added libtomcrypt-0.82

aes_tab.c

@@ -1,4 +1,4 @@
-/* The precompute tables for AES */
+/* The precomputed tables for AES */
 
 static const unsigned long ft_tab[4][256] = {
 {0xa56363c6UL, 0x847c7cf8UL, 0x997777eeUL, 0x8d7b7bf6UL, 0x0df2f2ffUL, 

bits.c

@@ -20,9 +20,15 @@ static unsigned long rng_nix(unsigned char *buf, unsigned long len,
     if (f == NULL) {
        return 0;
     }
+    
+    /* disable buffering */
+    if (setvbuf(f, NULL, _IONBF, 0) != 0) {
+       fclose(f);
+       return 0;
+    }   
  
     x = (unsigned long)fread(buf, 1, (size_t)len, f);
-    (void)fclose(f);
+    fclose(f);
     return x;
 #endif /* NO_FILE */
 }
@@ -172,7 +178,7 @@ int rng_make_prng(int bits, int wprng, prng_state *prng,
       return err;
    }
 
-   bits = ((bits/8)+((bits&7)==0x80?1:0)) * 2;
+   bits = ((bits/8)+((bits&7)!=0?1:0)) * 2;
    if (rng_get_bytes(buf, (unsigned long)bits, callback) != (unsigned long)bits) {
       return CRYPT_ERROR_READPRNG;
    }

blowfish.c

@@ -387,7 +387,7 @@ void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_
 void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
 {
     _blowfish_ecb_encrypt(pt, ct, key);
-    burn_stack(sizeof(unsigned long) * 2);
+    burn_stack(sizeof(unsigned long) * 2 + sizeof(int));
 }
 #endif
 
@@ -429,7 +429,7 @@ void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_
 void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
 {
     _blowfish_ecb_decrypt(ct, pt, key);
-    burn_stack(sizeof(unsigned long) * 2);
+    burn_stack(sizeof(unsigned long) * 2 + sizeof(int));
 }
 #endif
 

cbc.c

@@ -42,6 +42,11 @@ int cbc_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_CBC *cbc)
    if ((err = cipher_is_valid(cbc->cipher)) != CRYPT_OK) {
        return err;
    }
+   
+   /* is blocklen valid? */
+   if (cbc->blocklen < 0 || cbc->blocklen > (int)sizeof(cbc->IV)) {
+      return CRYPT_INVALID_ARG;
+   }    
 
    /* xor IV against plaintext */
    for (x = 0; x < cbc->blocklen; x++) {
@@ -76,6 +81,11 @@ int cbc_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_CBC *cbc)
        return err;
    }
    cipher_descriptor[cbc->cipher].ecb_decrypt(ct, tmp, &cbc->key);
+   
+   /* is blocklen valid? */
+   if (cbc->blocklen < 0 || cbc->blocklen > (int)sizeof(cbc->IV)) {
+      return CRYPT_INVALID_ARG;
+   } 
 
    /* xor IV against the plaintext of the previous step */
    for (x = 0; x < cbc->blocklen; x++) { 

cfb.c

@@ -14,6 +14,7 @@ int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key,
    if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
       return err;
    }
+   
 
    /* copy data */
    cfb->cipher = cipher;
@@ -44,6 +45,13 @@ int cfb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
    if ((err = cipher_is_valid(cfb->cipher)) != CRYPT_OK) {
        return err;
    }
+
+   /* is blocklen/padlen valid? */
+   if (cfb->blocklen < 0 || cfb->blocklen > (int)sizeof(cfb->IV) ||
+       cfb->padlen   < 0 || cfb->padlen   > (int)sizeof(cfb->pad)) {
+      return CRYPT_INVALID_ARG;
+   }
+
    while (len-- > 0) {
        if (cfb->padlen == cfb->blocklen) {
           cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->pad, cfb->IV, &cfb->key);
@@ -68,6 +76,13 @@ int cfb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, s
    if ((err = cipher_is_valid(cfb->cipher)) != CRYPT_OK) {
        return err;
    }
+
+   /* is blocklen/padlen valid? */
+   if (cfb->blocklen < 0 || cfb->blocklen > (int)sizeof(cfb->IV) ||
+       cfb->padlen   < 0 || cfb->padlen   > (int)sizeof(cfb->pad)) {
+      return CRYPT_INVALID_ARG;
+   }
+
    while (len-- > 0) {
        if (cfb->padlen == cfb->blocklen) {
           cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->pad, cfb->IV, &cfb->key);

changes

@@ -1,3 +1,14 @@
+Mar 15th, 2003
+v0.82  -- Manual updated
+       -- Added MSVC makefile [back, actually its written from scratch to work with NMAKE]
+       -- Change to HMAC helper functions API to avoid buffer overflow [source changes]
+       -- the rsa_encrypt_key was supposed to reject key sizes out of bounds ... 
+          same fix to the rsa_sign_hash 
+       -- Added code to ensure that that chaining mode code (cfb/ofb/ctr/cbc) have valid
+          structures when being called.  E.g. the indexes to the pad/ivs are not out of bounds
+       -- Cleaned up the DES code and simplified the core desfunc routine.
+       -- Simplified one of the boolean functions in MD4
+       
 Jan 16th, 2003
 v0.81  -- Merged in new makefile from Clay Culver and Mike Frysinger
        -- Sped up the ECC mulmod() routine by making the word size adapt to the input.  Saves a whopping 9 point

config.pl.README

@@ -1,18 +0,0 @@
-How to use the config.pl script
--------------------------------
-
-The configuration script "config.pl" is very simple to use.  It is designed to prompt the user for
-all the valid libtomcrypt build options then make "makefile.out" and "mycrypt_custom.h".  In order to
-run the script you need Perl installed.
-
-After running the script you can build the library two ways.
-
-1) Use the makefile.out it generates.  Simply type "make -f makefile.out" to build the library.
-
-2) Add the libtomcrypt source files to your project.  You have to make sure HAVE_CUSTOM is defined when you
-build the source files.  You have to copy "mycrypt_custom.h" into the your projects include path.
-
-You should copy the library and header files to their respective global search paths.
-
-To use the library with this system you need only include "mycrypt_custom.h" in your application.  It will
-include the required header files.

crypt.tex

@@ -1,6 +1,10 @@
 \documentclass{book}
 \usepackage{makeidx}
 \usepackage{amssymb}
+\usepackage{color}
+\usepackage{alltt}
+\usepackage{graphicx}
+\usepackage{layout}
 \def\union{\cup}
 \def\intersect{\cap}
 \def\getsrandom{\stackrel{\rm R}{\gets}}
@@ -44,17 +48,17 @@
 \def\gap{\vspace{0.5ex}}
 \makeindex
 \begin{document}
-\title{A Tiny Crypto Library, \\ LibTomCrypt \\ Version 0.80}
+\title{A Tiny Crypto Library, \\ LibTomCrypt \\ Version 0.82}
 \author{Tom St Denis \\
 Algonquin College \\
 \\
-tomstdenis@yahoo.com \\
-http://libtomcrypt.iahu.ca \\ \\
+tomstdenis@iahu.ca \\
+http://libtomcrypt.org \\ \\
 Phone: 1-613-836-3160\\
 111 Banning Rd \\
 Kanata, Ontario \\
 K2L 1C3 \\
-Canada 
+Canada
 }
 \maketitle
 \newpage
@@ -66,10 +70,14 @@ pseudo-random number generators, public key cryptography (via RSA,DH or ECC/DH)
 routines.  It is designed to compile out of the box with the GNU C Compiler (GCC) version 2.95.3 (and higher) 
 and with MSVC version 6 in win32.
 
+The library has been successfully tested on quite a few other platforms ranging from the ARM7TDMI in a 
+Gameboy Advanced to various PowerPC processors and even the MIPS processor in the PlayStation 2.  Suffice it
+to say the code is portable.
+
 The library is designed so new ciphers/hashes/PRNGs can be added at runtime and the existing API (and helper API functions) will 
 be able to use the new designs automatically.  There exist self-check functions for each cipher and hash to ensure that
 they compile and execute to the published design specifications.  The library also performs extensive parameter error checking
-and will give verbose error messages.
+and will give verbose error messages when possible.
 
 Essentially the library saves the time of having to implement the ciphers, hashes, prngs yourself.  Typically implementing
 useful cryptography is an error prone business which means anything that can save considerable time and effort is a good
@@ -89,11 +97,11 @@ number theory and cryptography.
 
 \subsection{What the library IS NOT for?}
 
-The library is not designed to be in anyway an implementation of the SSL, PKCS or OpenPGP standards.  The library is not 
-designed  to be compliant with any known form of API or programming hierarchy.  It is not a port of any other 
+The library is not designed to be in anyway an implementation of the SSL, PKCS, P1363 or OpenPGP standards.  The library 
+is not designed to be compliant with any known form of API or programming hierarchy.  It is not a port of any other 
 library and it is not platform specific (like the MS CSP).  So if you're looking to drop in some buzzword 
-compliant crypto this library is not for you.  The library has been written from scratch to provide basic 
-functions as well as non-standard higher level functions.  
+compliant crypto library this is not for you.  The library has been written from scratch to provide basic functions as 
+well as non-standard higher level functions.  
 
 This is not to say that the library is a ``homebrew'' project.  All of the symmetric ciphers and one-way hash functions
 conform to published test vectors.  The public key functions are derived from publicly available material and the majority
@@ -101,8 +109,11 @@ of the code has been reviewed by a growing community of developers.
 
 \subsubsection{Why not?}
 You may be asking why I didn't choose to go all out and support standards like P1363, PKCS and the whole lot.  The reason
-is quite simple too much money gets in the way.  I just recently tried to access the P1363 draft documents and was denied (it 
-requires a password).  If people are supposed to support these standards they had better make them more accessible.
+is quite simple too much money gets in the way.  When I tried to access the P1363 draft documents and was denied (it 
+requires a password) I realized that they're just a business anyways.  See what happens is a company will sit down and
+invent a ``standard''.  Then they try to sell it to as many people as they can.  All of a sudden this ``standard'' is 
+everywhere.  Then the standard is updated every so often to keep people dependent.  Then you become RSA.  If people are 
+supposed to support these standards they had better make them more accessible.
 
 \section{Why did I write it?}
 You may be wondering, ``Tom, why did you write a crypto library.  I already have one.''.  Well the reason falls into
@@ -122,6 +133,29 @@ know how to use Safer+ or RC6 or Serpent or ... as well.  With all of the core f
 that can be used to make a program automatically pick between ciphers, hashes and PRNGs at runtime.  That means your 
 application can support all ciphers/hashes/prngs without changing the source code.
 
+\subsection{Modular}
+The LibTomCrypt package has also been written to be very modular.  The block ciphers, one-way hashes and
+pseudo-random number generators (PRNG) are all used within the API through ``descriptor'' tables which 
+are essentially structures with pointers to functions.  While you can still call particular functions
+directly (\textit{e.g. sha256\_process()}) this descriptor interface allows the developer to customize their
+usage of the library.
+
+For example, consider a hardware platform with a specialized RNG device.  Obviously one would like to tap
+that for the PRNG needs within the library (\textit{e.g. making a RSA key}).  All the developer has todo
+is write a descriptor and the few support routines required for the device.  After that the rest of the 
+API can make use of it without change.  Similiarly imagine a few years down the road when AES2 (\textit{or whatever they call it}) is
+invented.  It can be added to the library and used within applications with zero modifications to the
+end applications provided they are written properly.
+
+This flexibility within the library means it can be used with any combination of primitive algorithms and 
+unlike libraries like OpenSSL is not tied to direct routines.  For instance, in OpenSSL there are CBC block
+mode routines for every single cipher.  That means every time you add or remove a cipher from the library
+you have to update the associated support code as well.  In LibTomCrypt the associated code (\textit{chaining modes in this case})
+are not directly tied to the ciphers.  That is a new cipher can be added to the library by simply providing 
+the key setup, ECB decrypt and encrypt and test vector routines.  After that all five chaining mode routines
+can make use of the cipher right away.
+
+
 \section{License}
 
 All of the source code except for the following files have been written by the author or donated to the project
@@ -129,21 +163,24 @@ under the TDCAL license:
 
 \begin{enumerate}
    \item aes.c
-   \item mpi.c
    \item rc2.c
    \item serpent.c
    \item safer.c
 \end{enumerate}
 
 ``aes.c'' and ``serpent.c'' were written by Brian Gladman ([email protected]).  They are copyrighted works
-but were both granted unrestricted usage in any project (commercial or otherwise).  ``mpi.c'' was written by Michael 
-Fromberger ([email protected]).  Similarly it is copyrighted work but is free for all purposes.  
+but were both granted unrestricted usage in any project (commercial or otherwise).  ``mpi.c'' was originally written 
+by Michael Fromberger ([email protected]) but has since been replaced with my LibTomMath library.  
 ``rc2.c'' is based on publicly available code that is not attributed to a person from the given source.  ``safer.c'' 
 was written by Richard De Moliner ([email protected]) and is public domain.
 
 The rest of the code was written either by Tom St Denis or contributed to the project under the ``Tom Doesn't Care
 About Licenses'' (TDCAL) license.  Essentially this license grants the user unlimited distribution and usage (including
-commercial usage).  I assume no risk from usage of the code nor do I guarantee it works as desired or stated.  
+commercial usage).  This means that you can use the package, you can re-distribute the package and even branch it.  I 
+still retain ownership over the name of the package.  If you want to branch the project you can use the code as a base
+but you must change the name.  The package is also royalty free which means you can use it in commercial products 
+without compensation towards the author.  I assume no risk from usage of the code nor do I guarantee it works as 
+desired or stated.  
 
 \section{Patent Disclosure}
 
@@ -163,19 +200,16 @@ file ``libtomcrypt.a''.
 To install the library copy all of the ``.h'' files into your ``\#include'' path and the single libtomcrypt.a file into 
 your library path.
 
-With MSVC you can build the library with ``make -f makefile.vc''.  You must use GNU make to build it even with MSVC
-due to the limitations of the MS MAKE.
+With MSVC you can build the library with ``nmake -f makefile.msvc''.  This will produce a ``tomcrypt.lib'' file which
+is the core library.  Copy the header files into your MSVC include path and the library in the lib path (typically
+under where VC98 is installed).
 
 \section{Building against the library}
 
-To build an application against the library you obviously must first compile the library.  However, an important 
-step is that the build options you use to build the library must be present when you build your application.  For 
-instance if ``RC5'' is defined in the makefile when you built the library then you must ensure ``RC5'' is defined when
-you build your application.
-
-The simplest way to work with this library is to take the makefile provided and simply add on your project to it as a 
-target (dependent on the library).  That way you can be assured that the library and your application are in sync with
-the build options you provide.
+In the recent versions the build steps have changed.  The build options are now stored in ``mycrypt\_custom.h'' and
+no longer in the makefile.  If you change a build option in that file you must re-build the library from clean to
+ensure the build is intact.  The perl script ``config.pl'' will help setup the custom header and a custom makefile
+if you want one (the provided ``makefile'' will work with custom configs).
 
 \section{Thanks}
 I would like to give thanks to the following people (in no particular order) for helping me develop this project:
@@ -806,7 +840,7 @@ int main(void)
     /* add the message */
     md5_process(&md, in, strlen(in));
 
-    /* get the hash */
+    /* get the hash in out[0..15] */
     md5_done(&md, out);
 
     return 0;
@@ -898,11 +932,12 @@ int hash_filehandle(int hash, FILE *in,
                     unsigned char *dst, unsigned long *outlen);
 \end{verbatim}
 
-Both functions return {\bf CRYPT\_OK} on success, otherwise they return an error code.  The ``hash'' parameter is
+All three functions return {\bf CRYPT\_OK} on success, otherwise they return an error code.  The ``hash'' parameter is
 the location in the descriptor table of the hash.  The ``*outlen'' variable is used to keep track of the output size.  You
 must set it to the size of your output buffer before calling the functions.  When they complete succesfully they store
-the length of the message digest back in it.  The functions are otherwise straightforward.  The ``hash\_filehandle'' function
-assumes that ``in'' is an file handle opened in binary mode.  It will not reset the file position after hashing the content.
+the length of the message digest back in it.  The functions are otherwise straightforward.  The ``hash\_filehandle'' 
+function assumes that ``in'' is an file handle opened in binary mode.  It will not reset the file position after 
+hashing the content.
 
 To perform the above hash with md5 the following code could be used:
 \begin{small}
@@ -992,23 +1027,29 @@ are finished with the HMAC process you must call the following function to get t
 int  hmac_done(hmac_state *hmac, unsigned char *hash);
 \end{verbatim}
 ``hmac'' is the HMAC state you are working with.  ``hash'' is the array of octets where the HMAC code should be stored.  You
-must ensure that your destination array is the right size (or just make it of size MAXBLOCKSIZE to be sure).  There are 
-two  utility functions provided to make using HMACs easier todo.
+must ensure that your destination array is the right size (or just make it of size MAXBLOCKSIZE to be sure).  
+
+There are two  utility functions provided to make using HMACs easier todo.  They accept the key and information about the
+message (file pointer, address in memory) and produce the HMAC result in one shot.  These are useful if you want to avoid
+calling the three step process yourself.
+
 \begin{verbatim}
 int hmac_memory(int hash, const unsigned char *key, unsigned long keylen,
                 const unsigned char *data, unsigned long len, 
-                unsigned char *dst);
+                unsigned char *dst, unsigned long *dstlen);
 \end{verbatim}
-This will produce an HMAC code for the array of octets in ``data'' of length ``len''.  The index into the hash descriptor table must be provided in ``hash'' 
-It uses the key from ``key'' with a key length of ``keylen''.  The result is stored in the array of octets``dst''.  
-Similarly for files there is the following function:
+This will produce an HMAC code for the array of octets in ``data'' of length ``len''.  The index into the hash descriptor 
+table must be provided in ``hash'' it uses the key from ``key'' with a key length of ``keylen''.  
+The result is stored in the array of octets ``dst'' and the length in ``dstlen''.  Similarly for files there is the 
+following function:
 \begin{verbatim}
 int hmac_file(int hash, const char *fname, const unsigned char *key,
-              unsigned long keylen, unsigned char *dst);
+              unsigned long keylen, 
+              unsigned char *dst, unsigned long *dstlen);
 \end{verbatim}
 ``hash'' is the index into the hash descriptor table of the hash you want to use.  ``fname'' is the filename to process.  ``key''
-is the array of octets to use as the key.  ``keylen'' is the length of the key.  ``dst'' is the array of octets where the result
-should be stored.
+is the array of octets to use as the key.  ``keylen'' is the length of the key.  ``dst'' is the array of octets where the 
+result should be stored.
 
 To test if the HMAC code is working there is the following function:
 \begin{verbatim}
@@ -2046,12 +2087,12 @@ int base64_decode(const unsigned char *in, unsigned long len,
 \end{verbatim}
 
 \section{The Multiple Precision Integer Library (MPI)}
-The library comes with a copy of Michael Fromberger's\footnote{Michael J. Fromberger, [email protected]} multiple
-precision integer library MPI.  MPI is a trivial to use ANSI C compatible large integer library.  It is free for all uses and
-is distributed freely.
+The library comes with a copy of LibTomMath  which is a multiple precision integer library written by the
+author of LibTomCrypt.  LibTomMath is a trivial to use ANSI C compatible large integer library which is free 
+for all uses and is distributed freely.
 
-At the heart of all MPI functions is the data type ``mp\_int'' (defined in mpi.h).  This data type is what will hold all large
-integers.  In order to use an mp\_int one must initialize it first, for example:
+At the heart of all the functions is the data type ``mp\_int'' (defined in tommath.h).  This data type is what 
+will hold all large integers.  In order to use an mp\_int one must initialize it first, for example:
 \begin{verbatim}
 #include <mycrypt.h> /* mycrypt.h includes mpi.h automatically */
 int main(void)
@@ -2065,31 +2106,28 @@ int main(void)
 }
 \end{verbatim}
 If you are unfamiliar with the syntax of C the \& symbol is used to pass the address of ``bignum'' to the function.  All
-MPI functions require the address of the parameters.  To free the memory of a mp\_int use (for example):
+LibTomMath functions require the address of the parameters.  To free the memory of a mp\_int use (for example):
 \begin{verbatim}
 mp_clear(&bignum);
 \end{verbatim}
 
-All MPI functions have the basic form of one of the following:
+The functions also have the basic form of one of the following:
 \begin{verbatim}
 mp_XXX(mp_int *a);
 mp_XXX(mp_int *a, mp_int *b, mp_int *c);
 mp_XXX(mp_int *a, mp_int *b, mp_int *c, mp_int *d);
 \end{verbatim}
 
-Where they perform some operation and store the result in the mp\_int variable passed on the far right.  For example, to
-compute $c = a + b \mbox{ }(\mbox{mod }m)$ you would call:
+Where they perform some operation and store the result in the mp\_int variable passed on the far right.  
+For example, to compute $c = a + b \mbox{ }(\mbox{mod }m)$ you would call:
 \begin{verbatim}
 mp_addmod(&a, &b, &m, &c);
 \end{verbatim}
 
-The simplest way to get a complete listing of all MPI functions is to open ``mpi.h'' and look.  They're all fairly 
-well documented.
-
 \subsection{Binary Forms of ``mp\_int'' Variables}
 
-Often it is required to store a ``mp\_int'' in binary form for transport (e.g. exporting a key, packet encryption, etc.).
-MPI includes two functions to help when exporting numbers:
+Often it is required to store a ``mp\_int'' in binary form for transport (e.g. exporting a key, packet 
+encryption, etc.).  LibTomMath includes two functions to help when exporting numbers:
 \begin{verbatim}
 int mp_raw_size(mp_int *num);
 mp_toraw(&num, buf);
@@ -2135,9 +2173,8 @@ will not be able to sign or decrypt messages at all.  Suppose $p$ was prime and
 the multi-prime RSA.  Suppose $q = rs$ for two primes $r$ and $s$ then $\phi(pq) = (p - 1)(r - 1)(s - 1)$ which clearly is 
 not equal to $(p - 1)(rs - 1)$.
 
-These are not technically part of the MPI
-library\footnote{As written by Michael Fromberger} but this is the best place to document them.  To test if a ``mp\_int'' is
-prime call:
+These are not technically part of the LibTomMath library but this is the best place to document them.  
+To test if a ``mp\_int'' is prime call:
 \begin{verbatim}
 int is_prime(mp_int *N, int *result);
 \end{verbatim}
@@ -2279,8 +2316,8 @@ or define ENDIAN\_64BITWORD when its 64-bits.  If you do not define any of them
 which will work on all platforms.  Currently the system will automatically detect GCC or MSVC on a windows platform as well
 as GCC on a PS2 platform.
 
-\section{The makefile}
-There are also options you can specify from the makefiles themselves.  
+\section{The Configure Script}
+There are also options you can specify from the configure script or ``mycrypt\_config.h''.  
 
 \subsubsection{X memory routines}
 The makefiles must define three macros denoted as XMALLOC, XCALLOC and XFREE which resolve to the name of the respective

ctr.c

@@ -43,6 +43,12 @@ int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
    if ((err = cipher_is_valid(ctr->cipher)) != CRYPT_OK) {
        return err;
    }
+   
+   /* is blocklen/padlen valid? */
+   if (ctr->blocklen < 0 || ctr->blocklen > (int)sizeof(ctr->ctr) ||
+       ctr->padlen   < 0 || ctr->padlen   > (int)sizeof(ctr->pad)) {
+      return CRYPT_INVALID_ARG;
+   }
 
    while (len-- > 0) {
       /* is the pad empty? */

demos/hashsum.c

@@ -7,7 +7,7 @@
  * more functions ;)
 */
 
-#include <mycrypt.h>
+#include <mycrypt_custom.h>
 
 int errno;
 

demos/test.c

@@ -7,9 +7,9 @@ out the functionality of the library */
 #include "timer.h"
 #endif
 
-#include "../mycrypt.h"
+#include <mycrypt.h>
 
-int     errno;
+int     errnum;
 
 
 int
@@ -128,8 +128,8 @@ ecb_tests (void)
   printf ("ECB tests\n");
   for (x = 0; cipher_descriptor[x].name != NULL; x++) {
     printf (" %12s: ", cipher_descriptor[x].name);
-    if ((errno = cipher_descriptor[x].test ()) != CRYPT_OK) {
-      printf (" **failed** Reason: %s\n", error_to_string (errno));
+    if ((errnum = cipher_descriptor[x].test ()) != CRYPT_OK) {
+      printf (" **failed** Reason: %s\n", error_to_string (errnum));
       exit (-1);
     } else {
       printf ("passed\n");
@@ -154,17 +154,17 @@ cbc_tests (void)
     blk[x] = IV[x] = x;
 
   /* now lets start a cbc session */
-  if ((errno =
+  if ((errnum =
        cbc_start (find_cipher ("blowfish"), IV, key, 16, 0,
 		  &cbc)) != CRYPT_OK) {
-    printf ("CBC Setup: %s\n", error_to_string (errno));
+    printf ("CBC Setup: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
   /* now lets encode 32 bytes */
   for (x = 0; x < 4; x++) {
-    if ((errno = cbc_encrypt (blk + 8 * x, ct + 8 * x, &cbc)) != CRYPT_OK) {
-      printf ("CBC encrypt: %s\n", error_to_string (errno));
+    if ((errnum = cbc_encrypt (blk + 8 * x, ct + 8 * x, &cbc)) != CRYPT_OK) {
+      printf ("CBC encrypt: %s\n", error_to_string (errnum));
       exit (-1);
     }
   }
@@ -177,17 +177,17 @@ cbc_tests (void)
     IV[x] = x;
 
   /* now lets start a cbc session */
-  if ((errno =
+  if ((errnum =
        cbc_start (find_cipher ("blowfish"), IV, key, 16, 0,
 		  &cbc)) != CRYPT_OK) {
-    printf ("CBC Setup: %s\n", error_to_string (errno));
+    printf ("CBC Setup: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
   /* now lets decode 32 bytes */
   for (x = 0; x < 4; x++) {
-    if ((errno = cbc_decrypt (ct + 8 * x, blk + 8 * x, &cbc)) != CRYPT_OK) {
-      printf ("CBC decrypt: %s\n", error_to_string (errno));
+    if ((errnum = cbc_decrypt (ct + 8 * x, blk + 8 * x, &cbc)) != CRYPT_OK) {
+      printf ("CBC decrypt: %s\n", error_to_string (errnum));
       exit (-1);
     }
   }
@@ -240,16 +240,16 @@ ofb_tests (void)
     blk[x] = IV[x] = x;
 
   /* now lets start a ofb session */
-  if ((errno =
+  if ((errnum =
        ofb_start (find_cipher ("cast5"), IV, key, 16, 0, &ofb)) != CRYPT_OK) {
-    printf ("OFB Setup: %s\n", error_to_string (errno));
+    printf ("OFB Setup: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
   /* now lets encode 32 bytes */
   for (x = 0; x < 4; x++) {
-    if ((errno = ofb_encrypt (blk + 8 * x, ct + 8 * x, 8, &ofb)) != CRYPT_OK) {
-      printf ("OFB encrypt: %s\n", error_to_string (errno));
+    if ((errnum = ofb_encrypt (blk + 8 * x, ct + 8 * x, 8, &ofb)) != CRYPT_OK) {
+      printf ("OFB encrypt: %s\n", error_to_string (errnum));
       exit (-1);
     }
   }
@@ -262,16 +262,16 @@ ofb_tests (void)
     IV[x] = x;
 
   /* now lets start a ofb session */
-  if ((errno =
+  if ((errnum =
        ofb_start (find_cipher ("cast5"), IV, key, 16, 0, &ofb)) != CRYPT_OK) {
-    printf ("OFB setup: %s\n", error_to_string (errno));
+    printf ("OFB setup: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
   /* now lets decode 32 bytes */
   for (x = 0; x < 4; x++) {
-    if ((errno = ofb_decrypt (ct + 8 * x, blk + 8 * x, 8, &ofb)) != CRYPT_OK) {
-      printf ("OFB decrypt: %s\n", error_to_string (errno));
+    if ((errnum = ofb_decrypt (ct + 8 * x, blk + 8 * x, 8, &ofb)) != CRYPT_OK) {
+      printf ("OFB decrypt: %s\n", error_to_string (errnum));
       exit (-1);
     }
   }
@@ -307,17 +307,17 @@ cfb_tests (void)
     blk[x] = IV[x] = x;
 
   /* now lets start a cfb session */
-  if ((errno =
+  if ((errnum =
        cfb_start (find_cipher ("blowfish"), IV, key, 16, 0,
 		  &cfb)) != CRYPT_OK) {
-    printf ("CFB setup: %s\n", error_to_string (errno));
+    printf ("CFB setup: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
   /* now lets encode 32 bytes */
   for (x = 0; x < 4; x++) {
-    if ((errno = cfb_encrypt (blk + 8 * x, ct + 8 * x, 8, &cfb)) != CRYPT_OK) {
-      printf ("CFB encrypt: %s\n", error_to_string (errno));
+    if ((errnum = cfb_encrypt (blk + 8 * x, ct + 8 * x, 8, &cfb)) != CRYPT_OK) {
+      printf ("CFB encrypt: %s\n", error_to_string (errnum));
       exit (-1);
     }
   }
@@ -330,17 +330,17 @@ cfb_tests (void)
     IV[x] = x;
 
   /* now lets start a cfb session */
-  if ((errno =
+  if ((errnum =
        cfb_start (find_cipher ("blowfish"), IV, key, 16, 0,
 		  &cfb)) != CRYPT_OK) {
-    printf ("CFB Setup: %s\n", error_to_string (errno));
+    printf ("CFB Setup: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
   /* now lets decode 32 bytes */
   for (x = 0; x < 4; x++) {
-    if ((errno = cfb_decrypt (ct + 8 * x, blk + 8 * x, 8, &cfb)) != CRYPT_OK) {
-      printf ("CFB decrypt: %s\n", error_to_string (errno));
+    if ((errnum = cfb_decrypt (ct + 8 * x, blk + 8 * x, 8, &cfb)) != CRYPT_OK) {
+      printf ("CFB decrypt: %s\n", error_to_string (errnum));
       exit (-1);
     }
   }
@@ -378,17 +378,17 @@ ctr_tests (void)
     blk[x] = count[x] = x;
 
   /* now lets start a ctr session */
-  if ((errno =
+  if ((errnum =
        ctr_start (find_cipher ("xtea"), count, key, 16, 0,
 		  &ctr)) != CRYPT_OK) {
-    printf ("CTR Setup: %s\n", error_to_string (errno));
+    printf ("CTR Setup: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
   /* now lets encode 32 bytes */
   for (x = 0; x < 4; x++) {
-    if ((errno = ctr_encrypt (blk + 8 * x, ct + 8 * x, 8, &ctr)) != CRYPT_OK) {
-      printf ("CTR encrypt: %s\n", error_to_string (errno));
+    if ((errnum = ctr_encrypt (blk + 8 * x, ct + 8 * x, 8, &ctr)) != CRYPT_OK) {
+      printf ("CTR encrypt: %s\n", error_to_string (errnum));
       exit (-1);
     }
   }
@@ -401,17 +401,17 @@ ctr_tests (void)
     count[x] = x;
 
   /* now lets start a cbc session */
-  if ((errno =
+  if ((errnum =
        ctr_start (find_cipher ("xtea"), count, key, 16, 0,
 		  &ctr)) != CRYPT_OK) {
-    printf ("CTR Setup: %s\n", error_to_string (errno));
+    printf ("CTR Setup: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
   /* now lets decode 32 bytes */
   for (x = 0; x < 4; x++) {
-    if ((errno = ctr_decrypt (ct + 8 * x, blk + 8 * x, 8, &ctr)) != CRYPT_OK) {
-      printf ("CTR decrypt: %s\n", error_to_string (errno));
+    if ((errnum = ctr_decrypt (ct + 8 * x, blk + 8 * x, 8, &ctr)) != CRYPT_OK) {
+      printf ("CTR decrypt: %s\n", error_to_string (errnum));
       exit (-1);
     }
   }
@@ -457,10 +457,12 @@ hash_tests (void)
   printf ("Hash tests\n");
   for (x = 0; hash_descriptor[x].name != NULL; x++) {
     printf (" %10s (%2d) ", hash_descriptor[x].name, hash_descriptor[x].ID);
-    if ((errno = hash_descriptor[x].test ()) != CRYPT_OK)
-      printf ("**failed** Reason: %s\n", error_to_string (errno));
-    else
+    if ((errnum = hash_descriptor[x].test ()) != CRYPT_OK) {
+      printf ("**failed** Reason: %s\n", error_to_string (errnum));
+      exit(-1);
+    } else {
       printf ("passed\n");
+    }
   }
 }
 
@@ -477,17 +479,17 @@ pad_test (void)
 
   /* pad the message so that random filler is placed before and after it */
   y = 100;
-  if ((errno =
+  if ((errnum =
        rsa_pad (in, 16, out, &y, find_prng ("yarrow"), &prng)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
   /* depad the message to get the original content */
   memset (in, 0, sizeof (in));
   x = 100;
-  if ((errno = rsa_depad (out, y, in, &x)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+  if ((errnum = rsa_depad (out, y, in, &x)) != CRYPT_OK) {
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
@@ -516,25 +518,25 @@ rsa_test (void)
 
   /* ---- SINGLE ENCRYPT ---- */
   /* encrypt a short 8 byte string */
-  if ((errno =
+  if ((errnum =
        rsa_make_key (&prng, find_prng ("yarrow"), 1024 / 8, 65537,
 		     &key)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
   for (x = 0; x < 8; x++)
     in[x] = (unsigned char) (x + 1);
   y = sizeof (in);
-  if ((errno = rsa_exptmod (in, 8, out, &y, PK_PUBLIC, &key)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+  if ((errnum = rsa_exptmod (in, 8, out, &y, PK_PUBLIC, &key)) != CRYPT_OK) {
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
   /* decrypt it */
   zeromem (in, sizeof (in));
   x = sizeof (out);
-  if ((errno = rsa_exptmod (out, y, in, &x, PK_PRIVATE, &key)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+  if ((errnum = rsa_exptmod (out, y, in, &x, PK_PRIVATE, &key)) != CRYPT_OK) {
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
@@ -551,16 +553,16 @@ rsa_test (void)
   for (x = 0; x < 16; x++)
     in[x] = x;
   y = sizeof (out);
-  if ((errno =
+  if ((errnum =
        rsa_encrypt_key (in, 16, out, &y, &prng, find_prng ("yarrow"),
 			&key)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
   zeromem (in, sizeof (in));
   x = sizeof (in);
-  if ((errno = rsa_decrypt_key (out, y, in, &x, &key)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+  if ((errnum = rsa_decrypt_key (out, y, in, &x, &key)) != CRYPT_OK) {
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
   printf ("RSA en/de crypt key routines: ");
@@ -579,19 +581,19 @@ rsa_test (void)
   for (x = 0; x < 16; x++)
     in[x] = x;
   x = sizeof (in);
-  if ((errno = rsa_sign_hash (in, 16, out, &x, &key)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+  if ((errnum = rsa_sign_hash (in, 16, out, &x, &key)) != CRYPT_OK) {
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
   printf ("RSA signed hash: %lu bytes\n", x);
-  if ((errno = rsa_verify_hash (out, x, in, &stat, &key)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+  if ((errnum = rsa_verify_hash (out, x, in, &stat, &key)) != CRYPT_OK) {
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
   printf ("Verify hash: %s, ", stat ? "passed" : "failed");
   in[0] ^= 1;
-  if ((errno = rsa_verify_hash (out, x, in, &stat, &key)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+  if ((errnum = rsa_verify_hash (out, x, in, &stat, &key)) != CRYPT_OK) {
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
   printf ("%s\n", (!stat) ? "passed" : "failed");
@@ -612,10 +614,10 @@ rsa_test (void)
     for (z = 1024; z <= limit; z += 512) {
       t = XCLOCK ();
       for (tt = 0; tt < 3; tt++) {
-	if ((errno =
+	if ((errnum =
 	     rsa_make_key (&prng, find_prng ("yarrow"), z / 8, 65537,
 			   &key)) != CRYPT_OK) {
-	  printf ("Error: %s\n", error_to_string (errno));
+	  printf ("Error: %s\n", error_to_string (errnum));
 	  exit (-1);
 	}
 	if (tt < 2)
@@ -630,9 +632,9 @@ rsa_test (void)
 
       for (tt = 0; tt < 100; tt++) {
 	y = sizeof (in);
-	if ((errno =
+	if ((errnum =
 	     rsa_exptmod (in, 8, out, &y, PK_PUBLIC, &key)) != CRYPT_OK) {
-	  printf ("Error: %s\n", error_to_string (errno));
+	  printf ("Error: %s\n", error_to_string (errnum));
 	  exit (-1);
 	}
       }
@@ -644,9 +646,9 @@ rsa_test (void)
       t = XCLOCK ();
       for (tt = 0; tt < 100; tt++) {
 	x = sizeof (out);
-	if ((errno =
+	if ((errnum =
 	     rsa_exptmod (out, y, in, &x, PK_PRIVATE, &key)) != CRYPT_OK) {
-	  printf ("Error: %s\n", error_to_string (errno));
+	  printf ("Error: %s\n", error_to_string (errnum));
 	  exit (-1);
 	}
       }
@@ -688,14 +690,14 @@ base64_test (void)
 
   x = 100;
   if (base64_encode (buf[0], 16, buf[1], &x) != CRYPT_OK) {
-    printf ("  error: %s\n", error_to_string (errno));
+    printf ("  error: %s\n", error_to_string (errnum));
     exit (-1);
   }
   printf ("  encoded 16 bytes to %ld bytes...[%s]\n", x, buf[1]);
   memset (buf[0], 0, 100);
   y = 100;
   if (base64_decode (buf[1], x, buf[0], &y) != CRYPT_OK) {
-    printf ("  error: %s\n", error_to_string (errno));
+    printf ("  error: %s\n", error_to_string (errnum));
     exit (-1);
   }
   printf ("  decoded %ld bytes to %ld bytes\n", x, y);
@@ -726,7 +728,17 @@ time_hash (void)
     t1 = XCLOCK ();
     z = sizeof (out);
     y = 0;
-    while (XCLOCK () - t1 < (3 * XCLOCKS_PER_SEC)) {
+    while (XCLOCK () - t1 < (5 * XCLOCKS_PER_SEC)) {
+      hash_memory (x, input, 4096, out, &z);
+      hash_memory (x, input, 4096, out, &z);
+      hash_memory (x, input, 4096, out, &z);
+      hash_memory (x, input, 4096, out, &z);
+      hash_memory (x, input, 4096, out, &z);
+      hash_memory (x, input, 4096, out, &z);
+      hash_memory (x, input, 4096, out, &z);
+      hash_memory (x, input, 4096, out, &z);
+      hash_memory (x, input, 4096, out, &z);
+      hash_memory (x, input, 4096, out, &z);
       hash_memory (x, input, 4096, out, &z);
       hash_memory (x, input, 4096, out, &z);
       hash_memory (x, input, 4096, out, &z);
@@ -743,7 +755,13 @@ time_hash (void)
       hash_memory (x, input, 4096, out, &z);
       hash_memory (x, input, 4096, out, &z);
       hash_memory (x, input, 4096, out, &z);
-      y += 16;
+      hash_memory (x, input, 4096, out, &z);
+      hash_memory (x, input, 4096, out, &z);
+      hash_memory (x, input, 4096, out, &z);
+      hash_memory (x, input, 4096, out, &z);
+      hash_memory (x, input, 4096, out, &z);
+      hash_memory (x, input, 4096, out, &z);
+      y += 32;
     }
     t1 = XCLOCK () - t1;
     printf ("%-20s: Hash at %5.2f Mbit/sec\n", hash_descriptor[x].name,
@@ -825,33 +843,33 @@ dh_tests (void)
   dh_key  usera, userb;
   clock_t t1;
 
-/*   if ((errno = dh_test()) != CRYPT_OK) printf("DH Error: %s\n", error_to_string(errno)); */
+/*   if ((errnum = dh_test()) != CRYPT_OK) printf("DH Error: %s\n", error_to_string(errnum)); */
 
   dh_sizes (&low, &high);
   printf ("DH Keys from %d to %d supported.\n", low * 8, high * 8);
 
   /* make up two keys */
-  if ((errno =
+  if ((errnum =
        dh_make_key (&prng, find_prng ("yarrow"), 96, &usera)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
-  if ((errno =
+  if ((errnum =
        dh_make_key (&prng, find_prng ("yarrow"), 96, &userb)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
   /* make the shared secret */
   x = 4096;
-  if ((errno = dh_shared_secret (&usera, &userb, buf[0], &x)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+  if ((errnum = dh_shared_secret (&usera, &userb, buf[0], &x)) != CRYPT_OK) {
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
   y = 4096;
-  if ((errno = dh_shared_secret (&userb, &usera, buf[1], &y)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+  if ((errnum = dh_shared_secret (&userb, &usera, buf[1], &y)) != CRYPT_OK) {
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
   if (y != x) {
@@ -865,20 +883,20 @@ dh_tests (void)
 
   /* now export userb */
   y = 4096;
-  if ((errno = dh_export (buf[1], &y, PK_PUBLIC, &userb)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+  if ((errnum = dh_export (buf[1], &y, PK_PUBLIC, &userb)) != CRYPT_OK) {
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
   dh_free (&userb);
 
   /* import and make the shared secret again */
-  if ((errno = dh_import (buf[1], y, &userb)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+  if ((errnum = dh_import (buf[1], y, &userb)) != CRYPT_OK) {
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
   z = 4096;
-  if ((errno = dh_shared_secret (&usera, &userb, buf[2], &z)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+  if ((errnum = dh_shared_secret (&usera, &userb, buf[2], &z)) != CRYPT_OK) {
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
@@ -902,13 +920,13 @@ dh_tests (void)
 
     for (ii = 0; ii < (int) (sizeof (sizes) / sizeof (sizes[0])); ii++) {
       t1 = XCLOCK ();
-      for (tt = 0; tt < 50; tt++) {
+      for (tt = 0; tt < 5; tt++) {
 	dh_make_key (&prng, find_prng ("yarrow"), sizes[ii], &usera);
 	dh_free (&usera);
       }
       t1 = XCLOCK () - t1;
       printf ("Make dh-%d key took %f msec\n", sizes[ii] * 8,
-	      1000.0 * (((double) t1 / 50.0) / (double) XCLOCKS_PER_SEC));
+	      1000.0 * (((double) t1 / 5.0) / (double) XCLOCKS_PER_SEC));
     }
   }
 
@@ -917,16 +935,16 @@ dh_tests (void)
   for (x = 0; x < 16; x++)
     buf[0][x] = x;
   y = sizeof (buf[1]);
-  if ((errno =
+  if ((errnum =
        dh_encrypt_key (buf[0], 16, buf[1], &y, &prng, find_prng ("yarrow"),
 		       find_hash ("md5"), &usera)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
   zeromem (buf[0], sizeof (buf[0]));
   x = sizeof (buf[0]);
-  if ((errno = dh_decrypt_key (buf[1], y, buf[0], &x, &usera)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+  if ((errnum = dh_decrypt_key (buf[1], y, buf[0], &x, &usera)) != CRYPT_OK) {
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
   printf ("DH en/de crypt key routines: ");
@@ -945,19 +963,19 @@ dh_tests (void)
   for (x = 0; x < 16; x++)
     buf[0][x] = x;
   x = sizeof (buf[1]);
-  if ((errno =
+  if ((errnum =
        dh_sign_hash (buf[0], 16, buf[1], &x, &prng, find_prng ("yarrow"),
 		     &usera)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
   if (dh_verify_hash (buf[1], x, buf[0], 16, &stat, &usera)) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
   buf[0][0] ^= 1;
   if (dh_verify_hash (buf[1], x, buf[0], 16, &stat2, &usera)) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
   printf ("dh_sign/verify_hash: %s (%d,%d), %lu\n",
@@ -1002,10 +1020,10 @@ rng_tests (void)
   printf ("\n");
 
 #ifdef YARROW
-  if ((errno =
+  if ((errnum =
        rng_make_prng (128, find_prng ("yarrow"), &prng,
 		      &callback)) != CRYPT_OK) {
-    printf (" starting yarrow error: %s\n", error_to_string (errno));
+    printf (" starting yarrow error: %s\n", error_to_string (errnum));
     exit (-1);
   }
 #endif
@@ -1021,8 +1039,8 @@ ecc_tests (void)
   ecc_key usera, userb;
   clock_t t1;
 
-  if ((errno = ecc_test ()) != CRYPT_OK) {
-    printf ("ecc Error: %s\n", error_to_string (errno));
+  if ((errnum = ecc_test ()) != CRYPT_OK) {
+    printf ("ecc Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
@@ -1030,27 +1048,27 @@ ecc_tests (void)
   printf ("ecc Keys from %d to %d supported.\n", low * 8, high * 8);
 
   /* make up two keys */
-  if ((errno =
+  if ((errnum =
        ecc_make_key (&prng, find_prng ("yarrow"), 24, &usera)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
-  if ((errno =
+  if ((errnum =
        ecc_make_key (&prng, find_prng ("yarrow"), 24, &userb)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
   /* make the shared secret */
   x = 4096;
-  if ((errno = ecc_shared_secret (&usera, &userb, buf[0], &x)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+  if ((errnum = ecc_shared_secret (&usera, &userb, buf[0], &x)) != CRYPT_OK) {
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
   y = 4096;
-  if ((errno = ecc_shared_secret (&userb, &usera, buf[1], &y)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+  if ((errnum = ecc_shared_secret (&userb, &usera, buf[1], &y)) != CRYPT_OK) {
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
@@ -1066,22 +1084,22 @@ ecc_tests (void)
 
   /* now export userb */
   y = 4096;
-  if ((errno = ecc_export (buf[1], &y, PK_PUBLIC, &userb)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+  if ((errnum = ecc_export (buf[1], &y, PK_PUBLIC, &userb)) != CRYPT_OK) {
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
   ecc_free (&userb);
   printf ("ECC-192 export took %ld bytes\n", y);
 
   /* import and make the shared secret again */
-  if ((errno = ecc_import (buf[1], y, &userb)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+  if ((errnum = ecc_import (buf[1], y, &userb)) != CRYPT_OK) {
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
   z = 4096;
-  if ((errno = ecc_shared_secret (&usera, &userb, buf[2], &z)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+  if ((errnum = ecc_shared_secret (&usera, &userb, buf[2], &z)) != CRYPT_OK) {
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
@@ -1106,10 +1124,10 @@ ecc_tests (void)
     for (ii = 0; ii < (int) (sizeof (sizes) / sizeof (sizes[0])); ii++) {
       t1 = XCLOCK ();
       for (tt = 0; tt < 25; tt++) {
-	if ((errno =
+	if ((errnum =
 	     ecc_make_key (&prng, find_prng ("yarrow"), sizes[ii],
 			   &usera)) != CRYPT_OK) {
-	  printf ("Error: %s\n", error_to_string (errno));
+	  printf ("Error: %s\n", error_to_string (errnum));
 	  exit (-1);
 	}
 	ecc_free (&usera);
@@ -1121,28 +1139,28 @@ ecc_tests (void)
   }
 
 /* test encrypt_key */
-  ecc_make_key (&prng, find_prng ("yarrow"), 65, &usera);
-  for (x = 0; x < 16; x++)
+  ecc_make_key (&prng, find_prng ("yarrow"), 28, &usera);
+  for (x = 0; x < 32; x++)
     buf[0][x] = x;
   y = sizeof (buf[1]);
-  if ((errno =
-       ecc_encrypt_key (buf[0], 16, buf[1], &y, &prng, find_prng ("yarrow"),
-			find_hash ("md5"), &usera)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+  if ((errnum =
+       ecc_encrypt_key (buf[0], 32, buf[1], &y, &prng, find_prng ("yarrow"),
+			find_hash ("sha256"), &usera)) != CRYPT_OK) {
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
   zeromem (buf[0], sizeof (buf[0]));
   x = sizeof (buf[0]);
-  if ((errno = ecc_decrypt_key (buf[1], y, buf[0], &x, &usera)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+  if ((errnum = ecc_decrypt_key (buf[1], y, buf[0], &x, &usera)) != CRYPT_OK) {
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
   printf ("ECC en/de crypt key routines: ");
-  if (x != 16) {
+  if (x != 32) {
     printf ("Failed (length)\n");
     exit (-1);
   }
-  for (x = 0; x < 16; x++)
+  for (x = 0; x < 32; x++)
     if (buf[0][x] != x) {
       printf ("Failed (contents)\n");
       exit (-1);
@@ -1152,19 +1170,19 @@ ecc_tests (void)
   for (x = 0; x < 16; x++)
     buf[0][x] = x;
   x = sizeof (buf[1]);
-  if ((errno =
+  if ((errnum =
        ecc_sign_hash (buf[0], 16, buf[1], &x, &prng, find_prng ("yarrow"),
 		      &usera)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
   if (ecc_verify_hash (buf[1], x, buf[0], 16, &stat, &usera)) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
   buf[0][0] ^= 1;
   if (ecc_verify_hash (buf[1], x, buf[0], 16, &stat2, &usera)) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
     exit (-1);
   }
   printf ("ecc_sign/verify_hash: %s (%d,%d)\n",
@@ -1374,35 +1392,35 @@ kr_display (pk_key * kr)
 void
 kr_test_makekeys (pk_key ** kr)
 {
-  if ((errno = kr_init (kr)) != CRYPT_OK) {
-    printf ("KR init error %s\n", error_to_string (errno));
+  if ((errnum = kr_init (kr)) != CRYPT_OK) {
+    printf ("KR init error %s\n", error_to_string (errnum));
     exit (-1);
   }
 
   /* make a DH key */
   printf ("KR: Making DH key...\n");
-  if ((errno =
+  if ((errnum =
        kr_make_key (*kr, &prng, find_prng ("yarrow"), DH_KEY, 128, "dhkey",
 		    "[email protected]", "dhkey one")) != CRYPT_OK) {
-    printf ("Make key error: %s\n", error_to_string (errno));
+    printf ("Make key error: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
   /* make a ECC key */
   printf ("KR: Making ECC key...\n");
-  if ((errno =
+  if ((errnum =
        kr_make_key (*kr, &prng, find_prng ("yarrow"), ECC_KEY, 20, "ecckey",
 		    "[email protected]", "ecckey one")) != CRYPT_OK) {
-    printf ("Make key error: %s\n", error_to_string (errno));
+    printf ("Make key error: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
   /* make a RSA key */
   printf ("KR: Making RSA key...\n");
-  if ((errno =
+  if ((errnum =
        kr_make_key (*kr, &prng, find_prng ("yarrow"), RSA_KEY, 128, "rsakey",
 		    "[email protected]", "rsakey one")) != CRYPT_OK) {
-    printf ("Make key error: %s\n", error_to_string (errno));
+    printf ("Make key error: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
@@ -1426,18 +1444,18 @@ kr_test (void)
 
   for (i = 0; i < 3; i++) {
     len = sizeof (buf);
-    if ((errno = kr_export (kr, kr->ID, kr->key_type, buf, &len)) != CRYPT_OK) {
-      printf ("Error exporting key %d, %s\n", i, error_to_string (errno));
+    if ((errnum = kr_export (kr, kr->ID, kr->key_type, buf, &len)) != CRYPT_OK) {
+      printf ("Error exporting key %d, %s\n", i, error_to_string (errnum));
       exit (-1);
     }
     printf ("Exported key was: %lu bytes\n", len);
-    if ((errno = kr_del (&kr, kr->ID)) != CRYPT_OK) {
-      printf ("Error deleting key %d, %s\n", i, error_to_string (errno));
+    if ((errnum = kr_del (&kr, kr->ID)) != CRYPT_OK) {
+      printf ("Error deleting key %d, %s\n", i, error_to_string (errnum));
       exit (-1);
     }
     kr_display (kr);
-    if ((errno = kr_import (kr, buf, len)) != CRYPT_OK) {
-      printf ("Error importing key %d, %s\n", i, error_to_string (errno));
+    if ((errnum = kr_import (kr, buf, len)) != CRYPT_OK) {
+      printf ("Error importing key %d, %s\n", i, error_to_string (errnum));
       exit (-1);
     }
     kr_display (kr);
@@ -1445,25 +1463,25 @@ kr_test (void)
 
   for (i = 0; i < 3; i++) {
     len = sizeof (buf);
-    if ((errno = kr_export (kr, kr->ID, PK_PUBLIC, buf, &len)) != CRYPT_OK) {
-      printf ("Error exporting key %d, %s\n", i, error_to_string (errno));
+    if ((errnum = kr_export (kr, kr->ID, PK_PUBLIC, buf, &len)) != CRYPT_OK) {
+      printf ("Error exporting key %d, %s\n", i, error_to_string (errnum));
       exit (-1);
     }
     printf ("Exported key was: %lu bytes\n", len);
-    if ((errno = kr_del (&kr, kr->ID)) != CRYPT_OK) {
-      printf ("Error deleting key %d, %s\n", i, error_to_string (errno));
+    if ((errnum = kr_del (&kr, kr->ID)) != CRYPT_OK) {
+      printf ("Error deleting key %d, %s\n", i, error_to_string (errnum));
       exit (-1);
     }
     kr_display (kr);
-    if ((errno = kr_import (kr, buf, len)) != CRYPT_OK) {
-      printf ("Error importing key %d, %s\n", i, error_to_string (errno));
+    if ((errnum = kr_import (kr, buf, len)) != CRYPT_OK) {
+      printf ("Error importing key %d, %s\n", i, error_to_string (errnum));
       exit (-1);
     }
     kr_display (kr);
   }
 
-  if ((errno = kr_clear (&kr)) != CRYPT_OK) {
-    printf ("Error clearing ring: %s\n", error_to_string (errno));
+  if ((errnum = kr_clear (&kr)) != CRYPT_OK) {
+    printf ("Error clearing ring: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
@@ -1471,29 +1489,29 @@ kr_test (void)
 /* TEST output to file */
 #ifndef NO_FILE
 
-  if ((errno = kr_init (&kr)) != CRYPT_OK) {
-    printf ("KR init error %s\n", error_to_string (errno));
+  if ((errnum = kr_init (&kr)) != CRYPT_OK) {
+    printf ("KR init error %s\n", error_to_string (errnum));
     exit (-1);
   }
   kr_test_makekeys (&kr);
 
   /* save to file */
   f = fopen ("ring.dat", "wb");
-  if ((errno = kr_save (kr, f, NULL)) != CRYPT_OK) {
-    printf ("kr_save error %s\n", error_to_string (errno));
+  if ((errnum = kr_save (kr, f, NULL)) != CRYPT_OK) {
+    printf ("kr_save error %s\n", error_to_string (errnum));
     exit (-1);
   }
   fclose (f);
 
   /* delete and load */
-  if ((errno = kr_clear (&kr)) != CRYPT_OK) {
-    printf ("clear error: %s\n", error_to_string (errno));
+  if ((errnum = kr_clear (&kr)) != CRYPT_OK) {
+    printf ("clear error: %s\n", error_to_string (errnum));
     exit (-1);
   }
 
   f = fopen ("ring.dat", "rb");
-  if ((errno = kr_load (&kr, f, NULL)) != CRYPT_OK) {
-    printf ("kr_load error %s\n", error_to_string (errno));
+  if ((errnum = kr_load (&kr, f, NULL)) != CRYPT_OK) {
+    printf ("kr_load error %s\n", error_to_string (errnum));
     exit (-1);
   }
   fclose (f);
@@ -1501,8 +1519,8 @@ kr_test (void)
   printf ("After load and save...\n");
   kr_display (kr);
 
-  if ((errno = kr_clear (&kr)) != CRYPT_OK) {
-    printf ("clear error: %s\n", error_to_string (errno));
+  if ((errnum = kr_clear (&kr)) != CRYPT_OK) {
+    printf ("clear error: %s\n", error_to_string (errnum));
     exit (-1);
   }
 #endif
@@ -1516,16 +1534,16 @@ kr_test (void)
     printf ("Testing a key with system %d, type %d:\t", _kr->system,
 	    _kr->key_type);
     len = sizeof (buf2);
-    if ((errno =
+    if ((errnum =
 	 kr_encrypt_key (kr, _kr->ID, buf, 16, buf2, &len, &prng,
 			 find_prng ("yarrow"),
 			 find_hash ("md5"))) != CRYPT_OK) {
-      printf ("Encrypt error, %d, %s\n", i, error_to_string (errno));
+      printf ("Encrypt error, %d, %s\n", i, error_to_string (errnum));
       exit (-1);
     }
     len = sizeof (buf3);
-    if ((errno = kr_decrypt_key (kr, buf2, buf3, &len)) != CRYPT_OK) {
-      printf ("decrypt error, %d, %s\n", i, error_to_string (errno));
+    if ((errnum = kr_decrypt_key (kr, buf2, buf3, &len)) != CRYPT_OK) {
+      printf ("decrypt error, %d, %s\n", i, error_to_string (errnum));
       exit (-1);
     }
     if (len != 16 || memcmp (buf3, buf, 16)) {
@@ -1535,28 +1553,28 @@ kr_test (void)
     printf ("kr_encrypt_key passed, ");
 
     len = sizeof (buf2);
-    if ((errno =
+    if ((errnum =
 	 kr_sign_hash (kr, _kr->ID, buf, 32, buf2, &len, &prng,
 		       find_prng ("yarrow"))) != CRYPT_OK) {
-      printf ("kr_sign_hash failed, %i, %s\n", i, error_to_string (errno));
+      printf ("kr_sign_hash failed, %i, %s\n", i, error_to_string (errnum));
       exit (-1);
     }
     printf ("kr_sign_hash: ");
-    if ((errno = kr_verify_hash (kr, buf2, buf, 32, &stat)) != CRYPT_OK) {
-      printf ("kr_sign_hash failed, %i, %s\n", i, error_to_string (errno));
+    if ((errnum = kr_verify_hash (kr, buf2, buf, 32, &stat)) != CRYPT_OK) {
+      printf ("kr_sign_hash failed, %i, %s\n", i, error_to_string (errnum));
       exit (-1);
     }
     printf ("%s, ", stat ? "passed" : "failed");
     buf[15] ^= 1;
-    if ((errno = kr_verify_hash (kr, buf2, buf, 32, &stat)) != CRYPT_OK) {
-      printf ("kr_sign_hash failed, %i, %s\n", i, error_to_string (errno));
+    if ((errnum = kr_verify_hash (kr, buf2, buf, 32, &stat)) != CRYPT_OK) {
+      printf ("kr_sign_hash failed, %i, %s\n", i, error_to_string (errnum));
       exit (-1);
     }
     printf ("%s\n", (!stat) ? "passed" : "failed");
     buf[15] ^= 1;
 
     len = sizeof (buf);
-    if ((errno =
+    if ((errnum =
 	 kr_fingerprint (kr, _kr->ID, find_hash ("sha1"), buf,
 			 &len)) != CRYPT_OK) {
       printf ("kr_fingerprint failed, %i, %lu\n", i, len);
@@ -1581,8 +1599,8 @@ kr_test (void)
 
   /* now export it as public and private */
   len = sizeof (buf);
-  if ((errno = kr_export (kr, kr->ID, PK_PUBLIC, buf, &len)) != CRYPT_OK) {
-    printf ("Error exporting key %d, %s\n", i, error_to_string (errno));
+  if ((errnum = kr_export (kr, kr->ID, PK_PUBLIC, buf, &len)) != CRYPT_OK) {
+    printf ("Error exporting key %d, %s\n", i, error_to_string (errnum));
     exit (-1);
   }
 
@@ -1590,8 +1608,8 @@ kr_test (void)
   memset (buf + len, 0, sizeof (buf) - len);
 
   len = sizeof (buf2);
-  if ((errno = kr_export (kr, kr->ID, PK_PRIVATE, buf2, &len)) != CRYPT_OK) {
-    printf ("Error exporting key  %s\n", error_to_string (errno));
+  if ((errnum = kr_export (kr, kr->ID, PK_PRIVATE, buf2, &len)) != CRYPT_OK) {
+    printf ("Error exporting key  %s\n", error_to_string (errnum));
     exit (-1);
   }
 
@@ -1602,8 +1620,8 @@ kr_test (void)
   kr_clear (&kr);
   kr_init (&kr);
   kr_display (kr);
-  if ((errno = kr_import (kr, buf, len)) != CRYPT_OK) {
-    printf ("Error importing key %s\n", error_to_string (errno));
+  if ((errnum = kr_import (kr, buf, len)) != CRYPT_OK) {
+    printf ("Error importing key %s\n", error_to_string (errnum));
     exit (-1);
   }
   kr_display (kr);
@@ -1612,11 +1630,11 @@ kr_test (void)
   for (i = 0; i < 16; i++)
     buf[i] = i;
   len = sizeof (buf3);
-  if ((errno =
+  if ((errnum =
        kr_encrypt_key (kr, kr->ID, buf, 16, buf3, &len, &prng,
 		       find_prng ("yarrow"),
 		       find_hash ("md5"))) != CRYPT_OK) {
-    printf ("Encrypt error, %d, %s\n", i, error_to_string (errno));
+    printf ("Encrypt error, %d, %s\n", i, error_to_string (errnum));
     exit (-1);
   }
 
@@ -1624,16 +1642,16 @@ kr_test (void)
   kr_clear (&kr);
   kr_init (&kr);
   kr_display (kr);
-  if ((errno = kr_import (kr, buf2, len)) != CRYPT_OK) {
-    printf ("Error importing key %s\n", error_to_string (errno));
+  if ((errnum = kr_import (kr, buf2, len)) != CRYPT_OK) {
+    printf ("Error importing key %s\n", error_to_string (errnum));
     exit (-1);
   }
   kr_display (kr);
 
   /* now decrypt */
   len = sizeof (buf2);
-  if ((errno = kr_decrypt_key (kr, buf3, buf2, &len)) != CRYPT_OK) {
-    printf ("decrypt error, %s\n", error_to_string (errno));
+  if ((errnum = kr_decrypt_key (kr, buf3, buf2, &len)) != CRYPT_OK) {
+    printf ("decrypt error, %s\n", error_to_string (errnum));
     exit (-1);
   }
 
@@ -1697,14 +1715,14 @@ main (void)
 
   register_all_algs ();
 
-  if ((errno = yarrow_start (&prng)) != CRYPT_OK) {
-    printf ("yarrow_start: %s\n", error_to_string (errno));
+  if ((errnum = yarrow_start (&prng)) != CRYPT_OK) {
+    printf ("yarrow_start: %s\n", error_to_string (errnum));
   }
-  if ((errno = yarrow_add_entropy ("hello", 5, &prng)) != CRYPT_OK) {
-    printf ("yarrow_add_entropy: %s\n", error_to_string (errno));
+  if ((errnum = yarrow_add_entropy ("hello", 5, &prng)) != CRYPT_OK) {
+    printf ("yarrow_add_entropy: %s\n", error_to_string (errnum));
   }
-  if ((errno = yarrow_ready (&prng)) != CRYPT_OK) {
-    printf ("yarrow_ready: %s\n", error_to_string (errno));
+  if ((errnum = yarrow_ready (&prng)) != CRYPT_OK) {
+    printf ("yarrow_ready: %s\n", error_to_string (errnum));
   }
 
   printf (crypt_build_settings);

demos/test.c~

@@ -1,1427 +0,0 @@
-/* This is the worst code you have ever seen written on purpose.... this code is just a big hack to test
-out the functionality of the library */
-
-#ifdef SONY_PS2
-#include <eetypes.h>
-#include <eeregs.h>
-#include "timer.h"
-#endif
-
-#include "../mycrypt.h"
-
-int errno;
-
-
-int null_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
-{
-   return CRYPT_OK;
-}
-
-void null_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
-{
-   memcpy(ct, pt, 8);
-}
-
-void null_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
-{
-   memcpy(pt, ct, 8);
-}
-
-int null_test(void)
-{
-   return CRYPT_OK;
-}
-
-int null_keysize(int *desired_keysize)
-{
-   return CRYPT_OK;
-} 
-
-const struct _cipher_descriptor null_desc =
-{
-    "memcpy()",
-    255,
-    8, 8, 8, 1,
-    &null_setup,
-    &null_ecb_encrypt,
-    &null_ecb_decrypt,
-    &null_test,
-    &null_keysize
-};
-
-
-prng_state prng;
-
-void store_tests(void) 
-{
- unsigned char buf[8];
- unsigned long L;
- ulong64 LL;
-
- printf("LOAD32/STORE32 tests\n");
- L = 0x12345678UL;
- STORE32L(L, &buf[0]);
- L = 0;
- LOAD32L(L, &buf[0]);
- if (L != 0x12345678UL)  { printf("LOAD/STORE32 Little don't work\n"); exit(-1); }
- LL = CONST64(0x01020304050607);
- STORE64L(LL, &buf[0]);
- LL = 0;
- LOAD64L(LL, &buf[0])
- if (LL != CONST64(0x01020304050607)) { printf("LOAD/STORE64 Little don't work\n"); exit(-1); }
-
- L = 0x12345678UL;
- STORE32H(L, &buf[0]);
- L = 0;
- LOAD32H(L, &buf[0]);
- if (L != 0x12345678UL) { printf("LOAD/STORE32 High don't work\n"); exit(-1); }
- LL = CONST64(0x01020304050607);
- STORE64H(LL, &buf[0]);
- LL = 0;
- LOAD64H(LL, &buf[0])
- if (LL != CONST64(0x01020304050607)) { printf("LOAD/STORE64 High don't work\n"); exit(-1); }
-}
-
-void cipher_tests(void) {
-   int x;
-
-   printf("Ciphers compiled in\n");
- for (x = 0; cipher_descriptor[x].name != NULL; x++) {
-     printf(" %12s (%2d) Key Size: %4d to %4d, Block Size: %3d, Default # of rounds: %2d\n", cipher_descriptor[x].name,
-            cipher_descriptor[x].ID,
-            cipher_descriptor[x].min_key_length*8,cipher_descriptor[x].max_key_length*8,
-            cipher_descriptor[x].block_length*8, cipher_descriptor[x].default_rounds);
- }
-
-}
-
-void ecb_tests(void)
-{
- int x;
-
- printf("ECB tests\n");
- for (x = 0; cipher_descriptor[x].name != NULL; x++) {
-     printf(" %12s: ",
-           cipher_descriptor[x].name);
-     if ((errno = cipher_descriptor[x].test()) != CRYPT_OK) {
-        printf(" **failed** Reason: %s\n", error_to_string(errno));
-        exit(-1);
-     } else {
-        printf("passed\n");
-     }
- }
-}
-
-#ifdef CBC
-void cbc_tests(void)
-{
- symmetric_CBC cbc;
- int x, y;
- unsigned char blk[32], ct[32], key[32], IV[32];
- const unsigned char test[] = { 0XFF, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
-
- printf("CBC tests\n");
- /* ---- CBC ENCODING ---- */
- /* make up a block and IV */
- for (x = 0; x < 32; x++) blk[x] = IV[x] = x;
-
- /* now lets start a cbc session */
- if ((errno = cbc_start(find_cipher("blowfish"), IV, key, 16, 0, &cbc)) != CRYPT_OK) { 
-    printf("CBC Setup: %s\n", error_to_string(errno)); exit(-1); }
-
- /* now lets encode 32 bytes */
- for (x = 0; x < 4; x++) {
-    if ((errno = cbc_encrypt(blk+8*x, ct+8*x, &cbc)) != CRYPT_OK) {
-       printf("CBC encrypt: %s\n", error_to_string(errno)); exit(-1);
-    }
- }
-
- zeromem(blk, sizeof(blk));
-
- /* ---- CBC DECODING ---- */
- /* make up a IV */
- for (x = 0; x < 32; x++) IV[x] = x;
-
- /* now lets start a cbc session */
- if ((errno = cbc_start(find_cipher("blowfish"), IV, key, 16, 0, &cbc)) != CRYPT_OK) { 
-     printf("CBC Setup: %s\n", error_to_string(errno)); exit(-1); }
-
- /* now lets decode 32 bytes */
- for (x = 0; x < 4; x++) {
-    if ((errno = cbc_decrypt(ct+8*x, blk+8*x, &cbc)) != CRYPT_OK) {
-       printf("CBC decrypt: %s\n", error_to_string(errno)); exit(-1);
-    }
- }
-    
-
- /* print output */
- for (x = y = 0; x < 32; x++) if (blk[x] != x) y = 1;
- printf("  %s\n", y?"failed":"passed");
-
- /* lets actually check the bytes */
- memset(IV, 0, 8); IV[0] = 0xFF;              /* IV  = FF 00 00 00 00 00 00 00 */
- memset(blk, 0, 32); blk[8] = 0xFF;           /* BLK = 00 00 00 00 00 00 00 00 FF 00 00 00 00 00 00 00 */
- cbc_start(find_cipher("memcpy()"), IV, key, 8, 0, &cbc);
- cbc_encrypt(blk, ct, &cbc);                  /* expect: FF 00 00 00 00 00 00 00 */
- cbc_encrypt(blk+8, ct+8, &cbc);              /* expect: 00 00 00 00 00 00 00 00 */
- if (memcmp(ct, test, 16)) {
-    printf("CBC failed logical testing.\n");
-    for (x = 0; x < 16; x++) printf("%02x ", ct[x]);
-    printf("\n");
-    exit(-1);
- } else {
-    printf("CBC passed logical testing.\n");
- }
-}
-#else
-void cbc_tests(void) { printf("CBC not compiled in\n"); }
-#endif
-
-#ifdef OFB
-void ofb_tests(void)
-{
- symmetric_OFB ofb;
- int x, y;
- unsigned char blk[32], ct[32], key[32], IV[32];
-
- printf("OFB tests\n");
- /* ---- ofb ENCODING ---- */
- /* make up a block and IV */
- for (x = 0; x < 32; x++) blk[x] = IV[x] = x;
-
- /* now lets start a ofb session */
- if ((errno = ofb_start(find_cipher("cast5"), IV, key, 16, 0, &ofb)) != CRYPT_OK) { 
- 	printf("OFB Setup: %s\n", error_to_string(errno)); exit(-1); }
-
- /* now lets encode 32 bytes */
- for (x = 0; x < 4; x++) {
-    if ((errno = ofb_encrypt(blk+8*x, ct+8*x, 8, &ofb)) != CRYPT_OK) {
-       printf("OFB encrypt: %s\n", error_to_string(errno)); exit(-1);
-    }
- }
-
- zeromem(blk, sizeof(blk));
-
- /* ---- ofb DECODING ---- */
- /* make up a IV */
- for (x = 0; x < 32; x++) IV[x] = x;
-
- /* now lets start a ofb session */
- if ((errno = ofb_start(find_cipher("cast5"), IV, key, 16, 0, &ofb)) != CRYPT_OK) { 
- 	printf("OFB setup: %s\n", error_to_string(errno)); exit(-1); }
-
- /* now lets decode 32 bytes */
- for (x = 0; x < 4; x++) {
-    if ((errno = ofb_decrypt(ct+8*x, blk+8*x, 8, &ofb)) != CRYPT_OK) {
-       printf("OFB decrypt: %s\n", error_to_string(errno)); exit(-1);
-    }
- }
-
- /* print output */
- for (x = y = 0; x < 32; x++) if (blk[x] != x) y = 1;
- printf("  %s\n", y?"failed":"passed");
- if (y) exit(-1);
-}
-#else
-void ofb_tests(void) { printf("OFB not compiled in\n"); }
-#endif
-
-#ifdef CFB
-void cfb_tests(void)
-{
- symmetric_CFB cfb;
- int x, y;
- unsigned char blk[32], ct[32], key[32], IV[32];
-
- printf("CFB tests\n");
- /* ---- cfb ENCODING ---- */
- /* make up a block and IV */
- for (x = 0; x < 32; x++) blk[x] = IV[x] = x;
-
- /* now lets start a cfb session */
- if ((errno = cfb_start(find_cipher("blowfish"), IV, key, 16, 0, &cfb)) != CRYPT_OK) { 
- 	printf("CFB setup: %s\n", error_to_string(errno)); exit(-1); }
-
- /* now lets encode 32 bytes */
- for (x = 0; x < 4; x++) {
-    if ((errno = cfb_encrypt(blk+8*x, ct+8*x, 8, &cfb)) != CRYPT_OK) {
-       printf("CFB encrypt: %s\n", error_to_string(errno)); exit(-1);
-    }
- }
-
- zeromem(blk, sizeof(blk));
-
- /* ---- cfb DECODING ---- */
- /* make up ahash_descriptor[prng->yarrow.hash].hashsize IV */
- for (x = 0; x < 32; x++) IV[x] = x;
-
- /* now lets start a cfb session */
- if ((errno = cfb_start(find_cipher("blowfish"), IV, key, 16, 0, &cfb)) != CRYPT_OK) { 
- 	printf("CFB Setup: %s\n", error_to_string(errno)); exit(-1); }
-
- /* now lets decode 32 bytes */
- for (x = 0; x < 4; x++) {
-    if ((errno = cfb_decrypt(ct+8*x, blk+8*x, 8, &cfb)) != CRYPT_OK) {
-       printf("CFB decrypt: %s\n", error_to_string(errno)); exit(-1);
-    }
- }
-
- /* print output */
- for (x = y = 0; x < 32; x++) if (blk[x] != x) y = 1;
- printf("  %s\n", y?"failed":"passed");
- if (y) exit(-1);
-}
-#else
-void cfb_tests(void) { printf("CFB not compiled in\n"); }
-#endif
-
-#ifdef CTR
-void ctr_tests(void)
-{
- symmetric_CTR ctr;
- int x, y;
- unsigned char blk[32], ct[32], key[32], count[32];
- const unsigned char test[] = { 0xFF, 0, 0, 0, 0, 0, 0, 0,  0, 3, 0, 0, 0, 0, 0, 0 };
-
- printf("CTR tests\n");
- /* ---- CTR ENCODING ---- */
- /* make up a block and IV */
- for (x = 0; x < 32; x++) blk[x] = count[x] = x;
-
- /* now lets start a ctr session */
- if ((errno = ctr_start(find_cipher("xtea"), count, key, 16, 0, &ctr)) != CRYPT_OK) { 
- 	printf("CTR Setup: %s\n", error_to_string(errno)); exit(-1); }
-
- /* now lets encode 32 bytes */
- for (x = 0; x < 4; x++) {
-    if ((errno = ctr_encrypt(blk+8*x, ct+8*x, 8, &ctr)) != CRYPT_OK) {
-       printf("CTR encrypt: %s\n", error_to_string(errno)); exit(-1);
-    }
- }
-
- zeromem(blk, sizeof(blk));
-
- /* ---- CTR DECODING ---- */
- /* make up a IV */
- for (x = 0; x < 32; x++) count[x] = x;
-
- /* now lets start a cbc session */
- if ((errno = ctr_start(find_cipher("xtea"), count, key, 16, 0, &ctr)) != CRYPT_OK) { 
- 	printf("CTR Setup: %s\n", error_to_string(errno)); exit(-1); }
-
- /* now lets decode 32 bytes */
- for (x = 0; x < 4; x++) {
-    if ((errno = ctr_decrypt(ct+8*x, blk+8*x, 8, &ctr)) != CRYPT_OK) {
-       printf("CTR decrypt: %s\n", error_to_string(errno)); exit(-1);
-    }
- }
-
- /* print output */
- for (x = y = 0; x < 32; x++) if (blk[x] != x) y = 1;
- printf("  %s\n", y?"failed":"passed");
- if (y) exit(-1);
-
- /* lets actually check the bytes */
- memset(count, 0, 8); count[0] = 0xFF;        /* IV  = FF 00 00 00 00 00 00 00 */
- memset(blk, 0, 32); blk[9] = 2;              /* BLK = 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 */
- ctr_start(find_cipher("memcpy()"), count, key, 8, 0, &ctr);
- ctr_encrypt(blk, ct, 8, &ctr);               /* expect: FF 00 00 00 00 00 00 00 */
- ctr_encrypt(blk+8, ct+8, 8, &ctr);           /* expect: 00 03 00 00 00 00 00 00 */
- if (memcmp(ct, test, 16)) {
-    printf("CTR failed logical testing.\n");
-    for (x = 0; x < 16; x++) printf("%02x ", ct[x]);
-    printf("\n");
- } else {
-    printf("CTR passed logical testing.\n");
- }
-
-}
-#else
-void ctr_tests(void) { printf("CTR not compiled in\n"); }
-#endif
-
-void hash_tests(void)
-{
- int x;
- printf("Hash tests\n");
- for (x = 0; hash_descriptor[x].name != NULL; x++) {
-     printf(" %10s (%2d) ", hash_descriptor[x].name, hash_descriptor[x].ID);
-     if ((errno = hash_descriptor[x].test()) != CRYPT_OK)
-        printf("**failed** Reason: %s\n", error_to_string(errno));
-     else 
-        printf("passed\n");
- }
-}
-
-#ifdef MRSA
-void pad_test(void)
-{
- unsigned char in[100], out[100];
- unsigned long x, y;
-  
- /* make a dummy message */
- for (x = 0; x < 16; x++) in[x] = (unsigned char)x;
-
- /* pad the message so that random filler is placed before and after it */
- y = 100;
- if ((errno = rsa_pad(in, 16, out, &y, find_prng("yarrow"), &prng)) != CRYPT_OK) { 
-     printf("Error: %s\n", error_to_string(errno)); exit(-1); }
-
- /* depad the message to get the original content */
- memset(in, 0, sizeof(in));
- x = 100;
- if ((errno = rsa_depad(out, y, in, &x)) != CRYPT_OK) { printf("Error: %s\n", error_to_string(errno)); exit(-1); }
-
- /* check outcome */
- printf("rsa_pad: ");
- if (x != 16) { printf("Failed.  Wrong size.\n"); exit(-1); }
- for (x = 0; x < 16; x++) if (in[x] != x) { printf("Failed.  Expected %02lx and got %02x.\n", x, in[x]); exit(-1); }
- printf("passed.\n");
-}
-
-void rsa_test(void)
-{
- unsigned char in[4096], out[4096];
- unsigned long x, y, z, limit;
- int stat;
- rsa_key key;
- clock_t t;
-
- /* ---- SINGLE ENCRYPT ---- */
- /* encrypt a short 8 byte string */
- if ((errno = rsa_make_key(&prng, find_prng("yarrow"), 1024/8, 65537, &key)) != CRYPT_OK) { 
- 	printf("Error: %s\n", error_to_string(errno)); exit(-1); }
- for (x = 0; x < 8; x++) in[x] = (unsigned char)(x+1);
- y = sizeof(in);
- if ((errno = rsa_exptmod(in, 8, out, &y, PK_PUBLIC, &key)) != CRYPT_OK) { 
- 	printf("Error: %s\n", error_to_string(errno)); exit(-1); }
-
- /* decrypt it */
- zeromem(in, sizeof(in));
- x = sizeof(out);
- if ((errno = rsa_exptmod(out, y, in, &x, PK_PRIVATE, &key)) != CRYPT_OK) { 
- 	printf("Error: %s\n", error_to_string(errno)); exit(-1); }
-
- /* compare */
- printf("RSA    : ");
- for (x = 0; x < 8; x++) if (in[x] != (x+1)) { printf("Failed.  x==%02lx, in[%ld]==%02x\n", x, x, in[x]); exit(-1); }
- printf("passed.\n");
-
- /* test the rsa_encrypt_key functions */
- for (x = 0; x < 16; x++) in[x] = x;
- y = sizeof(out);
- if ((errno = rsa_encrypt_key(in, 16, out, &y, &prng, find_prng("yarrow"), &key)) != CRYPT_OK) {
-    printf("Error: %s\n", error_to_string(errno));
-    exit(-1);
- }
- zeromem(in, sizeof(in));
- x = sizeof(in);
- if ((errno = rsa_decrypt_key(out, y, in, &x, &key)) != CRYPT_OK) {
-    printf("Error: %s\n", error_to_string(errno));
-    exit(-1);
- }
- printf("RSA en/de crypt key routines: ");
- if (x != 16) { printf("Failed (length)\n"); exit(-1); }
- for (x = 0; x < 16; x++) if (in[x] != x) { printf("Failed (contents)\n"); exit(-1); }
- printf("Passed\n");
-
- /* test sign_hash functions */
- for (x = 0; x < 16; x++) in[x] = x;
- x = sizeof(in);
- if ((errno = rsa_sign_hash(in, 16, out, &x, &key)) != CRYPT_OK) {
-    printf("Error: %s\n", error_to_string(errno));
-    exit(-1);
- }
- printf("RSA signed hash: %lu bytes\n", x);
- if ((errno = rsa_verify_hash(out, x, in, &stat, &key)) != CRYPT_OK) {
-    printf("Error: %s\n", error_to_string(errno));
-    exit(-1);
- }
- printf("Verify hash: %s, ", stat?"passed":"failed");
- in[0] ^= 1;
- if ((errno = rsa_verify_hash(out, x, in, &stat, &key)) != CRYPT_OK) {
-    printf("Error: %s\n", error_to_string(errno));
-    exit(-1);
- }
- printf("%s\n", (!stat)?"passed":"failed");
- if (stat) exit(-1);
- rsa_free(&key);
-
- /* make a RSA key */
-#ifdef SONY_PS2_NOPE
-   limit = 1024;
-#else
-   limit = 2048;
-#endif
-
- { int tt;
- 
- for (z = 1024; z <= limit; z += 512) {
-    t = XCLOCK();
-    for (tt = 0; tt < 3; tt++) {
-    if ((errno = rsa_make_key(&prng, find_prng("yarrow"), z/8, 65537, &key)) != CRYPT_OK) { printf("Error: %s\n", error_to_string(errno)); exit(-1); }
-       if (tt < 2) rsa_free(&key);
-    }       
-    t = XCLOCK() - t;
-    printf("Took %.0f ms to make a %ld-bit RSA key.\n", 1000.0 * (((double)t / 3.0) / (double)XCLOCKS_PER_SEC), z);
-
-    /* time encryption */
-    t = XCLOCK();
-    
-    for (tt = 0; tt < 100; tt++) {
-       y = sizeof(in);
-       if ((errno = rsa_exptmod(in, 8, out, &y, PK_PUBLIC, &key)) != CRYPT_OK) { printf("Error: %s\n", error_to_string(errno)); exit(-1); }
-    }       
-    t = XCLOCK() - t;
-    printf("Took %.0f ms to encrypt with a %ld-bit RSA key.\n", 1000.0 * (((double)t / 100.0)/ (double)XCLOCKS_PER_SEC), z);
-
-    /* time decryption */
-    t = XCLOCK();
-    for (tt = 0; tt < 100; tt++) {
-       x = sizeof(out);
-       if ((errno = rsa_exptmod(out, y, in, &x, PK_PRIVATE, &key)) != CRYPT_OK) { printf("Error: %s\n", error_to_string(errno)); exit(-1); }
-    }       
-    t = XCLOCK() - t;
-    printf("Took %.0f ms to decrypt with a %ld-bit RSA key.\n", 1000.0 * (((double)t / 100.0) / (double)XCLOCKS_PER_SEC), z);
-    rsa_free(&key);
- }
- }
- 
-
-
-}
-#else
-void pad_test(void) { printf("MRSA not compiled in\n"); }
-void rsa_test(void) { printf("MRSA not compiled in\n"); }
-#endif
-
-#ifdef BASE64
-void base64_test(void)
-{
-   unsigned char buf[2][100];
-   unsigned long x, y;
-
-   printf("Base64 tests\n");
-   zeromem(buf, sizeof(buf));
-   for (x = 0; x < 16; x++) buf[0][x] = (unsigned char)x;
-
-   x = 100;
-   if (base64_encode(buf[0], 16, buf[1], &x) != CRYPT_OK) {
-      printf("  error: %s\n", error_to_string(errno));
-      exit(-1);
-   }
-   printf("  encoded 16 bytes to %ld bytes...[%s]\n", x, buf[1]);
-   memset(buf[0], 0, 100);
-   y = 100;
-   if (base64_decode(buf[1], x, buf[0], &y) != CRYPT_OK) {
-      printf("  error: %s\n", error_to_string(errno));
-      exit(-1);
-   }
-   printf("  decoded %ld bytes to %ld bytes\n", x, y);
-   for (x = 0; x < 16; x++) if (buf[0][x] != x) { 
-      printf(" **failed**\n"); 
-      exit(-1); 
-   }
-   printf("  passed\n");
-}
-#else
-void base64_test(void) { printf("Base64 not compiled in\n"); }
-#endif
-
-void time_hash(void)
-{
-    clock_t t1;
-    int x, y;
-    unsigned long z;
-    unsigned char input[4096], out[MAXBLOCKSIZE];
-    printf("Hash Time Trials (4KB blocks):\n");
-    for (x = 0; hash_descriptor[x].name != NULL; x++) {
-        t1 = XCLOCK();
-        z = sizeof(out);
-        y = 0;
-        while (XCLOCK() - t1 < (3 * XCLOCKS_PER_SEC)) {
-            hash_memory(x, input, 4096, out, &z); 
-            hash_memory(x, input, 4096, out, &z); 
-            hash_memory(x, input, 4096, out, &z); 
-            hash_memory(x, input, 4096, out, &z);
-            hash_memory(x, input, 4096, out, &z); 
-            hash_memory(x, input, 4096, out, &z); 
-            hash_memory(x, input, 4096, out, &z); 
-            hash_memory(x, input, 4096, out, &z);
-            hash_memory(x, input, 4096, out, &z); 
-            hash_memory(x, input, 4096, out, &z); 
-            hash_memory(x, input, 4096, out, &z); 
-            hash_memory(x, input, 4096, out, &z);
-            hash_memory(x, input, 4096, out, &z); 
-            hash_memory(x, input, 4096, out, &z); 
-            hash_memory(x, input, 4096, out, &z); 
-            hash_memory(x, input, 4096, out, &z); y += 16;
-        }
-        t1 = XCLOCK() - t1;
-        printf("%-20s: Hash at %5.2f Mbit/sec\n", hash_descriptor[x].name,
-               ((8.0 * 4096.0) * ((double)y / ((double)t1 / (double)XCLOCKS_PER_SEC))) / 1000000.0);
-    }
-}
-
-void time_ecb(void)
-{
-    clock_t t1, t2;
-    long x, y1, y2;
-    unsigned char pt[32], key[32];
-    symmetric_key skey;
-    void (*func)(const unsigned char *, unsigned char *, symmetric_key *);
-
-    printf("ECB Time Trials for the Symmetric Ciphers:\n");
-    for (x = 0; cipher_descriptor[x].name != NULL; x++) {
-        cipher_descriptor[x].setup(key, cipher_descriptor[x].min_key_length, 0, &skey);
-
-#define DO1   func(pt,pt,&skey);
-#define DO2   DO1 DO1
-#define DO4   DO2 DO2
-#define DO8   DO4 DO4
-#define DO16  DO8 DO8
-#define DO32  DO16 DO16
-#define DO64  DO32 DO32
-#define DO128 DO64 DO64
-#define DO256 DO128 DO128 
-
-        func = cipher_descriptor[x].ecb_encrypt;
-        y1 = 0;
-        t1 = XCLOCK();
-        while (XCLOCK() - t1 < 3*XCLOCKS_PER_SEC) {
-            DO256; y1 += 256;
-        }
-        t1 = XCLOCK() - t1;
-
-        func = cipher_descriptor[x].ecb_decrypt;
-        y2 = 0;
-        t2 = XCLOCK();
-        while (XCLOCK() - t2 < 3*XCLOCKS_PER_SEC) {
-            DO256; y2 += 256;
-        }
-        t2 = XCLOCK() - t2;
-        printf("%-20s: Encrypt at %5.2f Mbit/sec and Decrypt at %5.2f Mbit/sec\n",
-               cipher_descriptor[x].name,
-               ((8.0 * (double)cipher_descriptor[x].block_length) * ((double)y1 / ((double)t1 / (double)XCLOCKS_PER_SEC))) / 1000000.0,
-               ((8.0 * (double)cipher_descriptor[x].block_length) * ((double)y2 / ((double)t2 / (double)XCLOCKS_PER_SEC))) / 1000000.0);
-
-#undef DO256
-#undef DO128
-#undef DO64
-#undef DO32
-#undef DO16
-#undef DO8
-#undef DO4
-#undef DO2
-#undef DO1
-    }
-}
-
-#ifdef MDH
-void dh_tests(void)
-{
-   unsigned char buf[3][4096];
-   unsigned long x, y, z;
-   int low, high, stat, stat2;
-   dh_key usera, userb;
-   clock_t t1;
-
-/*   if ((errno = dh_test()) != CRYPT_OK) printf("DH Error: %s\n", error_to_string(errno)); */
-
-   dh_sizes(&low, &high);
-   printf("DH Keys from %d to %d supported.\n", low*8, high*8);
-
-   /* make up two keys */
-   if ((errno = dh_make_key(&prng, find_prng("yarrow"), 96, &usera)) != CRYPT_OK) {
-      printf("Error: %s\n", error_to_string(errno));
-      exit(-1);
-   }
-   if ((errno = dh_make_key(&prng, find_prng("yarrow"), 96, &userb)) != CRYPT_OK) {
-      printf("Error: %s\n", error_to_string(errno));
-      exit(-1);
-   }
-
-   /* make the shared secret */
-   x = 4096;
-   if ((errno = dh_shared_secret(&usera, &userb, buf[0], &x)) != CRYPT_OK) {
-      printf("Error: %s\n", error_to_string(errno));
-      exit(-1);
-   }
-
-   y = 4096;
-   if ((errno = dh_shared_secret(&userb, &usera, buf[1], &y)) != CRYPT_OK) {
-      printf("Error: %s\n", error_to_string(errno));
-      exit(-1);
-   }
-   if (y != x) { printf("DH Shared keys are not same size.\n"); exit(-1); }
-   if (memcmp(buf[0], buf[1], x)) { printf("DH Shared keys not same contents.\n"); exit(-1); }
-
-   /* now export userb */
-   y = 4096;
-   if ((errno = dh_export(buf[1], &y, PK_PUBLIC, &userb)) != CRYPT_OK) {
-      printf("Error: %s\n", error_to_string(errno));
-      exit(-1);
-   }
-   dh_free(&userb);
-
-   /* import and make the shared secret again */
-   if ((errno = dh_import(buf[1], y, &userb)) != CRYPT_OK) {
-      printf("Error: %s\n", error_to_string(errno));
-      exit(-1);
-   }
-   z = 4096;
-   if ((errno = dh_shared_secret(&usera, &userb, buf[2], &z)) != CRYPT_OK) {
-      printf("Error: %s\n", error_to_string(errno));
-      exit(-1);
-   }
-
-   printf("DH routines: ");
-   if (z != x) { printf("failed.  Size don't match?\n"); exit(-1); }
-   if (memcmp(buf[0], buf[2], x)) { printf("Failed.  Content didn't match.\n"); exit(-1); }
-   printf("Passed\n");
-   dh_free(&usera);
-   dh_free(&userb);
-
-/* time stuff */
-   {
-      static int sizes[] = { 96, 128, 160, 192, 224, 256, 320, 384, 512 };
-      int ii, tt;
-      
-      for (ii = 0; ii < (int)(sizeof(sizes)/sizeof(sizes[0])); ii++) {
-         t1 = XCLOCK();
-         for (tt = 0; tt < 50; tt++) {
-             dh_make_key(&prng, find_prng("yarrow"), sizes[ii], &usera);
-             dh_free(&usera);
-         }
-         t1 = XCLOCK() - t1;
-         printf("Make dh-%d key took %f msec\n", sizes[ii] * 8, 1000.0 * (((double)t1 / 50.0) / (double)XCLOCKS_PER_SEC));
-      }         
-   }      
-   
-/* test encrypt_key */
- dh_make_key(&prng, find_prng("yarrow"), 96, &usera);
- for (x = 0; x < 16; x++) buf[0][x] = x;
- y = sizeof(buf[1]);
- if ((errno = dh_encrypt_key(buf[0], 16, buf[1], &y, &prng, find_prng("yarrow"), find_hash("md5"), &usera)) != CRYPT_OK) {
-    printf("Error: %s\n", error_to_string(errno));
-    exit(-1);
- }
- zeromem(buf[0], sizeof(buf[0]));
- x = sizeof(buf[0]);
- if ((errno = dh_decrypt_key(buf[1], y, buf[0], &x, &usera)) != CRYPT_OK) {
-    printf("Error: %s\n", error_to_string(errno));
-    exit(-1);
- }
- printf("DH en/de crypt key routines: ");
- if (x != 16) { printf("Failed (length)\n"); exit(-1); }
- for (x = 0; x < 16; x++) if (buf[0][x] != x) { printf("Failed (contents)\n"); exit(-1); }
- printf("Passed (size %lu)\n", y);
-
-/* test sign_hash */
-   for (x = 0; x < 16; x++) buf[0][x] = x;
-   x = sizeof(buf[1]);
-   if ((errno = dh_sign_hash(buf[0], 16, buf[1], &x, &prng, find_prng("yarrow"), &usera)) != CRYPT_OK) {
-    printf("Error: %s\n", error_to_string(errno));
-    exit(-1);
-   }
-   if (dh_verify_hash(buf[1], x, buf[0], 16, &stat, &usera)) {
-    printf("Error: %s\n", error_to_string(errno));
-    exit(-1);
-   }
-   buf[0][0] ^= 1;
-   if (dh_verify_hash(buf[1], x, buf[0], 16, &stat2, &usera)) {
-    printf("Error: %s\n", error_to_string(errno));
-    exit(-1);
-   }
-   printf("dh_sign/verify_hash: %s (%d,%d), %lu\n", ((stat==1)&&(stat2==0))?"passed":"failed", stat,stat2, x);
- dh_free(&usera);
-}
-#else
-void dh_tests(void) { printf("MDH not compiled in\n"); }
-#endif
-
-int callback_x = 0;
-void callback(void)
-{ 
-   printf("%c\x08", "-\\|/"[++callback_x & 3]); 
-#ifndef SONY_PS2
-   fflush(stdout);
-#endif
-}
-
-void rng_tests(void)
-{
-   unsigned char buf[16];
-   clock_t t1;
-   int x, y;
-
-   printf("RNG tests\n");
-   t1 = XCLOCK();
-   x = rng_get_bytes(buf, sizeof(buf), &callback);
-   t1 = XCLOCK() - t1;
-   printf("  %f bytes per second...",
-         (double)x / ((double)t1 / (double)XCLOCKS_PER_SEC));
-   printf("read %d bytes.\n  ", x);
-   for (y = 0; y < x; y++)
-       printf("%02x ", buf[y]);
-   printf("\n");
-
-#ifdef YARROW
-   if ((errno = rng_make_prng(128, find_prng("yarrow"), &prng, &callback)) != CRYPT_OK) {
-       printf(" starting yarrow error: %s\n", error_to_string(errno));
-       exit(-1);
-   }
-#endif
-}
-
-#ifdef MECC
-void ecc_tests(void)
-{
-   unsigned char buf[4][4096];
-   unsigned long x, y, z;
-   int stat, stat2, low, high;
-   ecc_key usera, userb;
-   clock_t t1;
-
-   if ((errno = ecc_test()) != CRYPT_OK) { printf("ecc Error: %s\n", error_to_string(errno)); exit(-1); }
-
-   ecc_sizes(&low, &high);
-   printf("ecc Keys from %d to %d supported.\n", low*8, high*8);
-
-   /* make up two keys */
-   if ((errno = ecc_make_key(&prng, find_prng("yarrow"), 24, &usera)) != CRYPT_OK) {
-      printf("Error: %s\n", error_to_string(errno));
-      exit(-1);
-   }
-   if ((errno = ecc_make_key(&prng, find_prng("yarrow"), 24, &userb)) != CRYPT_OK) {
-      printf("Error: %s\n", error_to_string(errno));
-      exit(-1);
-   }
-
-   /* make the shared secret */
-   x = 4096;
-   if ((errno = ecc_shared_secret(&usera, &userb, buf[0], &x)) != CRYPT_OK) {
-      printf("Error: %s\n", error_to_string(errno));
-      exit(-1);
-   }
-
-   y = 4096;
-   if ((errno = ecc_shared_secret(&userb, &usera, buf[1], &y)) != CRYPT_OK) {
-      printf("Error: %s\n", error_to_string(errno));
-      exit(-1);
-   }
-
-   if (y != x) { printf("ecc Shared keys are not same size.\n"); exit(-1); }
-
-   if (memcmp(buf[0], buf[1], x)) { printf("ecc Shared keys not same contents.\n"); exit(-1); }
-
-   /* now export userb */
-   y = 4096;
-   if ((errno = ecc_export(buf[1], &y, PK_PUBLIC, &userb)) != CRYPT_OK) {
-      printf("Error: %s\n", error_to_string(errno));
-      exit(-1);
-   }
-   ecc_free(&userb);
-   printf("ECC-192 export took %ld bytes\n", y);
-
-   /* import and make the shared secret again */
-   if ((errno = ecc_import(buf[1], y, &userb)) != CRYPT_OK) {
-      printf("Error: %s\n", error_to_string(errno));
-      exit(-1);
-   }
-
-   z = 4096;
-   if ((errno = ecc_shared_secret(&usera, &userb, buf[2], &z)) != CRYPT_OK) {
-      printf("Error: %s\n", error_to_string(errno));
-      exit(-1);
-   }
-
-   printf("ecc routines: ");
-   if (z != x) { printf("failed.  Size don't match?\n"); exit(-1); }
-   if (memcmp(buf[0], buf[2], x)) { printf("Failed.  Content didn't match.\n"); exit(-1); }
-   printf("Passed\n");
-   ecc_free(&usera);
-   ecc_free(&userb);
-
-/* time stuff */
-   {
-      static int sizes[] = { 20, 24, 28, 32, 48, 65 };
-      int ii, tt;
-      
-      for (ii = 0; ii < (int)(sizeof(sizes)/sizeof(sizes[0])); ii++) {
-         t1 = XCLOCK();
-         for (tt = 0; tt < 25; tt++) {
-             if ((errno = ecc_make_key(&prng, find_prng("yarrow"), sizes[ii], &usera)) != CRYPT_OK) { printf("Error: %s\n", error_to_string(errno)); exit(-1); }
-             ecc_free(&usera);
-         }             
-         t1 = XCLOCK() - t1;
-         printf("Make ECC-%d key took %f msec\n", sizes[ii]*8, 1000.0 * (((double)t1/25.0) / (double)XCLOCKS_PER_SEC));
-      }
-   }      
-
-/* test encrypt_key */
- ecc_make_key(&prng, find_prng("yarrow"), 65, &usera);
- for (x = 0; x < 16; x++) buf[0][x] = x;
- y = sizeof(buf[1]);
- if ((errno = ecc_encrypt_key(buf[0], 16, buf[1], &y, &prng, find_prng("yarrow"), find_hash("md5"), &usera)) != CRYPT_OK) {
-    printf("Error: %s\n", error_to_string(errno));
-    exit(-1);
- }
- zeromem(buf[0], sizeof(buf[0]));
- x = sizeof(buf[0]);
- if ((errno = ecc_decrypt_key(buf[1], y, buf[0], &x, &usera)) != CRYPT_OK) {
-    printf("Error: %s\n", error_to_string(errno));
-    exit(-1);
- }
- printf("ECC en/de crypt key routines: ");
- if (x != 16) { printf("Failed (length)\n"); exit(-1); }
- for (x = 0; x < 16; x++) if (buf[0][x] != x) { printf("Failed (contents)\n"); exit(-1); }
- printf("Passed (size: %lu)\n", y);
-/* test sign_hash */
-   for (x = 0; x < 16; x++) buf[0][x] = x;
-   x = sizeof(buf[1]);
-   if ((errno = ecc_sign_hash(buf[0], 16, buf[1], &x, &prng, find_prng("yarrow"), &usera)) != CRYPT_OK) {
-    printf("Error: %s\n", error_to_string(errno));
-    exit(-1);
-   }
-   if (ecc_verify_hash(buf[1], x, buf[0], 16, &stat, &usera)) {
-    printf("Error: %s\n", error_to_string(errno));
-    exit(-1);
-   }
-   buf[0][0] ^= 1;
-   if (ecc_verify_hash(buf[1], x, buf[0], 16, &stat2, &usera)) {
-    printf("Error: %s\n", error_to_string(errno));
-    exit(-1);
-   }
-   printf("ecc_sign/verify_hash: %s (%d,%d)\n", ((stat==1)&&(stat2==0))?"passed":"failed", stat,stat2);
- ecc_free(&usera);
-}
-#else
-void ecc_tests(void) { printf("MECC not compiled in\n"); }
-#endif
-
-#ifdef GF
-void gf_tests(void)
-{
-   gf_int a, b, c, d;
-   int n;
-   unsigned char buf[1024];
-
-   printf("GF tests\n");
-   gf_zero(a);gf_zero(b);gf_zero(c);gf_zero(d);
-
-   /* a == 0x18000000b */
-   a[1] = 1;
-   a[0] = 0x8000000bUL;
-
-   /* b == 0x012345678 */
-   b[0] = 0x012345678UL;
-
-   /* find 1/b mod a */
-   gf_invmod(b,a,c);
-
-   /* find 1/1/b mod a */
-   gf_invmod(c,a,d);
-
-   /* display them */
-   printf("  %08lx %08lx\n", c[0], d[0]);
-
-   /* store as binary string */
-   n = gf_size(a);
-   printf("  a takes %d bytes\n", n);
-   gf_toraw(a, buf);
-   gf_readraw(a, buf, n);
-   printf("  a == %08lx%08lx\n", a[1], a[0]);
-
-   /* primality testing */
-   gf_zero(a);
-   a[0] = 0x169;
-   printf("  GF prime: %s, ", gf_is_prime(a)?"passed":"failed");
-   a[0] = 0x168;
-   printf("  %s\n", gf_is_prime(a)?"failed":"passed");
-
-   /* test sqrt code */
-   gf_zero(a);
-   a[1] = 0x00000001;
-   a[0] = 0x8000000bUL;
-   gf_zero(b);
-   b[0] = 0x12345678UL;
-
-   gf_sqrt(b, a, c);
-   gf_mulmod(c, c, a, b);
-   printf("  (%08lx)^2 = %08lx (mod %08lx%08lx) \n", c[0], b[0], a[1], a[0]);
-}
-#else
-void gf_tests(void) { printf("GF not compiled in\n"); }
-#endif
-
-#ifdef MPI
-void test_prime(void)
-{
-   unsigned char buf[1024];
-   mp_int a;
-   int x;
-  
-   /* make a 1024 bit prime */
-   mp_init(&a);
-   rand_prime(&a, 128, &prng, find_prng("yarrow"));
-
-   /* dump it */
-   mp_todecimal(&a, buf);
-   printf("1024-bit prime:\n");
-   for (x = 0; x < (int)strlen(buf); ) {
-       printf("%c", buf[x]);
-       if (!(++x % 60)) printf("\\ \n");
-   }
-   printf("\n\n");
-
-   mp_clear(&a);
-}
-#else
-void test_prime(void) { printf("MPI not compiled in\n"); }
-#endif
-
-void register_all_algs(void)
-{
-#ifdef BLOWFISH
-   register_cipher(&blowfish_desc);
-#endif
-#ifdef XTEA
-   register_cipher(&xtea_desc);
-#endif
-#ifdef RC5
-   register_cipher(&rc5_desc);
-#endif
-#ifdef RC6
-   register_cipher(&rc6_desc);
-#endif
-#ifdef SAFERP
-   register_cipher(&saferp_desc);
-#endif
-#ifdef SERPENT
-   register_cipher(&serpent_desc);
-#endif
-#ifdef RIJNDAEL
-   register_cipher(&aes_desc);
-#endif
-#ifdef TWOFISH
-   register_cipher(&twofish_desc);
-#endif
-#ifdef SAFER
-   register_cipher(&safer_k64_desc);
-   register_cipher(&safer_sk64_desc);
-   register_cipher(&safer_k128_desc);
-   register_cipher(&safer_sk128_desc);
-#endif
-#ifdef RC2
-   register_cipher(&rc2_desc);
-#endif
-#ifdef DES
-   register_cipher(&des_desc);
-   register_cipher(&des3_desc);
-#endif
-#ifdef CAST5
-   register_cipher(&cast5_desc);
-#endif
-#ifdef NOEKEON
-   register_cipher(&noekeon_desc);
-#endif
-
-   register_cipher(&null_desc);
-
-#ifdef SHA256
-   register_hash(&sha256_desc);
-#endif
-#ifdef TIGER
-   register_hash(&tiger_desc);
-#endif
-#ifdef SHA1
-   register_hash(&sha1_desc);
-#endif
-#ifdef MD5
-   register_hash(&md5_desc);
-#endif
-#ifdef SHA384
-   register_hash(&sha384_desc);
-#endif
-#ifdef SHA512
-   register_hash(&sha512_desc);
-#endif
-#ifdef MD4
-   register_hash(&md4_desc);
-#endif
-#ifdef MD2
-   register_hash(&md2_desc);
-#endif
-
-#ifdef YARROW
-   register_prng(&yarrow_desc);
-#endif
-#ifdef SPRNG
-   register_prng(&sprng_desc);
-#endif
-}
-
-void kr_display(pk_key *kr)
-{
-   static const char *system[] = { "NON-KEY", "RSA", "DH", "ECC" };
-   static const char *type[]   = { "PRIVATE", "PUBLIC", "PRIVATE_OPTIMIZED" };
-
-   while (kr->system != NON_KEY) {
-       printf("CRC [%08lx], System [%10s], Type [%20s], %s, %s, %s\n", kr->ID, system[kr->system], type[kr->key_type], kr->name, kr->email, kr->description);
-       kr = kr->next;
-   }
-   printf("\n");
-}
-
-void kr_test_makekeys(pk_key **kr)
-{
-   if ((errno = kr_init(kr)) != CRYPT_OK) {
-      printf("KR init error %s\n", error_to_string(errno));
-      exit(-1);
-   }
-
-   /* make a DH key */
-   printf("KR: Making DH key...\n");
-   if ((errno = kr_make_key(*kr, &prng, find_prng("yarrow"), DH_KEY, 128, "dhkey", "[email protected]", "dhkey one")) != CRYPT_OK) {
-      printf("Make key error: %s\n", error_to_string(errno));
-      exit(-1);
-   }
-
-   /* make a ECC key */
-   printf("KR: Making ECC key...\n");
-   if ((errno = kr_make_key(*kr, &prng, find_prng("yarrow"), ECC_KEY, 20, "ecckey", "[email protected]", "ecckey one")) != CRYPT_OK) {
-      printf("Make key error: %s\n", error_to_string(errno));
-      exit(-1);
-   }
-
-   /* make a RSA key */
-   printf("KR: Making RSA key...\n");
-   if ((errno = kr_make_key(*kr, &prng, find_prng("yarrow"), RSA_KEY, 128, "rsakey", "[email protected]", "rsakey one")) != CRYPT_OK) {
-      printf("Make key error: %s\n", error_to_string(errno));
-      exit(-1);
-   }
-
-}
-
-void kr_test(void)
-{
-   pk_key *kr, *_kr;
-   unsigned char buf[8192], buf2[8192], buf3[8192];
-   unsigned long len;
-   int i, j, stat;
-#ifndef NO_FILE   
-   FILE *f;
-#endif
-
-   kr_test_makekeys(&kr);
-
-   printf("The original list:\n");
-   kr_display(kr);
-
-   for (i = 0; i < 3; i++) {
-       len = sizeof(buf);
-       if ((errno = kr_export(kr, kr->ID, kr->key_type, buf, &len)) != CRYPT_OK) {
-          printf("Error exporting key %d, %s\n", i, error_to_string(errno));
-          exit(-1);
-       }
-       printf("Exported key was: %lu bytes\n", len);
-       if ((errno = kr_del(&kr, kr->ID)) != CRYPT_OK) {
-          printf("Error deleting key %d, %s\n", i, error_to_string(errno));
-          exit(-1);
-       }
-       kr_display(kr);
-       if ((errno = kr_import(kr, buf, len)) != CRYPT_OK) {
-          printf("Error importing key %d, %s\n", i, error_to_string(errno));
-          exit(-1);
-       }
-       kr_display(kr);
-   }         
-
-   for (i = 0; i < 3; i++) {
-       len = sizeof(buf);
-       if ((errno = kr_export(kr, kr->ID, PK_PUBLIC, buf, &len)) != CRYPT_OK) {
-          printf("Error exporting key %d, %s\n", i, error_to_string(errno));
-          exit(-1);
-       }
-       printf("Exported key was: %lu bytes\n", len);
-       if ((errno = kr_del(&kr, kr->ID)) != CRYPT_OK) {
-          printf("Error deleting key %d, %s\n", i, error_to_string(errno));
-          exit(-1);
-       }
-       kr_display(kr);
-       if ((errno = kr_import(kr, buf, len)) != CRYPT_OK) {
-          printf("Error importing key %d, %s\n", i, error_to_string(errno));
-          exit(-1);
-       }
-       kr_display(kr);
-   }
-
-   if ((errno = kr_clear(&kr)) != CRYPT_OK) {
-      printf("Error clearing ring: %s\n", error_to_string(errno));
-      exit(-1);
-   }
-
-
-/* TEST output to file */
-#ifndef NO_FILE
-
-   if ((errno = kr_init(&kr)) != CRYPT_OK) {
-      printf("KR init error %s\n", error_to_string(errno));
-      exit(-1);
-   }
-   kr_test_makekeys(&kr);
-
-   /* save to file */
-   f = fopen("ring.dat", "wb");
-   if ((errno = kr_save(kr, f, NULL)) != CRYPT_OK) {
-      printf("kr_save error %s\n", error_to_string(errno));
-      exit(-1);
-   }
-   fclose(f);
-
-   /* delete and load */
-   if ((errno = kr_clear(&kr)) != CRYPT_OK) {
-      printf("clear error: %s\n", error_to_string(errno));
-      exit(-1);
-   }
-
-   f = fopen("ring.dat", "rb");
-   if ((errno = kr_load(&kr, f, NULL)) != CRYPT_OK) {
-      printf("kr_load error %s\n", error_to_string(errno));
-      exit(-1);
-   }
-   fclose(f);
-   remove("ring.dat");
-   printf("After load and save...\n");
-   kr_display(kr);
-  
-   if ((errno = kr_clear(&kr)) != CRYPT_OK) {
-      printf("clear error: %s\n", error_to_string(errno));
-      exit(-1);
-   }
-
-#endif
-
-/* test the packet encryption/sign stuff */
-   for (i = 0; i < 32; i++) buf[i] = i;
-   kr_test_makekeys(&kr);
-   _kr = kr;
-   for (i = 0; i < 3; i++) {
-       printf("Testing a key with system %d, type %d:\t", _kr->system, _kr->key_type);
-       len = sizeof(buf2);
-       if ((errno = kr_encrypt_key(kr, _kr->ID, buf, 16, buf2, &len, &prng, find_prng("yarrow"), find_hash("md5"))) != CRYPT_OK) {
-          printf("Encrypt error, %d, %s\n", i, error_to_string(errno));
-          exit(-1);
-       }
-       len = sizeof(buf3);
-       if ((errno = kr_decrypt_key(kr, buf2, buf3, &len)) != CRYPT_OK) {
-          printf("decrypt error, %d, %s\n", i, error_to_string(errno));
-          exit(-1);
-       }
-       if (len != 16 || memcmp(buf3, buf, 16)) {
-          printf("kr_decrypt_key failed, %i, %lu\n", i, len);
-          exit(-1);
-       }
-       printf("kr_encrypt_key passed, ");
-
-       len = sizeof(buf2);
-       if ((errno = kr_sign_hash(kr, _kr->ID, buf, 32, buf2, &len, &prng, find_prng("yarrow"))) != CRYPT_OK) {
-          printf("kr_sign_hash failed, %i, %s\n", i, error_to_string(errno));
-          exit(-1);
-       }
-       printf("kr_sign_hash: ");
-       if ((errno = kr_verify_hash(kr, buf2, buf, 32, &stat)) != CRYPT_OK) {
-          printf("kr_sign_hash failed, %i, %s\n", i, error_to_string(errno));
-          exit(-1);
-       }
-       printf("%s, ", stat?"passed":"failed");
-       buf[15] ^= 1;
-       if ((errno = kr_verify_hash(kr, buf2, buf, 32, &stat)) != CRYPT_OK) {
-          printf("kr_sign_hash failed, %i, %s\n", i, error_to_string(errno));
-          exit(-1);
-       }
-       printf("%s\n", (!stat)?"passed":"failed");
-       buf[15] ^= 1;
-
-       len = sizeof(buf);
-       if ((errno = kr_fingerprint(kr, _kr->ID, find_hash("sha1"), buf, &len)) != CRYPT_OK) {
-          printf("kr_fingerprint failed, %i, %lu\n", i, len);
-          exit(-1);
-       }
-       printf("Fingerprint:  ");
-       for (j = 0; j < 20; j++) {
-           printf("%02x", buf[j]);
-           if (j < 19) printf(":");
-       }
-       printf("\n\n");
-
-       _kr = _kr->next;
-    }
-
-/* Test encrypting/decrypting to a public key */
-/* first dump the other two keys */
-   kr_del(&kr, kr->ID);
-   kr_del(&kr, kr->ID);
-   kr_display(kr);
-
-   /* now export it as public and private */
-   len = sizeof(buf);
-   if ((errno = kr_export(kr, kr->ID, PK_PUBLIC, buf, &len)) != CRYPT_OK) {
-       printf("Error exporting key %d, %s\n", i, error_to_string(errno));
-       exit(-1);
-   }
-
-   /* check boundaries */
-   memset(buf+len, 0, sizeof(buf)-len);
-
-   len = sizeof(buf2);
-   if ((errno = kr_export(kr, kr->ID, PK_PRIVATE, buf2, &len)) != CRYPT_OK) {
-       printf("Error exporting key  %s\n", error_to_string(errno));
-       exit(-1);
-   }
-
-   /* check boundaries */
-   memset(buf2+len, 0, sizeof(buf2)-len);
-
-   /* delete the key and import the public */
-   kr_clear(&kr);
-   kr_init(&kr);
-   kr_display(kr);
-   if ((errno = kr_import(kr, buf, len)) != CRYPT_OK) {
-      printf("Error importing key %s\n", error_to_string(errno));
-      exit(-1);
-   }
-   kr_display(kr);
-   
-   /* now encrypt a buffer */
-   for (i = 0; i < 16; i++) buf[i] = i;
-   len = sizeof(buf3);
-   if ((errno = kr_encrypt_key(kr, kr->ID, buf, 16, buf3, &len, &prng, find_prng("yarrow"), find_hash("md5"))) != CRYPT_OK) {
-      printf("Encrypt error, %d, %s\n", i, error_to_string(errno));
-      exit(-1);
-   }
-
-   /* now delete the key and import the private one */
-   kr_clear(&kr);
-   kr_init(&kr);
-   kr_display(kr);
-   if ((errno = kr_import(kr, buf2, len)) != CRYPT_OK) {
-      printf("Error importing key %s\n", error_to_string(errno));
-      exit(-1);
-   }
-   kr_display(kr);
-
-   /* now decrypt */
-   len = sizeof(buf2);
-   if ((errno = kr_decrypt_key(kr, buf3, buf2, &len)) != CRYPT_OK) {
-      printf("decrypt error, %s\n", error_to_string(errno));
-      exit(-1);
-   }
-
-   printf("KR encrypt to public, decrypt with private: ");
-   if (len == 16 && !memcmp(buf2, buf, 16)) {
-      printf("passed\n"); 
-   } else {
-      printf("failed\n");
-   }
-
-   kr_clear(&kr);
-
-}   
-
-void test_errs(void)
-{
-   #define ERR(x)  printf("%25s => %s\n", #x, error_to_string(x));
-
-   ERR(CRYPT_OK);
-   ERR(CRYPT_ERROR);
-
-   ERR(CRYPT_INVALID_KEYSIZE);
-   ERR(CRYPT_INVALID_ROUNDS);
-   ERR(CRYPT_FAIL_TESTVECTOR);
-
-   ERR(CRYPT_BUFFER_OVERFLOW);
-   ERR(CRYPT_INVALID_PACKET);
-
-   ERR(CRYPT_INVALID_PRNGSIZE);
-   ERR(CRYPT_ERROR_READPRNG);
-
-   ERR(CRYPT_INVALID_CIPHER);
-   ERR(CRYPT_INVALID_HASH);
-   ERR(CRYPT_INVALID_PRNG);
-
-   ERR(CRYPT_MEM);
-
-   ERR(CRYPT_PK_TYPE_MISMATCH);
-   ERR(CRYPT_PK_NOT_PRIVATE);
-
-   ERR(CRYPT_INVALID_ARG);
-
-   ERR(CRYPT_PK_INVALID_TYPE);
-   ERR(CRYPT_PK_INVALID_SYSTEM);
-   ERR(CRYPT_PK_DUP);
-   ERR(CRYPT_PK_NOT_FOUND);
-   ERR(CRYPT_PK_INVALID_SIZE);
-
-   ERR(CRYPT_INVALID_PRIME_SIZE);
-}   
-
-
-
-int main(void)
-{
-#ifdef SONY_PS2
-  TIMER_Init();
-#endif
-
- register_all_algs();
-
- if ((errno = yarrow_start(&prng)) != CRYPT_OK) {
-    printf("yarrow_start: %s\n", error_to_string(errno));
- }
- if ((errno = yarrow_add_entropy("hello", 5, &prng)) != CRYPT_OK) {
-    printf("yarrow_add_entropy: %s\n", error_to_string(errno));
- }
- if ((errno = yarrow_ready(&prng)) != CRYPT_OK) {
-    printf("yarrow_ready: %s\n", error_to_string(errno));
- }
-
- printf(crypt_build_settings);
- test_errs();
-
-#ifdef HMAC
-  printf("HMAC: %s\n", hmac_test() == CRYPT_OK ? "passed" : "failed");
-#endif
-
- store_tests();
- cipher_tests();
- hash_tests();
-
- ecb_tests();
- cbc_tests();
- ctr_tests();
- ofb_tests();
- cfb_tests();
-
- rng_tests();
- //test_prime();
-
- kr_test();
- rsa_test();
- pad_test();
- ecc_tests();
- dh_tests();
-
- gf_tests();
- base64_test();
-
- time_ecb();
- time_hash();
-
-#ifdef SONY_PS2
-  TIMER_Shutdown();
-#endif
-
- return 0;
-}

des.c

@@ -241,35 +241,43 @@ void deskey(const unsigned char *key, short edf, unsigned long *keyout)
     unsigned long i, j, l, m, n, kn[32];
     unsigned char pc1m[56], pcr[56];
 
-    for(j=0; j < 56; j++)
-    {
+    for (j=0; j < 56; j++) {
         l = (unsigned long)pc1[j];
-        m = l & 07;
+        m = l & 7;
         pc1m[j] = (unsigned char)((key[l >> 3U] & bytebit[m]) == bytebit[m] ? 1 : 0);
     }
 
-    for(i=0; i < 16; i++)
-    {
-        if(edf == DE1) m = (15 - i) << 1;
-        else m = i << 1;
+    for (i=0; i < 16; i++) {
+        if (edf == DE1) {
+           m = (15 - i) << 1;
+        } else {
+           m = i << 1;
+        }
         n = m + 1;
         kn[m] = kn[n] = 0L;
-        for(j=0; j < 28; j++) 
-        {
+        for (j=0; j < 28; j++) {
             l = j + (unsigned long)totrot[i];
-            if(l < 28) pcr[j] = pc1m[l];
-            else pcr[j] = pc1m[l - 28];
+            if (l < 28) {
+               pcr[j] = pc1m[l];
+            } else {
+               pcr[j] = pc1m[l - 28];
+            }
         }
-        for(/*j = 28*/; j < 56; j++)
-        {
+        for (/*j = 28*/; j < 56; j++) {
             l = j + (unsigned long)totrot[i];
-            if(l < 56) pcr[j] = pc1m[l];
-            else pcr[j] = pc1m[l - 28];
+            if (l < 56) {
+               pcr[j] = pc1m[l];
+            } else {
+               pcr[j] = pc1m[l - 28];
+            }
         }
-        for(j=0; j < 24; j++)
-        {
-            if((int)pcr[(int)pc2[j]] != 0)    kn[m] |= bigbyte[j];
-            if((int)pcr[(int)pc2[j+24]] != 0) kn[n] |= bigbyte[j];
+        for (j=0; j < 24; j++)  {
+            if ((int)pcr[(int)pc2[j]] != 0) {
+               kn[m] |= bigbyte[j];
+            }
+            if ((int)pcr[(int)pc2[j+24]] != 0) {
+               kn[n] |= bigbyte[j];
+            }
         }
     }
 
@@ -326,7 +334,7 @@ static void desfunc(unsigned long *block, const unsigned long *keys)
 static void _desfunc(unsigned long *block, const unsigned long *keys)
 #endif
 {
-    unsigned long fval, work, right, leftt;
+    unsigned long work, right, leftt;
     int round;
 
     leftt = block[0];
@@ -348,38 +356,35 @@ static void _desfunc(unsigned long *block, const unsigned long *keys)
     leftt ^= work;
     right ^= (work << 8);
 
-    right = ((right << 1) | ((right >> 31) & 1L)) & 0xFFFFFFFFL;
+    right = ROL(right, 1);
     work = (leftt ^ right) & 0xaaaaaaaaL;
     
     leftt ^= work;
     right ^= work;
-    leftt = ((leftt << 1) | ((leftt >> 31) & 1L)) & 0xffffffffL;
-
-    for( round = 0; round < 8; round++)
-    {
-        work  = ((right << 28) | (right >> 4)) ^ *keys++;
-        fval  = SP7[ work        & 0x3fL]
-              | SP5[(work >>  8) & 0x3fL]
-              | SP3[(work >> 16) & 0x3fL]
-              | SP1[(work >> 24) & 0x3fL];
+    leftt = ROL(leftt, 1);
+
+    for (round = 0; round < 8; round++) {
+        work  = ROR(right, 4) ^ *keys++;
+        leftt ^= SP7[work        & 0x3fL]
+              ^ SP5[(work >>  8) & 0x3fL]
+              ^ SP3[(work >> 16) & 0x3fL]
+              ^ SP1[(work >> 24) & 0x3fL];
         work  = right ^ *keys++;
-        fval |= SP8[ work        & 0x3fL]
-              | SP6[(work >>  8) & 0x3fL]
-              | SP4[(work >> 16) & 0x3fL]
-              | SP2[(work >> 24) & 0x3fL];
-        leftt ^= fval;
-
-        work = ((leftt << 28) | (leftt >> 4)) ^ *keys++;
-        fval  = SP7[ work        & 0x3fL]
-              | SP5[(work >>  8) & 0x3fL]
-              | SP3[(work >> 16) & 0x3fL]
-              | SP1[(work >> 24) & 0x3fL];
+        leftt ^= SP8[ work        & 0x3fL]
+              ^  SP6[(work >>  8) & 0x3fL]
+              ^  SP4[(work >> 16) & 0x3fL]
+              ^  SP2[(work >> 24) & 0x3fL];
+
+        work = ROR(leftt, 4) ^ *keys++;
+        right ^= SP7[ work        & 0x3fL]
+              ^  SP5[(work >>  8) & 0x3fL]
+              ^  SP3[(work >> 16) & 0x3fL]
+              ^  SP1[(work >> 24) & 0x3fL];
         work  = leftt ^ *keys++;
-        fval |= SP8[ work        & 0x3fL]
-              | SP6[(work >>  8) & 0x3fL]
-              | SP4[(work >> 16) & 0x3fL]
-              | SP2[(work >> 24) & 0x3fL];
-        right ^= fval;
+        right ^= SP8[ work        & 0x3fL]
+              ^  SP6[(work >>  8) & 0x3fL]
+              ^  SP4[(work >> 16) & 0x3fL]
+              ^  SP2[(work >> 24) & 0x3fL];
     }
     right = (right << 31) | (right >> 1);
     work = (leftt ^ right) & 0xaaaaaaaaL;
@@ -412,7 +417,6 @@ static void desfunc(unsigned long *block, const unsigned long *keys)
 }
 #endif
 
-
 int des_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
 {
     _ARGCHK(key != NULL);
@@ -484,7 +488,8 @@ void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *
 
 void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
 {
-    unsigned long work[2];
+    unsigned long work[2], *k[3];
+    
     _ARGCHK(pt != NULL);
     _ARGCHK(ct != NULL);
     _ARGCHK(key != NULL);

dh.c

@@ -207,10 +207,11 @@ void dh_sizes(int *low, int *high)
 int dh_get_size(dh_key *key)
 {
     _ARGCHK(key != NULL);
-    if (is_valid_idx(key->idx) == 1) 
+    if (is_valid_idx(key->idx) == 1) {
         return sets[key->idx].size;
-    else
+    } else {
         return INT_MAX; /* large value that would cause dh_make_key() to fail */
+    }
 }
   
 int dh_make_key(prng_state *prng, int wprng, int keysize, dh_key *key)

ecc.c

@@ -253,18 +253,18 @@ static int dbl_point(ecc_point *P, ecc_point *R, mp_int *modulus, mp_int *mu)
    if (mp_mul_2(&P->y, &tmp) != MP_OKAY)                   { goto error; } /* tmp = 2*y */
    if (mp_invmod(&tmp, modulus, &tmp) != MP_OKAY)          { goto error; } /* tmp = 1/tmp mod modulus */
    if (mp_sqr(&P->x, &s) != MP_OKAY)                       { goto error; } /* s = x^2  */
-   if (mp_reduce(&s, modulus, mu) != MP_OKAY)            { goto error; }
+   if (mp_reduce(&s, modulus, mu) != MP_OKAY)              { goto error; }
    if (mp_mul_d(&s,(mp_digit)3, &s) != MP_OKAY)            { goto error; } /* s = 3*(x^2) */
    if (mp_sub_d(&s,(mp_digit)3, &s) != MP_OKAY)            { goto error; } /* s = 3*(x^2) - 3 */
-   if (mp_cmp_d(&s, 0) == MP_LT) {                         /* if s < 0 add modulus */
+   if (mp_cmp_d(&s, 0) == MP_LT) {                                         /* if s < 0 add modulus */
       if (mp_add(&s, modulus, &s) != MP_OKAY)              { goto error; }
    }
    if (mp_mul(&s, &tmp, &s) != MP_OKAY)                    { goto error; } /* s = tmp * s mod modulus */
-   if (mp_reduce(&s, modulus, mu) != MP_OKAY)            { goto error; }
+   if (mp_reduce(&s, modulus, mu) != MP_OKAY)              { goto error; }
 
    /* Xr = s^2 - 2Xp */
    if (mp_sqr(&s,  &tmpx) != MP_OKAY)                      { goto error; } /* tmpx = s^2  */
-   if (mp_reduce(&tmpx, modulus, mu) != MP_OKAY)         { goto error; } /* tmpx = tmpx mod modulus */
+   if (mp_reduce(&tmpx, modulus, mu) != MP_OKAY)           { goto error; } /* tmpx = tmpx mod modulus */
    if (mp_sub(&tmpx, &P->x, &tmpx) != MP_OKAY)             { goto error; } /* tmpx = tmpx - x */
    if (mp_submod(&tmpx, &P->x, modulus, &tmpx) != MP_OKAY) { goto error; } /* tmpx = tmpx - x mod modulus */
 
@@ -321,11 +321,11 @@ static int add_point(ecc_point *P, ecc_point *Q, ecc_point *R, mp_int *modulus,
       if (mp_add(&s, modulus, &s) != MP_OKAY)                 { goto error; }
    }
    if (mp_mul(&s, &tmp, &s) != MP_OKAY)                       { goto error; } /* s = s * tmp mod modulus */
-   if (mp_reduce(&s, modulus, mu) != MP_OKAY)               { goto error; }
+   if (mp_reduce(&s, modulus, mu) != MP_OKAY)                 { goto error; }
 
    /* Xr = s^2 - Xp - Xq */
    if (mp_sqr(&s, &tmp) != MP_OKAY)                           { goto error; } /* tmp = s^2 mod modulus */
-   if (mp_reduce(&tmp, modulus, mu) != MP_OKAY)             { goto error; }
+   if (mp_reduce(&tmp, modulus, mu) != MP_OKAY)               { goto error; }
    if (mp_sub(&tmp, &P->x, &tmp) != MP_OKAY)                  { goto error; } /* tmp = tmp - Px */
    if (mp_sub(&tmp, &Q->x, &tmpx) != MP_OKAY)                 { goto error; } /* tmpx = tmp - Qx */
 

hash.c

@@ -61,7 +61,6 @@ int hash_filehandle(int hash, FILE *in, unsigned char *dst, unsigned long *outle
 #endif
 }
 
-
 int hash_file(int hash, const char *fname, unsigned char *dst, unsigned long *outlen)
 {
 #ifdef NO_FILE

hmac.c

@@ -125,7 +125,8 @@ int hmac_done(hmac_state *hmac, unsigned char *hashOut)
 }
 
 int hmac_memory(int hash, const unsigned char *key, unsigned long keylen,
-                const unsigned char *data, unsigned long len, unsigned char *dst)
+                const unsigned char *data, unsigned long len, 
+                unsigned char *dst, unsigned long *dstlen)
 {
     hmac_state hmac;
     int err;
@@ -133,6 +134,14 @@ int hmac_memory(int hash, const unsigned char *key, unsigned long keylen,
     _ARGCHK(key != NULL);
     _ARGCHK(data != NULL);
     _ARGCHK(dst != NULL);
+    
+    if((err = hash_is_valid(hash)) != CRYPT_OK) {
+        return err;
+    }
+    if (hash_descriptor[hash].hashsize > *dstlen) {
+       return CRYPT_BUFFER_OVERFLOW;
+    }
+    *dstlen = hash_descriptor[hash].hashsize;
 
     if ((err = hmac_init(&hmac, hash, key, keylen)) != CRYPT_OK) {
         return err;
@@ -150,7 +159,8 @@ int hmac_memory(int hash, const unsigned char *key, unsigned long keylen,
 
 /* hmac_file added by Tom St Denis */
 int hmac_file(int hash, const char *fname, const unsigned char *key,
-                unsigned long keylen, unsigned char *dst)
+                unsigned long keylen, 
+                unsigned char *dst, unsigned long *dstlen)
 {
 #ifdef NO_FILE
     return CRYPT_ERROR;
@@ -164,6 +174,14 @@ int hmac_file(int hash, const char *fname, const unsigned char *key,
    _ARGCHK(fname != NULL);
    _ARGCHK(key != NULL);
    _ARGCHK(dst != NULL);
+   
+   if((err = hash_is_valid(hash)) != CRYPT_OK) {
+       return err;
+   }
+   if (hash_descriptor[hash].hashsize > *dstlen) {
+      return CRYPT_BUFFER_OVERFLOW;
+   }
+   *dstlen = hash_descriptor[hash].hashsize;
 
    if ((err = hmac_init(&hmac, hash, key, keylen)) != CRYPT_OK) {
        return err;
@@ -436,11 +454,13 @@ Key First"
              0x1f, 0xb1, 0xf5, 0x62, 0xdb, 0x3a, 0xa5, 0x3e} }
     };
 
+    unsigned long outlen;
     int err;
     int failed=0;
     for(i=0; i < (int)(sizeof(cases) / sizeof(cases[0])); i++) {
         int hash = find_hash(cases[i].algo);
-        if((err = hmac_memory(hash, cases[i].key, cases[i].keylen, cases[i].data, cases[i].datalen, digest)) != CRYPT_OK) {
+        outlen = sizeof(digest);
+        if((err = hmac_memory(hash, cases[i].key, cases[i].keylen, cases[i].data, cases[i].datalen, digest, &outlen)) != CRYPT_OK) {
 #if 0
             printf("HMAC-%s test #%d\n", cases[i].algo, cases[i].num);
 #endif

makefile

@@ -9,7 +9,7 @@
 # a build. This is easy to remedy though, for those that have problems.
 
 # The version
-VERSION=0.81
+VERSION=0.82
 
 #ch1-01-1
 # Compiler and Linker Names

makefile.msvc

@@ -0,0 +1,23 @@
+#MSVC Makefile [tested with MSVC 6.00 with SP5]
+#
+#Tom St Denis
+
+CFLAGS = /I. /Ogityb2 /Gs /DWIN32 /W3
+
+default: library
+
+#List of objects to compile.
+OBJECTS=keyring.obj gf.obj mem.obj sprng.obj ecc.obj base64.obj dh.obj rsa.obj \
+bits.obj yarrow.obj cfb.obj ofb.obj ecb.obj ctr.obj cbc.obj hash.obj tiger.obj sha1.obj \
+md5.obj md4.obj md2.obj sha256.obj sha512.obj xtea.obj aes.obj serpent.obj des.obj \
+safer_tab.obj safer.obj safer+.obj rc4.obj rc2.obj rc6.obj rc5.obj cast5.obj noekeon.obj \
+blowfish.obj crypt.obj ampi.obj mpi.obj prime.obj twofish.obj packet.obj hmac.obj strings.obj
+
+library: $(OBJECTS)
+	lib /out:tomcrypt.lib $(OBJECTS)
+	
+test.obj: demos/test.c
+	cl $(CFLAGS) /c demos/test.c
+
+test: library test.obj
+	cl test.obj tomcrypt.lib advapi32.lib	

makefile.out

@@ -5,7 +5,7 @@
 CC = gcc 
 AR = ar 
 LD = ld 
-CFLAGS += -Os -Wall -Wsign-compare -W -Wno-unused -Werror -I./  
+CFLAGS += -O3 -Wall -Wsign-compare -W -Wno-unused -Werror -I./  
 
 default: library
 

md4.c

@@ -30,7 +30,7 @@ const struct _hash_descriptor md4_desc =
 
 /* F, G and H are basic MD4 functions. */
 #define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
-#define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
+#define G(x, y, z) ((x & y) | (z & (x | y)))
 #define H(x, y, z) ((x) ^ (y) ^ (z))
 
 /* ROTATE_LEFT rotates x left n bits. */

md5.c

@@ -14,10 +14,10 @@ const struct _hash_descriptor md5_desc =
     &md5_test
 };
 
-#define F(x,y,z)  ( (x&y)|((~x)&z) )
-#define G(x,y,z)  ( (x&z)|(y&(~z)) )
+#define F(x,y,z)  ((x&y)|((~x)&z))
+#define G(x,y,z)  ((x&z)|(y&(~z)))
 #define H(x,y,z)  (x^y^z)
-#define I(x,y,z)  (y ^ (x | (~z)))
+#define I(x,y,z)  (y^(x|(~z)))
 
 #define FF(a,b,c,d,M,s,t) \
     a = (a + F(b,c,d) + M + t); a = ROL(a, s); a = (b + a);

mycrypt.h

@@ -16,8 +16,8 @@ extern "C" {
 #endif
 
 /* version */
-#define CRYPT   0x0081
-#define SCRYPT  "0.81"
+#define CRYPT   0x0082
+#define SCRYPT  "0.82"
 
 /* max size of either a cipher/hash block or symmetric key [largest of the two] */
 #define MAXBLOCKSIZE           128

mycrypt_hash.h

@@ -177,8 +177,10 @@ extern int hmac_process(hmac_state *hmac, const unsigned char *buf, unsigned lon
 extern int hmac_done(hmac_state *hmac, unsigned char *hash);
 extern int hmac_test(void);
 extern int hmac_memory(int hash, const unsigned char *key, unsigned long keylen,
-                       const unsigned char *data, unsigned long len, unsigned char *dst);
+                       const unsigned char *data, unsigned long len, 
+                       unsigned char *dst, unsigned long *dstlen);
 extern int hmac_file(int hash, const char *fname, const unsigned char *key,
-                     unsigned long keylen, unsigned char *dst);
+                     unsigned long keylen, 
+                     unsigned char *dst, unsigned long *dstlen);
 #endif
 

ofb.c

@@ -36,6 +36,13 @@ int ofb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
    if ((err = cipher_is_valid(ofb->cipher)) != CRYPT_OK) {
        return err;
    }
+   
+   /* is blocklen/padlen valid? */
+   if (ofb->blocklen < 0 || ofb->blocklen > (int)sizeof(ofb->IV) ||
+       ofb->padlen   < 0 || ofb->padlen   > (int)sizeof(ofb->IV)) {
+      return CRYPT_INVALID_ARG;
+   }
+   
    while (len-- > 0) {
        if (ofb->padlen == ofb->blocklen) {
           cipher_descriptor[ofb->cipher].ecb_encrypt(ofb->IV, ofb->IV, &ofb->key);

rsa_sys.c

@@ -13,6 +13,11 @@ int rsa_encrypt_key(const unsigned char *inkey, unsigned long inlen,
    _ARGCHK(outkey != NULL);
    _ARGCHK(outlen != NULL);
    _ARGCHK(key != NULL);
+   
+   /* only allow keys from 64 to 256 bits */
+   if (inlen < 8 || inlen > 32) {
+      return CRYPT_INVALID_ARG;
+   }
 
    /* are the parameters valid? */
    if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
@@ -147,6 +152,11 @@ int rsa_sign_hash(const unsigned char *in,  unsigned long inlen,
    _ARGCHK(out != NULL);
    _ARGCHK(outlen != NULL);
    _ARGCHK(key != NULL);
+   
+   /* reject nonsense sizes */
+   if (inlen < 16) {
+      return CRYPT_INVALID_ARG;
+   }
 
    /* type of key? */
    if (key->type != PK_PRIVATE && key->type != PK_PRIVATE_OPTIMIZED) {

safer+.c

@@ -154,7 +154,7 @@ static void _ilt(unsigned char *b, unsigned char *b2)
 #endif
 
 /* These are the 33, 128-bit bias words for the key schedule */
-const unsigned char safer_bias[33][16] = {
+static const unsigned char safer_bias[33][16] = {
 {  70, 151, 177, 186, 163, 183,  16,  10, 197,  55, 179, 201,  90,  40, 172, 100},
 { 236, 171, 170, 198, 103, 149,  88,  13, 248, 154, 246, 110, 102, 220,   5,  61},
 { 138, 195, 216, 137, 106, 233,  54,  73,  67, 191, 235, 212, 150, 155, 104, 160},
@@ -469,14 +469,12 @@ int saferp_keysize(int *desired_keysize)
       return CRYPT_INVALID_KEYSIZE;
    if (*desired_keysize < 24) {
       *desired_keysize = 16;
-      return CRYPT_OK;
    } else if (*desired_keysize < 32) {
       *desired_keysize = 24;
-      return CRYPT_OK;
    } else {
       *desired_keysize = 32;
-      return CRYPT_OK;
    }
+   return CRYPT_OK;
 }
 
 #endif

sha256.c

@@ -33,7 +33,7 @@ static const unsigned long K[64] = {
 
 /* Various logical functions */
 #define Ch(x,y,z)       ((x & y) | (~x & z))
-#define Maj(x,y,z)      ((x & y) ^ (x & z) ^ (y & z))
+#define Maj(x,y,z)      (((x | y) & z) | (x & y)) 
 #define S(x, n)	        ROR((x),(n))
 #define R(x, n)	        (((x)&0xFFFFFFFFUL)>>(n))
 #define Sigma0(x)       (S(x, 2) ^ S(x, 13) ^ S(x, 22))
@@ -85,6 +85,7 @@ static void sha256_compress(hash_state * md)
     for (i = 0; i < 8; i++) {
         md->sha256.state[i] = md->sha256.state[i] + S[i];
     }
+
 }
 
 #ifdef CLEAN_STACK

sha512.c

@@ -60,7 +60,7 @@ CONST64(0x5fcb6fab3ad6faec), CONST64(0x6c44198c4a475817)
 
 /* Various logical functions */
 #define Ch(x,y,z)       ((x & y) | (~x & z))
-#define Maj(x,y,z)      ((x & y) ^ (x & z) ^ (y & z))
+#define Maj(x,y,z)      (((x | y) & z) | (x & y)) 
 #define S(x, n)         ROR64((x),(n))
 #define R(x, n)         (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)n))
 #define Sigma0(x)       (S(x, 28) ^ S(x, 34) ^ S(x, 39))

tommath.h

@@ -12,6 +12,8 @@
  *
  * Tom St Denis, [email protected], http://libtommath.iahu.ca
  */
+#include "mycrypt.h"
+
 #ifndef BN_H_
 #define BN_H_
 

twofish.c

@@ -518,7 +518,7 @@ static void _twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, sym
 void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
 #endif
 {
-    unsigned long a,b,c,d,ta,tb,tc,td,t1,t2;
+    unsigned long a,b,c,d,ta,tb,tc,td,t1,t2, *k;
     int r;
 
     _ARGCHK(pt != NULL);
@@ -531,16 +531,24 @@ void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_k
     b ^= key->twofish.K[1];
     c ^= key->twofish.K[2];
     d ^= key->twofish.K[3];
-
-    for (r = 0; r < 16; ++r) {
+    
+    k  = key->twofish.K + 8;
+    for (r = 0; r < 16; r += 2) {
         t1 = g_func(a, key);
         t2 = g_func(ROL(b, 8), key);
         t2 += (t1 += t2);
-        t1 += key->twofish.K[r+r+8];
-        t2 += key->twofish.K[r+r+9];
+        t1 += *k++;
+        t2 += *k++;
         c  ^= t1; c = ROR(c, 1);
         d  = ROL(d, 1) ^ t2;
-        ta = a; a = c; c = ta; tb = b; b = d; d = tb;
+
+        t1 = g_func(c, key);
+        t2 = g_func(ROL(d, 8), key);
+        t2 += (t1 += t2);
+        t1 += *k++;
+        t2 += *k++;
+        a  ^= t1; a = ROR(a, 1);
+        b  = ROL(b, 1) ^ t2;
     }
 
     /* output with "undo last swap" */
@@ -568,7 +576,7 @@ static void _twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, sym
 void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
 #endif
 {
-    unsigned long a,b,c,d,ta,tb,tc,td,t1,t2;
+    unsigned long a,b,c,d,ta,tb,tc,td,t1,t2, *k;
     int r;
 
     _ARGCHK(pt != NULL);
@@ -585,22 +593,21 @@ void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_k
     c = ta ^ key->twofish.K[4];
     d = tb ^ key->twofish.K[5];
 
-    /* loop is kept partially unrolled because it is slower [at least on an Athlon]
-     * then the tight version.  */
+    k = key->twofish.K + 39;
     for (r = 14; r >= 0; r -= 2) {
         t1 = g_func(c, key);
         t2 = g_func(ROL(d, 8), key);
         t2 += (t1 += t2);
-        t1 += key->twofish.K[r+r+10];
-        t2 += key->twofish.K[r+r+11];
+        t2 += *k--;
+        t1 += *k--;
         a  = ROL(a, 1) ^ t1;
         b  = b ^ t2; b = ROR(b, 1);
 
         t1 = g_func(a, key);
         t2 = g_func(ROL(b, 8), key);
         t2 += (t1 += t2);
-        t1 += key->twofish.K[r+r+8];
-        t2 += key->twofish.K[r+r+9];
+        t2 += *k--;
+        t1 += *k--;
         c  = ROL(c, 1) ^ t1;
         d  = d ^ t2; d = ROR(d, 1);
     }

update_libtomcrypt.sh

@@ -1,131 +0,0 @@
-#!/bin/tcsh
-# Get latest copy of libtomcrypt and install it using "tcsh"
-#
-# Tom St Denis
-echo libtomcrypt update script, Tom St Denis
-echo "http://libtomcrypt.iahu.ca\n"
-
-if ($1 == "--help") then
-   echo "update_libtomcrypt.sh [makefile] [sig]-- Download and optionally build the libtomcrypt project.\n"
-   echo "\t[makefile] --\tYou can optionally specify which makefile you want to build with. If you specify "
-   echo "\t\t\t'nobuild' then the library is not built, just downloaded and unzipped.  If you "
-   echo "\t\t\tleave it empty the default 'makefile' is used to build the library.\n"
-   echo "\t[sig] -- \tOptionally verify [via GPG] the signature of the package."
-   exit
-endif
-
-if ($1 == "" || $1 == "sig") then
-   set make = "makefile"
-else
-   set make = $1;
-endif
-
-if ($1 == "sig" || $2 == "sig") then
-   set sig = "sig"
-else
-   set sig = ""
-endif   
-
-rm -f latest
-echo Getting latest version number from website.
-wget -q http://iahu.ca:8080/download/latest
-if (-r latest) then 
-   set a = `cat latest`
-   echo "Latest release is v$a.\n"
-   if (-d "libtomcrypt-$a" && (-r "libtomcrypt-$a/libtomcrypt.a" || $make == "nobuild")) then
-      echo Libtomcrypt v$a is already installed on your system.
-   else   
-      echo "Downloading libtomcrypt v$a ..."
-      if (-r "crypt-$a.tar.bz2") then 
-         rm -f crypt-$a.tar.bz2
-      endif
-      wget http://iahu.ca:8080/download/crypt-$a.tar.bz2
-      if (-r "crypt-$a.tar.bz2") then 
-         if (-d "libtomcrypt-$a") then
-            echo "WARNING!  Directory libtomcrypt-$a already exists.  Cannot continue.\n"
-            exit            
-         endif
-         if ($sig == "sig") then
-            if (!(-r public.asc)) then
-               echo "Downloading and installing code signing key...\n"
-               wget -q http://iahu.ca:8080/download/public.asc
-               if (-r public.asc) then 
-                  gpg --import public.asc
-                  if ($? != 0) then
-                     echo Could not import signing key required to verify the package.
-                     exit
-                  else
-                     echo "\n********************************************************************************"
-                     echo "A new key has been imported to your keyring.  You should check that it is valid."
-                     echo "********************************************************************************"
-                  endif
-               else 
-                  echo "Could not download the key to import."
-                  exit
-               endif
-            endif
-            echo Verifying signature...
-            wget -q http://iahu.ca:8080/download/crypt-$a.tar.bz2.asc
-            if (!(-r "crypt-$a.tar.bz2.asc")) then
-               echo Could not download signature to test.
-               exit
-            endif
-            gpg -q --verify crypt-$a.tar.bz2.asc
-            if ($? != 0) then 
-               echo "\n\nSignature for crypt-$a.tar.bz2 is ****not**** valid.\n\n"
-               exit
-            else
-               echo "\n\nSignature for crypt-$a.tar.bz2 is valid.\n\n"
-            endif
-         endif
-         bzip2 -d -c crypt-$a.tar.bz2 | tar -x 
-         if (-d "libtomcrypt-$a") then
-            if (-r "libtomcrypt-$a/$make") then 
-               cd libtomcrypt-$a
-               make -f $make
-               if (-r "libtomcrypt.a") then
-                  echo "\n\n*****************************************************************"
-                  echo The library has been built and you can now install it either with
-                  echo 
-                  echo "cd libtomcrypt-$a ; make install"
-                  echo
-                  echo Or by editing the makefile and changing the user you wish to install 
-                  echo it with, or simply copy "libtomcrypt.a" to your library directory and 
-                  echo copy "*.h" to your include directory
-                  echo "*****************************************************************"
-               else 
-                  echo "\n\n*****************************************************************"
-                  echo The library failed to build.  Please note the errors and send them to [email protected]
-                  echo "*****************************************************************"
-               endif
-            else if ($make == "nobuild") then
-                  echo "\n\n*****************************************************************"
-                  echo "The library was downloaded and unzipped into libtomcrypt-$a/"
-                  echo "*****************************************************************"
-            else
-               echo "The makefile '$make' was not found in the archive.\n";
-            endif
-         else 
-            echo "Could not unpack the libtomcrypt archive (corrupt?)."
-         endif
-         cd ..
-      else
-         echo "Could not download the libtomcrypt archive from server."
-      endif
-   endif
-   if (-r "libtomcrypt-$a/changes") then
-      perl <<!
-      open(IN,"<libtomcrypt-$a/changes") or die "Can't open libtomcrypt change log.";
-      print "\nChange log for v$a :\n";
-      \$a = <IN>; print \$a; \$a = <IN>;
-      while (<IN>) { 
-         if (\$_ =~ m/^(v\d\.\d\d)/) { close(IN); exit(0); } 
-         print "\$a"; \$a = \$_; 
-      }
-!
-   else 
-      echo "Change log not found.  Is the package really installed?"
-   endif
-else 
-   echo "Could not download latest file from server to check version."
-endif