i < sexp_n; i++)
-    {
-      /* Store next S-Expression pair, which is supposed to consist of
-	 a name and an MPI value, in SEXP_TMP.  */
-
-      sexp_tmp = gcry_sexp_nth (sexp_cur, i + skip_name);
-      if (! sexp_tmp)
-	{
-	  err = gcry_error (GPG_ERR_INV_SEXP);
-	  break;
-	}
-
-      /* Extract name from current S-Expression pair.  */
-      data = gcry_sexp_nth_data (sexp_tmp, 0, &data_n);
-      string = gcry_malloc (data_n + 1);
-      if (! string)
-	{
-	  err = gcry_error_from_errno (errno);
-	  break;
-	}
-      memcpy (string, data, data_n);
-      string[data_n] = 0;
-
-      /* Extract MPI value.  */
-      mpi = gcry_sexp_nth_mpi (sexp_tmp, 1, 0);
-      if (! mpi)
-	{
-	  err = gcry_error (GPG_ERR_INV_SEXP); /* FIXME? */
-	  break;
-	}
-
-      /* Store named MPI in data_set_new.  */
-      err = gcry_ac_data_set (data_set_new, GCRY_AC_FLAG_DEALLOC, string, mpi);
-      if (err)
-	break;
-
-/*       gcry_free (string); */
-      string = NULL;
-/*       gcry_mpi_release (mpi); */
-      mpi = NULL;
-
-      gcry_sexp_release (sexp_tmp);
-      sexp_tmp = NULL;
-    }
-  if (err)
-    goto out;
-
-  *data_set = data_set_new;
-
- out:
-
-  if (sexp_cur != sexp)
-    gcry_sexp_release (sexp_cur);
-  gcry_sexp_release (sexp_tmp);
-  gcry_mpi_release (mpi);
-  gcry_free (string);
-
-  if (err)
-    gcry_ac_data_destroy (data_set_new);
-
-  return err;
-}
-
-
-static void
-_gcry_ac_data_dump (const char *prefix, gcry_ac_data_t data)
-{
-  unsigned char *mpi_buffer;
-  size_t mpi_buffer_n;
-  unsigned int data_n;
-  gcry_error_t err;
-  const char *name;
-  gcry_mpi_t mpi;
-  unsigned int i;
-
-  if (! data)
-    return;
-
-  if (fips_mode ())
-    return;
-
-  mpi_buffer = NULL;
-
-  data_n = _gcry_ac_data_length (data);
-  for (i = 0; i < data_n; i++)
-    {
-      err = gcry_ac_data_get_index (data, 0, i, &name, &mpi);
-      if (err)
-	{
-	  log_error ("failed to dump data set");
-	  break;
-	}
-
-      err = gcry_mpi_aprint (GCRYMPI_FMT_HEX, &mpi_buffer, &mpi_buffer_n, mpi);
-      if (err)
-	{
-	  log_error ("failed to dump data set");
-	  break;
-	}
-
-      log_printf ("%s%s%s: %s\n",
-		  prefix ? prefix : "",
-		  prefix ? ": " : ""
-		  , name, mpi_buffer);
-
-      gcry_free (mpi_buffer);
-      mpi_buffer = NULL;
-    }
-
-  gcry_free (mpi_buffer);
-}
-
-/* Dump the named MPI values contained in the data set DATA to
-   Libgcrypt's logging stream.  */
-void
-gcry_ac_data_dump (const char *prefix, gcry_ac_data_t data)
-{
-  _gcry_ac_data_dump (prefix, data);
-}
-
-/* Destroys any values contained in the data set DATA.  */
-void
-_gcry_ac_data_clear (gcry_ac_data_t data)
-{
-  ac_data_values_destroy (data);
-  gcry_free (data->data);
-  data->data = NULL;
-  data->data_n = 0;
-}
-
-
-
-/*
- * Implementation of `ac io' objects.
- */
-
-/* Initialize AC_IO according to MODE, TYPE and the variable list of
-   arguments AP.  The list of variable arguments to specify depends on
-   the given TYPE.  */
-void
-_gcry_ac_io_init_va (gcry_ac_io_t *ac_io,
-		     gcry_ac_io_mode_t mode, gcry_ac_io_type_t type, va_list ap)
-{
-  memset (ac_io, 0, sizeof (*ac_io));
-
-  if (fips_mode ())
-    return;
-
-  gcry_assert ((mode == GCRY_AC_IO_READABLE) || (mode == GCRY_AC_IO_WRITABLE));
-  gcry_assert ((type == GCRY_AC_IO_STRING) || (type == GCRY_AC_IO_STRING));
-
-  ac_io->mode = mode;
-  ac_io->type = type;
-
-  switch (mode)
-    {
-    case GCRY_AC_IO_READABLE:
-      switch (type)
-	{
-	case GCRY_AC_IO_STRING:
-	  ac_io->io.readable.string.data = va_arg (ap, unsigned char *);
-	  ac_io->io.readable.string.data_n = va_arg (ap, size_t);
-	  break;
-
-	case GCRY_AC_IO_CALLBACK:
-	  ac_io->io.readable.callback.cb = va_arg (ap, gcry_ac_data_read_cb_t);
-	  ac_io->io.readable.callback.opaque = va_arg (ap, void *);
-	  break;
-	}
-      break;
-    case GCRY_AC_IO_WRITABLE:
-      switch (type)
-	{
-	case GCRY_AC_IO_STRING:
-	  ac_io->io.writable.string.data = va_arg (ap, unsigned char **);
-	  ac_io->io.writable.string.data_n = va_arg (ap, size_t *);
-	  break;
-
-	case GCRY_AC_IO_CALLBACK:
-	  ac_io->io.writable.callback.cb = va_arg (ap, gcry_ac_data_write_cb_t);
-	  ac_io->io.writable.callback.opaque = va_arg (ap, void *);
-	  break;
-	}
-      break;
-    }
-}
-
-/* Initialize AC_IO according to MODE, TYPE and the variable list of
-   arguments.  The list of variable arguments to specify depends on
-   the given TYPE. */
-void
-_gcry_ac_io_init (gcry_ac_io_t *ac_io,
-		  gcry_ac_io_mode_t mode, gcry_ac_io_type_t type, ...)
-{
-  va_list ap;
-
-  va_start (ap, type);
-  _gcry_ac_io_init_va (ac_io, mode, type, ap);
-  va_end (ap);
-}
-
-
-/* Write to the IO object AC_IO BUFFER_N bytes from BUFFER.  Return
-   zero on success or error code.  */
-static gcry_error_t
-_gcry_ac_io_write (gcry_ac_io_t *ac_io, unsigned char *buffer, size_t buffer_n)
-{
-  gcry_error_t err;
-
-  gcry_assert (ac_io->mode == GCRY_AC_IO_WRITABLE);
-  err = 0;
-
-  switch (ac_io->type)
-    {
-    case GCRY_AC_IO_STRING:
-      {
-	unsigned char *p;
-
-	if (*ac_io->io.writable.string.data)
-	  {
-	    p = gcry_realloc (*ac_io->io.writable.string.data,
-			      *ac_io->io.writable.string.data_n + buffer_n);
-	    if (! p)
-	      err = gcry_error_from_errno (errno);
-	    else
-	      {
-		if (*ac_io->io.writable.string.data != p)
-		  *ac_io->io.writable.string.data = p;
-		memcpy (p + *ac_io->io.writable.string.data_n, buffer, buffer_n);
-		*ac_io->io.writable.string.data_n += buffer_n;
-	      }
-	  }
-	else
-	  {
-	    if (gcry_is_secure (buffer))
-	      p = gcry_malloc_secure (buffer_n);
-	    else
-	      p = gcry_malloc (buffer_n);
-	    if (! p)
-	      err = gcry_error_from_errno (errno);
-	    else
-	      {
-		memcpy (p, buffer, buffer_n);
-		*ac_io->io.writable.string.data = p;
-		*ac_io->io.writable.string.data_n = buffer_n;
-	      }
-	  }
-      }
-      break;
-
-    case GCRY_AC_IO_CALLBACK:
-      err = (*ac_io->io.writable.callback.cb) (ac_io->io.writable.callback.opaque,
-					       buffer, buffer_n);
-      break;
-    }
-
-  return err;
-}
-
-/* Read *BUFFER_N bytes from the IO object AC_IO into BUFFER; NREAD
-   bytes have already been read from the object; on success, store the
-   amount of bytes read in *BUFFER_N; zero bytes read means EOF.
-   Return zero on success or error code.  */
-static gcry_error_t
-_gcry_ac_io_read (gcry_ac_io_t *ac_io,
-		  unsigned int nread, unsigned char *buffer, size_t *buffer_n)
-{
-  gcry_error_t err;
-
-  gcry_assert (ac_io->mode == GCRY_AC_IO_READABLE);
-  err = 0;
-
-  switch (ac_io->type)
-    {
-    case GCRY_AC_IO_STRING:
-      {
-	size_t bytes_available;
-	size_t bytes_to_read;
-	size_t bytes_wanted;
-
-	bytes_available = ac_io->io.readable.string.data_n - nread;
-	bytes_wanted = *buffer_n;
-
-	if (bytes_wanted > bytes_available)
-	  bytes_to_read = bytes_available;
-	else
-	  bytes_to_read = bytes_wanted;
-
-	memcpy (buffer, ac_io->io.readable.string.data + nread, bytes_to_read);
-	*buffer_n = bytes_to_read;
-	err = 0;
-	break;
-      }
-
-    case GCRY_AC_IO_CALLBACK:
-      err = (*ac_io->io.readable.callback.cb)
-	(ac_io->io.readable.callback.opaque, buffer, buffer_n);
-      break;
-    }
-
-  return err;
-}
-
-/* Read all data available from the IO object AC_IO into newly
-   allocated memory, storing an appropriate pointer in *BUFFER and the
-   amount of bytes read in *BUFFER_N.  Return zero on success or error
-   code.  */
-static gcry_error_t
-_gcry_ac_io_read_all (gcry_ac_io_t *ac_io, unsigned char **buffer, size_t *buffer_n)
-{
-  unsigned char *buffer_new;
-  size_t buffer_new_n;
-  unsigned char buf[BUFSIZ];
-  size_t buf_n;
-  unsigned char *p;
-  gcry_error_t err;
-
-  buffer_new = NULL;
-  buffer_new_n = 0;
-
-  while (1)
-    {
-      buf_n = sizeof (buf);
-      err = _gcry_ac_io_read (ac_io, buffer_new_n, buf, &buf_n);
-      if (err)
-	break;
-
-      if (buf_n)
-	{
-	  p = gcry_realloc (buffer_new, buffer_new_n + buf_n);
-	  if (! p)
-	    {
-	      err = gcry_error_from_errno (errno);
-	      break;
-	    }
-
-	  if (buffer_new != p)
-	    buffer_new = p;
-
-	  memcpy (buffer_new + buffer_new_n, buf, buf_n);
-	  buffer_new_n += buf_n;
-	}
-      else
-	break;
-    }
-  if (err)
-    goto out;
-
-  *buffer_n = buffer_new_n;
-  *buffer = buffer_new;
-
- out:
-
-  if (err)
-    gcry_free (buffer_new);
-
-  return err;
-}
-
-/* Read data chunks from the IO object AC_IO until EOF, feeding them
-   to the callback function CB.  Return zero on success or error
-   code.  */
-static gcry_error_t
-_gcry_ac_io_process (gcry_ac_io_t *ac_io,
-		     gcry_ac_data_write_cb_t cb, void *opaque)
-{
-  unsigned char buffer[BUFSIZ];
-  unsigned int nread;
-  size_t buffer_n;
-  gcry_error_t err;
-
-  nread = 0;
-
-  while (1)
-    {
-      buffer_n = sizeof (buffer);
-      err = _gcry_ac_io_read (ac_io, nread, buffer, &buffer_n);
-      if (err)
-	break;
-      if (buffer_n)
-	{
-	  err = (*cb) (opaque, buffer, buffer_n);
-	  if (err)
-	    break;
-	  nread += buffer_n;
-	}
-      else
-	break;
-    }
-
-  return err;
-}
-
-
-
-/*
- * Functions for converting data between the native ac and the
- * S-expression structure used by the pk interface.
- */
-
-/* Extract the S-Expression DATA_SEXP into DATA under the control of
-   TYPE and NAME.  This function assumes that S-Expressions are of the
-   following structure:
-
-   (IDENTIFIER [...]
-   (ALGORITHM <list of named MPI values>)) */
-static gcry_error_t
-ac_data_extract (const char *identifier, const char *algorithm,
-		 gcry_sexp_t sexp, gcry_ac_data_t *data)
-{
-  gcry_error_t err;
-  gcry_sexp_t value_sexp;
-  gcry_sexp_t data_sexp;
-  size_t data_sexp_n;
-  gcry_mpi_t value_mpi;
-  char *value_name;
-  const char *data_raw;
-  size_t data_raw_n;
-  gcry_ac_data_t data_new;
-  unsigned int i;
-
-  value_sexp = NULL;
-  data_sexp = NULL;
-  value_name = NULL;
-  value_mpi = NULL;
-  data_new = NULL;
-
-  /* Verify that the S-expression contains the correct identifier.  */
-  data_raw = gcry_sexp_nth_data (sexp, 0, &data_raw_n);
-  if ((! data_raw) || strncmp (identifier, data_raw, data_raw_n))
-    {
-      err = gcry_error (GPG_ERR_INV_SEXP);
-      goto out;
-    }
-
-  /* Extract inner S-expression.  */
-  data_sexp = gcry_sexp_find_token (sexp, algorithm, 0);
-  if (! data_sexp)
-    {
-      err = gcry_error (GPG_ERR_INV_SEXP);
-      goto out;
-    }
-
-  /* Count data elements.  */
-  data_sexp_n = gcry_sexp_length (data_sexp);
-  data_sexp_n--;
-
-  /* Allocate new data set.  */
-  err = _gcry_ac_data_new (&data_new);
-  if (err)
-    goto out;
-
-  /* Iterate through list of data elements and add them to the data
-     set.  */
-  for (i = 0; i < data_sexp_n; i++)
-    {
-      /* Get the S-expression of the named MPI, that contains the name
-	 and the MPI value.  */
-      value_sexp = gcry_sexp_nth (data_sexp, i + 1);
-      if (! value_sexp)
-	{
-	  err = gcry_error (GPG_ERR_INV_SEXP);
-	  break;
-	}
-
-      /* Extract the name.  */
-      data_raw = gcry_sexp_nth_data (value_sexp, 0, &data_raw_n);
-      if (! data_raw)
-	{
-	  err = gcry_error (GPG_ERR_INV_SEXP);
-	  break;
-	}
-
-      /* Extract the MPI value.  */
-      value_mpi = gcry_sexp_nth_mpi (value_sexp, 1, GCRYMPI_FMT_USG);
-      if (! value_mpi)
-	{
-	  err = gcry_error (GPG_ERR_INTERNAL); /* FIXME? */
-	  break;
-	}
-
-      /* Duplicate the name.  */
-      value_name = gcry_malloc (data_raw_n + 1);
-      if (! value_name)
-	{
-	  err = gcry_error_from_errno (errno);
-	  break;
-	}
-      strncpy (value_name, data_raw, data_raw_n);
-      value_name[data_raw_n] = 0;
-
-      err = _gcry_ac_data_set (data_new, GCRY_AC_FLAG_DEALLOC, value_name, value_mpi);
-      if (err)
-	break;
-
-      gcry_sexp_release (value_sexp);
-      value_sexp = NULL;
-      value_name = NULL;
-      value_mpi = NULL;
-    }
-  if (err)
-    goto out;
-
-  /* Copy out.  */
-  *data = data_new;
-
- out:
-
-  /* Deallocate resources.  */
-  if (err)
-    {
-      _gcry_ac_data_destroy (data_new);
-      gcry_mpi_release (value_mpi);
-      gcry_free (value_name);
-      gcry_sexp_release (value_sexp);
-    }
-  gcry_sexp_release (data_sexp);
-
-  return err;
-}
-
-/* Construct an S-expression from the DATA and store it in
-   DATA_SEXP. The S-expression will be of the following structure:
-
-   (IDENTIFIER [(flags [...])]
-   (ALGORITHM <list of named MPI values>))  */
-static gcry_error_t
-ac_data_construct (const char *identifier, int include_flags,
-		   unsigned int flags, const char *algorithm,
-		   gcry_ac_data_t data, gcry_sexp_t *sexp)
-{
-  unsigned int data_length;
-  gcry_sexp_t sexp_new;
-  gcry_error_t err;
-  size_t sexp_format_n;
-  char *sexp_format;
-  void **arg_list;
-  unsigned int i;
-
-  arg_list = NULL;
-  sexp_new = NULL;
-  sexp_format = NULL;
-
-  /* We build a list of arguments to pass to
-     gcry_sexp_build_array().  */
-  data_length = _gcry_ac_data_length (data);
-  arg_list = gcry_malloc (sizeof (*arg_list) * (data_length * 2));
-  if (! arg_list)
-    {
-      err = gcry_error_from_errno (errno);
-      goto out;
-    }
-
-  /* Fill list with MPIs.  */
-  for (i = 0; i < data_length; i++)
-    {
-      char **nameaddr  = &data->data[i].name;
-
-      arg_list[(i * 2) + 0] = nameaddr;
-      arg_list[(i * 2) + 1] = &data->data[i].mpi;
-    }
-
-  /* Calculate size of format string.  */
-  sexp_format_n = (3
-		   + (include_flags ? 7 : 0)
-		   + (algorithm ? (2 + strlen (algorithm)) : 0)
-		   + strlen (identifier));
-
-  for (i = 0; i < data_length; i++)
-    /* Per-element sizes.  */
-    sexp_format_n += 6;
-
-  if (include_flags)
-    /* Add flags.  */
-    for (i = 0; i < DIM (ac_flags); i++)
-      if (flags & ac_flags[i].number)
-	sexp_format_n += strlen (ac_flags[i].string) + 1;
-
-  /* Done.  */
-  sexp_format = gcry_malloc (sexp_format_n);
-  if (! sexp_format)
-    {
-      err = gcry_error_from_errno (errno);
-      goto out;
-    }
-
-  /* Construct the format string.  */
-
-  *sexp_format = 0;
-  strcat (sexp_format, "(");
-  strcat (sexp_format, identifier);
-  if (include_flags)
-    {
-      strcat (sexp_format, "(flags");
-      for (i = 0; i < DIM (ac_flags); i++)
-	if (flags & ac_flags[i].number)
-	  {
-	    strcat (sexp_format, " ");
-	    strcat (sexp_format, ac_flags[i].string);
-	  }
-      strcat (sexp_format, ")");
-    }
-  if (algorithm)
-    {
-      strcat (sexp_format, "(");
-      strcat (sexp_format, algorithm);
-    }
-  for (i = 0; i < data_length; i++)
-    strcat (sexp_format, "(%s%m)");
-  if (algorithm)
-    strcat (sexp_format, ")");
-  strcat (sexp_format, ")");
-
-  /* Create final S-expression.  */
-  err = gcry_sexp_build_array (&sexp_new, NULL, sexp_format, arg_list);
-  if (err)
-    goto out;
-
-  *sexp = sexp_new;
-
- out:
-
-  /* Deallocate resources.  */
-  gcry_free (sexp_format);
-  gcry_free (arg_list);
-  if (err)
-    gcry_sexp_release (sexp_new);
-
-  return err;
-}
-
-
-
-/*
- * Handle management.
- */
-
-/* Creates a new handle for the algorithm ALGORITHM and stores it in
-   HANDLE.  FLAGS is not used yet.  */
-gcry_error_t
-_gcry_ac_open (gcry_ac_handle_t *handle,
-	       gcry_ac_id_t algorithm, unsigned int flags)
-{
-  gcry_ac_handle_t handle_new;
-  const char *algorithm_name;
-  gcry_module_t module;
-  gcry_error_t err;
-
-  *handle = NULL;
-  module = NULL;
-
-  if (fips_mode ())
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  /* Get name.  */
-  algorithm_name = _gcry_pk_aliased_algo_name (algorithm);
-  if (! algorithm_name)
-    {
-      err = gcry_error (GPG_ERR_PUBKEY_ALGO);
-      goto out;
-    }
-
-  /* Acquire reference to the pubkey module.  */
-  err = _gcry_pk_module_lookup (algorithm, &module);
-  if (err)
-    goto out;
-
-  /* Allocate.  */
-  handle_new = gcry_malloc (sizeof (*handle_new));
-  if (! handle_new)
-    {
-      err = gcry_error_from_errno (errno);
-      goto out;
-    }
-
-  /* Done.  */
-  handle_new->algorithm = algorithm;
-  handle_new->algorithm_name = algorithm_name;
-  handle_new->flags = flags;
-  handle_new->module = module;
-  *handle = handle_new;
-
- out:
-
-  /* Deallocate resources.  */
-  if (err)
-    _gcry_pk_module_release (module);
-
-  return err;
-}
-
-
-/* Destroys the handle HANDLE.  */
-void
-_gcry_ac_close (gcry_ac_handle_t handle)
-{
-  /* Release reference to pubkey module.  */
-  if (handle)
-    {
-      _gcry_pk_module_release (handle->module);
-      gcry_free (handle);
-    }
-}
-
-
-
-/*
- * Key management.
- */
-
-/* Initialize a key from a given data set.  */
-/* FIXME/Damn: the argument HANDLE is not only unnecessary, it is
-   completely WRONG here.  */
-gcry_error_t
-_gcry_ac_key_init (gcry_ac_key_t *key, gcry_ac_handle_t handle,
-		   gcry_ac_key_type_t type, gcry_ac_data_t data)
-{
-  gcry_ac_data_t data_new;
-  gcry_ac_key_t key_new;
-  gcry_error_t err;
-
-  (void)handle;
-
-  if (fips_mode ())
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  /* Allocate.  */
-  key_new = gcry_malloc (sizeof (*key_new));
-  if (! key_new)
-    {
-      err = gcry_error_from_errno (errno);
-      goto out;
-    }
-
-  /* Copy data set.  */
-  err = _gcry_ac_data_copy (&data_new, data);
-  if (err)
-    goto out;
-
-  /* Done.  */
-  key_new->data = data_new;
-  key_new->type = type;
-  *key = key_new;
-
- out:
-
-  if (err)
-    /* Deallocate resources.  */
-    gcry_free (key_new);
-
-  return err;
-}
-
-
-/* Generates a new key pair via the handle HANDLE of NBITS bits and
-   stores it in KEY_PAIR.  In case non-standard settings are wanted, a
-   pointer to a structure of type gcry_ac_key_spec_<algorithm>_t,
-   matching the selected algorithm, can be given as KEY_SPEC.
-   MISC_DATA is not used yet.  */
-gcry_error_t
-_gcry_ac_key_pair_generate (gcry_ac_handle_t handle, unsigned int nbits,
-			    void *key_spec,
-			    gcry_ac_key_pair_t *key_pair,
-			    gcry_mpi_t **misc_data)
-{
-  gcry_sexp_t genkey_sexp_request;
-  gcry_sexp_t genkey_sexp_reply;
-  gcry_ac_data_t key_data_secret;
-  gcry_ac_data_t key_data_public;
-  gcry_ac_key_pair_t key_pair_new;
-  gcry_ac_key_t key_secret;
-  gcry_ac_key_t key_public;
-  gcry_sexp_t key_sexp;
-  gcry_error_t err;
-  char *genkey_format;
-  size_t genkey_format_n;
-  void **arg_list;
-  size_t arg_list_n;
-  unsigned int i;
-  unsigned int j;
-
-  (void)misc_data;
-
-  if (fips_mode ())
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  key_data_secret = NULL;
-  key_data_public = NULL;
-  key_secret = NULL;
-  key_public = NULL;
-  genkey_format = NULL;
-  arg_list = NULL;
-  genkey_sexp_request = NULL;
-  genkey_sexp_reply = NULL;
-  key_sexp = NULL;
-
-  /* Allocate key pair.  */
-  key_pair_new = gcry_malloc (sizeof (struct gcry_ac_key_pair));
-  if (! key_pair_new)
-    {
-      err = gcry_error_from_errno (errno);
-      goto out;
-    }
-
-  /* Allocate keys.  */
-  key_secret = gcry_malloc (sizeof (*key_secret));
-  if (! key_secret)
-    {
-      err = gcry_error_from_errno (errno);
-      goto out;
-    }
-  key_public = gcry_malloc (sizeof (*key_public));
-  if (! key_public)
-    {
-      err = gcry_error_from_errno (errno);
-      goto out;
-    }
-
-  /* Calculate size of the format string, that is used for creating
-     the request S-expression.  */
-  genkey_format_n = 22;
-
-  /* Respect any relevant algorithm specific commands.  */
-  if (key_spec)
-    for (i = 0; i < DIM (ac_key_generate_specs); i++)
-      if (handle->algorithm == ac_key_generate_specs[i].algorithm)
-	genkey_format_n += 6;
-
-  /* Create format string.  */
-  genkey_format = gcry_malloc (genkey_format_n);
-  if (! genkey_format)
-    {
-      err = gcry_error_from_errno (errno);
-      goto out;
-    }
-
-  /* Fill format string.  */
-  *genkey_format = 0;
-  strcat (genkey_format, "(genkey(%s(nbits%d)");
-  if (key_spec)
-    for (i = 0; i < DIM (ac_key_generate_specs); i++)
-      if (handle->algorithm == ac_key_generate_specs[i].algorithm)
-	strcat (genkey_format, "(%s%m)");
-  strcat (genkey_format, "))");
-
-  /* Build list of argument pointers, the algorithm name and the nbits
-     are always needed.  */
-  arg_list_n = 2;
-
-  /* Now the algorithm specific arguments.  */
-  if (key_spec)
-    for (i = 0; i < DIM (ac_key_generate_specs); i++)
-      if (handle->algorithm == ac_key_generate_specs[i].algorithm)
-	arg_list_n += 2;
-
-  /* Allocate list.  */
-  arg_list = gcry_malloc (sizeof (*arg_list) * arg_list_n);
-  if (! arg_list)
-    {
-      err = gcry_error_from_errno (errno);
-      goto out;
-    }
-
-  arg_list[0] = (void *) &handle->algorithm_name;
-  arg_list[1] = (void *) &nbits;
-  if (key_spec)
-    for (j = 2, i = 0; i < DIM (ac_key_generate_specs); i++)
-      if (handle->algorithm == ac_key_generate_specs[i].algorithm)
-	{
-	  /* Add name of this specification flag and the
-	     according member of the spec strucuture.  */
-	  arg_list[j++] = (void *)(&ac_key_generate_specs[i].name);
-	  arg_list[j++] = (void *)
-	    (((char *) key_spec)
-	     + ac_key_generate_specs[i].offset);
-	  /* FIXME: above seems to suck.  */
-	}
-
-  /* Construct final request S-expression.  */
-  err = gcry_sexp_build_array (&genkey_sexp_request,
-			       NULL, genkey_format, arg_list);
-  if (err)
-    goto out;
-
-  /* Perform genkey operation.  */
-  err = gcry_pk_genkey (&genkey_sexp_reply, genkey_sexp_request);
-  if (err)
-    goto out;
-
-  key_sexp = gcry_sexp_find_token (genkey_sexp_reply, "private-key", 0);
-  if (! key_sexp)
-    {
-      err = gcry_error (GPG_ERR_INTERNAL);
-      goto out;
-    }
-  err = ac_data_extract ("private-key", handle->algorithm_name,
-			 key_sexp, &key_data_secret);
-  if (err)
-    goto out;
-
-  gcry_sexp_release (key_sexp);
-  key_sexp = gcry_sexp_find_token (genkey_sexp_reply, "public-key", 0);
-  if (! key_sexp)
-    {
-      err = gcry_error (GPG_ERR_INTERNAL);
-      goto out;
-    }
-  err = ac_data_extract ("public-key", handle->algorithm_name,
-			 key_sexp, &key_data_public);
-  if (err)
-    goto out;
-
-  /* Done.  */
-
-  key_secret->type = GCRY_AC_KEY_SECRET;
-  key_secret->data = key_data_secret;
-  key_public->type = GCRY_AC_KEY_PUBLIC;
-  key_public->data = key_data_public;
-  key_pair_new->secret = key_secret;
-  key_pair_new->public = key_public;
-  *key_pair = key_pair_new;
-
- out:
-
-  /* Deallocate resources.  */
-
-  gcry_free (genkey_format);
-  gcry_free (arg_list);
-  gcry_sexp_release (genkey_sexp_request);
-  gcry_sexp_release (genkey_sexp_reply);
-  gcry_sexp_release (key_sexp);
-  if (err)
-    {
-      _gcry_ac_data_destroy (key_data_secret);
-      _gcry_ac_data_destroy (key_data_public);
-      gcry_free (key_secret);
-      gcry_free (key_public);
-      gcry_free (key_pair_new);
-    }
-
-  return err;
-}
-
-/* Returns the key of type WHICH out of the key pair KEY_PAIR.  */
-gcry_ac_key_t
-_gcry_ac_key_pair_extract (gcry_ac_key_pair_t key_pair,
-                           gcry_ac_key_type_t which)
-{
-  gcry_ac_key_t key;
-
-  if (fips_mode ())
-    return NULL;
-
-  switch (which)
-    {
-    case GCRY_AC_KEY_SECRET:
-      key = key_pair->secret;
-      break;
-
-    case GCRY_AC_KEY_PUBLIC:
-      key = key_pair->public;
-      break;
-
-    default:
-      key = NULL;
-      break;
-    }
-
-  return key;
-}
-
-/* Destroys the key KEY.  */
-void
-_gcry_ac_key_destroy (gcry_ac_key_t key)
-{
-  unsigned int i;
-
-  if (key)
-    {
-      if (key->data)
-        {
-          for (i = 0; i < key->data->data_n; i++)
-            {
-              if (key->data->data[i].mpi)
-                gcry_mpi_release (key->data->data[i].mpi);
-              if (key->data->data[i].name)
-                gcry_free (key->data->data[i].name);
-            }
-          gcry_free (key->data->data);
-          gcry_free (key->data);
-        }
-      gcry_free (key);
-    }
-}
-
-/* Destroys the key pair KEY_PAIR.  */
-void
-_gcry_ac_key_pair_destroy (gcry_ac_key_pair_t key_pair)
-{
-  if (key_pair)
-    {
-      gcry_ac_key_destroy (key_pair->secret);
-      gcry_ac_key_destroy (key_pair->public);
-      gcry_free (key_pair);
-    }
-}
-
-/* Returns the data set contained in the key KEY.  */
-gcry_ac_data_t
-_gcry_ac_key_data_get (gcry_ac_key_t key)
-{
-  if (fips_mode ())
-    return NULL;
-  return key->data;
-}
-
-/* Verifies that the key KEY is sane via HANDLE.  */
-gcry_error_t
-_gcry_ac_key_test (gcry_ac_handle_t handle, gcry_ac_key_t key)
-{
-  gcry_sexp_t key_sexp;
-  gcry_error_t err;
-
-  if (fips_mode ())
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  key_sexp = NULL;
-  err = ac_data_construct (ac_key_identifiers[key->type], 0, 0,
-			   handle->algorithm_name, key->data, &key_sexp);
-  if (err)
-    goto out;
-
-  err = gcry_pk_testkey (key_sexp);
-
- out:
-
-  gcry_sexp_release (key_sexp);
-
-  return gcry_error (err);
-}
-
-/* Stores the number of bits of the key KEY in NBITS via HANDLE.  */
-gcry_error_t
-_gcry_ac_key_get_nbits (gcry_ac_handle_t handle,
-			gcry_ac_key_t key, unsigned int *nbits)
-{
-  gcry_sexp_t key_sexp;
-  gcry_error_t err;
-  unsigned int n;
-
-  if (fips_mode ())
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  key_sexp = NULL;
-
-  err = ac_data_construct (ac_key_identifiers[key->type],
-			   0, 0, handle->algorithm_name, key->data, &key_sexp);
-  if (err)
-    goto out;
-
-  n = gcry_pk_get_nbits (key_sexp);
-  if (! n)
-    {
-      err = gcry_error (GPG_ERR_PUBKEY_ALGO);
-      goto out;
-    }
-
-  *nbits = n;
-
- out:
-
-  gcry_sexp_release (key_sexp);
-
-  return err;
-}
-
-/* Writes the 20 byte long key grip of the key KEY to KEY_GRIP via
-   HANDLE.  */
-gcry_error_t
-_gcry_ac_key_get_grip (gcry_ac_handle_t handle,
-		       gcry_ac_key_t key, unsigned char *key_grip)
-{
-  gcry_sexp_t key_sexp;
-  gcry_error_t err;
-  unsigned char *ret;
-
-  if (fips_mode ())
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  key_sexp = NULL;
-  err = ac_data_construct (ac_key_identifiers[key->type], 0, 0,
-			   handle->algorithm_name, key->data, &key_sexp);
-  if (err)
-    goto out;
-
-  ret = gcry_pk_get_keygrip (key_sexp, key_grip);
-  if (! ret)
-    {
-      err = gcry_error (GPG_ERR_INV_OBJ);
-      goto out;
-    }
-
-  err = 0;
-
- out:
-
-  gcry_sexp_release (key_sexp);
-
-  return err;
-}
-
-
-
-
-/*
- * Functions performing cryptographic operations.
- */
-
-/* Encrypts the plain text MPI value DATA_PLAIN with the key public
-   KEY under the control of the flags FLAGS and stores the resulting
-   data set into DATA_ENCRYPTED.  */
-gcry_error_t
-_gcry_ac_data_encrypt (gcry_ac_handle_t handle,
-		       unsigned int flags,
-		       gcry_ac_key_t key,
-		       gcry_mpi_t data_plain,
-		       gcry_ac_data_t *data_encrypted)
-{
-  gcry_ac_data_t data_encrypted_new;
-  gcry_ac_data_t data_value;
-  gcry_sexp_t sexp_request;
-  gcry_sexp_t sexp_reply;
-  gcry_sexp_t sexp_key;
-  gcry_error_t err;
-
-  if (fips_mode ())
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  data_encrypted_new = NULL;
-  sexp_request = NULL;
-  sexp_reply = NULL;
-  data_value = NULL;
-  sexp_key = NULL;
-
-  if (key->type != GCRY_AC_KEY_PUBLIC)
-    {
-      err = gcry_error (GPG_ERR_WRONG_KEY_USAGE);
-      goto out;
-    }
-
-  err = ac_data_construct (ac_key_identifiers[key->type], 0, 0,
-			   handle->algorithm_name, key->data, &sexp_key);
-  if (err)
-    goto out;
-
-  err = _gcry_ac_data_new (&data_value);
-  if (err)
-    goto out;
-
-  err = _gcry_ac_data_set (data_value, 0, "value", data_plain);
-  if (err)
-    goto out;
-
-  err = ac_data_construct ("data", 1, flags, handle->algorithm_name,
-			   data_value, &sexp_request);
-  if (err)
-    goto out;
-
-  /* FIXME: error vs. errcode? */
-
-  err = gcry_pk_encrypt (&sexp_reply, sexp_request, sexp_key);
-  if (err)
-    goto out;
-
-  /* Extract data.  */
-  err = ac_data_extract ("enc-val", handle->algorithm_name,
-			 sexp_reply, &data_encrypted_new);
-  if (err)
-    goto out;
-
-  *data_encrypted = data_encrypted_new;
-
- out:
-
-  /* Deallocate resources.  */
-
-  gcry_sexp_release (sexp_request);
-  gcry_sexp_release (sexp_reply);
-  gcry_sexp_release (sexp_key);
-  _gcry_ac_data_destroy (data_value);
-
-  return err;
-}
-
-/* Decrypts the encrypted data contained in the data set
-   DATA_ENCRYPTED with the secret key KEY under the control of the
-   flags FLAGS and stores the resulting plain text MPI value in
-   DATA_PLAIN.  */
-gcry_error_t
-_gcry_ac_data_decrypt (gcry_ac_handle_t handle,
-		       unsigned int flags,
-		       gcry_ac_key_t key,
-		       gcry_mpi_t *data_plain,
-		       gcry_ac_data_t data_encrypted)
-{
-  gcry_mpi_t data_decrypted;
-  gcry_sexp_t sexp_request;
-  gcry_sexp_t sexp_reply;
-  gcry_sexp_t sexp_value;
-  gcry_sexp_t sexp_key;
-  gcry_error_t err;
-
-  if (fips_mode ())
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  sexp_request = NULL;
-  sexp_reply = NULL;
-  sexp_value = NULL;
-  sexp_key = NULL;
-
-  if (key->type != GCRY_AC_KEY_SECRET)
-    {
-      err = gcry_error (GPG_ERR_WRONG_KEY_USAGE);
-      goto out;
-    }
-
-  err = ac_data_construct (ac_key_identifiers[key->type], 0, 0,
-			   handle->algorithm_name, key->data, &sexp_key);
-  if (err)
-    goto out;
-
-  /* Create S-expression from data.  */
-  err = ac_data_construct ("enc-val", 1, flags, handle->algorithm_name,
-			   data_encrypted, &sexp_request);
-  if (err)
-    goto out;
-
-  /* Decrypt.  */
-  err = gcry_pk_decrypt (&sexp_reply, sexp_request, sexp_key);
-  if (err)
-    goto out;
-
-  /* Extract plain text. */
-  sexp_value = gcry_sexp_find_token (sexp_reply, "value", 0);
-  if (! sexp_value)
-    {
-      /* FIXME?  */
-      err = gcry_error (GPG_ERR_GENERAL);
-      goto out;
-    }
-
-  data_decrypted = gcry_sexp_nth_mpi (sexp_value, 1, GCRYMPI_FMT_USG);
-  if (! data_decrypted)
-    {
-      err = gcry_error (GPG_ERR_GENERAL);
-      goto out;
-    }
-
-  *data_plain = data_decrypted;
-
- out:
-
-  /* Deallocate resources.  */
-  gcry_sexp_release (sexp_request);
-  gcry_sexp_release (sexp_reply);
-  gcry_sexp_release (sexp_value);
-  gcry_sexp_release (sexp_key);
-
-  return gcry_error (err);
-
-}
-
-/* Signs the data contained in DATA with the secret key KEY and stores
-   the resulting signature data set in DATA_SIGNATURE.  */
-gcry_error_t
-_gcry_ac_data_sign (gcry_ac_handle_t handle,
-		    gcry_ac_key_t key,
-		    gcry_mpi_t data,
-		    gcry_ac_data_t *data_signature)
-{
-  gcry_ac_data_t data_signed;
-  gcry_ac_data_t data_value;
-  gcry_sexp_t sexp_request;
-  gcry_sexp_t sexp_reply;
-  gcry_sexp_t sexp_key;
-  gcry_error_t err;
-
-  if (fips_mode ())
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  data_signed = NULL;
-  data_value = NULL;
-  sexp_request = NULL;
-  sexp_reply = NULL;
-  sexp_key = NULL;
-
-  if (key->type != GCRY_AC_KEY_SECRET)
-    {
-      err = gcry_error (GPG_ERR_WRONG_KEY_USAGE);
-      goto out;
-    }
-
-  err = ac_data_construct (ac_key_identifiers[key->type], 0, 0,
-			   handle->algorithm_name, key->data, &sexp_key);
-  if (err)
-    goto out;
-
-  err = _gcry_ac_data_new (&data_value);
-  if (err)
-    goto out;
-
-  err = _gcry_ac_data_set (data_value, 0, "value", data);
-  if (err)
-    goto out;
-
-  /* Create S-expression holding the data.  */
-  err = ac_data_construct ("data", 1, 0, NULL, data_value, &sexp_request);
-  if (err)
-    goto out;
-
-  /* Sign.  */
-  err = gcry_pk_sign (&sexp_reply, sexp_request, sexp_key);
-  if (err)
-    goto out;
-
-  /* Extract data.  */
-  err = ac_data_extract ("sig-val", handle->algorithm_name,
-			 sexp_reply, &data_signed);
-  if (err)
-    goto out;
-
-  /* Done.  */
-  *data_signature = data_signed;
-
- out:
-
-  gcry_sexp_release (sexp_request);
-  gcry_sexp_release (sexp_reply);
-  gcry_sexp_release (sexp_key);
-  _gcry_ac_data_destroy (data_value);
-
-  return gcry_error (err);
-}
-
-
-/* Verifies that the signature contained in the data set
-   DATA_SIGNATURE is indeed the result of signing the data contained
-   in DATA with the secret key belonging to the public key KEY.  */
-gcry_error_t
-_gcry_ac_data_verify (gcry_ac_handle_t handle,
-		      gcry_ac_key_t key,
-		      gcry_mpi_t data,
-		      gcry_ac_data_t data_signature)
-{
-  gcry_sexp_t sexp_signature;
-  gcry_ac_data_t data_value;
-  gcry_sexp_t sexp_data;
-  gcry_sexp_t sexp_key;
-  gcry_error_t err;
-
-  if (fips_mode ())
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  sexp_signature = NULL;
-  data_value = NULL;
-  sexp_data = NULL;
-  sexp_key = NULL;
-
-  err = ac_data_construct ("public-key", 0, 0,
-			   handle->algorithm_name, key->data, &sexp_key);
-  if (err)
-    goto out;
-
-  if (key->type != GCRY_AC_KEY_PUBLIC)
-    {
-      err = gcry_error (GPG_ERR_WRONG_KEY_USAGE);
-      goto out;
-    }
-
-  /* Construct S-expression holding the signature data.  */
-  err = ac_data_construct ("sig-val", 1, 0, handle->algorithm_name,
-			   data_signature, &sexp_signature);
-  if (err)
-    goto out;
-
-  err = _gcry_ac_data_new (&data_value);
-  if (err)
-    goto out;
-
-  err = _gcry_ac_data_set (data_value, 0, "value", data);
-  if (err)
-    goto out;
-
-  /* Construct S-expression holding the data.  */
-  err = ac_data_construct ("data", 1, 0, NULL, data_value, &sexp_data);
-  if (err)
-    goto out;
-
-  /* Verify signature.  */
-  err = gcry_pk_verify (sexp_signature, sexp_data, sexp_key);
-
- out:
-
-  gcry_sexp_release (sexp_signature);
-  gcry_sexp_release (sexp_data);
-  gcry_sexp_release (sexp_key);
-  _gcry_ac_data_destroy (data_value);
-
-  return gcry_error (err);
-}
-
-
-
-
-/*
- * Implementation of encoding methods (em).
- */
-
-/* Type for functions that encode or decode (hence the name) a
-   message.  */
-typedef gcry_error_t (*gcry_ac_em_dencode_t) (unsigned int flags,
-						 void *options,
-						 gcry_ac_io_t *ac_io_read,
-						 gcry_ac_io_t *ac_io_write);
-
-/* Fill the buffer BUFFER which is BUFFER_N bytes long with non-zero
-   random bytes of random level LEVEL.  */
-static void
-em_randomize_nonzero (unsigned char *buffer, size_t buffer_n,
-		      gcry_random_level_t level)
-{
-  unsigned char *buffer_rand;
-  unsigned int buffer_rand_n;
-  unsigned int zeros;
-  unsigned int i;
-  unsigned int j;
-
-  for (i = 0; i < buffer_n; i++)
-    buffer[i] = 0;
-
-  do
-    {
-      /* Count zeros.  */
-      for (i = zeros = 0; i < buffer_n; i++)
-	if (! buffer[i])
-	  zeros++;
-
-      if (zeros)
-	{
-	  /* Get random bytes.  */
-	  buffer_rand_n = zeros + (zeros / 128);
-	  buffer_rand = gcry_random_bytes_secure (buffer_rand_n, level);
-
-	  /* Substitute zeros with non-zero random bytes.  */
-	  for (i = j = 0; zeros && (i < buffer_n) && (j < buffer_rand_n); i++)
-	    if (! buffer[i])
-	      {
-		while ((j < buffer_rand_n) && (! buffer_rand[j]))
-		  j++;
-		if (j < buffer_rand_n)
-		  {
-		    buffer[i] = buffer_rand[j++];
-		    zeros--;
-		  }
-		else
-		  break;
-	      }
-	  gcry_free (buffer_rand);
-	}
-    }
-  while (zeros);
-}
-
-/* Encode a message according to the Encoding Method for Encryption
-   `PKCS-V1_5' (EME-PKCS-V1_5).  */
-static gcry_error_t
-eme_pkcs_v1_5_encode (unsigned int flags, void *opts,
-		      gcry_ac_io_t *ac_io_read,
-		      gcry_ac_io_t *ac_io_write)
-{
-  gcry_ac_eme_pkcs_v1_5_t *options;
-  gcry_error_t err;
-  unsigned char *buffer;
-  unsigned char *ps;
-  unsigned char *m;
-  size_t m_n;
-  unsigned int ps_n;
-  unsigned int k;
-
-  (void)flags;
-
-  options = opts;
-  buffer = NULL;
-  m = NULL;
-
-  err = _gcry_ac_io_read_all (ac_io_read, &m, &m_n);
-  if (err)
-    goto out;
-
-  /* Figure out key length in bytes.  */
-  k = options->key_size / 8;
-
-  if (m_n > k - 11)
-    {
-      /* Key is too short for message.  */
-      err = gcry_error (GPG_ERR_TOO_SHORT);
-      goto out;
-    }
-
-  /* According to this encoding method, the first byte of the encoded
-     message is zero.  This byte will be lost anyway, when the encoded
-     message is to be converted into an MPI, that's why we skip
-     it.  */
-
-  /* Allocate buffer.  */
-  buffer = gcry_malloc (k - 1);
-  if (! buffer)
-    {
-      err = gcry_error_from_errno (errno);
-      goto out;
-    }
-
-  /* Generate an octet string PS of length k - mLen - 3 consisting
-     of pseudorandomly generated nonzero octets.  The length of PS
-     will be at least eight octets.  */
-  ps_n = k - m_n - 3;
-  ps = buffer + 1;
-  em_randomize_nonzero (ps, ps_n, GCRY_STRONG_RANDOM);
-
-  /* Concatenate PS, the message M, and other padding to form an
-     encoded message EM of length k octets as:
-
-     EM = 0x00 || 0x02 || PS || 0x00 || M.  */
-
-  buffer[0] = 0x02;
-  buffer[ps_n + 1] = 0x00;
-  memcpy (buffer + ps_n + 2, m, m_n);
-
-  err = _gcry_ac_io_write (ac_io_write, buffer, k - 1);
-
- out:
-
-  gcry_free (buffer);
-  gcry_free (m);
-
-  return err;
-}
-
-/* Decode a message according to the Encoding Method for Encryption
-   `PKCS-V1_5' (EME-PKCS-V1_5).  */
-static gcry_error_t
-eme_pkcs_v1_5_decode (unsigned int flags, void *opts,
-		      gcry_ac_io_t *ac_io_read,
-		      gcry_ac_io_t *ac_io_write)
-{
-  gcry_ac_eme_pkcs_v1_5_t *options;
-  unsigned char *buffer;
-  unsigned char *em;
-  size_t em_n;
-  gcry_error_t err;
-  unsigned int i;
-  unsigned int k;
-
-  (void)flags;
-
-  options = opts;
-  buffer = NULL;
-  em = NULL;
-
-  err = _gcry_ac_io_read_all (ac_io_read, &em, &em_n);
-  if (err)
-    goto out;
-
-  /* Figure out key size.  */
-  k = options->key_size / 8;
-
-  /* Search for zero byte.  */
-  for (i = 0; (i < em_n) && em[i]; i++);
-
-  /* According to this encoding method, the first byte of the encoded
-     message should be zero.  This byte is lost.  */
-
-  if (! ((em_n >= 10)
-	 && (em_n == (k - 1))
-	 && (em[0] == 0x02)
-	 && (i < em_n)
-	 && ((i - 1) >= 8)))
-    {
-      err = gcry_error (GPG_ERR_DECRYPT_FAILED);
-      goto out;
-    }
-
-  i++;
-  buffer = gcry_malloc (em_n - i);
-  if (! buffer)
-    {
-      err = gcry_error_from_errno (errno);
-      goto out;
-    }
-
-  memcpy (buffer, em + i, em_n - i);
-  err = _gcry_ac_io_write (ac_io_write, buffer, em_n - i);
-
- out:
-
-  gcry_free (buffer);
-  gcry_free (em);
-
-  return err;
-}
-
-static gcry_error_t
-emsa_pkcs_v1_5_encode_data_cb (void *opaque,
-			       unsigned char *buffer, size_t buffer_n)
-{
-  gcry_md_hd_t md_handle;
-
-  md_handle = opaque;
-  gcry_md_write (md_handle, buffer, buffer_n);
-
-  return 0;
-}
-
-
-/* Encode a message according to the Encoding Method for Signatures
-   with Appendix `PKCS-V1_5' (EMSA-PKCS-V1_5).  */
-static gcry_error_t
-emsa_pkcs_v1_5_encode (unsigned int flags, void *opts,
-		       gcry_ac_io_t *ac_io_read,
-		       gcry_ac_io_t *ac_io_write)
-{
-  gcry_ac_emsa_pkcs_v1_5_t *options;
-  gcry_error_t err;
-  gcry_md_hd_t md;
-  unsigned char *t;
-  size_t t_n;
-  unsigned char *h;
-  size_t h_n;
-  unsigned char *ps;
-  size_t ps_n;
-  unsigned char *buffer;
-  size_t buffer_n;
-  unsigned char asn[100];	/* FIXME, always enough?  */
-  size_t asn_n;
-  unsigned int i;
-
-  (void)flags;
-
-  options = opts;
-  buffer = NULL;
-  md = NULL;
-  ps = NULL;
-  t = NULL;
-
-  /* Create hashing handle and get the necessary information.  */
-  err = gcry_md_open (&md, options->md, 0);
-  if (err)
-    goto out;
-
-  asn_n = DIM (asn);
-  err = gcry_md_algo_info (options->md, GCRYCTL_GET_ASNOID, asn, &asn_n);
-  if (err)
-    goto out;
-
-  h_n = gcry_md_get_algo_dlen (options->md);
-
-  err = _gcry_ac_io_process (ac_io_read, emsa_pkcs_v1_5_encode_data_cb, md);
-  if (err)
-    goto out;
-
-  h = gcry_md_read (md, 0);
-
-  /* Encode the algorithm ID for the hash function and the hash value
-     into an ASN.1 value of type DigestInfo with the Distinguished
-     Encoding Rules (DER), where the type DigestInfo has the syntax:
-
-     DigestInfo ::== SEQUENCE {
-     digestAlgorithm AlgorithmIdentifier,
-     digest OCTET STRING
-     }
-
-     The first field identifies the hash function and the second
-     contains the hash value.  Let T be the DER encoding of the
-     DigestInfo value and let tLen be the length in octets of T.  */
-
-  t_n = asn_n + h_n;
-  t = gcry_malloc (t_n);
-  if (! t)
-    {
-      err = gcry_error_from_errno (errno);
-      goto out;
-    }
-
-  for (i = 0; i < asn_n; i++)
-    t[i] = asn[i];
-  for (i = 0; i < h_n; i++)
-    t[asn_n + i] = h[i];
-
-  /* If emLen < tLen + 11, output "intended encoded message length
-     too short" and stop.  */
-  if (options->em_n < t_n + 11)
-    {
-      err = gcry_error (GPG_ERR_TOO_SHORT);
-      goto out;
-    }
-
-  /* Generate an octet string PS consisting of emLen - tLen - 3 octets
-     with hexadecimal value 0xFF.  The length of PS will be at least 8
-     octets.  */
-  ps_n = options->em_n - t_n - 3;
-  ps = gcry_malloc (ps_n);
-  if (! ps)
-    {
-      err = gcry_error_from_errno (errno);
-      goto out;
-    }
-  for (i = 0; i < ps_n; i++)
-    ps[i] = 0xFF;
-
-  /* Concatenate PS, the DER encoding T, and other padding to form the
-     encoded message EM as:
-
-     EM = 0x00 || 0x01 || PS || 0x00 || T.  */
-
-  buffer_n = ps_n + t_n + 3;
-  buffer = gcry_malloc (buffer_n);
-  if (! buffer)
-    {
-      err = gcry_error_from_errno (errno);
-      goto out;
-    }
-
-  buffer[0] = 0x00;
-  buffer[1] = 0x01;
-  for (i = 0; i < ps_n; i++)
-    buffer[2 + i] = ps[i];
-  buffer[2 + ps_n] = 0x00;
-  for (i = 0; i < t_n; i++)
-    buffer[3 + ps_n + i] = t[i];
-
-  err = _gcry_ac_io_write (ac_io_write, buffer, buffer_n);
-
- out:
-
-  gcry_md_close (md);
-
-  gcry_free (buffer);
-  gcry_free (ps);
-  gcry_free (t);
-
-  return err;
-}
-
-/* `Actions' for data_dencode().  */
-typedef enum dencode_action
-  {
-    DATA_ENCODE,
-    DATA_DECODE,
-  }
-dencode_action_t;
-
-/* Encode or decode a message according to the the encoding method
-   METHOD; ACTION specifies whether the message that is contained in
-   BUFFER_IN and of length BUFFER_IN_N should be encoded or decoded.
-   The resulting message will be stored in a newly allocated buffer in
-   BUFFER_OUT and BUFFER_OUT_N.  */
-static gcry_error_t
-ac_data_dencode (gcry_ac_em_t method, dencode_action_t action,
-		 unsigned int flags, void *options,
-		 gcry_ac_io_t *ac_io_read,
-		 gcry_ac_io_t *ac_io_write)
-{
-  struct
-  {
-    gcry_ac_em_t method;
-    gcry_ac_em_dencode_t encode;
-    gcry_ac_em_dencode_t decode;
-  } methods[] =
-    {
-      { GCRY_AC_EME_PKCS_V1_5,
-	eme_pkcs_v1_5_encode, eme_pkcs_v1_5_decode },
-      { GCRY_AC_EMSA_PKCS_V1_5,
-	emsa_pkcs_v1_5_encode, NULL },
-    };
-  size_t methods_n;
-  gcry_error_t err;
-  unsigned int i;
-
-  methods_n = sizeof (methods) / sizeof (*methods);
-
-  for (i = 0; i < methods_n; i++)
-    if (methods[i].method == method)
-      break;
-  if (i == methods_n)
-    {
-      err = gcry_error (GPG_ERR_NOT_FOUND);	/* FIXME? */
-      goto out;
-    }
-
-  err = 0;
-  switch (action)
-    {
-    case DATA_ENCODE:
-      if (methods[i].encode)
-	/* FIXME? */
-	err = (*methods[i].encode) (flags, options, ac_io_read, ac_io_write);
-      break;
-
-    case DATA_DECODE:
-      if (methods[i].decode)
-	/* FIXME? */
-	err = (*methods[i].decode) (flags, options, ac_io_read, ac_io_write);
-      break;
-
-    default:
-      err = gcry_error (GPG_ERR_INV_ARG);
-      break;
-    }
-
- out:
-
-  return err;
-}
-
-/* Encode a message according to the encoding method METHOD.  OPTIONS
-   must be a pointer to a method-specific structure
-   (gcry_ac_em*_t).  */
-gcry_error_t
-_gcry_ac_data_encode (gcry_ac_em_t method,
-		      unsigned int flags, void *options,
-		      gcry_ac_io_t *ac_io_read,
-		      gcry_ac_io_t *ac_io_write)
-{
-  if (fips_mode ())
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  return ac_data_dencode (method, DATA_ENCODE, flags, options,
-			  ac_io_read, ac_io_write);
-}
-
-/* Dencode a message according to the encoding method METHOD.  OPTIONS
-   must be a pointer to a method-specific structure
-   (gcry_ac_em*_t).  */
-gcry_error_t
-_gcry_ac_data_decode (gcry_ac_em_t method,
-		      unsigned int flags, void *options,
-		      gcry_ac_io_t *ac_io_read,
-		      gcry_ac_io_t *ac_io_write)
-{
-  if (fips_mode ())
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  return ac_data_dencode (method, DATA_DECODE, flags, options,
-			  ac_io_read, ac_io_write);
-}
-
-/* Convert an MPI into an octet string.  */
-void
-_gcry_ac_mpi_to_os (gcry_mpi_t mpi, unsigned char *os, size_t os_n)
-{
-  unsigned long digit;
-  gcry_mpi_t base;
-  unsigned int i;
-  unsigned int n;
-  gcry_mpi_t m;
-  gcry_mpi_t d;
-
-  if (fips_mode ())
-    return;
-
-  base = gcry_mpi_new (0);
-  gcry_mpi_set_ui (base, 256);
-
-  n = 0;
-  m = gcry_mpi_copy (mpi);
-  while (gcry_mpi_cmp_ui (m, 0))
-    {
-      n++;
-      gcry_mpi_div (m, NULL, m, base, 0);
-    }
-
-  gcry_mpi_set (m, mpi);
-  d = gcry_mpi_new (0);
-  for (i = 0; (i < n) && (i < os_n); i++)
-    {
-      gcry_mpi_mod (d, m, base);
-      _gcry_mpi_get_ui (d, &digit);
-      gcry_mpi_div (m, NULL, m, base, 0);
-      os[os_n - i - 1] = (digit & 0xFF);
-    }
-
-  for (; i < os_n; i++)
-    os[os_n - i - 1] = 0;
-
-  gcry_mpi_release (base);
-  gcry_mpi_release (d);
-  gcry_mpi_release (m);
-}
-
-/* Convert an MPI into an newly allocated octet string.  */
-gcry_error_t
-_gcry_ac_mpi_to_os_alloc (gcry_mpi_t mpi, unsigned char **os, size_t *os_n)
-{
-  unsigned char *buffer;
-  size_t buffer_n;
-  gcry_error_t err;
-  unsigned int nbits;
-
-  if (fips_mode ())
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  nbits = gcry_mpi_get_nbits (mpi);
-  buffer_n = (nbits + 7) / 8;
-  buffer = gcry_malloc (buffer_n);
-  if (! buffer)
-    {
-      err = gcry_error_from_errno (errno);
-      goto out;
-    }
-
-  _gcry_ac_mpi_to_os (mpi, buffer, buffer_n);
-  *os = buffer;
-  *os_n = buffer_n;
-  err = 0;
-
- out:
-
-  return err;
-}
-
-
-/* Convert an octet string into an MPI.  */
-void
-_gcry_ac_os_to_mpi (gcry_mpi_t mpi, unsigned char *os, size_t os_n)
-{
-  unsigned int i;
-  gcry_mpi_t xi;
-  gcry_mpi_t x;
-  gcry_mpi_t a;
-
-  if (fips_mode ())
-    return;
-
-  a = gcry_mpi_new (0);
-  gcry_mpi_set_ui (a, 1);
-  x = gcry_mpi_new (0);
-  gcry_mpi_set_ui (x, 0);
-  xi = gcry_mpi_new (0);
-
-  for (i = 0; i < os_n; i++)
-    {
-      gcry_mpi_mul_ui (xi, a, os[os_n - i - 1]);
-      gcry_mpi_add (x, x, xi);
-      gcry_mpi_mul_ui (a, a, 256);
-    }
-
-  gcry_mpi_release (xi);
-  gcry_mpi_release (a);
-
-  gcry_mpi_set (mpi, x);
-  gcry_mpi_release (x);		/* FIXME: correct? */
-}
-
-
-
-/*
- * Implementation of Encryption Schemes (ES) and Signature Schemes
- * with Appendix (SSA).
- */
-
-/* Schemes consist of two things: encoding methods and cryptographic
-   primitives.
-
-   Since encoding methods are accessible through a common API with
-   method-specific options passed as an anonymous struct, schemes have
-   to provide functions that construct this method-specific structure;
-   this is what the functions of type `gcry_ac_dencode_prepare_t' are
-   there for.  */
-
-typedef gcry_error_t (*gcry_ac_dencode_prepare_t) (gcry_ac_handle_t handle,
-						   gcry_ac_key_t key,
-						   void *opts,
-						   void *opts_em);
-
-/* The `dencode_prepare' function for ES-PKCS-V1_5.  */
-static gcry_error_t
-ac_es_dencode_prepare_pkcs_v1_5 (gcry_ac_handle_t handle, gcry_ac_key_t key,
-				 void *opts, void *opts_em)
-{
-  gcry_ac_eme_pkcs_v1_5_t *options_em;
-  unsigned int nbits;
-  gcry_error_t err;
-
-  (void)opts;
-
-  err = _gcry_ac_key_get_nbits (handle, key, &nbits);
-  if (err)
-    goto out;
-
-  options_em = opts_em;
-  options_em->key_size = nbits;
-
- out:
-
-  return err;
-}
-
-/* The `dencode_prepare' function for SSA-PKCS-V1_5.  */
-static gcry_error_t
-ac_ssa_dencode_prepare_pkcs_v1_5 (gcry_ac_handle_t handle, gcry_ac_key_t key,
-				  void *opts, void *opts_em)
-{
-  gcry_ac_emsa_pkcs_v1_5_t *options_em;
-  gcry_ac_ssa_pkcs_v1_5_t *options;
-  gcry_error_t err;
-  unsigned int k;
-
-  options_em = opts_em;
-  options = opts;
-
-  err = _gcry_ac_key_get_nbits (handle, key, &k);
-  if (err)
-    goto out;
-
-  k = (k + 7) / 8;
-  options_em->md = options->md;
-  options_em->em_n = k;
-
- out:
-
-  return err;
-}
-
-/* Type holding the information about each supported
-   Encryption/Signature Scheme.  */
-typedef struct ac_scheme
-{
-  gcry_ac_scheme_t scheme;
-  gcry_ac_em_t scheme_encoding;
-  gcry_ac_dencode_prepare_t dencode_prepare;
-  size_t options_em_n;
-} ac_scheme_t;
-
-/* List of supported Schemes.  */
-static ac_scheme_t ac_schemes[] =
-  {
-    { GCRY_AC_ES_PKCS_V1_5, GCRY_AC_EME_PKCS_V1_5,
-      ac_es_dencode_prepare_pkcs_v1_5,
-      sizeof (gcry_ac_eme_pkcs_v1_5_t) },
-    { GCRY_AC_SSA_PKCS_V1_5, GCRY_AC_EMSA_PKCS_V1_5,
-      ac_ssa_dencode_prepare_pkcs_v1_5,
-      sizeof (gcry_ac_emsa_pkcs_v1_5_t) }
-  };
-
-/* Lookup a scheme by it's ID.  */
-static ac_scheme_t *
-ac_scheme_get (gcry_ac_scheme_t scheme)
-{
-  ac_scheme_t *ac_scheme;
-  unsigned int i;
-
-  for (i = 0; i < DIM (ac_schemes); i++)
-    if (scheme == ac_schemes[i].scheme)
-      break;
-  if (i == DIM (ac_schemes))
-    ac_scheme = NULL;
-  else
-    ac_scheme = ac_schemes + i;
-
-  return ac_scheme;
-}
-
-/* Prepares the encoding/decoding by creating an according option
-   structure.  */
-static gcry_error_t
-ac_dencode_prepare (gcry_ac_handle_t handle, gcry_ac_key_t key, void *opts,
-		    ac_scheme_t scheme, void **opts_em)
-{
-  gcry_error_t err;
-  void *options_em;
-
-  options_em = gcry_malloc (scheme.options_em_n);
-  if (! options_em)
-    {
-      err = gcry_error_from_errno (errno);
-      goto out;
-    }
-
-  err = (*scheme.dencode_prepare) (handle, key, opts, options_em);
-  if (err)
-    goto out;
-
-  *opts_em = options_em;
-
- out:
-
-  if (err)
-    free (options_em);
-
-  return err;
-}
-
-/* Convert a data set into a single MPI; currently, this is only
-   supported for data sets containing a single MPI.  */
-static gcry_error_t
-ac_data_set_to_mpi (gcry_ac_data_t data, gcry_mpi_t *mpi)
-{
-  gcry_error_t err;
-  gcry_mpi_t mpi_new;
-  unsigned int elems;
-
-  elems = _gcry_ac_data_length (data);
-
-  if (elems != 1)
-    {
-      /* FIXME: I guess, we should be more flexible in this respect by
-	 allowing the actual encryption/signature schemes to implement
-	 this conversion mechanism.  */
-      err = gcry_error (GPG_ERR_CONFLICT);
-      goto out;
-    }
-
-  err = _gcry_ac_data_get_index (data, GCRY_AC_FLAG_COPY, 0, NULL, &mpi_new);
-  if (err)
-    goto out;
-
-  *mpi = mpi_new;
-
- out:
-
-  return err;
-}
-
-/* Encrypts the plain text message contained in M, which is of size
-   M_N, with the public key KEY_PUBLIC according to the Encryption
-   Scheme SCHEME_ID.  HANDLE is used for accessing the low-level
-   cryptographic primitives.  If OPTS is not NULL, it has to be an
-   anonymous structure specific to the chosen scheme (gcry_ac_es_*_t).
-   The encrypted message will be stored in C and C_N.  */
-gcry_error_t
-_gcry_ac_data_encrypt_scheme (gcry_ac_handle_t handle,
-			      gcry_ac_scheme_t scheme_id,
-			      unsigned int flags, void *opts,
-			      gcry_ac_key_t key,
-			      gcry_ac_io_t *io_message,
-			      gcry_ac_io_t *io_cipher)
-{
-  gcry_error_t err;
-  gcry_ac_io_t io_em;
-  unsigned char *em;
-  size_t em_n;
-  gcry_mpi_t mpi_plain;
-  gcry_ac_data_t data_encrypted;
-  gcry_mpi_t mpi_encrypted;
-  unsigned char *buffer;
-  size_t buffer_n;
-  void *opts_em;
-  ac_scheme_t *scheme;
-
-  (void)flags;
-
-  if (fips_mode ())
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  data_encrypted = NULL;
-  mpi_encrypted = NULL;
-  mpi_plain = NULL;
-  opts_em = NULL;
-  buffer = NULL;
-  em = NULL;
-
-  scheme = ac_scheme_get (scheme_id);
-  if (! scheme)
-    {
-      err = gcry_error (GPG_ERR_NO_ENCRYPTION_SCHEME);
-      goto out;
-    }
-
-  if (key->type != GCRY_AC_KEY_PUBLIC)
-    {
-      err = gcry_error (GPG_ERR_WRONG_KEY_USAGE);
-      goto out;
-    }
-
-  err = ac_dencode_prepare (handle, key, opts, *scheme, &opts_em);
-  if (err)
-    goto out;
-
-  _gcry_ac_io_init (&io_em, GCRY_AC_IO_WRITABLE,
-		    GCRY_AC_IO_STRING, &em, &em_n);
-
-  err = _gcry_ac_data_encode (scheme->scheme_encoding, 0, opts_em,
-			      io_message, &io_em);
-  if (err)
-    goto out;
-
-  mpi_plain = gcry_mpi_snew (0);
-  gcry_ac_os_to_mpi (mpi_plain, em, em_n);
-
-  err = _gcry_ac_data_encrypt (handle, 0, key, mpi_plain, &data_encrypted);
-  if (err)
-    goto out;
-
-  err = ac_data_set_to_mpi (data_encrypted, &mpi_encrypted);
-  if (err)
-    goto out;
-
-  err = _gcry_ac_mpi_to_os_alloc (mpi_encrypted, &buffer, &buffer_n);
-  if (err)
-    goto out;
-
-  err = _gcry_ac_io_write (io_cipher, buffer, buffer_n);
-
- out:
-
-  gcry_ac_data_destroy (data_encrypted);
-  gcry_mpi_release (mpi_encrypted);
-  gcry_mpi_release (mpi_plain);
-  gcry_free (opts_em);
-  gcry_free (buffer);
-  gcry_free (em);
-
-  return err;
-}
-
-/* Decryptes the cipher message contained in C, which is of size C_N,
-   with the secret key KEY_SECRET according to the Encryption Scheme
-   SCHEME_ID.  Handle is used for accessing the low-level
-   cryptographic primitives.  If OPTS is not NULL, it has to be an
-   anonymous structure specific to the chosen scheme (gcry_ac_es_*_t).
-   The decrypted message will be stored in M and M_N.  */
-gcry_error_t
-_gcry_ac_data_decrypt_scheme (gcry_ac_handle_t handle,
-			      gcry_ac_scheme_t scheme_id,
-			      unsigned int flags, void *opts,
-			      gcry_ac_key_t key,
-			      gcry_ac_io_t *io_cipher,
-			      gcry_ac_io_t *io_message)
-{
-  gcry_ac_io_t io_em;
-  gcry_error_t err;
-  gcry_ac_data_t data_encrypted;
-  unsigned char *em;
-  size_t em_n;
-  gcry_mpi_t mpi_encrypted;
-  gcry_mpi_t mpi_decrypted;
-  void *opts_em;
-  ac_scheme_t *scheme;
-  char *elements_enc;
-  size_t elements_enc_n;
-  unsigned char *c;
-  size_t c_n;
-
-  (void)flags;
-
-  if (fips_mode ())
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  data_encrypted = NULL;
-  mpi_encrypted = NULL;
-  mpi_decrypted = NULL;
-  elements_enc = NULL;
-  opts_em = NULL;
-  em = NULL;
-  c = NULL;
-
-  scheme = ac_scheme_get (scheme_id);
-  if (! scheme)
-    {
-      err = gcry_error (GPG_ERR_NO_ENCRYPTION_SCHEME);
-      goto out;
-    }
-
-  if (key->type != GCRY_AC_KEY_SECRET)
-    {
-      err = gcry_error (GPG_ERR_WRONG_KEY_USAGE);
-      goto out;
-    }
-
-  err = _gcry_ac_io_read_all (io_cipher, &c, &c_n);
-  if (err)
-    goto out;
-
-  mpi_encrypted = gcry_mpi_snew (0);
-  gcry_ac_os_to_mpi (mpi_encrypted, c, c_n);
-
-  err = _gcry_pk_get_elements (handle->algorithm, &elements_enc, NULL);
-  if (err)
-    goto out;
-
-  elements_enc_n = strlen (elements_enc);
-  if (elements_enc_n != 1)
-    {
-      /* FIXME? */
-      err = gcry_error (GPG_ERR_CONFLICT);
-      goto out;
-    }
-
-  err = _gcry_ac_data_new (&data_encrypted);
-  if (err)
-    goto out;
-
-  err = _gcry_ac_data_set (data_encrypted, GCRY_AC_FLAG_COPY | GCRY_AC_FLAG_DEALLOC,
-			   elements_enc, mpi_encrypted);
-  if (err)
-    goto out;
-
-  err = _gcry_ac_data_decrypt (handle, 0, key, &mpi_decrypted, data_encrypted);
-  if (err)
-    goto out;
-
-  err = _gcry_ac_mpi_to_os_alloc (mpi_decrypted, &em, &em_n);
-  if (err)
-    goto out;
-
-  err = ac_dencode_prepare (handle, key, opts, *scheme, &opts_em);
-  if (err)
-    goto out;
-
-  _gcry_ac_io_init (&io_em, GCRY_AC_IO_READABLE,
-		    GCRY_AC_IO_STRING, em, em_n);
-
-  err = _gcry_ac_data_decode (scheme->scheme_encoding, 0, opts_em,
-			      &io_em, io_message);
-  if (err)
-    goto out;
-
- out:
-
-  _gcry_ac_data_destroy (data_encrypted);
-  gcry_mpi_release (mpi_encrypted);
-  gcry_mpi_release (mpi_decrypted);
-  free (elements_enc);
-  gcry_free (opts_em);
-  gcry_free (em);
-  gcry_free (c);
-
-  return err;
-}
-
-
-/* Signs the message contained in M, which is of size M_N, with the
-   secret key KEY according to the Signature Scheme SCHEME_ID.  Handle
-   is used for accessing the low-level cryptographic primitives.  If
-   OPTS is not NULL, it has to be an anonymous structure specific to
-   the chosen scheme (gcry_ac_ssa_*_t).  The signed message will be
-   stored in S and S_N.  */
-gcry_error_t
-_gcry_ac_data_sign_scheme (gcry_ac_handle_t handle,
-			   gcry_ac_scheme_t scheme_id,
-			   unsigned int flags, void *opts,
-			   gcry_ac_key_t key,
-			   gcry_ac_io_t *io_message,
-			   gcry_ac_io_t *io_signature)
-{
-  gcry_ac_io_t io_em;
-  gcry_error_t err;
-  gcry_ac_data_t data_signed;
-  unsigned char *em;
-  size_t em_n;
-  gcry_mpi_t mpi;
-  void *opts_em;
-  unsigned char *buffer;
-  size_t buffer_n;
-  gcry_mpi_t mpi_signed;
-  ac_scheme_t *scheme;
-
-  (void)flags;
-
-  if (fips_mode ())
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  data_signed = NULL;
-  mpi_signed = NULL;
-  opts_em = NULL;
-  buffer = NULL;
-  mpi = NULL;
-  em = NULL;
-
-  if (key->type != GCRY_AC_KEY_SECRET)
-    {
-      err = gcry_error (GPG_ERR_WRONG_KEY_USAGE);
-      goto out;
-    }
-
-  scheme = ac_scheme_get (scheme_id);
-  if (! scheme)
-    {
-      /* FIXME: adjust api of scheme_get in respect to err codes.  */
-      err = gcry_error (GPG_ERR_NO_SIGNATURE_SCHEME);
-      goto out;
-    }
-
-  err = ac_dencode_prepare (handle, key, opts, *scheme, &opts_em);
-  if (err)
-    goto out;
-
-  _gcry_ac_io_init (&io_em, GCRY_AC_IO_WRITABLE,
-		    GCRY_AC_IO_STRING, &em, &em_n);
-
-  err = _gcry_ac_data_encode (scheme->scheme_encoding, 0, opts_em,
-			      io_message, &io_em);
-  if (err)
-    goto out;
-
-  mpi = gcry_mpi_new (0);
-  _gcry_ac_os_to_mpi (mpi, em, em_n);
-
-  err = _gcry_ac_data_sign (handle, key, mpi, &data_signed);
-  if (err)
-    goto out;
-
-  err = ac_data_set_to_mpi (data_signed, &mpi_signed);
-  if (err)
-    goto out;
-
-  err = _gcry_ac_mpi_to_os_alloc (mpi_signed, &buffer, &buffer_n);
-  if (err)
-    goto out;
-
-  err = _gcry_ac_io_write (io_signature, buffer, buffer_n);
-
- out:
-
-  _gcry_ac_data_destroy (data_signed);
-  gcry_mpi_release (mpi_signed);
-  gcry_mpi_release (mpi);
-  gcry_free (opts_em);
-  gcry_free (buffer);
-  gcry_free (em);
-
-  return err;
-}
-
-/* Verifies that the signature contained in S, which is of length S_N,
-   is indeed the result of signing the message contained in M, which
-   is of size M_N, with the secret key belonging to the public key
-   KEY_PUBLIC.  If OPTS is not NULL, it has to be an anonymous
-   structure (gcry_ac_ssa_*_t) specific to the Signature Scheme, whose
-   ID is contained in SCHEME_ID.  */
-gcry_error_t
-_gcry_ac_data_verify_scheme (gcry_ac_handle_t handle,
-			     gcry_ac_scheme_t scheme_id,
-			     unsigned int flags, void *opts,
-			     gcry_ac_key_t key,
-			     gcry_ac_io_t *io_message,
-			     gcry_ac_io_t *io_signature)
-{
-  gcry_ac_io_t io_em;
-  gcry_error_t err;
-  gcry_ac_data_t data_signed;
-  unsigned char *em;
-  size_t em_n;
-  void *opts_em;
-  gcry_mpi_t mpi_signature;
-  gcry_mpi_t mpi_data;
-  ac_scheme_t *scheme;
-  char *elements_sig;
-  size_t elements_sig_n;
-  unsigned char *s;
-  size_t s_n;
-
-  (void)flags;
-
-  if (fips_mode ())
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  mpi_signature = NULL;
-  elements_sig = NULL;
-  data_signed = NULL;
-  mpi_data = NULL;
-  opts_em = NULL;
-  em = NULL;
-  s = NULL;
-
-  if (key->type != GCRY_AC_KEY_PUBLIC)
-    {
-      err = gcry_error (GPG_ERR_WRONG_KEY_USAGE);
-      goto out;
-    }
-
-  scheme = ac_scheme_get (scheme_id);
-  if (! scheme)
-    {
-      err = gcry_error (GPG_ERR_NO_SIGNATURE_SCHEME);
-      goto out;
-    }
-
-  err = ac_dencode_prepare (handle, key, opts, *scheme, &opts_em);
-  if (err)
-    goto out;
-
-  _gcry_ac_io_init (&io_em, GCRY_AC_IO_WRITABLE,
-		    GCRY_AC_IO_STRING, &em, &em_n);
-
-  err = _gcry_ac_data_encode (scheme->scheme_encoding, 0, opts_em,
-			      io_message, &io_em);
-  if (err)
-    goto out;
-
-  mpi_data = gcry_mpi_new (0);
-  _gcry_ac_os_to_mpi (mpi_data, em, em_n);
-
-  err = _gcry_ac_io_read_all (io_signature, &s, &s_n);
-  if (err)
-    goto out;
-
-  mpi_signature = gcry_mpi_new (0);
-  _gcry_ac_os_to_mpi (mpi_signature, s, s_n);
-
-  err = _gcry_pk_get_elements (handle->algorithm, NULL, &elements_sig);
-  if (err)
-    goto out;
-
-  elements_sig_n = strlen (elements_sig);
-  if (elements_sig_n != 1)
-    {
-      /* FIXME? */
-      err = gcry_error (GPG_ERR_CONFLICT);
-      goto out;
-    }
-
-  err = _gcry_ac_data_new (&data_signed);
-  if (err)
-    goto out;
-
-  err = _gcry_ac_data_set (data_signed, GCRY_AC_FLAG_COPY | GCRY_AC_FLAG_DEALLOC,
-			   elements_sig, mpi_signature);
-  if (err)
-    goto out;
-
-  gcry_mpi_release (mpi_signature);
-  mpi_signature = NULL;
-
-  err = _gcry_ac_data_verify (handle, key, mpi_data, data_signed);
-
- out:
-
-  _gcry_ac_data_destroy (data_signed);
-  gcry_mpi_release (mpi_signature);
-  gcry_mpi_release (mpi_data);
-  free (elements_sig);
-  gcry_free (opts_em);
-  gcry_free (em);
-  gcry_free (s);
-
-  return err;
-}
-
-
-/*
- * General functions.
- */
-
-gcry_err_code_t
-_gcry_ac_init (void)
-{
-  if (fips_mode ())
-    return GPG_ERR_NOT_SUPPORTED;
-
-  return 0;
-}
diff --git a/configure.ac b/configure.ac
index bcb458f8..ab160c3c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -41,10 +41,11 @@ AC_INIT([libgcrypt],
 #   (Interfaces removed:    CURRENT++, AGE=0, REVISION=0)
 #   (Interfaces added:      CURRENT++, AGE++, REVISION=0)
 #   (No interfaces changed:                   REVISION++)
-# Note: To avoid LT version number clashes with the 1.5 branch please
-# make sure to update current and age beore releasing anything.
-LIBGCRYPT_LT_CURRENT=18
-LIBGCRYPT_LT_AGE=7
+# CAUTION: Due to the ABI change in 1.6 the LT version numbers below have
+# already been set for the next release.  Thus don't update them for
+# the 1.6.0 release.
+LIBGCRYPT_LT_CURRENT=19
+LIBGCRYPT_LT_AGE=0
 LIBGCRYPT_LT_REVISION=0
 
 
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 15c65a76..1b23647c 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,5 +1,9 @@
 2011-09-15  Werner Koch  <wk@g10code.com>
 
+	* gcrypt.texi: Remove the gcry_ac interface
+
+2009-10-28  Werner Koch  <wk@g10code.com>
+
 	* Makefile.am: Add code to build a man page for hmac256.
 	* yat2m.c: New.  Taken from GnuPG.
 	* gcrypt.text (hmac256): New section.
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index adfef27e..1de87fa2 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -1997,8 +1997,6 @@ S-expressions.
 * Public key modules::          How to work with public key modules.
 * Cryptographic Functions::     Functions for performing the cryptographic actions.
 * General public-key related Functions::  General functions, not implementing any cryptography.
-
-* AC Interface::                Alternative interface to public key functions.
 @end menu
 
 @node Available algorithms
@@ -2945,543 +2943,6 @@ algorithm provides them.
 @end deftypefun
 @c end gcry_pk_genkey
 
-@node AC Interface
-@section Alternative Public Key Interface
-
-This section documents the alternative interface to asymmetric
-cryptography (ac) that is not based on S-expressions, but on native C
-data structures.  As opposed to the pk interface described in the
-former chapter, this one follows an open/use/close paradigm like other
-building blocks of the library.
-
-@strong{This interface has a few known problems; most noteworthy an
-inherent tendency to leak memory.  It might not be available in
-forthcoming versions of Libgcrypt.}
-
-
-@menu
-* Available asymmetric algorithms::  List of algorithms supported by the library.
-* Working with sets of data::   How to work with sets of data.
-* Working with IO objects::     How to work with IO objects.
-* Working with handles::        How to use handles.
-* Working with keys::           How to work with keys.
-* Using cryptographic functions::  How to perform cryptographic operations.
-* Handle-independent functions::  General functions independent of handles.
-@end menu
-
-@node Available asymmetric algorithms
-@subsection Available asymmetric algorithms
-
-Libgcrypt supports the RSA (Rivest-Shamir-Adleman)
-algorithms as well as DSA (Digital Signature Algorithm) and Elgamal.
-The versatile interface allows to add more algorithms in the future.
-
-@deftp {Data type} gcry_ac_id_t
-
-The following constants are defined for this type:
-
-@table @code
-@item GCRY_AC_RSA
-Rivest-Shamir-Adleman
-@item GCRY_AC_DSA
-Digital Signature Algorithm
-@item GCRY_AC_ELG
-Elgamal
-@item GCRY_AC_ELG_E
-Elgamal, encryption only.
-@end table
-@end deftp
-
-@node Working with sets of data
-@subsection Working with sets of data
-
-In the context of this interface the term `data set' refers to a list
-of `named MPI values' that is used by functions performing
-cryptographic operations; a named MPI value is a an MPI value,
-associated with a label.
-
-Such data sets are used for representing keys, since keys simply
-consist of a variable amount of numbers.  Furthermore some functions
-return data sets to the caller that are to be provided to other
-functions.
-
-This section documents the data types, symbols and functions that are
-relevant for working with data sets.
-
-@deftp {Data type} gcry_ac_data_t
-A single data set.
-@end deftp
-
-The following flags are supported:
-
-@table @code
-@item GCRY_AC_FLAG_DEALLOC
-Used for storing data in a data set.  If given, the data will be
-released by the library.  Note that whenever one of the ac functions
-is about to release objects because of this flag, the objects are
-expected to be stored in memory allocated through the Libgcrypt memory
-management.  In other words: gcry_free() is used instead of free().
-
-@item GCRY_AC_FLAG_COPY
-Used for storing/retrieving data in/from a data set.  If given, the
-library will create copies of the provided/contained data, which will
-then be given to the user/associated with the data set.
-@end table
-
-@deftypefun gcry_error_t gcry_ac_data_new (gcry_ac_data_t *@var{data})
-Creates a new, empty data set and stores it in @var{data}.
-@end deftypefun
-
-@deftypefun void gcry_ac_data_destroy (gcry_ac_data_t @var{data})
-Destroys the data set @var{data}.
-@end deftypefun
-
-@deftypefun gcry_error_t gcry_ac_data_set (gcry_ac_data_t @var{data}, unsigned int @var{flags}, char *@var{name}, gcry_mpi_t @var{mpi})
-Add the value @var{mpi} to @var{data} with the label @var{name}.  If
-@var{flags} contains GCRY_AC_FLAG_COPY, the data set will contain
-copies of @var{name} and @var{mpi}.  If @var{flags} contains
-GCRY_AC_FLAG_DEALLOC or GCRY_AC_FLAG_COPY, the values
-contained in the data set will be deallocated when they are to be
-removed from the data set.
-@end deftypefun
-
-@deftypefun gcry_error_t gcry_ac_data_copy (gcry_ac_data_t *@var{data_cp}, gcry_ac_data_t @var{data})
-Create a copy of the data set @var{data} and store it in
-@var{data_cp}.  FIXME: exact semantics undefined.
-@end deftypefun
-
-@deftypefun {unsigned int} gcry_ac_data_length (gcry_ac_data_t @var{data})
-Returns the number of named MPI values inside of the data set
-@var{data}.
-@end deftypefun
-
-@deftypefun gcry_error_t gcry_ac_data_get_name (gcry_ac_data_t @var{data}, unsigned int @var{flags}, char *@var{name}, gcry_mpi_t *@var{mpi})
-Store the value labelled with @var{name} found in @var{data} in
-@var{mpi}.  If @var{flags} contains GCRY_AC_FLAG_COPY, store a copy of
-the @var{mpi} value contained in the data set.  @var{mpi} may be NULL
-(this might be useful for checking the existence of an MPI with
-extracting it).
-@end deftypefun
-
-@deftypefun gcry_error_t gcry_ac_data_get_index (gcry_ac_data_t @var{data}, unsigned int flags, unsigned int @var{index}, const char **@var{name}, gcry_mpi_t *@var{mpi})
-Stores in @var{name} and @var{mpi} the named @var{mpi} value contained
-in the data set @var{data} with the index @var{idx}.  If @var{flags}
-contains GCRY_AC_FLAG_COPY, store copies of the values contained in
-the data set. @var{name} or @var{mpi} may be NULL.
-@end deftypefun
-
-@deftypefun void gcry_ac_data_clear (gcry_ac_data_t @var{data})
-Destroys any values contained in the data set @var{data}.
-@end deftypefun
-
-@deftypefun gcry_error_t gcry_ac_data_to_sexp (gcry_ac_data_t @var{data}, gcry_sexp_t *@var{sexp}, const char **@var{identifiers})
-This function converts the data set @var{data} into a newly created
-S-Expression, which is to be stored in @var{sexp}; @var{identifiers}
-is a NULL terminated list of C strings, which specifies the structure
-of the S-Expression.
-
-Example:
-
-If @var{identifiers} is a list of pointers to the strings ``foo'' and
-``bar'' and if @var{data} is a data set containing the values ``val1 =
-0x01'' and ``val2 = 0x02'', then the resulting S-Expression will look
-like this: (foo (bar ((val1 0x01) (val2 0x02))).
-@end deftypefun
-
-@deftypefun gcry_error gcry_ac_data_from_sexp (gcry_ac_data_t *@var{data}, gcry_sexp_t @var{sexp}, const char **@var{identifiers})
-This function converts the S-Expression @var{sexp} into a newly
-created data set, which is to be stored in @var{data};
-@var{identifiers} is a NULL terminated list of C strings, which
-specifies the structure of the S-Expression.  If the list of
-identifiers does not match the structure of the S-Expression, the
-function fails.
-@end deftypefun
-
-@node Working with IO objects
-@subsection Working with IO objects
-
-Note: IO objects are currently only used in the context of message
-encoding/decoding and encryption/signature schemes.
-
-@deftp {Data type} {gcry_ac_io_t}
-@code{gcry_ac_io_t} is the type to be used for IO objects.
-@end deftp
-
-IO objects provide an uniform IO layer on top of different underlying
-IO mechanisms; either they can be used for providing data to the
-library (mode is GCRY_AC_IO_READABLE) or they can be used for
-retrieving data from the library (mode is GCRY_AC_IO_WRITABLE).
-
-IO object need to be initialized by calling on of the following
-functions:
-
-@deftypefun void gcry_ac_io_init (gcry_ac_io_t *@var{ac_io}, gcry_ac_io_mode_t @var{mode}, gcry_ac_io_type_t @var{type}, ...);
-Initialize @var{ac_io} according to @var{mode}, @var{type} and the
-variable list of arguments.  The list of variable arguments to specify
-depends on the given @var{type}.
-@end deftypefun
-
-@deftypefun void gcry_ac_io_init_va (gcry_ac_io_t *@var{ac_io}, gcry_ac_io_mode_t @var{mode}, gcry_ac_io_type_t @var{type}, va_list @var{ap});
-Initialize @var{ac_io} according to @var{mode}, @var{type} and the
-variable list of arguments @var{ap}.  The list of variable arguments
-to specify depends on the given @var{type}.
-@end deftypefun
-
-The following types of IO objects exist:
-
-@table @code
-@item GCRY_AC_IO_STRING
-In case of GCRY_AC_IO_READABLE the IO object will provide data from a
-memory string.  Arguments to specify at initialization time:
-@table @code
-@item unsigned char *
-Pointer to the beginning of the memory string
-@item size_t
-Size of the memory string
-@end table
-In case of GCRY_AC_IO_WRITABLE the object will store retrieved data in
-a newly allocated memory string.  Arguments to specify at
-initialization time:
-@table @code
-@item unsigned char **
-Pointer to address, at which the pointer to the newly created memory
-string is to be stored
-@item size_t *
-Pointer to address, at which the size of the newly created memory
-string is to be stored
-@end table
-
-@item GCRY_AC_IO_CALLBACK
-In case of GCRY_AC_IO_READABLE the object will forward read requests
-to a provided callback function.  Arguments to specify at
-initialization time:
-@table @code
-@item gcry_ac_data_read_cb_t
-Callback function to use
-@item void *
-Opaque argument to provide to the callback function
-@end table
-In case of GCRY_AC_IO_WRITABLE the object will forward write requests
-to a provided callback function.  Arguments to specify at
-initialization time:
-@table @code
-@item gcry_ac_data_write_cb_t
-Callback function to use
-@item void *
-Opaque argument to provide to the callback function
-@end table
-@end table
-
-@node Working with handles
-@subsection Working with handles
-
-In order to use an algorithm, an according handle must be created.
-This is done using the following function:
-
-@deftypefun gcry_error_t gcry_ac_open (gcry_ac_handle_t *@var{handle}, int @var{algorithm}, int @var{flags})
-
-Creates a new handle for the algorithm @var{algorithm} and stores it
-in @var{handle}.  @var{flags} is not used currently.
-
-@var{algorithm} must be a valid algorithm ID, see @xref{Available
-asymmetric algorithms}, for a list of supported algorithms and the
-according constants.  Besides using the listed constants directly, the
-functions @code{gcry_pk_name_to_id} may be used to convert the textual
-name of an algorithm into the according numeric ID.
-@end deftypefun
-
-@deftypefun void gcry_ac_close (gcry_ac_handle_t @var{handle})
-Destroys the handle @var{handle}.
-@end deftypefun
-
-@node Working with keys
-@subsection Working with keys
-
-@deftp {Data type} gcry_ac_key_type_t
-Defined constants:
-
-@table @code
-@item GCRY_AC_KEY_SECRET
-Specifies a secret key.
-@item GCRY_AC_KEY_PUBLIC
-Specifies a public key.
-@end table
-@end deftp
-
-@deftp {Data type} gcry_ac_key_t
-This type represents a single `key', either a secret one or a public
-one.
-@end deftp
-
-@deftp {Data type} gcry_ac_key_pair_t
-This type represents a `key pair' containing a secret and a public key.
-@end deftp
-
-Key data structures can be created in two different ways; a new key
-pair can be generated, resulting in ready-to-use key.  Alternatively a
-key can be initialized from a given data set.
-
-@deftypefun gcry_error_t gcry_ac_key_init (gcry_ac_key_t *@var{key}, gcry_ac_handle_t @var{handle}, gcry_ac_key_type_t @var{type}, gcry_ac_data_t @var{data})
-Creates a new key of type @var{type}, consisting of the MPI values
-contained in the data set @var{data} and stores it in @var{key}.
-@end deftypefun
-
-@deftypefun gcry_error_t gcry_ac_key_pair_generate (gcry_ac_handle_t @var{handle}, unsigned int @var{nbits}, void *@var{key_spec}, gcry_ac_key_pair_t *@var{key_pair}, gcry_mpi_t **@var{misc_data})
-
-Generates a new key pair via the handle @var{handle} of @var{NBITS}
-bits and stores it in @var{key_pair}.
-
-In case non-standard settings are wanted, a pointer to a structure of
-type @code{gcry_ac_key_spec_<algorithm>_t}, matching the selected
-algorithm, can be given as @var{key_spec}.  @var{misc_data} is not
-used yet.  Such a structure does only exist for RSA.  A description
-of the members of the supported structures follows.
-
-@table @code
-@item gcry_ac_key_spec_rsa_t
-@table @code
-@item gcry_mpi_t e
-Generate the key pair using a special @code{e}.  The value of @code{e}
-has the following meanings:
-@table @code
-@item = 0
-Let Libgcrypt decide what exponent should be used.
-@item = 1
-Request the use of a ``secure'' exponent; this is required by some
-specification to be 65537.
-@item > 2
-Try starting at this value until a working exponent is found.  Note
-that the current implementation leaks some information about the
-private key because the incrementation used is not randomized.  Thus,
-this function will be changed in the future to return a random
-exponent of the given size.
-@end table
-@end table
-@end table
-
-Example code:
-@example
-@{
-  gcry_ac_key_pair_t key_pair;
-  gcry_ac_key_spec_rsa_t rsa_spec;
-
-  rsa_spec.e = gcry_mpi_new (0);
-  gcry_mpi_set_ui (rsa_spec.e, 1);
-
-  err = gcry_ac_open  (&handle, GCRY_AC_RSA, 0);
-  assert (! err);
-
-  err = gcry_ac_key_pair_generate (handle, 1024, &rsa_spec,
-                                   &key_pair, NULL);
-  assert (! err);
-@}
-@end example
-@end deftypefun
-
-
-@deftypefun gcry_ac_key_t gcry_ac_key_pair_extract (gcry_ac_key_pair_t @var{key_pair}, gcry_ac_key_type_t @var{which})
-Returns the key of type @var{which} out of the key pair
-@var{key_pair}.
-@end deftypefun
-
-@deftypefun void gcry_ac_key_destroy (gcry_ac_key_t @var{key})
-Destroys the key @var{key}.
-@end deftypefun
-
-@deftypefun void gcry_ac_key_pair_destroy (gcry_ac_key_pair_t @var{key_pair})
-Destroys the key pair @var{key_pair}.
-@end deftypefun
-
-@deftypefun gcry_ac_data_t gcry_ac_key_data_get (gcry_ac_key_t @var{key})
-Returns the data set contained in the key @var{key}.
-@end deftypefun
-
-@deftypefun gcry_error_t gcry_ac_key_test (gcry_ac_handle_t @var{handle}, gcry_ac_key_t @var{key})
-Verifies that the private key @var{key} is sane via @var{handle}.
-@end deftypefun
-
-@deftypefun gcry_error_t gcry_ac_key_get_nbits (gcry_ac_handle_t @var{handle}, gcry_ac_key_t @var{key}, unsigned int *@var{nbits})
-Stores the number of bits of the key @var{key} in @var{nbits} via @var{handle}.
-@end deftypefun
-
-@deftypefun gcry_error_t gcry_ac_key_get_grip (gcry_ac_handle_t @var{handle}, gcry_ac_key_t @var{key}, unsigned char *@var{key_grip})
-Writes the 20 byte long key grip of the key @var{key} to
-@var{key_grip} via @var{handle}.
-@end deftypefun
-
-@node Using cryptographic functions
-@subsection Using cryptographic functions
-
-The following flags might be relevant:
-
-@table @code
-@item GCRY_AC_FLAG_NO_BLINDING
-Disable any blinding, which might be supported by the chosen
-algorithm; blinding is the default.
-@end table
-
-There exist two kinds of cryptographic functions available through the
-ac interface: primitives, and high-level functions.
-
-Primitives deal with MPIs (data sets) directly; what they provide is
-direct access to the cryptographic operations provided by an algorithm
-implementation.
-
-High-level functions deal with octet strings, according to a specified
-``scheme''.  Schemes make use of ``encoding methods'', which are
-responsible for converting the provided octet strings into MPIs, which
-are then forwared to the cryptographic primitives.  Since schemes are
-to be used for a special purpose in order to achieve a particular
-security goal, there exist ``encryption schemes'' and ``signature
-schemes''.  Encoding methods can be used seperately or implicitly
-through schemes.
-
-What follows is a description of the cryptographic primitives.
-
-@deftypefun gcry_error_t gcry_ac_data_encrypt (gcry_ac_handle_t @var{handle}, unsigned int @var{flags}, gcry_ac_key_t @var{key}, gcry_mpi_t @var{data_plain}, gcry_ac_data_t *@var{data_encrypted})
-Encrypts the plain text MPI value @var{data_plain} with the key public
-@var{key} under the control of the flags @var{flags} and stores the
-resulting data set into @var{data_encrypted}.
-@end deftypefun
-
-@deftypefun gcry_error_t gcry_ac_data_decrypt (gcry_ac_handle_t @var{handle}, unsigned int @var{flags}, gcry_ac_key_t @var{key}, gcry_mpi_t *@var{data_plain}, gcry_ac_data_t @var{data_encrypted})
-Decrypts the encrypted data contained in the data set
-@var{data_encrypted} with the secret key KEY under the control of the
-flags @var{flags} and stores the resulting plain text MPI value in
-@var{DATA_PLAIN}.
-@end deftypefun
-
-@deftypefun gcry_error_t gcry_ac_data_sign (gcry_ac_handle_t @var{handle}, gcry_ac_key_t @var{key}, gcry_mpi_t @var{data}, gcry_ac_data_t *@var{data_signature})
-Signs the data contained in @var{data} with the secret key @var{key}
-and stores the resulting signature in the data set
-@var{data_signature}.
-@end deftypefun
-
-@deftypefun gcry_error_t gcry_ac_data_verify (gcry_ac_handle_t @var{handle}, gcry_ac_key_t @var{key}, gcry_mpi_t @var{data}, gcry_ac_data_t @var{data_signature})
-Verifies that the signature contained in the data set
-@var{data_signature} is indeed the result of signing the data
-contained in @var{data} with the secret key belonging to the public
-key @var{key}.
-@end deftypefun
-
-What follows is a description of the high-level functions.
-
-The type ``gcry_ac_em_t'' is used for specifying encoding methods; the
-following methods are supported:
-
-@table @code
-@item GCRY_AC_EME_PKCS_V1_5
-PKCS-V1_5 Encoding Method for Encryption.  Options must be provided
-through a pointer to a correctly initialized object of type
-gcry_ac_eme_pkcs_v1_5_t.
-
-@item GCRY_AC_EMSA_PKCS_V1_5
-PKCS-V1_5 Encoding Method for Signatures with Appendix.  Options must
-be provided through a pointer to a correctly initialized object of
-type gcry_ac_emsa_pkcs_v1_5_t.
-@end table
-
-Option structure types:
-
-@table @code
-@item gcry_ac_eme_pkcs_v1_5_t
-@table @code
-@item gcry_ac_key_t key
-@item gcry_ac_handle_t handle
-@end table
-@item gcry_ac_emsa_pkcs_v1_5_t
-@table @code
-@item gcry_md_algo_t md
-@item size_t em_n
-@end table
-@end table
-
-Encoding methods can be used directly through the following functions:
-
-@deftypefun gcry_error_t gcry_ac_data_encode (gcry_ac_em_t @var{method}, unsigned int @var{flags}, void *@var{options}, unsigned char *@var{m}, size_t @var{m_n}, unsigned char **@var{em}, size_t *@var{em_n})
-Encodes the message contained in @var{m} of size @var{m_n} according
-to @var{method}, @var{flags} and @var{options}.  The newly created
-encoded message is stored in @var{em} and @var{em_n}.
-@end deftypefun
-
-@deftypefun gcry_error_t gcry_ac_data_decode (gcry_ac_em_t @var{method}, unsigned int @var{flags}, void *@var{options}, unsigned char *@var{em}, size_t @var{em_n}, unsigned char **@var{m}, size_t *@var{m_n})
-Decodes the message contained in @var{em} of size @var{em_n} according
-to @var{method}, @var{flags} and @var{options}.  The newly created
-decoded message is stored in @var{m} and @var{m_n}.
-@end deftypefun
-
-The type ``gcry_ac_scheme_t'' is used for specifying schemes; the
-following schemes are supported:
-
-@table @code
-@item GCRY_AC_ES_PKCS_V1_5
-PKCS-V1_5 Encryption Scheme.  No options can be provided.
-@item GCRY_AC_SSA_PKCS_V1_5
-PKCS-V1_5 Signature Scheme (with Appendix).  Options can be provided
-through a pointer to a correctly initialized object of type
-gcry_ac_ssa_pkcs_v1_5_t.
-@end table
-
-Option structure types:
-
-@table @code
-@item gcry_ac_ssa_pkcs_v1_5_t
-@table @code
-@item gcry_md_algo_t md
-@end table
-@end table
-
-The functions implementing schemes:
-
-@deftypefun gcry_error_t gcry_ac_data_encrypt_scheme (gcry_ac_handle_t @var{handle}, gcry_ac_scheme_t @var{scheme}, unsigned int @var{flags}, void *@var{opts}, gcry_ac_key_t @var{key}, gcry_ac_io_t *@var{io_message}, gcry_ac_io_t *@var{io_cipher})
-Encrypts the plain text readable from @var{io_message} through
-@var{handle} with the public key @var{key} according to @var{scheme},
-@var{flags} and @var{opts}.  If @var{opts} is not NULL, it has to be a
-pointer to a structure specific to the chosen scheme (gcry_ac_es_*_t).
-The encrypted message is written to @var{io_cipher}.
-@end deftypefun
-
-@deftypefun gcry_error_t gcry_ac_data_decrypt_scheme (gcry_ac_handle_t @var{handle}, gcry_ac_scheme_t @var{scheme}, unsigned int @var{flags}, void *@var{opts}, gcry_ac_key_t @var{key}, gcry_ac_io_t *@var{io_cipher}, gcry_ac_io_t *@var{io_message})
-Decrypts the cipher text readable from @var{io_cipher} through
-@var{handle} with the secret key @var{key} according to @var{scheme},
-@var{flags} and @var{opts}.  If @var{opts} is not NULL, it has to be a
-pointer to a structure specific to the chosen scheme (gcry_ac_es_*_t).
-The decrypted message is written to @var{io_message}.
-@end deftypefun
-
-@deftypefun gcry_error_t gcry_ac_data_sign_scheme (gcry_ac_handle_t @var{handle}, gcry_ac_scheme_t @var{scheme}, unsigned int @var{flags}, void *@var{opts}, gcry_ac_key_t @var{key}, gcry_ac_io_t *@var{io_message}, gcry_ac_io_t *@var{io_signature})
-Signs the message readable from @var{io_message} through @var{handle}
-with the secret key @var{key} according to @var{scheme}, @var{flags}
-and @var{opts}.  If @var{opts} is not NULL, it has to be a pointer to
-a structure specific to the chosen scheme (gcry_ac_ssa_*_t).  The
-signature is written to @var{io_signature}.
-@end deftypefun
-
-@deftypefun gcry_error_t gcry_ac_data_verify_scheme (gcry_ac_handle_t @var{handle}, gcry_ac_scheme_t @var{scheme}, unsigned int @var{flags}, void *@var{opts}, gcry_ac_key_t @var{key}, gcry_ac_io_t *@var{io_message}, gcry_ac_io_t *@var{io_signature})
-Verifies through @var{handle} that the signature readable from
-@var{io_signature} is indeed the result of signing the message
-readable from @var{io_message} with the secret key belonging to the
-public key @var{key} according to @var{scheme} and @var{opts}.  If
-@var{opts} is not NULL, it has to be an anonymous structure
-(gcry_ac_ssa_*_t) specific to the chosen scheme.
-@end deftypefun
-
-@node Handle-independent functions
-@subsection Handle-independent functions
-
-These two functions are deprecated; do not use them for new code.
-
-@deftypefun gcry_error_t gcry_ac_id_to_name (gcry_ac_id_t @var{algorithm}, const char **@var{name})
-Stores the textual representation of the algorithm whose id is given
-in @var{algorithm} in @var{name}.  Deprecated; use @code{gcry_pk_algo_name}.
-@end deftypefun
-
-@deftypefun gcry_error_t gcry_ac_name_to_id (const char *@var{name}, gcry_ac_id_t *@var{algorithm})
-Stores the numeric ID of the algorithm whose textual representation is
-contained in @var{name} in @var{algorithm}. Deprecated; use
-@code{gcry_pk_map_name}.
-@end deftypefun
-
 @c **********************************************************
 @c *******************  Hash Functions  *********************
 @c **********************************************************
@@ -5006,12 +4467,6 @@ final close function releases all resources associated with the handle.
 @node Public-Key Subsystem Architecture
 @section Public-Key Architecture
 
-Libgcrypt implements two interfaces for public key cryptography: The
-standard interface is PK interface using functions in the
-@code{gcry_pk_} name space.  The AC interface in an alternative one
-which is now deprecated and will not be further described.  The AC
-interface is also disabled in FIPS mode.
-
 Because public key cryptography is almost always used to process small
 amounts of data (hash values or session keys), the interface is not
 implemented using the open-use-close paradigm, but with single
@@ -5876,10 +5331,6 @@ large-pool-CSPRNG generator.
 @item
 The command @code{GCRYCTL_ENABLE_QUICK_RANDOM} is ignored.
 
-@item
-The Alternative Public Key Interface (@code{gcry_ac_xxx}) is not
-supported and all API calls return an error.
-
 @item
 Registration of external modules is not supported.
 
diff --git a/src/ChangeLog b/src/ChangeLog
index af7aa48c..3da69b2d 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,14 @@
+2011-09-15  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h.in: Remove all gcry_ac symbols.
+	* visibility.h: Remove all gcry_ac symbols.
+	* visibility.c: Remove all gcry_ac wrappers.
+	* libgcrypt.vers: Remove all gcry_ac symbols.
+	(GCRYPT_1.2): Rename to GCRYPT_1.6.
+	* libgcrypt.def: Remove all gcry_ac symbols.
+	* global.c (global_init): Remove comment code with a call to
+	_gcry_ac_init.
+
 2011-09-15  Werner Koch  <wk@g10code.com>
 
 	* hmac256.c (main): Fix endless loop when using pipe input and
diff --git a/src/g10lib.h b/src/g10lib.h
index 8d98ae38..a55d3d69 100644
--- a/src/g10lib.h
+++ b/src/g10lib.h
@@ -301,7 +301,6 @@ gcry_err_code_t _gcry_module_list (gcry_module_t modules,
 gcry_err_code_t _gcry_cipher_init (void);
 gcry_err_code_t _gcry_md_init (void);
 gcry_err_code_t _gcry_pk_init (void);
-gcry_err_code_t _gcry_ac_init (void);
 
 gcry_err_code_t _gcry_pk_module_lookup (int id, gcry_module_t *module);
 void _gcry_pk_module_release (gcry_module_t module);
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 63f71c0e..33059d2f 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -1248,414 +1248,6 @@ void gcry_md_debug (gcry_md_hd_t hd, const char *suffix);
    number.  */
 gcry_error_t gcry_md_list (int *list, int *list_length);
 
-
-/* Alternative interface for asymmetric cryptography.  This interface
-   is deprecated.  */
-
-/* The algorithm IDs. */
-typedef enum gcry_ac_id
-  {
-    GCRY_AC_RSA = 1,
-    GCRY_AC_DSA = 17,
-    GCRY_AC_ELG = 20,
-    GCRY_AC_ELG_E = 16
-  }
-gcry_ac_id_t _GCRY_ATTR_INTERNAL;
-
-/* Key types.  */
-typedef enum gcry_ac_key_type
-  {
-    GCRY_AC_KEY_SECRET,
-    GCRY_AC_KEY_PUBLIC
-  }
-gcry_ac_key_type_t _GCRY_ATTR_INTERNAL;
-
-/* Encoding methods.  */
-typedef enum gcry_ac_em
-  {
-    GCRY_AC_EME_PKCS_V1_5,
-    GCRY_AC_EMSA_PKCS_V1_5
-  }
-gcry_ac_em_t _GCRY_ATTR_INTERNAL;
-
-/* Encryption and Signature schemes.  */
-typedef enum gcry_ac_scheme
-  {
-    GCRY_AC_ES_PKCS_V1_5,
-    GCRY_AC_SSA_PKCS_V1_5
-  }
-gcry_ac_scheme_t _GCRY_ATTR_INTERNAL;
-
-/* AC data.  */
-#define GCRY_AC_FLAG_DEALLOC     (1 << 0)
-#define GCRY_AC_FLAG_COPY        (1 << 1)
-#define GCRY_AC_FLAG_NO_BLINDING (1 << 2)
-
-/* This type represents a `data set'.  */
-typedef struct gcry_ac_data *gcry_ac_data_t _GCRY_ATTR_INTERNAL;
-
-/* This type represents a single `key', either a secret one or a
-   public one.  */
-typedef struct gcry_ac_key *gcry_ac_key_t _GCRY_ATTR_INTERNAL;
-
-/* This type represents a `key pair' containing a secret and a public
-   key.  */
-typedef struct gcry_ac_key_pair *gcry_ac_key_pair_t _GCRY_ATTR_INTERNAL;
-
-/* This type represents a `handle' that is needed by functions
-   performing cryptographic operations.  */
-typedef struct gcry_ac_handle *gcry_ac_handle_t _GCRY_ATTR_INTERNAL;
-
-typedef gpg_error_t (*gcry_ac_data_read_cb_t) (void *opaque,
-					       unsigned char *buffer,
-					       size_t *buffer_n)
-  /* */  _GCRY_ATTR_INTERNAL;
-
-typedef gpg_error_t (*gcry_ac_data_write_cb_t) (void *opaque,
-						unsigned char *buffer,
-						size_t buffer_n)
-  /* */  _GCRY_ATTR_INTERNAL;
-
-typedef enum
-  {
-    GCRY_AC_IO_READABLE,
-    GCRY_AC_IO_WRITABLE
-  }
-gcry_ac_io_mode_t _GCRY_ATTR_INTERNAL;
-
-typedef enum
-  {
-    GCRY_AC_IO_STRING,
-    GCRY_AC_IO_CALLBACK
-  }
-gcry_ac_io_type_t _GCRY_ATTR_INTERNAL;
-
-typedef struct gcry_ac_io
-{
-  /* This is an INTERNAL structure, do NOT use manually.  */
-  gcry_ac_io_mode_t mode _GCRY_ATTR_INTERNAL;
-  gcry_ac_io_type_t type _GCRY_ATTR_INTERNAL;
-  union
-  {
-    union
-    {
-      struct
-      {
-	gcry_ac_data_read_cb_t cb;
-	void *opaque;
-      } callback;
-      struct
-      {
-	unsigned char *data;
-	size_t data_n;
-      } string;
-      void *opaque;
-    } readable;
-    union
-    {
-      struct
-      {
-	gcry_ac_data_write_cb_t cb;
-	void *opaque;
-      } callback;
-      struct
-      {
-	unsigned char **data;
-	size_t *data_n;
-      } string;
-      void *opaque;
-    } writable;
-  } io _GCRY_ATTR_INTERNAL;
-}
-gcry_ac_io_t _GCRY_ATTR_INTERNAL;
-
-/* The caller of gcry_ac_key_pair_generate can provide one of these
-   structures in order to influence the key generation process in an
-   algorithm-specific way.  */
-typedef struct gcry_ac_key_spec_rsa
-{
-  gcry_mpi_t e;                 /* E to use.  */
-} gcry_ac_key_spec_rsa_t _GCRY_ATTR_INTERNAL;
-
-/* Structure used for passing data to the implementation of the
-   `EME-PKCS-V1_5' encoding method.  */
-typedef struct gcry_ac_eme_pkcs_v1_5
-{
-  size_t key_size;
-} gcry_ac_eme_pkcs_v1_5_t _GCRY_ATTR_INTERNAL;
-
-typedef enum gcry_md_algos gcry_md_algo_t _GCRY_ATTR_INTERNAL;
-
-/* Structure used for passing data to the implementation of the
-   `EMSA-PKCS-V1_5' encoding method.  */
-typedef struct gcry_ac_emsa_pkcs_v1_5
-{
-  gcry_md_algo_t md;
-  size_t em_n;
-} gcry_ac_emsa_pkcs_v1_5_t _GCRY_ATTR_INTERNAL;
-
-/* Structure used for passing data to the implementation of the
-   `SSA-PKCS-V1_5' signature scheme.  */
-typedef struct gcry_ac_ssa_pkcs_v1_5
-{
-  gcry_md_algo_t md;
-} gcry_ac_ssa_pkcs_v1_5_t _GCRY_ATTR_INTERNAL;
-
-
-#ifndef GCRYPT_NO_DEPRECATED
-/* Returns a new, empty data set in DATA.  */
-gcry_error_t gcry_ac_data_new (gcry_ac_data_t *data)
-  /* */                       _GCRY_ATTR_INTERNAL;
-
-/* Destroy the data set DATA.  */
-void gcry_ac_data_destroy (gcry_ac_data_t data)
-  /* */                       _GCRY_ATTR_INTERNAL;
-
-/* Create a copy of the data set DATA and store it in DATA_CP.  */
-gcry_error_t gcry_ac_data_copy (gcry_ac_data_t *data_cp,
-                                gcry_ac_data_t data)
-  /* */                       _GCRY_ATTR_INTERNAL;
-
-/* Return the number of named MPI values inside of the data set
-   DATA.  */
-unsigned int gcry_ac_data_length (gcry_ac_data_t data)
-  /* */                       _GCRY_ATTR_INTERNAL;
-
-/* Destroy any values contained in the data set DATA.  */
-void gcry_ac_data_clear (gcry_ac_data_t data)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Add the value MPI to DATA with the label NAME.  If FLAGS contains
-   GCRY_AC_FLAG_DATA_COPY, the data set will contain copies of NAME
-   and MPI.  If FLAGS contains GCRY_AC_FLAG_DATA_DEALLOC or
-   GCRY_AC_FLAG_DATA_COPY, the values contained in the data set will
-   be deallocated when they are to be removed from the data set.  */
-gcry_error_t gcry_ac_data_set (gcry_ac_data_t data, unsigned int flags,
-                               const char *name, gcry_mpi_t mpi)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Store the value labelled with NAME found in DATA in MPI.  If FLAGS
-   contains GCRY_AC_FLAG_COPY, store a copy of the MPI value contained
-   in the data set.  MPI may be NULL.  */
-gcry_error_t gcry_ac_data_get_name (gcry_ac_data_t data, unsigned int flags,
-                                    const char *name, gcry_mpi_t *mpi)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Stores in NAME and MPI the named MPI value contained in the data
-   set DATA with the index IDX.  If FLAGS contains GCRY_AC_FLAG_COPY,
-   store copies of the values contained in the data set. NAME or MPI
-   may be NULL.  */
-gcry_error_t gcry_ac_data_get_index (gcry_ac_data_t data, unsigned int flags,
-                                     unsigned int idx,
-                                     const char **name, gcry_mpi_t *mpi)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Convert the data set DATA into a new S-Expression, which is to be
-   stored in SEXP, according to the identifiers contained in
-   IDENTIFIERS.  */
-gcry_error_t gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp,
-				   const char **identifiers)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Create a new data set, which is to be stored in DATA_SET, from the
-   S-Expression SEXP, according to the identifiers contained in
-   IDENTIFIERS.  */
-gcry_error_t gcry_ac_data_from_sexp (gcry_ac_data_t *data, gcry_sexp_t sexp,
-				     const char **identifiers)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Initialize AC_IO according to MODE, TYPE and the variable list of
-   arguments.  The list of variable arguments to specify depends on
-   the given TYPE.  */
-void gcry_ac_io_init (gcry_ac_io_t *ac_io, gcry_ac_io_mode_t mode,
-		      gcry_ac_io_type_t type, ...)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Initialize AC_IO according to MODE, TYPE and the variable list of
-   arguments AP.  The list of variable arguments to specify depends on
-   the given TYPE.  */
-void gcry_ac_io_init_va (gcry_ac_io_t *ac_io, gcry_ac_io_mode_t mode,
-			 gcry_ac_io_type_t type, va_list ap)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Create a new ac handle.  */
-gcry_error_t gcry_ac_open (gcry_ac_handle_t *handle,
-                           gcry_ac_id_t algorithm, unsigned int flags)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Destroy an ac handle.  */
-void gcry_ac_close (gcry_ac_handle_t handle)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Initialize a key from a given data set.  */
-gcry_error_t gcry_ac_key_init (gcry_ac_key_t *key, gcry_ac_handle_t handle,
-                               gcry_ac_key_type_t type, gcry_ac_data_t data)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Generates a new key pair via the handle HANDLE of NBITS bits and
-   stores it in KEY_PAIR.  In case non-standard settings are wanted, a
-   pointer to a structure of type gcry_ac_key_spec_<algorithm>_t,
-   matching the selected algorithm, can be given as KEY_SPEC.
-   MISC_DATA is not used yet.  */
-gcry_error_t gcry_ac_key_pair_generate (gcry_ac_handle_t handle,
-                                        unsigned int nbits, void *spec,
-                                        gcry_ac_key_pair_t *key_pair,
-                                        gcry_mpi_t **misc_data)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Returns the key of type WHICH out of the key pair KEY_PAIR.  */
-gcry_ac_key_t gcry_ac_key_pair_extract (gcry_ac_key_pair_t key_pair,
-                                        gcry_ac_key_type_t which)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Returns the data set contained in the key KEY.  */
-gcry_ac_data_t gcry_ac_key_data_get (gcry_ac_key_t key)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Verifies that the key KEY is sane via HANDLE.  */
-gcry_error_t gcry_ac_key_test (gcry_ac_handle_t handle, gcry_ac_key_t key)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Stores the number of bits of the key KEY in NBITS via HANDLE.  */
-gcry_error_t gcry_ac_key_get_nbits (gcry_ac_handle_t handle,
-                                    gcry_ac_key_t key, unsigned int *nbits)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Writes the 20 byte long key grip of the key KEY to KEY_GRIP via
-   HANDLE.  */
-gcry_error_t gcry_ac_key_get_grip (gcry_ac_handle_t handle, gcry_ac_key_t key,
-                                   unsigned char *key_grip)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Destroy a key.  */
-void gcry_ac_key_destroy (gcry_ac_key_t key)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Destroy a key pair.  */
-void gcry_ac_key_pair_destroy (gcry_ac_key_pair_t key_pair)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Encodes a message according to the encoding method METHOD.  OPTIONS
-   must be a pointer to a method-specific structure
-   (gcry_ac_em*_t).  */
-gcry_error_t gcry_ac_data_encode (gcry_ac_em_t method,
-				  unsigned int flags, void *options,
-				  gcry_ac_io_t *io_read,
-				  gcry_ac_io_t *io_write)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Decodes a message according to the encoding method METHOD.  OPTIONS
-   must be a pointer to a method-specific structure
-   (gcry_ac_em*_t).  */
-gcry_error_t gcry_ac_data_decode (gcry_ac_em_t method,
-				  unsigned int flags, void *options,
-				  gcry_ac_io_t *io_read,
-				  gcry_ac_io_t *io_write)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Encrypt the plain text MPI value DATA_PLAIN with the key KEY under
-   the control of the flags FLAGS and store the resulting data set
-   into DATA_ENCRYPTED.  */
-gcry_error_t gcry_ac_data_encrypt (gcry_ac_handle_t handle,
-                                   unsigned int flags,
-                                   gcry_ac_key_t key,
-                                   gcry_mpi_t data_plain,
-                                   gcry_ac_data_t *data_encrypted)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Decrypt the decrypted data contained in the data set DATA_ENCRYPTED
-   with the key KEY under the control of the flags FLAGS and store the
-   resulting plain text MPI value in DATA_PLAIN.  */
-gcry_error_t gcry_ac_data_decrypt (gcry_ac_handle_t handle,
-                                   unsigned int flags,
-                                   gcry_ac_key_t key,
-                                   gcry_mpi_t *data_plain,
-                                   gcry_ac_data_t data_encrypted)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Sign the data contained in DATA with the key KEY and store the
-   resulting signature in the data set DATA_SIGNATURE.  */
-gcry_error_t gcry_ac_data_sign (gcry_ac_handle_t handle,
-                                gcry_ac_key_t key,
-                                gcry_mpi_t data,
-                                gcry_ac_data_t *data_signature)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Verify that the signature contained in the data set DATA_SIGNATURE
-   is indeed the result of signing the data contained in DATA with the
-   secret key belonging to the public key KEY.  */
-gcry_error_t gcry_ac_data_verify (gcry_ac_handle_t handle,
-                                  gcry_ac_key_t key,
-                                  gcry_mpi_t data,
-                                  gcry_ac_data_t data_signature)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Encrypts the plain text readable from IO_MESSAGE through HANDLE
-   with the public key KEY according to SCHEME, FLAGS and OPTS.  If
-   OPTS is not NULL, it has to be a pointer to a structure specific to
-   the chosen scheme (gcry_ac_es_*_t).  The encrypted message is
-   written to IO_CIPHER. */
-gcry_error_t gcry_ac_data_encrypt_scheme (gcry_ac_handle_t handle,
-					  gcry_ac_scheme_t scheme,
-					  unsigned int flags, void *opts,
-					  gcry_ac_key_t key,
-					  gcry_ac_io_t *io_message,
-					  gcry_ac_io_t *io_cipher)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Decrypts the cipher text readable from IO_CIPHER through HANDLE
-   with the secret key KEY according to SCHEME, @var{flags} and OPTS.
-   If OPTS is not NULL, it has to be a pointer to a structure specific
-   to the chosen scheme (gcry_ac_es_*_t).  The decrypted message is
-   written to IO_MESSAGE.  */
-gcry_error_t gcry_ac_data_decrypt_scheme (gcry_ac_handle_t handle,
-					  gcry_ac_scheme_t scheme,
-					  unsigned int flags, void *opts,
-					  gcry_ac_key_t key,
-					  gcry_ac_io_t *io_cipher,
-					  gcry_ac_io_t *io_message)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Signs the message readable from IO_MESSAGE through HANDLE with the
-   secret key KEY according to SCHEME, FLAGS and OPTS.  If OPTS is not
-   NULL, it has to be a pointer to a structure specific to the chosen
-   scheme (gcry_ac_ssa_*_t).  The signature is written to
-   IO_SIGNATURE.  */
-gcry_error_t gcry_ac_data_sign_scheme (gcry_ac_handle_t handle,
-				       gcry_ac_scheme_t scheme,
-				       unsigned int flags, void *opts,
-				       gcry_ac_key_t key,
-				       gcry_ac_io_t *io_message,
-				       gcry_ac_io_t *io_signature)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Verifies through HANDLE that the signature readable from
-   IO_SIGNATURE is indeed the result of signing the message readable
-   from IO_MESSAGE with the secret key belonging to the public key KEY
-   according to SCHEME and OPTS.  If OPTS is not NULL, it has to be an
-   anonymous structure (gcry_ac_ssa_*_t) specific to the chosen
-   scheme.  */
-gcry_error_t gcry_ac_data_verify_scheme (gcry_ac_handle_t handle,
-					 gcry_ac_scheme_t scheme,
-					 unsigned int flags, void *opts,
-					 gcry_ac_key_t key,
-					 gcry_ac_io_t *io_message,
-					 gcry_ac_io_t *io_signature)
-  /* */ _GCRY_ATTR_INTERNAL;
-
-/* Store the textual representation of the algorithm whose id is given
-   in ALGORITHM in NAME.  This function is deprecated; use
-   gcry_pk_algo_name. */
-gcry_error_t gcry_ac_id_to_name (gcry_ac_id_t algorithm,
-                                 const char **name)
-     /* */                      _GCRY_GCC_ATTR_DEPRECATED;
-/* Store the numeric ID of the algorithm whose textual representation
-   is contained in NAME in ALGORITHM.  This function is deprecated;
-   use gcry_pk_map_name. */
-gcry_error_t gcry_ac_name_to_id (const char *name,
-                                 gcry_ac_id_t *algorithm)
-     /* */                      _GCRY_GCC_ATTR_DEPRECATED;
-#endif /*GCRYPT_NO_DEPRECATED*/
 
 
 /******************************
diff --git a/src/global.c b/src/global.c
index d65b0680..93ff800c 100644
--- a/src/global.c
+++ b/src/global.c
@@ -123,15 +123,6 @@ global_init (void)
   err = _gcry_pk_init ();
   if (err)
     goto fail;
-#if 0
-  /* Hmmm, as of now ac_init does nothing. */
-  if ( !fips_mode () )
-    {
-      err = _gcry_ac_init ();
-      if (err)
-        goto fail;
-    }
-#endif
 
   return;
 
diff --git a/src/libgcrypt.def b/src/libgcrypt.def
index 031b9410..55fd6d70 100644
--- a/src/libgcrypt.def
+++ b/src/libgcrypt.def
@@ -148,31 +148,10 @@ EXPORTS
       gcry_pk_get_keygrip  @116
       gcry_pk_list  @117
 
-      gcry_ac_data_new  @118
-      gcry_ac_data_destroy  @119
-      gcry_ac_data_set  @120
-      gcry_ac_data_copy  @121
-      gcry_ac_data_length  @122
-      gcry_ac_data_get_name  @123
-      gcry_ac_data_get_index  @124
-      gcry_ac_data_clear  @125
-      gcry_ac_open  @126
-      gcry_ac_close  @127
-      gcry_ac_key_init  @128
-      gcry_ac_key_pair_generate  @129
-      gcry_ac_key_pair_extract  @130
-      gcry_ac_key_data_get  @131
-      gcry_ac_key_test  @132
-      gcry_ac_key_get_nbits  @133
-      gcry_ac_key_get_grip  @134
-      gcry_ac_key_destroy  @135
-      gcry_ac_key_pair_destroy  @136
-      gcry_ac_data_encrypt  @137
-      gcry_ac_data_decrypt  @138
-      gcry_ac_data_sign  @139
-      gcry_ac_data_verify  @140
-      gcry_ac_id_to_name  @141
-      gcry_ac_name_to_id  @142
+;;
+;; 118 to 142 were used in previous Libgcrypt versions for the gcry_ac
+;; interface
+;;
 
       gcry_md_open  @143
       gcry_md_close  @144
@@ -216,14 +195,10 @@ EXPORTS
       gcry_pk_register  @177
       gcry_pk_unregister @178
 
-      gcry_ac_data_from_sexp  @179
-      gcry_ac_data_to_sexp  @180
-      gcry_ac_io_init  @181
-      gcry_ac_io_init_va  @182
-      gcry_ac_data_encrypt_scheme  @183
-      gcry_ac_data_decrypt_scheme  @184
-      gcry_ac_data_sign_scheme  @185
-      gcry_ac_data_verify_scheme  @186
+;;
+;; 179 to 186 were used in previous Libgcrypt versions for the gcry_ac
+;; interface
+;;
 
       gcry_sexp_nth_string  @187
 
diff --git a/src/libgcrypt.vers b/src/libgcrypt.vers
index 5a617ccb..58307db5 100644
--- a/src/libgcrypt.vers
+++ b/src/libgcrypt.vers
@@ -1,5 +1,5 @@
 # libgcrypt.vers  - What symbols to export                  -*- std -*-
-# Copyright (C) 2002, 2004, 2008 Free Software Foundation, Inc.
+# Copyright (C) 2002, 2004, 2008, 2011 Free Software Foundation, Inc.
 #
 # This file is part of Libgcrypt.
 #
@@ -20,7 +20,7 @@
 # NOTE: When adding new functions, please make sure to add them to
 # visibility.h and libgcrypt.def as well.
 
-GCRYPT_1.2 {
+GCRYPT_1.6 {
   global:
     gcry_check_version; gcry_control;
     gcry_set_allocation_handler; gcry_set_fatalerror_handler;
@@ -59,22 +59,6 @@ GCRYPT_1.2 {
     gcry_pk_testkey; gcry_pk_unregister; gcry_pk_verify;
     gcry_pk_get_curve; gcry_pk_get_param;
 
-    gcry_ac_data_new; gcry_ac_data_destroy; gcry_ac_data_copy;
-    gcry_ac_data_length; gcry_ac_data_clear; gcry_ac_data_set;
-    gcry_ac_data_get_name; gcry_ac_data_get_index; gcry_ac_open;
-    gcry_ac_close; gcry_ac_key_init; gcry_ac_key_pair_generate;
-    gcry_ac_key_pair_extract; gcry_ac_key_data_get; gcry_ac_key_test;
-    gcry_ac_key_get_nbits; gcry_ac_key_get_grip; gcry_ac_key_destroy;
-    gcry_ac_key_pair_destroy; gcry_ac_data_encrypt; gcry_ac_data_decrypt;
-    gcry_ac_data_sign; gcry_ac_data_verify; gcry_ac_id_to_name;
-    gcry_ac_name_to_id; gcry_ac_list; gcry_ac_data_encode;
-    gcry_ac_data_decode; gcry_ac_mpi_to_os; gcry_ac_mpi_to_os_alloc;
-    gcry_ac_os_to_mpi; gcry_ac_data_encrypt_scheme;
-    gcry_ac_data_decrypt_scheme;
-    gcry_ac_data_sign_scheme; gcry_ac_data_verify_scheme;
-    gcry_ac_data_to_sexp; gcry_ac_data_from_sexp;
-    gcry_ac_io_init; gcry_ac_io_init_va;
-
     gcry_kdf_derive;
 
     gcry_prime_check; gcry_prime_generate;
diff --git a/src/visibility.c b/src/visibility.c
index 2fccb017..d1c55de5 100644
--- a/src/visibility.c
+++ b/src/visibility.c
@@ -928,287 +928,6 @@ gcry_md_list (int *list, int *list_length)
   return _gcry_md_list (list, list_length);
 }
 
-gcry_error_t
-gcry_ac_data_new (gcry_ac_data_t *data)
-{
-  return _gcry_ac_data_new (data);
-}
-
-void
-gcry_ac_data_destroy (gcry_ac_data_t data)
-{
-  _gcry_ac_data_destroy (data);
-}
-
-gcry_error_t
-gcry_ac_data_copy (gcry_ac_data_t *data_cp, gcry_ac_data_t data)
-{
-  return _gcry_ac_data_copy (data_cp, data);
-}
-
-unsigned int
-gcry_ac_data_length (gcry_ac_data_t data)
-{
-  return _gcry_ac_data_length (data);
-}
-
-void
-gcry_ac_data_clear (gcry_ac_data_t data)
-{
-  _gcry_ac_data_clear (data);
-}
-
-gcry_error_t
-gcry_ac_data_set (gcry_ac_data_t data, unsigned int flags,
-                  const char *name, gcry_mpi_t mpi)
-{
-  return _gcry_ac_data_set (data, flags, name, mpi);
-}
-
-gcry_error_t
-gcry_ac_data_get_name (gcry_ac_data_t data, unsigned int flags,
-                       const char *name, gcry_mpi_t *mpi)
-{
-  return _gcry_ac_data_get_name (data, flags, name, mpi);
-}
-
-gcry_error_t
-gcry_ac_data_get_index (gcry_ac_data_t data, unsigned int flags,
-                        unsigned int idx, const char **name, gcry_mpi_t *mpi)
-{
-  return _gcry_ac_data_get_index (data, flags, idx, name, mpi);
-}
-
-gcry_error_t
-gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp,
-                      const char **identifiers)
-{
-  return _gcry_ac_data_to_sexp (data, sexp, identifiers);
-}
-
-gcry_error_t
-gcry_ac_data_from_sexp (gcry_ac_data_t *data, gcry_sexp_t sexp,
-                        const char **identifiers)
-{
-  return _gcry_ac_data_from_sexp (data, sexp, identifiers);
-}
-
-void
-gcry_ac_io_init (gcry_ac_io_t *ac_io, gcry_ac_io_mode_t mode,
-                 gcry_ac_io_type_t type, ...)
-{
-  va_list arg_ptr;
-
-  va_start (arg_ptr, type);
-  _gcry_ac_io_init_va (ac_io, mode, type, arg_ptr);
-  va_end (arg_ptr);
-}
-
-void
-gcry_ac_io_init_va (gcry_ac_io_t *ac_io, gcry_ac_io_mode_t mode,
-                    gcry_ac_io_type_t type, va_list ap)
-{
-  _gcry_ac_io_init_va (ac_io, mode, type, ap);
-}
-
-gcry_error_t
-gcry_ac_open (gcry_ac_handle_t *handle,
-              gcry_ac_id_t algorithm, unsigned int flags)
-{
-  return _gcry_ac_open (handle, algorithm, flags);
-}
-
-void
-gcry_ac_close (gcry_ac_handle_t handle)
-{
-  _gcry_ac_close (handle);
-}
-
-gcry_error_t
-gcry_ac_key_init (gcry_ac_key_t *key, gcry_ac_handle_t handle,
-                  gcry_ac_key_type_t type, gcry_ac_data_t data)
-{
-  return _gcry_ac_key_init (key, handle, type, data);
-}
-
-gcry_error_t
-gcry_ac_key_pair_generate (gcry_ac_handle_t handle,
-                           unsigned int nbits, void *spec,
-                           gcry_ac_key_pair_t *key_pair,
-                           gcry_mpi_t **miscdata)
-{
-  return _gcry_ac_key_pair_generate ( handle, nbits, spec, key_pair, miscdata);
-}
-
-gcry_ac_key_t
-gcry_ac_key_pair_extract (gcry_ac_key_pair_t keypair, gcry_ac_key_type_t which)
-{
-  return _gcry_ac_key_pair_extract (keypair, which);
-}
-
-gcry_ac_data_t
-gcry_ac_key_data_get (gcry_ac_key_t key)
-{
-  return _gcry_ac_key_data_get (key);
-}
-
-gcry_error_t
-gcry_ac_key_test (gcry_ac_handle_t handle, gcry_ac_key_t key)
-{
-  return _gcry_ac_key_test (handle, key);
-}
-
-gcry_error_t
-gcry_ac_key_get_nbits (gcry_ac_handle_t handle,
-                       gcry_ac_key_t key, unsigned int *nbits)
-{
-  return _gcry_ac_key_get_nbits (handle, key, nbits);
-}
-
-gcry_error_t
-gcry_ac_key_get_grip (gcry_ac_handle_t handle, gcry_ac_key_t key,
-                      unsigned char *key_grip)
-{
-  return _gcry_ac_key_get_grip (handle, key, key_grip);
-}
-
-void
-gcry_ac_key_destroy (gcry_ac_key_t key)
-{
-  _gcry_ac_key_destroy (key);
-}
-
-void
-gcry_ac_key_pair_destroy (gcry_ac_key_pair_t key_pair)
-{
-  _gcry_ac_key_pair_destroy (key_pair);
-}
-
-gcry_error_t
-gcry_ac_data_encode (gcry_ac_em_t method, unsigned int flags, void *options,
-                     gcry_ac_io_t *io_read, gcry_ac_io_t *io_write)
-{
-  return _gcry_ac_data_encode (method, flags, options, io_read, io_write);
-}
-
-gcry_error_t
-gcry_ac_data_decode (gcry_ac_em_t method, unsigned int flags, void *options,
-                     gcry_ac_io_t *io_read, gcry_ac_io_t *io_write)
-{
-  return _gcry_ac_data_decode (method, flags, options, io_read,  io_write);
-}
-
-gcry_error_t
-gcry_ac_data_encrypt (gcry_ac_handle_t handle,
-                      unsigned int flags,
-                      gcry_ac_key_t key,
-                      gcry_mpi_t data_plain,
-                      gcry_ac_data_t *data_encrypted)
-{
-  return _gcry_ac_data_encrypt (handle, flags, key,
-                                data_plain, data_encrypted);
-}
-
-gcry_error_t
-gcry_ac_data_decrypt (gcry_ac_handle_t handle,
-                      unsigned int flags,
-                      gcry_ac_key_t key,
-                      gcry_mpi_t *data_plain,
-                      gcry_ac_data_t data_encrypted)
-{
-  return _gcry_ac_data_decrypt (handle, flags, key,
-                                data_plain, data_encrypted);
-}
-
-gcry_error_t
-gcry_ac_data_sign (gcry_ac_handle_t handle,
-                   gcry_ac_key_t key,
-                   gcry_mpi_t data,
-                   gcry_ac_data_t *data_signature)
-{
-  return _gcry_ac_data_sign (handle, key, data, data_signature);
-}
-
-gcry_error_t
-gcry_ac_data_verify (gcry_ac_handle_t handle,
-                     gcry_ac_key_t key,
-                     gcry_mpi_t data,
-                     gcry_ac_data_t data_signature)
-{
-  return _gcry_ac_data_verify (handle, key, data, data_signature);
-}
-
-gcry_error_t
-gcry_ac_data_encrypt_scheme (gcry_ac_handle_t handle,
-                             gcry_ac_scheme_t scheme,
-                             unsigned int flags, void *opts,
-                             gcry_ac_key_t key,
-                             gcry_ac_io_t *io_message,
-                             gcry_ac_io_t *io_cipher)
-{
-  return _gcry_ac_data_encrypt_scheme (handle, scheme, flags, opts, key,
-                                       io_message, io_cipher);
-}
-
-gcry_error_t
-gcry_ac_data_decrypt_scheme (gcry_ac_handle_t handle,
-                             gcry_ac_scheme_t scheme,
-                             unsigned int flags, void *opts,
-                             gcry_ac_key_t key,
-                             gcry_ac_io_t *io_cipher,
-                             gcry_ac_io_t *io_message)
-{
-  return _gcry_ac_data_decrypt_scheme (handle, scheme, flags, opts, key,
-                                       io_cipher, io_message);
-}
-
-gcry_error_t
-gcry_ac_data_sign_scheme (gcry_ac_handle_t handle,
-                          gcry_ac_scheme_t scheme,
-                          unsigned int flags, void *opts,
-                          gcry_ac_key_t key,
-                          gcry_ac_io_t *io_message,
-                          gcry_ac_io_t *io_signature)
-{
-  return _gcry_ac_data_sign_scheme (handle, scheme, flags, opts, key,
-                                    io_message, io_signature);
-}
-
-gcry_error_t
-gcry_ac_data_verify_scheme (gcry_ac_handle_t handle,
-                            gcry_ac_scheme_t scheme,
-                            unsigned int flags, void *opts,
-                            gcry_ac_key_t key,
-                            gcry_ac_io_t *io_message,
-                            gcry_ac_io_t *io_signature)
-{
-  return _gcry_ac_data_verify_scheme (handle, scheme, flags, opts, key,
-                                      io_message, io_signature);
-}
-
-gcry_error_t
-gcry_ac_id_to_name (gcry_ac_id_t algorithm, const char **name)
-{
-  /* This function is deprecated.  We implement it in terms of the
-     suggested replacement.  */
-  const char *tmp = _gcry_pk_algo_name (algorithm);
-  if (!*tmp)
-    return gcry_error (GPG_ERR_PUBKEY_ALGO);
-  *name = tmp;
-  return 0;
-}
-
-gcry_error_t
-gcry_ac_name_to_id (const char *name, gcry_ac_id_t *algorithm)
-{
-  /* This function is deprecated.  We implement it in terms of the
-     suggested replacement.  */
-  int algo = _gcry_pk_map_name (name);
-  if (!algo)
-    return gcry_error (GPG_ERR_PUBKEY_ALGO);
-  *algorithm = algo;
-  return 0;
-}
 
 gpg_error_t
 gcry_kdf_derive (const void *passphrase, size_t passphraselen,
diff --git a/src/visibility.h b/src/visibility.h
index 3c1e8aa8..072018ac 100644
--- a/src/visibility.h
+++ b/src/visibility.h
@@ -114,45 +114,6 @@
 #define gcry_pk_testkey             _gcry_pk_testkey
 #define gcry_pk_verify              _gcry_pk_verify
 
-#define gcry_ac_data_new            _gcry_ac_data_new
-#define gcry_ac_data_destroy        _gcry_ac_data_destroy
-#define gcry_ac_data_copy           _gcry_ac_data_copy
-#define gcry_ac_data_length         _gcry_ac_data_length
-#define gcry_ac_data_clear          _gcry_ac_data_clear
-#define gcry_ac_data_set            _gcry_ac_data_set
-#define gcry_ac_data_get_name       _gcry_ac_data_get_name
-#define gcry_ac_data_get_index      _gcry_ac_data_get_index
-#define gcry_ac_open                _gcry_ac_open
-#define gcry_ac_close               _gcry_ac_close
-#define gcry_ac_key_init            _gcry_ac_key_init
-#define gcry_ac_key_pair_generate   _gcry_ac_key_pair_generate
-#define gcry_ac_key_pair_extract    _gcry_ac_key_pair_extract
-#define gcry_ac_key_data_get        _gcry_ac_key_data_get
-#define gcry_ac_key_test            _gcry_ac_key_test
-#define gcry_ac_key_get_nbits       _gcry_ac_key_get_nbits
-#define gcry_ac_key_get_grip        _gcry_ac_key_get_grip
-#define gcry_ac_key_destroy         _gcry_ac_key_destroy
-#define gcry_ac_key_pair_destroy    _gcry_ac_key_pair_destroy
-#define gcry_ac_data_encrypt        _gcry_ac_data_encrypt
-#define gcry_ac_data_decrypt        _gcry_ac_data_decrypt
-#define gcry_ac_data_sign           _gcry_ac_data_sign
-#define gcry_ac_data_verify         _gcry_ac_data_verify
-#define gcry_ac_id_to_name          _gcry_ac_id_to_name
-#define gcry_ac_name_to_id          _gcry_ac_name_to_id
-#define gcry_ac_data_encode         _gcry_ac_data_encode
-#define gcry_ac_data_decode         _gcry_ac_data_decode
-#define gcry_ac_mpi_to_os           _gcry_ac_mpi_to_os
-#define gcry_ac_mpi_to_os_alloc     _gcry_ac_mpi_to_os_alloc
-#define gcry_ac_os_to_mpi           _gcry_ac_os_to_mpi
-#define gcry_ac_data_encrypt_scheme _gcry_ac_data_encrypt_scheme
-#define gcry_ac_data_decrypt_scheme _gcry_ac_data_decrypt_scheme
-#define gcry_ac_data_sign_scheme    _gcry_ac_data_sign_scheme
-#define gcry_ac_data_verify_scheme  _gcry_ac_data_verify_scheme
-#define gcry_ac_data_to_sexp        _gcry_ac_data_to_sexp
-#define gcry_ac_data_from_sexp      _gcry_ac_data_from_sexp
-#define gcry_ac_io_init             _gcry_ac_io_init
-#define gcry_ac_io_init_va          _gcry_ac_io_init_va
-
 #define gcry_kdf_derive             _gcry_kdf_derive
 
 #define gcry_prime_check            _gcry_prime_check
@@ -241,99 +202,7 @@
      deprecated attribute.  */
 # define GCRYPT_NO_DEPRECATED
 # include "gcrypt.h"
-/* The algorithm IDs. */
-  gcry_error_t gcry_ac_data_new (gcry_ac_data_t *data);
-  void gcry_ac_data_destroy (gcry_ac_data_t data);
-  gcry_error_t gcry_ac_data_copy (gcry_ac_data_t *data_cp,
-                                  gcry_ac_data_t data);
-  unsigned int gcry_ac_data_length (gcry_ac_data_t data);
-  void gcry_ac_data_clear (gcry_ac_data_t data);
-  gcry_error_t gcry_ac_data_set (gcry_ac_data_t data, unsigned int flags,
-                                 const char *name, gcry_mpi_t mpi);
-  gcry_error_t gcry_ac_data_get_name (gcry_ac_data_t data, unsigned int flags,
-                                      const char *name, gcry_mpi_t *mpi);
-  gcry_error_t gcry_ac_data_get_index (gcry_ac_data_t data, unsigned int flags,
-                                       unsigned int idx,
-                                       const char **name, gcry_mpi_t *mpi);
-  gcry_error_t gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp,
-                                   const char **identifiers);
-  gcry_error_t gcry_ac_data_from_sexp (gcry_ac_data_t *data, gcry_sexp_t sexp,
-                                     const char **identifiers);
-  void gcry_ac_io_init (gcry_ac_io_t *ac_io, gcry_ac_io_mode_t mode,
-                      gcry_ac_io_type_t type, ...);
-  void gcry_ac_io_init_va (gcry_ac_io_t *ac_io, gcry_ac_io_mode_t mode,
-                         gcry_ac_io_type_t type, va_list ap);
-  gcry_error_t gcry_ac_open (gcry_ac_handle_t *handle,
-                             gcry_ac_id_t algorithm, unsigned int flags);
-  void gcry_ac_close (gcry_ac_handle_t handle);
-  gcry_error_t gcry_ac_key_init (gcry_ac_key_t *key, gcry_ac_handle_t handle,
-                                 gcry_ac_key_type_t type, gcry_ac_data_t data);
-  gcry_error_t gcry_ac_key_pair_generate (gcry_ac_handle_t handle,
-                                          unsigned int nbits, void *spec,
-                                          gcry_ac_key_pair_t *key_pair,
-                                          gcry_mpi_t **misc_data);
-  gcry_ac_key_t gcry_ac_key_pair_extract (gcry_ac_key_pair_t key_pair,
-                                          gcry_ac_key_type_t which);
-  gcry_ac_data_t gcry_ac_key_data_get (gcry_ac_key_t key);
-  gcry_error_t gcry_ac_key_test (gcry_ac_handle_t handle, gcry_ac_key_t key);
-  gcry_error_t gcry_ac_key_get_nbits (gcry_ac_handle_t handle,
-                                      gcry_ac_key_t key, unsigned int *nbits);
-  gcry_error_t gcry_ac_key_get_grip (gcry_ac_handle_t handle, gcry_ac_key_t key,
-                                     unsigned char *key_grip);
-  void gcry_ac_key_destroy (gcry_ac_key_t key);
-  void gcry_ac_key_pair_destroy (gcry_ac_key_pair_t key_pair);
-  gcry_error_t gcry_ac_data_encode (gcry_ac_em_t method,
-                                  unsigned int flags, void *options,
-                                  gcry_ac_io_t *io_read,
-                                  gcry_ac_io_t *io_write);
-  gcry_error_t gcry_ac_data_decode (gcry_ac_em_t method,
-                                  unsigned int flags, void *options,
-                                  gcry_ac_io_t *io_read,
-                                  gcry_ac_io_t *io_write);
-  gcry_error_t gcry_ac_data_encrypt (gcry_ac_handle_t handle,
-                                     unsigned int flags,
-                                     gcry_ac_key_t key,
-                                     gcry_mpi_t data_plain,
-                                     gcry_ac_data_t *data_encrypted);
-  gcry_error_t gcry_ac_data_decrypt (gcry_ac_handle_t handle,
-                                     unsigned int flags,
-                                     gcry_ac_key_t key,
-                                     gcry_mpi_t *data_plain,
-                                     gcry_ac_data_t data_encrypted);
-  gcry_error_t gcry_ac_data_sign (gcry_ac_handle_t handle,
-                                  gcry_ac_key_t key,
-                                  gcry_mpi_t data,
-                                  gcry_ac_data_t *data_signature);
-  gcry_error_t gcry_ac_data_verify (gcry_ac_handle_t handle,
-                                    gcry_ac_key_t key,
-                                    gcry_mpi_t data,
-                                    gcry_ac_data_t data_signature);
-  gcry_error_t gcry_ac_data_encrypt_scheme (gcry_ac_handle_t handle,
-                                          gcry_ac_scheme_t scheme,
-                                          unsigned int flags, void *opts,
-                                          gcry_ac_key_t key,
-                                          gcry_ac_io_t *io_message,
-                                          gcry_ac_io_t *io_cipher);
-  gcry_error_t gcry_ac_data_decrypt_scheme (gcry_ac_handle_t handle,
-                                          gcry_ac_scheme_t scheme,
-                                          unsigned int flags, void *opts,
-                                          gcry_ac_key_t key,
-                                          gcry_ac_io_t *io_cipher,
-                                          gcry_ac_io_t *io_message);
-  gcry_error_t gcry_ac_data_sign_scheme (gcry_ac_handle_t handle,
-                                       gcry_ac_scheme_t scheme,
-                                       unsigned int flags, void *opts,
-                                       gcry_ac_key_t key,
-                                       gcry_ac_io_t *io_message,
-                                       gcry_ac_io_t *io_signature);
-  gcry_error_t gcry_ac_data_verify_scheme (gcry_ac_handle_t handle,
-                                         gcry_ac_scheme_t scheme,
-                                         unsigned int flags, void *opts,
-                                         gcry_ac_key_t key,
-                                         gcry_ac_io_t *io_message,
-                                         gcry_ac_io_t *io_signature);
-  gcry_error_t gcry_ac_id_to_name (gcry_ac_id_t algorithm, const char **name);
-  gcry_error_t gcry_ac_name_to_id (const char *name, gcry_ac_id_t *algorithm);
+  /* None in this version.  */
 #else
 # include "gcrypt.h"
 #endif
@@ -341,11 +210,6 @@
 /* Prototypes of functions exported but not ready for use.  */
 gcry_err_code_t gcry_md_get (gcry_md_hd_t hd, int algo,
                              unsigned char *buffer, int buflen);
-void gcry_ac_mpi_to_os (gcry_mpi_t mpi, unsigned char *os, size_t os_n);
-gcry_error_t gcry_ac_mpi_to_os_alloc (gcry_mpi_t mpi, unsigned char **os,
-                                       size_t *os_n);
-void gcry_ac_os_to_mpi (gcry_mpi_t mpi, unsigned char *os, size_t os_n);
-
 
 
 /* Our use of the ELF visibility feature works by passing
@@ -464,45 +328,6 @@ void gcry_ac_os_to_mpi (gcry_mpi_t mpi, unsigned char *os, size_t os_n);
 #undef gcry_pk_testkey
 #undef gcry_pk_verify
 
-#undef gcry_ac_data_new
-#undef gcry_ac_data_destroy
-#undef gcry_ac_data_copy
-#undef gcry_ac_data_length
-#undef gcry_ac_data_clear
-#undef gcry_ac_data_set
-#undef gcry_ac_data_get_name
-#undef gcry_ac_data_get_index
-#undef gcry_ac_open
-#undef gcry_ac_close
-#undef gcry_ac_key_init
-#undef gcry_ac_key_pair_generate
-#undef gcry_ac_key_pair_extract
-#undef gcry_ac_key_data_get
-#undef gcry_ac_key_test
-#undef gcry_ac_key_get_nbits
-#undef gcry_ac_key_get_grip
-#undef gcry_ac_key_destroy
-#undef gcry_ac_key_pair_destroy
-#undef gcry_ac_data_encrypt
-#undef gcry_ac_data_decrypt
-#undef gcry_ac_data_sign
-#undef gcry_ac_data_verify
-#undef gcry_ac_id_to_name
-#undef gcry_ac_name_to_id
-#undef gcry_ac_data_encode
-#undef gcry_ac_data_decode
-#undef gcry_ac_mpi_to_os
-#undef gcry_ac_mpi_to_os_alloc
-#undef gcry_ac_os_to_mpi
-#undef gcry_ac_data_encrypt_scheme
-#undef gcry_ac_data_decrypt_scheme
-#undef gcry_ac_data_sign_scheme
-#undef gcry_ac_data_verify_scheme
-#undef gcry_ac_data_to_sexp
-#undef gcry_ac_data_from_sexp
-#undef gcry_ac_io_init
-#undef gcry_ac_io_init_va
-
 #undef gcry_kdf_derive
 
 #undef gcry_prime_check
@@ -678,47 +503,6 @@ MARK_VISIBLE (gcry_pk_testkey)
 MARK_VISIBLE (gcry_pk_unregister)
 MARK_VISIBLE (gcry_pk_verify)
 
-MARK_VISIBLE (gcry_ac_data_new)
-MARK_VISIBLE (gcry_ac_data_destroy)
-MARK_VISIBLE (gcry_ac_data_copy)
-MARK_VISIBLE (gcry_ac_data_length)
-MARK_VISIBLE (gcry_ac_data_clear)
-MARK_VISIBLE (gcry_ac_data_set)
-MARK_VISIBLE (gcry_ac_data_get_name)
-MARK_VISIBLE (gcry_ac_data_get_index)
-MARK_VISIBLE (gcry_ac_open)
-MARK_VISIBLE (gcry_ac_close)
-MARK_VISIBLE (gcry_ac_key_init)
-MARK_VISIBLE (gcry_ac_key_pair_generate)
-MARK_VISIBLE (gcry_ac_key_pair_extract)
-MARK_VISIBLE (gcry_ac_key_data_get)
-MARK_VISIBLE (gcry_ac_key_test)
-MARK_VISIBLE (gcry_ac_key_get_nbits)
-MARK_VISIBLE (gcry_ac_key_get_grip)
-MARK_VISIBLE (gcry_ac_key_destroy)
-MARK_VISIBLE (gcry_ac_key_pair_destroy)
-MARK_VISIBLE (gcry_ac_data_encrypt)
-MARK_VISIBLE (gcry_ac_data_decrypt)
-MARK_VISIBLE (gcry_ac_data_sign)
-MARK_VISIBLE (gcry_ac_data_verify)
-MARK_VISIBLE (gcry_ac_id_to_name)
-MARK_VISIBLE (gcry_ac_name_to_id)
-/* MARK_VISIBLE (gcry_ac_list) Not defined although it is in
-        libgcrypt.vers. */
-MARK_VISIBLE (gcry_ac_data_encode)
-MARK_VISIBLE (gcry_ac_data_decode)
-MARK_VISIBLE (gcry_ac_mpi_to_os)
-MARK_VISIBLE (gcry_ac_mpi_to_os_alloc)
-MARK_VISIBLE (gcry_ac_os_to_mpi)
-MARK_VISIBLE (gcry_ac_data_encrypt_scheme)
-MARK_VISIBLE (gcry_ac_data_decrypt_scheme)
-MARK_VISIBLE (gcry_ac_data_sign_scheme)
-MARK_VISIBLE (gcry_ac_data_verify_scheme)
-MARK_VISIBLE (gcry_ac_data_to_sexp)
-MARK_VISIBLE (gcry_ac_data_from_sexp)
-MARK_VISIBLE (gcry_ac_io_init)
-MARK_VISIBLE (gcry_ac_io_init_va)
-
 MARK_VISIBLE (gcry_kdf_derive)
 
 MARK_VISIBLE (gcry_prime_check)
diff --git a/tests/ChangeLog b/tests/ChangeLog
index 09da5824..03f001ea 100644
--- a/tests/ChangeLog
+++ b/tests/ChangeLog
@@ -1,3 +1,7 @@
+2011-09-15  Werner Koch  <wk@g10code.com>
+
+	* ac-data.c, ac-schemes.c, ac.c: Remove.
+
 2011-06-13  Werner Koch  <wk@g10code.com>
 
 	* basic.c (check_pubkey_sign): Run PKCS1 tests only for RSA.
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 689a3db0..e20518f6 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -18,7 +18,7 @@
 
 ## Process this file with automake to produce Makefile.in
 
-TESTS = version t-mpi-bit prime register ac ac-schemes ac-data basic \
+TESTS = version t-mpi-bit prime register basic \
         mpitests tsexp keygen pubkey hmac keygrip fips186-dsa aeswrap \
 	curves t-kdf pkcs1v2
 
diff --git a/tests/ac-data.c b/tests/ac-data.c
deleted file mode 100644
index 56fedbc6..00000000
--- a/tests/ac-data.c
+++ /dev/null
@@ -1,208 +0,0 @@
-/* ac-data.c - Public key encryption/decryption tests
- *	Copyright (C) 2005 Free Software Foundation, Inc.
- *
- * This file is part of Libgcrypt.
- *
- * Libgcrypt is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * Libgcrypt is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdlib.h>
-#include <stdio.h>
-#include <assert.h>
-
-#define assert_err(err) \
-  do \
-    if (err) \
-      { \
-        fprintf (stderr, "Error occurred at line %i: %s\n", \
-                 __LINE__, gcry_strerror (err)); \
-        exit (1); \
-      } \
-  while (0)
-
-#include "../src/gcrypt.h"
-
-static int verbose;
-
-static void
-die (const char *format, ...)
-{
-  va_list arg_ptr ;
-
-  va_start( arg_ptr, format ) ;
-  vfprintf (stderr, format, arg_ptr );
-  va_end(arg_ptr);
-  exit (1);
-}
-
-static void
-check_sexp_conversion (gcry_ac_data_t data, const char **identifiers)
-{
-  gcry_ac_data_t data2;
-  gcry_error_t err;
-  gcry_sexp_t sexp;
-  unsigned int i;
-  const char *label1, *label2;
-  gcry_mpi_t mpi1, mpi2;
-  size_t length1, length2;
-
-  err = gcry_ac_data_to_sexp (data, &sexp, identifiers);
-  assert_err (err);
-  if (verbose)
-    gcry_sexp_dump (sexp);
-  err = gcry_ac_data_from_sexp (&data2, sexp, identifiers);
-  assert_err (err);
-
-  length1 = gcry_ac_data_length (data);
-  length2 = gcry_ac_data_length (data2);
-  assert (length1 == length2);
-
-  for (i = 0; i < length1; i++)
-    {
-      err = gcry_ac_data_get_index (data, 0, i, &label1, &mpi1);
-      assert_err (err);
-      err = gcry_ac_data_get_index (data2, 0, i, &label2, &mpi2);
-      assert_err (err);
-      if (verbose)
-        {
-          fprintf (stderr, "Label1=`%s'\n", label1);
-          fprintf (stderr, "Label2=`%s'\n", label2);
-        }
-      assert (! strcmp (label1, label2));
-      assert (! gcry_mpi_cmp (mpi1, mpi2));
-    }
-
-  gcry_ac_data_destroy (data2);
-  gcry_sexp_release (sexp);
-}
-
-void
-check_run (void)
-{
-  const char *identifiers[] = { "foo",
-				"bar",
-				"baz",
-				"hello",
-				"somemoretexthere",
-				"blahblahblah",
-				NULL };
-  const char *identifiers_null[] = { NULL };
-  gcry_ac_data_t data;
-  gcry_error_t err;
-  const char *label0;
-  const char *label1;
-  gcry_mpi_t mpi0;
-  gcry_mpi_t mpi1;
-  gcry_mpi_t mpi2;
-
-  /* Initialize values.  */
-
-  label0 = "thisisreallylonglabelbutsincethereisnolimitationonthelengthoflabelsitshouldworkjustfine";
-  mpi0 = gcry_mpi_new (0);
-  assert (mpi0);
-  gcry_mpi_set_ui (mpi0, 123456);
-
-  err = gcry_ac_data_new (&data);
-  assert_err (err);
-
-  check_sexp_conversion (data, identifiers);
-  check_sexp_conversion (data, identifiers_null);
-  check_sexp_conversion (data, NULL);
-
-  err = gcry_ac_data_set (data, 0, label0, mpi0);
-  assert_err (err);
-  err = gcry_ac_data_get_index (data, 0, 0, &label1, &mpi1);
-  assert_err (err);
-  assert (label0 == label1);
-  assert (mpi0 == mpi1);
-  check_sexp_conversion (data, identifiers);
-  check_sexp_conversion (data, identifiers_null);
-  check_sexp_conversion (data, NULL);
-
-  if (verbose)
-    printf ("data-set-test-0 succeeded\n");
-
-  gcry_ac_data_clear (data);
-
-  err = gcry_ac_data_set (data, GCRY_AC_FLAG_COPY, label0, mpi0);
-  assert_err (err);
-
-  err = gcry_ac_data_set (data, GCRY_AC_FLAG_COPY, "foo", mpi0);
-  assert_err (err);
-  err = gcry_ac_data_set (data, GCRY_AC_FLAG_COPY, "foo", mpi0);
-  assert_err (err);
-  err = gcry_ac_data_set (data, GCRY_AC_FLAG_COPY, "bar", mpi0);
-  assert_err (err);
-  err = gcry_ac_data_set (data, GCRY_AC_FLAG_COPY, "blah1", mpi0);
-  assert_err (err);
-  check_sexp_conversion (data, identifiers);
-  check_sexp_conversion (data, identifiers_null);
-  check_sexp_conversion (data, NULL);
-
-  err = gcry_ac_data_get_name (data, 0, label0, &mpi1);
-  assert_err (err);
-  assert (mpi0 != mpi1);
-  err = gcry_ac_data_get_name (data, GCRY_AC_FLAG_COPY, label0, &mpi2);
-  assert_err (err);
-  assert (mpi0 != mpi1);
-  assert (mpi1 != mpi2);
-  err = gcry_ac_data_get_index (data, 0, 0, &label1, &mpi1);
-  assert_err (err);
-  gcry_mpi_release (mpi0);
-  gcry_mpi_release (mpi2);
-
-  if (verbose)
-    printf ("data-set-test-1 succeeded\n");
-
-  gcry_ac_data_clear (data);
-  assert (! gcry_ac_data_length (data));
-  check_sexp_conversion (data, identifiers);
-  check_sexp_conversion (data, identifiers_null);
-  check_sexp_conversion (data, NULL);
-
-  if (verbose)
-    printf ("data-set-test-2 succeeded\n");
-
-  gcry_ac_data_destroy (data);
-
-
-}
-
-int
-main (int argc, char **argv)
-{
-  int debug = 0;
-  int i = 1;
-
-  if (argc > 1 && !strcmp (argv[1], "--verbose"))
-    verbose = 1;
-  else if (argc > 1 && !strcmp (argv[1], "--debug"))
-    verbose = debug = 1;
-
-  gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
-  if (!gcry_check_version (GCRYPT_VERSION))
-    die ("version mismatch\n");
-  gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
-  if (debug)
-    gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
-
-  for (; i > 0; i--)
-    check_run ();
-
-  return 0;
-}
diff --git a/tests/ac-schemes.c b/tests/ac-schemes.c
deleted file mode 100644
index 58180c07..00000000
--- a/tests/ac-schemes.c
+++ /dev/null
@@ -1,347 +0,0 @@
-/* ac-schemes.c - Tests for ES/SSA
-   Copyright (C) 2003, 2005 Free Software Foundation, Inc.
-
-   This file is part of Libgcrypt.
-
-   This program is free software; you can redistribute it and/or
-   modify it under the terms of the GNU General Public License as
-   published by the Free Software Foundation; either version 2 of the
-   License, or (at your option) any later version.
-
-   This program is distributed in the hope that it will be useful, but
-   WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
-   USA.  */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <assert.h>
-#include <errno.h>
-
-#include "../src/gcrypt.h"
-
-static unsigned int verbose;
-
-static void
-die (const char *format, ...)
-{
-  va_list arg_ptr ;
-
-  va_start( arg_ptr, format ) ;
-  vfprintf (stderr, format, arg_ptr );
-  va_end(arg_ptr);
-  exit (1);
-}
-
-typedef struct scheme_spec
-{
-  unsigned int idx;
-  gcry_ac_scheme_t scheme;
-  unsigned int flags;
-  const char *m;
-  size_t m_n;
-} scheme_spec_t;
-
-#define SCHEME_SPEC_FLAG_GET_OPTS (1 << 0)
-
-#define FILL(idx, scheme, flags, m) \
-    { idx, GCRY_AC_##scheme, flags, m, sizeof (m) }
-
-scheme_spec_t es_specs[] =
-  {
-    FILL (0, ES_PKCS_V1_5, 0, "foobar"),
-    FILL (1, ES_PKCS_V1_5, 0, "")
-  };
-
-scheme_spec_t ssa_specs[] =
-  {
-    FILL (0, SSA_PKCS_V1_5, SCHEME_SPEC_FLAG_GET_OPTS, "foobar")
-  };
-
-#undef FILL
-
-gcry_err_code_t
-scheme_get_opts (scheme_spec_t specs, void **opts)
-{
-  gcry_err_code_t err = GPG_ERR_NO_ERROR;
-  void *opts_new = NULL;
-
-  switch (specs.scheme)
-    {
-    case GCRY_AC_SSA_PKCS_V1_5:
-      {
-	gcry_ac_ssa_pkcs_v1_5_t *opts_pkcs_v1_5 = NULL;
-
-	opts_new = gcry_malloc (sizeof (gcry_ac_ssa_pkcs_v1_5_t));
-	if (! opts_new)
-	  err = gpg_err_code_from_errno (ENOMEM);
-	else
-	  {
-	    opts_pkcs_v1_5 = (gcry_ac_ssa_pkcs_v1_5_t *) opts_new;
-
-	    switch (specs.idx)
-	      {
-	      case 0:
-		opts_pkcs_v1_5->md = GCRY_MD_SHA1;
-		break;
-	      case 1:
-		opts_pkcs_v1_5->md = GCRY_MD_MD5;
-		break;
-	      }
-	  }
-      }
-    case GCRY_AC_ES_PKCS_V1_5:
-      break;
-    }
-
-  if (! err)
-    *opts = opts_new;
-
-  return err;
-}
-
-gcry_error_t
-es_check (gcry_ac_handle_t handle, scheme_spec_t spec,
-	  gcry_ac_key_t key_public, gcry_ac_key_t key_secret)
-{
-  gcry_error_t err = GPG_ERR_NO_ERROR;
-  char *c = NULL;
-  char *m2 = NULL;
-  size_t c_n = 0;
-  size_t m2_n = 0;
-  void *opts = NULL;
-  gcry_ac_io_t io_m;
-  gcry_ac_io_t io_c;
-  gcry_ac_io_t io_m2;
-
-  if (spec.flags & SCHEME_SPEC_FLAG_GET_OPTS)
-    err = scheme_get_opts (spec, &opts);
-  if (! err)
-    {
-      c = NULL;
-      m2 = NULL;
-
-      gcry_ac_io_init (&io_m, GCRY_AC_IO_READABLE,
-		       GCRY_AC_IO_STRING, spec.m, spec.m_n);
-      gcry_ac_io_init (&io_c, GCRY_AC_IO_WRITABLE,
-		       GCRY_AC_IO_STRING, &c, &c_n);
-
-      err = gcry_ac_data_encrypt_scheme (handle, GCRY_AC_ES_PKCS_V1_5, 0, opts, key_public,
-					 &io_m, &io_c);
-      if (! err)
-	{
-	  gcry_ac_io_init (&io_c, GCRY_AC_IO_READABLE,
-			   GCRY_AC_IO_STRING, c, c_n);
-	  gcry_ac_io_init (&io_m2, GCRY_AC_IO_WRITABLE,
-			   GCRY_AC_IO_STRING, &m2, &m2_n);
-
-	  err = gcry_ac_data_decrypt_scheme (handle, GCRY_AC_ES_PKCS_V1_5, 0,
-					     opts, key_secret, &io_c, &io_m2);
-	}
-      if (! err)
-	assert ((spec.m_n == m2_n) && (! strncmp (spec.m, m2, spec.m_n)));
-
-      if (c)
-	gcry_free (c);
-      if (m2)
-	gcry_free (m2);
-    }
-
-  if (opts)
-    gcry_free (opts);
-
-  return err;
-}
-
-gcry_error_t
-ssa_check (gcry_ac_handle_t handle, scheme_spec_t spec,
-	   gcry_ac_key_t key_public, gcry_ac_key_t key_secret)
-{
-  gcry_error_t err = GPG_ERR_NO_ERROR;
-  unsigned char *s = NULL;
-  size_t s_n = 0;
-  void *opts = NULL;
-  gcry_ac_io_t io_m;
-  gcry_ac_io_t io_s;
-
-  if (spec.flags & SCHEME_SPEC_FLAG_GET_OPTS)
-    err = scheme_get_opts (spec, &opts);
-  if (! err)
-    {
-      gcry_ac_io_init (&io_m, GCRY_AC_IO_READABLE,
-		       GCRY_AC_IO_STRING, spec.m, spec.m_n);
-      gcry_ac_io_init (&io_s, GCRY_AC_IO_WRITABLE,
-		       GCRY_AC_IO_STRING, &s, &s_n);
-
-      err = gcry_ac_data_sign_scheme (handle, GCRY_AC_SSA_PKCS_V1_5, 0, opts, key_secret,
-				      &io_m, &io_s);
-      if (! err)
-	{
-	  gcry_ac_io_init (&io_m, GCRY_AC_IO_READABLE,
-			   GCRY_AC_IO_STRING, spec.m, spec.m_n);
-	  gcry_ac_io_init (&io_s, GCRY_AC_IO_READABLE,
-			   GCRY_AC_IO_STRING, s, s_n);
-	  err = gcry_ac_data_verify_scheme (handle, GCRY_AC_SSA_PKCS_V1_5, 0, opts, key_public,
-					    &io_m, &io_s);
-	}
-      assert (! err);
-
-      if (s)
-	gcry_free (s);
-    }
-
-  if (opts)
-    gcry_free (opts);
-
-  return err;
-}
-
-void
-es_checks (gcry_ac_handle_t handle, gcry_ac_key_t key_public, gcry_ac_key_t key_secret)
-{
-  gcry_error_t err = GPG_ERR_NO_ERROR;
-  unsigned int i = 0;
-
-  for (i = 0; (i < (sizeof (es_specs) / sizeof (*es_specs))) && (! err); i++)
-    err = es_check (handle, es_specs[i], key_public, key_secret);
-
-  assert (! err);
-}
-
-void
-ssa_checks (gcry_ac_handle_t handle, gcry_ac_key_t key_public, gcry_ac_key_t key_secret)
-{
-  gcry_error_t err = GPG_ERR_NO_ERROR;
-  unsigned int i = 0;
-
-  for (i = 0; (i < (sizeof (ssa_specs) / sizeof (*ssa_specs))) && (! err); i++)
-    err = ssa_check (handle, ssa_specs[i], key_public, key_secret);
-
-  assert (! err);
-}
-
-#define KEY_TYPE_PUBLIC (1 << 0)
-#define KEY_TYPE_SECRET (1 << 1)
-
-typedef struct key_spec
-{
-  const char *name;
-  unsigned int flags;
-  const char *mpi_string;
-} key_spec_t;
-
-key_spec_t key_specs[] =
-  {
-    { "n", KEY_TYPE_PUBLIC | KEY_TYPE_SECRET,
-      "e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa"
-      "2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291"
-      "ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7"
-      "891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251" },
-    { "e", KEY_TYPE_PUBLIC | KEY_TYPE_SECRET,
-      "010001" },
-    { "d", KEY_TYPE_SECRET,
-      "046129F2489D71579BE0A75FE029BD6CDB574EBF57EA8A5B0FDA942CAB943B11"
-      "7D7BB95E5D28875E0F9FC5FCC06A72F6D502464DABDED78EF6B716177B83D5BD"
-      "C543DC5D3FED932E59F5897E92E6F58A0F33424106A3B6FA2CBF877510E4AC21"
-      "C3EE47851E97D12996222AC3566D4CCB0B83D164074ABF7DE655FC2446DA1781" },
-    { "p", KEY_TYPE_SECRET,
-      "00e861b700e17e8afe6837e7512e35b6ca11d0ae47d8b85161c67baf64377213"
-      "fe52d772f2035b3ca830af41d8a4120e1c1c70d12cc22f00d28d31dd48a8d424f1" },
-    { "q", KEY_TYPE_SECRET,
-      "00f7a7ca5367c661f8e62df34f0d05c10c88e5492348dd7bddc942c9a8f369f9"
-      "35a07785d2db805215ed786e4285df1658eed3ce84f469b81b50d358407b4ad361" },
-    { "u", KEY_TYPE_SECRET,
-      "304559a9ead56d2309d203811a641bb1a09626bc8eb36fffa23c968ec5bd891e"
-      "ebbafc73ae666e01ba7c8990bae06cc2bbe10b75e69fcacb353a6473079d8e9b" },
-    { NULL },
-  };
-
-gcry_error_t
-key_init (gcry_ac_key_type_t type, gcry_ac_key_t *key)
-{
-  gcry_error_t err = GPG_ERR_NO_ERROR;
-  gcry_ac_data_t key_data = NULL;
-  gcry_ac_key_t key_new = NULL;
-  gcry_mpi_t mpi = NULL;
-  unsigned int i = 0;
-
-  err = gcry_ac_data_new (&key_data);
-  for (i = 0; key_specs[i].name && (! err); i++)
-    {
-      if (((type == GCRY_AC_KEY_PUBLIC) && (key_specs[i].flags & KEY_TYPE_PUBLIC))
-	  || ((type == GCRY_AC_KEY_SECRET) && (key_specs[i].flags & KEY_TYPE_SECRET)))
-	{
-	  err = gcry_mpi_scan (&mpi, GCRYMPI_FMT_HEX, key_specs[i].mpi_string, 0, NULL);
-	  if (! err)
-	    {
-	      gcry_ac_data_set (key_data, GCRY_AC_FLAG_COPY | GCRY_AC_FLAG_DEALLOC,
-				key_specs[i].name, mpi);
-	      gcry_mpi_release (mpi);
-	    }
-	}
-    }
-  if (! err)
-    err = gcry_ac_key_init (&key_new, NULL, type, key_data);
-
-  if (key_data)
-    gcry_ac_data_destroy (key_data);
-
-  if (! err)
-    *key = key_new;
-
-  return err;
-}
-
-static void
-check_run (void)
-{
-  gcry_ac_handle_t handle = NULL;
-  gcry_error_t err = GPG_ERR_NO_ERROR;
-  gcry_ac_key_t key_public = NULL, key_secret = NULL;
-
-  err = key_init (GCRY_AC_KEY_PUBLIC, &key_public);
-  if (! err)
-    err = key_init (GCRY_AC_KEY_SECRET, &key_secret);
-
-  if (! err)
-    err = gcry_ac_open (&handle, GCRY_AC_RSA, 0);
-  if (! err)
-    {
-      es_checks (handle, key_public, key_secret);
-      ssa_checks (handle, key_public, key_secret);
-    }
-
-  assert (! err);
-}
-
-int
-main (int argc, char **argv)
-{
-  unsigned int debug = 0;
-
-  if ((argc > 1) && (! strcmp (argv[1], "--verbose")))
-    verbose = 1;
-  else if ((argc > 1) && (! strcmp (argv[1], "--debug")))
-    verbose = debug = 1;
-
-  gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
-  if (! gcry_check_version (GCRYPT_VERSION))
-    die ("version mismatch\n");
-  gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
-  if (debug)
-    gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0);
-
-  check_run ();
-
-  return 0;
-}
diff --git a/tests/ac.c b/tests/ac.c
deleted file mode 100644
index 8b2d252e..00000000
--- a/tests/ac.c
+++ /dev/null
@@ -1,162 +0,0 @@
-/* pubkey.c - Public key encryption/decryption tests
- *	Copyright (C) 2003, 2005 Free Software Foundation, Inc.
- *
- * This file is part of Libgcrypt.
- *
- * Libgcrypt is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * Libgcrypt is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <assert.h>
-
-#include "../src/gcrypt.h"
-
-static int verbose;
-
-static void
-die (const char *format, ...)
-{
-  va_list arg_ptr ;
-
-  va_start( arg_ptr, format ) ;
-  vfprintf (stderr, format, arg_ptr );
-  va_end(arg_ptr);
-  exit (1);
-}
-
-void
-key_copy (gcry_ac_handle_t handle,
-	  gcry_ac_key_type_t type,
-	  gcry_ac_key_t *key_cp, gcry_ac_key_t key)
-{
-  gcry_error_t err = 0;
-
-  err = gcry_ac_key_init (key_cp, handle, type,
-			  gcry_ac_key_data_get (key));
-
-  assert (! err);
-}
-
-void
-check_one (gcry_mpi_t x)
-{
-  gcry_ac_handle_t handle;
-  gcry_ac_key_pair_t key_pair;
-  gcry_ac_key_t key_sec, key_sec_cp, key_pub, key_pub_cp;
-  gcry_error_t err = 0;
-  gcry_mpi_t x2;
-  gcry_ac_data_t data, data2;
-  gcry_ac_key_spec_rsa_t rsa_spec;
-
-  rsa_spec.e = gcry_mpi_new (0);
-  gcry_mpi_set_ui (rsa_spec.e, 1);
-
-  err = gcry_ac_open (&handle, GCRY_AC_RSA, 0);
-  assert (! err);
-
-  err = gcry_ac_key_pair_generate (handle, 1024, &rsa_spec, &key_pair, NULL);
-  assert (! err);
-
-  key_sec = gcry_ac_key_pair_extract (key_pair, GCRY_AC_KEY_SECRET);
-  key_copy (handle, GCRY_AC_KEY_SECRET, &key_sec_cp, key_sec);
-
-  key_pub = gcry_ac_key_pair_extract (key_pair, GCRY_AC_KEY_PUBLIC);
-  key_copy (handle, GCRY_AC_KEY_PUBLIC, &key_pub_cp, key_pub);
-
-  err = gcry_ac_data_encrypt (handle, GCRY_AC_FLAG_NO_BLINDING, key_pub_cp, x, &data);
-  assert (! err);
-
-  err = gcry_ac_data_decrypt (handle, GCRY_AC_FLAG_NO_BLINDING, key_sec_cp, &x2, data);
-  assert (! err);
-
-  assert (! gcry_mpi_cmp (x, x2));
-
-  gcry_ac_data_destroy (data);
-
-  err = gcry_ac_data_sign (handle, key_sec, x, &data);
-  assert (! err);
-  err = gcry_ac_data_copy (&data2, data);
-  assert (! err);
-  gcry_ac_data_destroy (data);
-  err = gcry_ac_data_copy (&data, data2);
-  assert (! err);
-  gcry_ac_data_destroy (data2);
-
-  err = gcry_ac_data_verify (handle, key_pub, x, data);
-  assert (! err);
-
-  gcry_ac_data_destroy (data);
-
-  err = gcry_ac_data_sign (handle, key_sec, x, &data);
-  assert (! err);
-  {
-    const char *label;
-    gcry_mpi_t y;
-
-    err = gcry_ac_data_get_index (data, 0, 0, &label, &y);
-    assert (! err);
-    gcry_mpi_add_ui (y, y, 1);
-
-    err = gcry_ac_data_verify (handle, key_pub, x, data);
-    assert (gcry_err_code (err) == GPG_ERR_BAD_SIGNATURE);
-  }
-
-  gcry_ac_close (handle);
-}
-
-void
-check_run (void)
-{
-  /*const char *s = "All Hail Discordia."; -- not used */
-  unsigned int a = 0x4223;
-  gcry_mpi_t x;
-
-  x = gcry_mpi_new (0);
-  gcry_mpi_set_ui (x, a);
-  check_one (x);
-  gcry_mpi_release (x);
-}
-
-int
-main (int argc, char **argv)
-{
-  int debug = 0;
-  int i = 1;
-
-  if (argc > 1 && !strcmp (argv[1], "--verbose"))
-    verbose = 1;
-  else if (argc > 1 && !strcmp (argv[1], "--debug"))
-    verbose = debug = 1;
-
-  gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
-  if (!gcry_check_version (GCRYPT_VERSION))
-    die ("version mismatch\n");
-  gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
-  if (debug)
-    gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
-  /* No valuable keys are create, so we can speed up our RNG. */
-  gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
-
-  for (; i > 0; i--)
-    check_run ();
-
-  return 0;
-}
-- 
cgit v1.2.1