diff --git a/demos/tv_gen.c b/demos/tv_gen.c
index fe7acdc..b00a5c4 100644
--- a/demos/tv_gen.c
+++ b/demos/tv_gen.c
@@ -516,6 +516,68 @@ void ocb_gen(void)
    fclose(out);
 }
 
+void ocb3_gen(void)
+{
+   int err, kl, x, y1, z;
+   FILE *out;
+   unsigned char key[MAXBLOCKSIZE], nonce[MAXBLOCKSIZE*2], 
+                 plaintext[MAXBLOCKSIZE*2], tag[MAXBLOCKSIZE];
+   unsigned long len;
+
+   out = fopen("ocb3_tv.txt", "w");
+   fprintf(out, "OCB3 Test Vectors.  Uses the 00010203...NN-1 pattern for nonce/plaintext/key.  The outputs\n"
+                "are of the form ciphertext,tag for a given NN.  The key for step N>1 is the tag of the previous\n"
+                "step repeated sufficiently.  The nonce is fixed throughout. AAD is fixed to 3 bytes (ASCII) 'AAD'.\n\n");
+
+   for (x = 0; cipher_descriptor[x].name != NULL; x++) {
+      kl = cipher_descriptor[x].block_length;
+
+      /* skip ciphers which do not have 64 or 128 bit block sizes */
+      if (kl != 8 && kl != 16) continue;
+
+      if (cipher_descriptor[x].keysize(&kl) != CRYPT_OK) {
+         kl = cipher_descriptor[x].max_key_length;
+      }
+      fprintf(out, "OCB-%s (%d byte key)\n", cipher_descriptor[x].name, kl);
+
+      /* the key */
+      for (z = 0; z < kl; z++) {
+          key[z] = (z & 255);
+      }
+
+      /* fixed nonce */
+      for (z = 0; z < cipher_descriptor[x].block_length; z++) {
+          nonce[z] = z;
+      }
+      
+      for (y1 = 0; y1 <= (int)(cipher_descriptor[x].block_length*2); y1++){
+         for (z = 0; z < y1; z++) {
+            plaintext[z] = (unsigned char)(z & 255);
+         }
+         len = sizeof(tag);
+         if ((err = ocb3_encrypt_authenticate_memory(x, key, kl, nonce, cipher_descriptor[x].block_length, "AAD", 3, plaintext, y1, plaintext, tag, &len)) != CRYPT_OK) {
+            printf("Error OCB'ing: %s\n", error_to_string(err));
+            exit(EXIT_FAILURE);
+         }
+         fprintf(out, "%3d: ", y1);
+         for (z = 0; z < y1; z++) {
+            fprintf(out, "%02X", plaintext[z]);
+         }
+         fprintf(out, ", ");
+         for (z = 0; z <(int)len; z++) {
+            fprintf(out, "%02X", tag[z]);
+         }
+         fprintf(out, "\n");
+
+         /* forward the key */
+         for (z = 0; z < kl; z++) {
+             key[z] = tag[z % len];
+         }
+      }
+      fprintf(out, "\n");
+   }
+   fclose(out);
+}
 
 void ccm_gen(void)
 {
@@ -775,6 +837,7 @@ int main(void)
    printf("Generating PMAC   vectors..."); fflush(stdout); pmac_gen();   printf("done\n");
    printf("Generating EAX    vectors..."); fflush(stdout); eax_gen();    printf("done\n");
    printf("Generating OCB    vectors..."); fflush(stdout); ocb_gen();    printf("done\n");
+   printf("Generating OCB3   vectors..."); fflush(stdout); ocb3_gen();   printf("done\n");
    printf("Generating CCM    vectors..."); fflush(stdout); ccm_gen();    printf("done\n");
    printf("Generating GCM    vectors..."); fflush(stdout); gcm_gen();    printf("done\n");
    printf("Generating BASE64 vectors..."); fflush(stdout); base64_gen(); printf("done\n");
diff --git a/makefile b/makefile
index 6278a20..a9e3fa9 100644
--- a/makefile
+++ b/makefile
@@ -111,27 +111,32 @@ endif
 OBJECTS=src/ciphers/aes/aes_enc.o src/ciphers/aes/aes.o src/ciphers/anubis.o src/ciphers/blowfish.o \
 src/ciphers/camellia.o src/ciphers/cast5.o src/ciphers/des.o src/ciphers/kasumi.o src/ciphers/khazad.o \
 src/ciphers/kseed.o src/ciphers/multi2.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \
-src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/saferp.o src/ciphers/safer/safer_tab.o \
+src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/safer_tab.o src/ciphers/safer/saferp.o \
 src/ciphers/skipjack.o src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_memory.o \
 src/encauth/ccm/ccm_memory_ex.o src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o \
 src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
-src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_encrypt.o \
+src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
 src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \
 src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
 src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
 src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
 src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
-src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o \
-src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_encrypt.o \
-src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o src/encauth/ocb/ocb_shift_xor.o \
-src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o src/hashes/chc/chc.o \
-src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
-src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o src/hashes/md5.o \
-src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o src/hashes/sha1.o \
-src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o src/hashes/whirl/whirl.o \
-src/mac/f9/f9_done.o src/mac/f9/f9_file.o src/mac/f9/f9_init.o src/mac/f9/f9_memory.o \
-src/mac/f9/f9_memory_multi.o src/mac/f9/f9_process.o src/mac/f9/f9_test.o src/mac/hmac/hmac_done.o \
-src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
+src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
+src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
+src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
+src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \
+src/encauth/ocb3/ocb3_decrypt_verify_memory.o src/encauth/ocb3/ocb3_done.o \
+src/encauth/ocb3/ocb3_encrypt.o src/encauth/ocb3/ocb3_encrypt_authenticate_memory.o \
+src/encauth/ocb3/ocb3_encrypt_last.o src/encauth/ocb3/ocb3_init.o \
+src/encauth/ocb3/ocb3_int_aad_add_block.o src/encauth/ocb3/ocb3_int_calc_offset_zero.o \
+src/encauth/ocb3/ocb3_int_ntz.o src/encauth/ocb3/ocb3_int_xor_blocks.o src/encauth/ocb3/ocb3_test.o \
+src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \
+src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
+src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o \
+src/hashes/sha1.o src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \
+src/hashes/whirl/whirl.o src/mac/f9/f9_done.o src/mac/f9/f9_file.o src/mac/f9/f9_init.o \
+src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o src/mac/f9/f9_process.o src/mac/f9/f9_test.o \
+src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
 src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \
 src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
 src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \
@@ -143,79 +148,78 @@ src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \
 src/mac/xcbc/xcbc_memory_multi.o src/mac/xcbc/xcbc_process.o src/mac/xcbc/xcbc_test.o \
 src/math/fp/ltc_ecc_fp_mulmod.o src/math/gmp_desc.o src/math/ltm_desc.o src/math/multi.o \
 src/math/rand_prime.o src/math/tfm_desc.o src/misc/base64/base64_decode.o \
-src/misc/pk_get_oid.o \
-src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt_argchk.o \
-src/misc/crypt/crypt.o src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
-src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher.o \
-src/misc/crypt/crypt_find_cipher_id.o src/misc/crypt/crypt_find_hash_any.o \
-src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_id.o \
-src/misc/crypt/crypt_find_hash_oid.o src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_fsa.o \
-src/misc/crypt/crypt_hash_descriptor.o src/misc/crypt/crypt_hash_is_valid.o \
-src/misc/crypt/crypt_ltc_mp_descriptor.o src/misc/crypt/crypt_prng_descriptor.o \
-src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_register_cipher.o \
-src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o \
-src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
-src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o src/misc/pkcs5/pkcs_5_1.o \
-src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o src/misc/hkdf/hkdf.o src/misc/hkdf/hkdf_test.o \
-src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o \
-src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o \
-src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o \
-src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o \
-src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o \
-src/modes/ctr/ctr_encrypt.o src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o \
-src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o \
-src/modes/ecb/ecb_encrypt.o src/modes/ecb/ecb_start.o src/modes/f8/f8_decrypt.o src/modes/f8/f8_done.o \
-src/modes/f8/f8_encrypt.o src/modes/f8/f8_getiv.o src/modes/f8/f8_setiv.o src/modes/f8/f8_start.o \
-src/modes/f8/f8_test_mode.o src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o \
-src/modes/lrw/lrw_encrypt.o src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o \
-src/modes/lrw/lrw_setiv.o src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o \
-src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o src/modes/ofb/ofb_encrypt.o \
-src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \
-src/modes/xts/xts_decrypt.o src/modes/xts/xts_done.o src/modes/xts/xts_encrypt.o \
-src/modes/xts/xts_init.o src/modes/xts/xts_mult_x.o src/modes/xts/xts_test.o \
-src/pk/asn1/der/bit/der_decode_bit_string.o src/pk/asn1/der/bit/der_encode_bit_string.o \
-src/pk/asn1/der/bit/der_length_bit_string.o src/pk/asn1/der/boolean/der_decode_boolean.o \
-src/pk/asn1/der/bit/der_decode_raw_bit_string.o src/pk/asn1/der/bit/der_encode_raw_bit_string.o \
-src/pk/asn1/der/boolean/der_encode_boolean.o src/pk/asn1/der/boolean/der_length_boolean.o \
-src/pk/asn1/der/choice/der_decode_choice.o src/pk/asn1/der/ia5/der_decode_ia5_string.o \
-src/pk/asn1/der/ia5/der_encode_ia5_string.o src/pk/asn1/der/ia5/der_length_ia5_string.o \
-src/pk/asn1/der/integer/der_decode_integer.o src/pk/asn1/der/integer/der_encode_integer.o \
-src/pk/asn1/der/integer/der_length_integer.o \
+src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt.o \
+src/misc/crypt/crypt_argchk.o src/misc/crypt/crypt_cipher_descriptor.o \
+src/misc/crypt/crypt_cipher_is_valid.o src/misc/crypt/crypt_find_cipher.o \
+src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher_id.o \
+src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_any.o \
+src/misc/crypt/crypt_find_hash_id.o src/misc/crypt/crypt_find_hash_oid.o \
+src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_fsa.o src/misc/crypt/crypt_hash_descriptor.o \
+src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_ltc_mp_descriptor.o \
+src/misc/crypt/crypt_prng_descriptor.o src/misc/crypt/crypt_prng_is_valid.o \
+src/misc/crypt/crypt_register_cipher.o src/misc/crypt/crypt_register_hash.o \
+src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_unregister_cipher.o \
+src/misc/crypt/crypt_unregister_hash.o src/misc/crypt/crypt_unregister_prng.o \
+src/misc/error_to_string.o src/misc/hkdf/hkdf.o src/misc/hkdf/hkdf_test.o src/misc/pk_get_oid.o \
+src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o src/modes/cbc/cbc_decrypt.o \
+src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
+src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
+src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o \
+src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o \
+src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o src/modes/ctr/ctr_getiv.o \
+src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \
+src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
+src/modes/ecb/ecb_start.o src/modes/f8/f8_decrypt.o src/modes/f8/f8_done.o src/modes/f8/f8_encrypt.o \
+src/modes/f8/f8_getiv.o src/modes/f8/f8_setiv.o src/modes/f8/f8_start.o src/modes/f8/f8_test_mode.o \
+src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o src/modes/lrw/lrw_encrypt.o \
+src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o src/modes/lrw/lrw_setiv.o \
+src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
+src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
+src/modes/ofb/ofb_start.o src/modes/xts/xts_decrypt.o src/modes/xts/xts_done.o \
+src/modes/xts/xts_encrypt.o src/modes/xts/xts_init.o src/modes/xts/xts_mult_x.o \
+src/modes/xts/xts_test.o src/pk/asn1/der/bit/der_decode_bit_string.o \
+src/pk/asn1/der/bit/der_decode_raw_bit_string.o src/pk/asn1/der/bit/der_encode_bit_string.o \
+src/pk/asn1/der/bit/der_encode_raw_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \
+src/pk/asn1/der/boolean/der_decode_boolean.o src/pk/asn1/der/boolean/der_encode_boolean.o \
+src/pk/asn1/der/boolean/der_length_boolean.o src/pk/asn1/der/choice/der_decode_choice.o \
+src/pk/asn1/der/ia5/der_decode_ia5_string.o src/pk/asn1/der/ia5/der_encode_ia5_string.o \
+src/pk/asn1/der/ia5/der_length_ia5_string.o src/pk/asn1/der/integer/der_decode_integer.o \
+src/pk/asn1/der/integer/der_encode_integer.o src/pk/asn1/der/integer/der_length_integer.o \
 src/pk/asn1/der/object_identifier/der_decode_object_identifier.o \
 src/pk/asn1/der/object_identifier/der_encode_object_identifier.o \
 src/pk/asn1/der/object_identifier/der_length_object_identifier.o \
 src/pk/asn1/der/octet/der_decode_octet_string.o src/pk/asn1/der/octet/der_encode_octet_string.o \
 src/pk/asn1/der/octet/der_length_octet_string.o \
-src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
-src/pk/asn1/der/teletex_string/der_length_teletex_string.o \
 src/pk/asn1/der/printable_string/der_decode_printable_string.o \
 src/pk/asn1/der/printable_string/der_encode_printable_string.o \
 src/pk/asn1/der/printable_string/der_length_printable_string.o \
-src/pk/asn1/der/sequence/der_encode_subject_public_key_info.o \
-src/pk/asn1/der/sequence/der_decode_subject_public_key_info.o \
 src/pk/asn1/der/sequence/der_decode_sequence_ex.o \
 src/pk/asn1/der/sequence/der_decode_sequence_flexi.o \
 src/pk/asn1/der/sequence/der_decode_sequence_multi.o \
+src/pk/asn1/der/sequence/der_decode_subject_public_key_info.o \
 src/pk/asn1/der/sequence/der_encode_sequence_ex.o \
-src/pk/asn1/der/sequence/der_encode_sequence_multi.o src/pk/asn1/der/sequence/der_length_sequence.o \
-src/pk/asn1/der/sequence/der_sequence_free.o src/pk/asn1/der/set/der_encode_set.o \
-src/pk/asn1/der/set/der_encode_setof.o src/pk/asn1/der/short_integer/der_decode_short_integer.o \
+src/pk/asn1/der/sequence/der_encode_sequence_multi.o \
+src/pk/asn1/der/sequence/der_encode_subject_public_key_info.o \
+src/pk/asn1/der/sequence/der_length_sequence.o src/pk/asn1/der/sequence/der_sequence_free.o \
+src/pk/asn1/der/set/der_encode_set.o src/pk/asn1/der/set/der_encode_setof.o \
+src/pk/asn1/der/short_integer/der_decode_short_integer.o \
 src/pk/asn1/der/short_integer/der_encode_short_integer.o \
-src/pk/asn1/der/short_integer/der_length_short_integer.o src/pk/asn1/der/utctime/der_decode_utctime.o \
-src/pk/asn1/der/utctime/der_encode_utctime.o src/pk/asn1/der/utctime/der_length_utctime.o \
-src/pk/asn1/der/utf8/der_decode_utf8_string.o src/pk/asn1/der/utf8/der_encode_utf8_string.o \
-src/pk/asn1/der/utf8/der_length_utf8_string.o src/pk/dsa/dsa_decrypt_key.o \
-src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o \
-src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o \
-src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc_ansi_x963_export.o \
-src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc.o src/pk/ecc/ecc_decrypt_key.o \
+src/pk/asn1/der/short_integer/der_length_short_integer.o \
+src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
+src/pk/asn1/der/teletex_string/der_length_teletex_string.o \
+src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_utctime.o \
+src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \
+src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \
+src/pk/dh/dh.o src/pk/dsa/dsa_decrypt_key.o src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o \
+src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_shared_secret.o \
+src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o \
+src/pk/ecc/ecc_ansi_x963_export.o src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o \
 src/pk/ecc/ecc_encrypt_key.o src/pk/ecc/ecc_export.o src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_size.o \
 src/pk/ecc/ecc_import.o src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_shared_secret.o \
 src/pk/ecc/ecc_sign_hash.o src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o src/pk/ecc/ecc_verify_hash.o \
 src/pk/ecc/ltc_ecc_is_valid_idx.o src/pk/ecc/ltc_ecc_map.o src/pk/ecc/ltc_ecc_mul2add.o \
 src/pk/ecc/ltc_ecc_mulmod.o src/pk/ecc/ltc_ecc_mulmod_timing.o src/pk/ecc/ltc_ecc_points.o \
 src/pk/ecc/ltc_ecc_projective_add_point.o src/pk/ecc/ltc_ecc_projective_dbl_point.o \
-src/pk/dh/dh.o \
 src/pk/katja/katja_decrypt_key.o src/pk/katja/katja_encrypt_key.o src/pk/katja/katja_export.o \
 src/pk/katja/katja_exptmod.o src/pk/katja/katja_free.o src/pk/katja/katja_import.o \
 src/pk/katja/katja_make_key.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \
@@ -227,11 +231,11 @@ src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_verify_hash.
 src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
 src/prngs/sprng.o src/prngs/yarrow.o 
 
-HEADERS=src/headers/tomcrypt_cfg.h src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h \
-src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cipher.h \
-src/headers/tomcrypt_pk.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_math.h \
-src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
-src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
+HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
+src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_custom.h.orig \
+src/headers/tomcrypt_hash.h src/headers/tomcrypt_hkdf.h src/headers/tomcrypt_mac.h \
+src/headers/tomcrypt_macros.h src/headers/tomcrypt_math.h src/headers/tomcrypt_misc.h \
+src/headers/tomcrypt_pk.h src/headers/tomcrypt_pkcs.h src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
 
 #END_INS
 
diff --git a/makefile.icc b/makefile.icc
index 71bb112..879ccec 100644
--- a/makefile.icc
+++ b/makefile.icc
@@ -97,27 +97,32 @@ endif
 OBJECTS=src/ciphers/aes/aes_enc.o src/ciphers/aes/aes.o src/ciphers/anubis.o src/ciphers/blowfish.o \
 src/ciphers/camellia.o src/ciphers/cast5.o src/ciphers/des.o src/ciphers/kasumi.o src/ciphers/khazad.o \
 src/ciphers/kseed.o src/ciphers/multi2.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \
-src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/saferp.o src/ciphers/safer/safer_tab.o \
+src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/safer_tab.o src/ciphers/safer/saferp.o \
 src/ciphers/skipjack.o src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_memory.o \
 src/encauth/ccm/ccm_memory_ex.o src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o \
 src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
-src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_encrypt.o \
+src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
 src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \
 src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
 src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
 src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
 src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
-src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o \
-src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_encrypt.o \
-src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o src/encauth/ocb/ocb_shift_xor.o \
-src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o src/hashes/chc/chc.o \
-src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
-src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o src/hashes/md5.o \
-src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o src/hashes/sha1.o \
-src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o src/hashes/whirl/whirl.o \
-src/mac/f9/f9_done.o src/mac/f9/f9_file.o src/mac/f9/f9_init.o src/mac/f9/f9_memory.o \
-src/mac/f9/f9_memory_multi.o src/mac/f9/f9_process.o src/mac/f9/f9_test.o src/mac/hmac/hmac_done.o \
-src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
+src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
+src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
+src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
+src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \
+src/encauth/ocb3/ocb3_decrypt_verify_memory.o src/encauth/ocb3/ocb3_done.o \
+src/encauth/ocb3/ocb3_encrypt.o src/encauth/ocb3/ocb3_encrypt_authenticate_memory.o \
+src/encauth/ocb3/ocb3_encrypt_last.o src/encauth/ocb3/ocb3_init.o \
+src/encauth/ocb3/ocb3_int_aad_add_block.o src/encauth/ocb3/ocb3_int_calc_offset_zero.o \
+src/encauth/ocb3/ocb3_int_ntz.o src/encauth/ocb3/ocb3_int_xor_blocks.o src/encauth/ocb3/ocb3_test.o \
+src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \
+src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
+src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o \
+src/hashes/sha1.o src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \
+src/hashes/whirl/whirl.o src/mac/f9/f9_done.o src/mac/f9/f9_file.o src/mac/f9/f9_init.o \
+src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o src/mac/f9/f9_process.o src/mac/f9/f9_test.o \
+src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
 src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \
 src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
 src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \
@@ -129,68 +134,72 @@ src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \
 src/mac/xcbc/xcbc_memory_multi.o src/mac/xcbc/xcbc_process.o src/mac/xcbc/xcbc_test.o \
 src/math/fp/ltc_ecc_fp_mulmod.o src/math/gmp_desc.o src/math/ltm_desc.o src/math/multi.o \
 src/math/rand_prime.o src/math/tfm_desc.o src/misc/base64/base64_decode.o \
-src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt_argchk.o \
-src/misc/crypt/crypt.o src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
-src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher.o \
-src/misc/crypt/crypt_find_cipher_id.o src/misc/crypt/crypt_find_hash_any.o \
-src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_id.o \
-src/misc/crypt/crypt_find_hash_oid.o src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_fsa.o \
-src/misc/crypt/crypt_hash_descriptor.o src/misc/crypt/crypt_hash_is_valid.o \
-src/misc/crypt/crypt_ltc_mp_descriptor.o src/misc/crypt/crypt_prng_descriptor.o \
-src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_register_cipher.o \
-src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o \
-src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
-src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o src/misc/pkcs5/pkcs_5_1.o \
-src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o src/misc/hkdf/hkdf.o \
-src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o \
-src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o \
-src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o \
-src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o \
-src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o \
-src/modes/ctr/ctr_encrypt.o src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o \
-src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o \
-src/modes/ecb/ecb_encrypt.o src/modes/ecb/ecb_start.o src/modes/f8/f8_decrypt.o src/modes/f8/f8_done.o \
-src/modes/f8/f8_encrypt.o src/modes/f8/f8_getiv.o src/modes/f8/f8_setiv.o src/modes/f8/f8_start.o \
-src/modes/f8/f8_test_mode.o src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o \
-src/modes/lrw/lrw_encrypt.o src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o \
-src/modes/lrw/lrw_setiv.o src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o \
-src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o src/modes/ofb/ofb_encrypt.o \
-src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \
-src/modes/xts/xts_decrypt.o src/modes/xts/xts_done.o src/modes/xts/xts_encrypt.o \
-src/modes/xts/xts_init.o src/modes/xts/xts_mult_x.o src/modes/xts/xts_test.o \
-src/pk/asn1/der/bit/der_decode_bit_string.o src/pk/asn1/der/bit/der_encode_bit_string.o \
-src/pk/asn1/der/bit/der_length_bit_string.o src/pk/asn1/der/boolean/der_decode_boolean.o \
-src/pk/asn1/der/boolean/der_encode_boolean.o src/pk/asn1/der/boolean/der_length_boolean.o \
-src/pk/asn1/der/choice/der_decode_choice.o src/pk/asn1/der/ia5/der_decode_ia5_string.o \
-src/pk/asn1/der/ia5/der_encode_ia5_string.o src/pk/asn1/der/ia5/der_length_ia5_string.o \
-src/pk/asn1/der/integer/der_decode_integer.o src/pk/asn1/der/integer/der_encode_integer.o \
-src/pk/asn1/der/integer/der_length_integer.o \
+src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt.o \
+src/misc/crypt/crypt_argchk.o src/misc/crypt/crypt_cipher_descriptor.o \
+src/misc/crypt/crypt_cipher_is_valid.o src/misc/crypt/crypt_find_cipher.o \
+src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher_id.o \
+src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_any.o \
+src/misc/crypt/crypt_find_hash_id.o src/misc/crypt/crypt_find_hash_oid.o \
+src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_fsa.o src/misc/crypt/crypt_hash_descriptor.o \
+src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_ltc_mp_descriptor.o \
+src/misc/crypt/crypt_prng_descriptor.o src/misc/crypt/crypt_prng_is_valid.o \
+src/misc/crypt/crypt_register_cipher.o src/misc/crypt/crypt_register_hash.o \
+src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_unregister_cipher.o \
+src/misc/crypt/crypt_unregister_hash.o src/misc/crypt/crypt_unregister_prng.o \
+src/misc/error_to_string.o src/misc/hkdf/hkdf.o src/misc/hkdf/hkdf_test.o src/misc/pk_get_oid.o \
+src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o src/modes/cbc/cbc_decrypt.o \
+src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
+src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
+src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o \
+src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o \
+src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o src/modes/ctr/ctr_getiv.o \
+src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \
+src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
+src/modes/ecb/ecb_start.o src/modes/f8/f8_decrypt.o src/modes/f8/f8_done.o src/modes/f8/f8_encrypt.o \
+src/modes/f8/f8_getiv.o src/modes/f8/f8_setiv.o src/modes/f8/f8_start.o src/modes/f8/f8_test_mode.o \
+src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o src/modes/lrw/lrw_encrypt.o \
+src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o src/modes/lrw/lrw_setiv.o \
+src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
+src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
+src/modes/ofb/ofb_start.o src/modes/xts/xts_decrypt.o src/modes/xts/xts_done.o \
+src/modes/xts/xts_encrypt.o src/modes/xts/xts_init.o src/modes/xts/xts_mult_x.o \
+src/modes/xts/xts_test.o src/pk/asn1/der/bit/der_decode_bit_string.o \
+src/pk/asn1/der/bit/der_decode_raw_bit_string.o src/pk/asn1/der/bit/der_encode_bit_string.o \
+src/pk/asn1/der/bit/der_encode_raw_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \
+src/pk/asn1/der/boolean/der_decode_boolean.o src/pk/asn1/der/boolean/der_encode_boolean.o \
+src/pk/asn1/der/boolean/der_length_boolean.o src/pk/asn1/der/choice/der_decode_choice.o \
+src/pk/asn1/der/ia5/der_decode_ia5_string.o src/pk/asn1/der/ia5/der_encode_ia5_string.o \
+src/pk/asn1/der/ia5/der_length_ia5_string.o src/pk/asn1/der/integer/der_decode_integer.o \
+src/pk/asn1/der/integer/der_encode_integer.o src/pk/asn1/der/integer/der_length_integer.o \
 src/pk/asn1/der/object_identifier/der_decode_object_identifier.o \
 src/pk/asn1/der/object_identifier/der_encode_object_identifier.o \
 src/pk/asn1/der/object_identifier/der_length_object_identifier.o \
 src/pk/asn1/der/octet/der_decode_octet_string.o src/pk/asn1/der/octet/der_encode_octet_string.o \
 src/pk/asn1/der/octet/der_length_octet_string.o \
-src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
-src/pk/asn1/der/teletex_string/der_length_teletex_string.o \
 src/pk/asn1/der/printable_string/der_decode_printable_string.o \
 src/pk/asn1/der/printable_string/der_encode_printable_string.o \
 src/pk/asn1/der/printable_string/der_length_printable_string.o \
 src/pk/asn1/der/sequence/der_decode_sequence_ex.o \
 src/pk/asn1/der/sequence/der_decode_sequence_flexi.o \
 src/pk/asn1/der/sequence/der_decode_sequence_multi.o \
+src/pk/asn1/der/sequence/der_decode_subject_public_key_info.o \
 src/pk/asn1/der/sequence/der_encode_sequence_ex.o \
-src/pk/asn1/der/sequence/der_encode_sequence_multi.o src/pk/asn1/der/sequence/der_length_sequence.o \
-src/pk/asn1/der/sequence/der_sequence_free.o src/pk/asn1/der/set/der_encode_set.o \
-src/pk/asn1/der/set/der_encode_setof.o src/pk/asn1/der/short_integer/der_decode_short_integer.o \
+src/pk/asn1/der/sequence/der_encode_sequence_multi.o \
+src/pk/asn1/der/sequence/der_encode_subject_public_key_info.o \
+src/pk/asn1/der/sequence/der_length_sequence.o src/pk/asn1/der/sequence/der_sequence_free.o \
+src/pk/asn1/der/set/der_encode_set.o src/pk/asn1/der/set/der_encode_setof.o \
+src/pk/asn1/der/short_integer/der_decode_short_integer.o \
 src/pk/asn1/der/short_integer/der_encode_short_integer.o \
-src/pk/asn1/der/short_integer/der_length_short_integer.o src/pk/asn1/der/utctime/der_decode_utctime.o \
-src/pk/asn1/der/utctime/der_encode_utctime.o src/pk/asn1/der/utctime/der_length_utctime.o \
-src/pk/asn1/der/utf8/der_decode_utf8_string.o src/pk/asn1/der/utf8/der_encode_utf8_string.o \
-src/pk/asn1/der/utf8/der_length_utf8_string.o src/pk/dsa/dsa_decrypt_key.o \
-src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o \
-src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o \
-src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc_ansi_x963_export.o \
-src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc.o src/pk/ecc/ecc_decrypt_key.o \
+src/pk/asn1/der/short_integer/der_length_short_integer.o \
+src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
+src/pk/asn1/der/teletex_string/der_length_teletex_string.o \
+src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_utctime.o \
+src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \
+src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \
+src/pk/dh/dh.o src/pk/dsa/dsa_decrypt_key.o src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o \
+src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_shared_secret.o \
+src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o \
+src/pk/ecc/ecc_ansi_x963_export.o src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o \
 src/pk/ecc/ecc_encrypt_key.o src/pk/ecc/ecc_export.o src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_size.o \
 src/pk/ecc/ecc_import.o src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_shared_secret.o \
 src/pk/ecc/ecc_sign_hash.o src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o src/pk/ecc/ecc_verify_hash.o \
@@ -208,11 +217,11 @@ src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_verify_hash.
 src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
 src/prngs/sprng.o src/prngs/yarrow.o 
 
-HEADERS=src/headers/tomcrypt_cfg.h src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h \
-src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cipher.h \
-src/headers/tomcrypt_pk.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_math.h \
-src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
-src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
+HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
+src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_custom.h.orig \
+src/headers/tomcrypt_hash.h src/headers/tomcrypt_hkdf.h src/headers/tomcrypt_mac.h \
+src/headers/tomcrypt_macros.h src/headers/tomcrypt_math.h src/headers/tomcrypt_misc.h \
+src/headers/tomcrypt_pk.h src/headers/tomcrypt_pkcs.h src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
 
 #END_INS
 
diff --git a/makefile.msvc b/makefile.msvc
index a0ffe6a..85a33b5 100644
--- a/makefile.msvc
+++ b/makefile.msvc
@@ -7,27 +7,32 @@ CFLAGS = /Isrc/headers/ /Itestprof/ /Ox /DWIN32 /DLTC_SOURCE /W3 /Fo$@ $(CF)
 OBJECTS=src/ciphers/aes/aes_enc.obj src/ciphers/aes/aes.obj src/ciphers/anubis.obj src/ciphers/blowfish.obj \
 src/ciphers/camellia.obj src/ciphers/cast5.obj src/ciphers/des.obj src/ciphers/kasumi.obj src/ciphers/khazad.obj \
 src/ciphers/kseed.obj src/ciphers/multi2.obj src/ciphers/noekeon.obj src/ciphers/rc2.obj src/ciphers/rc5.obj \
-src/ciphers/rc6.obj src/ciphers/safer/safer.obj src/ciphers/safer/saferp.obj src/ciphers/safer/safer_tab.obj \
+src/ciphers/rc6.obj src/ciphers/safer/safer.obj src/ciphers/safer/safer_tab.obj src/ciphers/safer/saferp.obj \
 src/ciphers/skipjack.obj src/ciphers/twofish/twofish.obj src/ciphers/xtea.obj src/encauth/ccm/ccm_memory.obj \
 src/encauth/ccm/ccm_memory_ex.obj src/encauth/ccm/ccm_test.obj src/encauth/eax/eax_addheader.obj \
 src/encauth/eax/eax_decrypt.obj src/encauth/eax/eax_decrypt_verify_memory.obj src/encauth/eax/eax_done.obj \
-src/encauth/eax/eax_encrypt_authenticate_memory.obj src/encauth/eax/eax_encrypt.obj \
+src/encauth/eax/eax_encrypt.obj src/encauth/eax/eax_encrypt_authenticate_memory.obj \
 src/encauth/eax/eax_init.obj src/encauth/eax/eax_test.obj src/encauth/gcm/gcm_add_aad.obj \
 src/encauth/gcm/gcm_add_iv.obj src/encauth/gcm/gcm_done.obj src/encauth/gcm/gcm_gf_mult.obj \
 src/encauth/gcm/gcm_init.obj src/encauth/gcm/gcm_memory.obj src/encauth/gcm/gcm_mult_h.obj \
 src/encauth/gcm/gcm_process.obj src/encauth/gcm/gcm_reset.obj src/encauth/gcm/gcm_test.obj \
 src/encauth/ocb/ocb_decrypt.obj src/encauth/ocb/ocb_decrypt_verify_memory.obj \
-src/encauth/ocb/ocb_done_decrypt.obj src/encauth/ocb/ocb_done_encrypt.obj \
-src/encauth/ocb/ocb_encrypt_authenticate_memory.obj src/encauth/ocb/ocb_encrypt.obj \
-src/encauth/ocb/ocb_init.obj src/encauth/ocb/ocb_ntz.obj src/encauth/ocb/ocb_shift_xor.obj \
-src/encauth/ocb/ocb_test.obj src/encauth/ocb/s_ocb_done.obj src/hashes/chc/chc.obj \
-src/hashes/helper/hash_file.obj src/hashes/helper/hash_filehandle.obj src/hashes/helper/hash_memory.obj \
-src/hashes/helper/hash_memory_multi.obj src/hashes/md2.obj src/hashes/md4.obj src/hashes/md5.obj \
-src/hashes/rmd128.obj src/hashes/rmd160.obj src/hashes/rmd256.obj src/hashes/rmd320.obj src/hashes/sha1.obj \
-src/hashes/sha2/sha256.obj src/hashes/sha2/sha512.obj src/hashes/tiger.obj src/hashes/whirl/whirl.obj \
-src/mac/f9/f9_done.obj src/mac/f9/f9_file.obj src/mac/f9/f9_init.obj src/mac/f9/f9_memory.obj \
-src/mac/f9/f9_memory_multi.obj src/mac/f9/f9_process.obj src/mac/f9/f9_test.obj src/mac/hmac/hmac_done.obj \
-src/mac/hmac/hmac_file.obj src/mac/hmac/hmac_init.obj src/mac/hmac/hmac_memory.obj \
+src/encauth/ocb/ocb_done_decrypt.obj src/encauth/ocb/ocb_done_encrypt.obj src/encauth/ocb/ocb_encrypt.obj \
+src/encauth/ocb/ocb_encrypt_authenticate_memory.obj src/encauth/ocb/ocb_init.obj src/encauth/ocb/ocb_ntz.obj \
+src/encauth/ocb/ocb_shift_xor.obj src/encauth/ocb/ocb_test.obj src/encauth/ocb/s_ocb_done.obj \
+src/encauth/ocb3/ocb3_add_aad.obj src/encauth/ocb3/ocb3_decrypt.obj src/encauth/ocb3/ocb3_decrypt_last.obj \
+src/encauth/ocb3/ocb3_decrypt_verify_memory.obj src/encauth/ocb3/ocb3_done.obj \
+src/encauth/ocb3/ocb3_encrypt.obj src/encauth/ocb3/ocb3_encrypt_authenticate_memory.obj \
+src/encauth/ocb3/ocb3_encrypt_last.obj src/encauth/ocb3/ocb3_init.obj \
+src/encauth/ocb3/ocb3_int_aad_add_block.obj src/encauth/ocb3/ocb3_int_calc_offset_zero.obj \
+src/encauth/ocb3/ocb3_int_ntz.obj src/encauth/ocb3/ocb3_int_xor_blocks.obj src/encauth/ocb3/ocb3_test.obj \
+src/hashes/chc/chc.obj src/hashes/helper/hash_file.obj src/hashes/helper/hash_filehandle.obj \
+src/hashes/helper/hash_memory.obj src/hashes/helper/hash_memory_multi.obj src/hashes/md2.obj src/hashes/md4.obj \
+src/hashes/md5.obj src/hashes/rmd128.obj src/hashes/rmd160.obj src/hashes/rmd256.obj src/hashes/rmd320.obj \
+src/hashes/sha1.obj src/hashes/sha2/sha256.obj src/hashes/sha2/sha512.obj src/hashes/tiger.obj \
+src/hashes/whirl/whirl.obj src/mac/f9/f9_done.obj src/mac/f9/f9_file.obj src/mac/f9/f9_init.obj \
+src/mac/f9/f9_memory.obj src/mac/f9/f9_memory_multi.obj src/mac/f9/f9_process.obj src/mac/f9/f9_test.obj \
+src/mac/hmac/hmac_done.obj src/mac/hmac/hmac_file.obj src/mac/hmac/hmac_init.obj src/mac/hmac/hmac_memory.obj \
 src/mac/hmac/hmac_memory_multi.obj src/mac/hmac/hmac_process.obj src/mac/hmac/hmac_test.obj \
 src/mac/omac/omac_done.obj src/mac/omac/omac_file.obj src/mac/omac/omac_init.obj src/mac/omac/omac_memory.obj \
 src/mac/omac/omac_memory_multi.obj src/mac/omac/omac_process.obj src/mac/omac/omac_test.obj \
@@ -39,68 +44,72 @@ src/mac/xcbc/xcbc_file.obj src/mac/xcbc/xcbc_init.obj src/mac/xcbc/xcbc_memory.o
 src/mac/xcbc/xcbc_memory_multi.obj src/mac/xcbc/xcbc_process.obj src/mac/xcbc/xcbc_test.obj \
 src/math/fp/ltc_ecc_fp_mulmod.obj src/math/gmp_desc.obj src/math/ltm_desc.obj src/math/multi.obj \
 src/math/rand_prime.obj src/math/tfm_desc.obj src/misc/base64/base64_decode.obj \
-src/misc/base64/base64_encode.obj src/misc/burn_stack.obj src/misc/crypt/crypt_argchk.obj \
-src/misc/crypt/crypt.obj src/misc/crypt/crypt_cipher_descriptor.obj src/misc/crypt/crypt_cipher_is_valid.obj \
-src/misc/crypt/crypt_find_cipher_any.obj src/misc/crypt/crypt_find_cipher.obj \
-src/misc/crypt/crypt_find_cipher_id.obj src/misc/crypt/crypt_find_hash_any.obj \
-src/misc/crypt/crypt_find_hash.obj src/misc/crypt/crypt_find_hash_id.obj \
-src/misc/crypt/crypt_find_hash_oid.obj src/misc/crypt/crypt_find_prng.obj src/misc/crypt/crypt_fsa.obj \
-src/misc/crypt/crypt_hash_descriptor.obj src/misc/crypt/crypt_hash_is_valid.obj \
-src/misc/crypt/crypt_ltc_mp_descriptor.obj src/misc/crypt/crypt_prng_descriptor.obj \
-src/misc/crypt/crypt_prng_is_valid.obj src/misc/crypt/crypt_register_cipher.obj \
-src/misc/crypt/crypt_register_hash.obj src/misc/crypt/crypt_register_prng.obj \
-src/misc/crypt/crypt_unregister_cipher.obj src/misc/crypt/crypt_unregister_hash.obj \
-src/misc/crypt/crypt_unregister_prng.obj src/misc/error_to_string.obj src/misc/pkcs5/pkcs_5_1.obj \
-src/misc/pkcs5/pkcs_5_2.obj src/misc/zeromem.obj src/misc/hkdf/hkdf.obj \
-src/modes/cbc/cbc_decrypt.obj src/modes/cbc/cbc_done.obj \
-src/modes/cbc/cbc_encrypt.obj src/modes/cbc/cbc_getiv.obj src/modes/cbc/cbc_setiv.obj \
-src/modes/cbc/cbc_start.obj src/modes/cfb/cfb_decrypt.obj src/modes/cfb/cfb_done.obj \
-src/modes/cfb/cfb_encrypt.obj src/modes/cfb/cfb_getiv.obj src/modes/cfb/cfb_setiv.obj \
-src/modes/cfb/cfb_start.obj src/modes/ctr/ctr_decrypt.obj src/modes/ctr/ctr_done.obj \
-src/modes/ctr/ctr_encrypt.obj src/modes/ctr/ctr_getiv.obj src/modes/ctr/ctr_setiv.obj \
-src/modes/ctr/ctr_start.obj src/modes/ctr/ctr_test.obj src/modes/ecb/ecb_decrypt.obj src/modes/ecb/ecb_done.obj \
-src/modes/ecb/ecb_encrypt.obj src/modes/ecb/ecb_start.obj src/modes/f8/f8_decrypt.obj src/modes/f8/f8_done.obj \
-src/modes/f8/f8_encrypt.obj src/modes/f8/f8_getiv.obj src/modes/f8/f8_setiv.obj src/modes/f8/f8_start.obj \
-src/modes/f8/f8_test_mode.obj src/modes/lrw/lrw_decrypt.obj src/modes/lrw/lrw_done.obj \
-src/modes/lrw/lrw_encrypt.obj src/modes/lrw/lrw_getiv.obj src/modes/lrw/lrw_process.obj \
-src/modes/lrw/lrw_setiv.obj src/modes/lrw/lrw_start.obj src/modes/lrw/lrw_test.obj \
-src/modes/ofb/ofb_decrypt.obj src/modes/ofb/ofb_done.obj src/modes/ofb/ofb_encrypt.obj \
-src/modes/ofb/ofb_getiv.obj src/modes/ofb/ofb_setiv.obj src/modes/ofb/ofb_start.obj \
-src/modes/xts/xts_decrypt.obj src/modes/xts/xts_done.obj src/modes/xts/xts_encrypt.obj \
-src/modes/xts/xts_init.obj src/modes/xts/xts_mult_x.obj src/modes/xts/xts_test.obj \
-src/pk/asn1/der/bit/der_decode_bit_string.obj src/pk/asn1/der/bit/der_encode_bit_string.obj \
-src/pk/asn1/der/bit/der_length_bit_string.obj src/pk/asn1/der/boolean/der_decode_boolean.obj \
-src/pk/asn1/der/boolean/der_encode_boolean.obj src/pk/asn1/der/boolean/der_length_boolean.obj \
-src/pk/asn1/der/choice/der_decode_choice.obj src/pk/asn1/der/ia5/der_decode_ia5_string.obj \
-src/pk/asn1/der/ia5/der_encode_ia5_string.obj src/pk/asn1/der/ia5/der_length_ia5_string.obj \
-src/pk/asn1/der/integer/der_decode_integer.obj src/pk/asn1/der/integer/der_encode_integer.obj \
-src/pk/asn1/der/integer/der_length_integer.obj \
+src/misc/base64/base64_encode.obj src/misc/burn_stack.obj src/misc/crypt/crypt.obj \
+src/misc/crypt/crypt_argchk.obj src/misc/crypt/crypt_cipher_descriptor.obj \
+src/misc/crypt/crypt_cipher_is_valid.obj src/misc/crypt/crypt_find_cipher.obj \
+src/misc/crypt/crypt_find_cipher_any.obj src/misc/crypt/crypt_find_cipher_id.obj \
+src/misc/crypt/crypt_find_hash.obj src/misc/crypt/crypt_find_hash_any.obj \
+src/misc/crypt/crypt_find_hash_id.obj src/misc/crypt/crypt_find_hash_oid.obj \
+src/misc/crypt/crypt_find_prng.obj src/misc/crypt/crypt_fsa.obj src/misc/crypt/crypt_hash_descriptor.obj \
+src/misc/crypt/crypt_hash_is_valid.obj src/misc/crypt/crypt_ltc_mp_descriptor.obj \
+src/misc/crypt/crypt_prng_descriptor.obj src/misc/crypt/crypt_prng_is_valid.obj \
+src/misc/crypt/crypt_register_cipher.obj src/misc/crypt/crypt_register_hash.obj \
+src/misc/crypt/crypt_register_prng.obj src/misc/crypt/crypt_unregister_cipher.obj \
+src/misc/crypt/crypt_unregister_hash.obj src/misc/crypt/crypt_unregister_prng.obj \
+src/misc/error_to_string.obj src/misc/hkdf/hkdf.obj src/misc/hkdf/hkdf_test.obj src/misc/pk_get_oid.obj \
+src/misc/pkcs5/pkcs_5_1.obj src/misc/pkcs5/pkcs_5_2.obj src/misc/zeromem.obj src/modes/cbc/cbc_decrypt.obj \
+src/modes/cbc/cbc_done.obj src/modes/cbc/cbc_encrypt.obj src/modes/cbc/cbc_getiv.obj \
+src/modes/cbc/cbc_setiv.obj src/modes/cbc/cbc_start.obj src/modes/cfb/cfb_decrypt.obj \
+src/modes/cfb/cfb_done.obj src/modes/cfb/cfb_encrypt.obj src/modes/cfb/cfb_getiv.obj \
+src/modes/cfb/cfb_setiv.obj src/modes/cfb/cfb_start.obj src/modes/ctr/ctr_decrypt.obj \
+src/modes/ctr/ctr_done.obj src/modes/ctr/ctr_encrypt.obj src/modes/ctr/ctr_getiv.obj \
+src/modes/ctr/ctr_setiv.obj src/modes/ctr/ctr_start.obj src/modes/ctr/ctr_test.obj \
+src/modes/ecb/ecb_decrypt.obj src/modes/ecb/ecb_done.obj src/modes/ecb/ecb_encrypt.obj \
+src/modes/ecb/ecb_start.obj src/modes/f8/f8_decrypt.obj src/modes/f8/f8_done.obj src/modes/f8/f8_encrypt.obj \
+src/modes/f8/f8_getiv.obj src/modes/f8/f8_setiv.obj src/modes/f8/f8_start.obj src/modes/f8/f8_test_mode.obj \
+src/modes/lrw/lrw_decrypt.obj src/modes/lrw/lrw_done.obj src/modes/lrw/lrw_encrypt.obj \
+src/modes/lrw/lrw_getiv.obj src/modes/lrw/lrw_process.obj src/modes/lrw/lrw_setiv.obj \
+src/modes/lrw/lrw_start.obj src/modes/lrw/lrw_test.obj src/modes/ofb/ofb_decrypt.obj src/modes/ofb/ofb_done.obj \
+src/modes/ofb/ofb_encrypt.obj src/modes/ofb/ofb_getiv.obj src/modes/ofb/ofb_setiv.obj \
+src/modes/ofb/ofb_start.obj src/modes/xts/xts_decrypt.obj src/modes/xts/xts_done.obj \
+src/modes/xts/xts_encrypt.obj src/modes/xts/xts_init.obj src/modes/xts/xts_mult_x.obj \
+src/modes/xts/xts_test.obj src/pk/asn1/der/bit/der_decode_bit_string.obj \
+src/pk/asn1/der/bit/der_decode_raw_bit_string.obj src/pk/asn1/der/bit/der_encode_bit_string.obj \
+src/pk/asn1/der/bit/der_encode_raw_bit_string.obj src/pk/asn1/der/bit/der_length_bit_string.obj \
+src/pk/asn1/der/boolean/der_decode_boolean.obj src/pk/asn1/der/boolean/der_encode_boolean.obj \
+src/pk/asn1/der/boolean/der_length_boolean.obj src/pk/asn1/der/choice/der_decode_choice.obj \
+src/pk/asn1/der/ia5/der_decode_ia5_string.obj src/pk/asn1/der/ia5/der_encode_ia5_string.obj \
+src/pk/asn1/der/ia5/der_length_ia5_string.obj src/pk/asn1/der/integer/der_decode_integer.obj \
+src/pk/asn1/der/integer/der_encode_integer.obj src/pk/asn1/der/integer/der_length_integer.obj \
 src/pk/asn1/der/object_identifier/der_decode_object_identifier.obj \
 src/pk/asn1/der/object_identifier/der_encode_object_identifier.obj \
 src/pk/asn1/der/object_identifier/der_length_object_identifier.obj \
 src/pk/asn1/der/octet/der_decode_octet_string.obj src/pk/asn1/der/octet/der_encode_octet_string.obj \
 src/pk/asn1/der/octet/der_length_octet_string.obj \
-src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
-src/pk/asn1/der/teletex_string/der_length_teletex_string.o \
 src/pk/asn1/der/printable_string/der_decode_printable_string.obj \
 src/pk/asn1/der/printable_string/der_encode_printable_string.obj \
 src/pk/asn1/der/printable_string/der_length_printable_string.obj \
 src/pk/asn1/der/sequence/der_decode_sequence_ex.obj \
 src/pk/asn1/der/sequence/der_decode_sequence_flexi.obj \
 src/pk/asn1/der/sequence/der_decode_sequence_multi.obj \
+src/pk/asn1/der/sequence/der_decode_subject_public_key_info.obj \
 src/pk/asn1/der/sequence/der_encode_sequence_ex.obj \
-src/pk/asn1/der/sequence/der_encode_sequence_multi.obj src/pk/asn1/der/sequence/der_length_sequence.obj \
-src/pk/asn1/der/sequence/der_sequence_free.obj src/pk/asn1/der/set/der_encode_set.obj \
-src/pk/asn1/der/set/der_encode_setof.obj src/pk/asn1/der/short_integer/der_decode_short_integer.obj \
+src/pk/asn1/der/sequence/der_encode_sequence_multi.obj \
+src/pk/asn1/der/sequence/der_encode_subject_public_key_info.obj \
+src/pk/asn1/der/sequence/der_length_sequence.obj src/pk/asn1/der/sequence/der_sequence_free.obj \
+src/pk/asn1/der/set/der_encode_set.obj src/pk/asn1/der/set/der_encode_setof.obj \
+src/pk/asn1/der/short_integer/der_decode_short_integer.obj \
 src/pk/asn1/der/short_integer/der_encode_short_integer.obj \
-src/pk/asn1/der/short_integer/der_length_short_integer.obj src/pk/asn1/der/utctime/der_decode_utctime.obj \
-src/pk/asn1/der/utctime/der_encode_utctime.obj src/pk/asn1/der/utctime/der_length_utctime.obj \
-src/pk/asn1/der/utf8/der_decode_utf8_string.obj src/pk/asn1/der/utf8/der_encode_utf8_string.obj \
-src/pk/asn1/der/utf8/der_length_utf8_string.obj src/pk/dsa/dsa_decrypt_key.obj \
-src/pk/dsa/dsa_encrypt_key.obj src/pk/dsa/dsa_export.obj src/pk/dsa/dsa_free.obj src/pk/dsa/dsa_import.obj \
-src/pk/dsa/dsa_make_key.obj src/pk/dsa/dsa_shared_secret.obj src/pk/dsa/dsa_sign_hash.obj \
-src/pk/dsa/dsa_verify_hash.obj src/pk/dsa/dsa_verify_key.obj src/pk/ecc/ecc_ansi_x963_export.obj \
-src/pk/ecc/ecc_ansi_x963_import.obj src/pk/ecc/ecc.obj src/pk/ecc/ecc_decrypt_key.obj \
+src/pk/asn1/der/short_integer/der_length_short_integer.obj \
+src/pk/asn1/der/teletex_string/der_decode_teletex_string.obj \
+src/pk/asn1/der/teletex_string/der_length_teletex_string.obj \
+src/pk/asn1/der/utctime/der_decode_utctime.obj src/pk/asn1/der/utctime/der_encode_utctime.obj \
+src/pk/asn1/der/utctime/der_length_utctime.obj src/pk/asn1/der/utf8/der_decode_utf8_string.obj \
+src/pk/asn1/der/utf8/der_encode_utf8_string.obj src/pk/asn1/der/utf8/der_length_utf8_string.obj \
+src/pk/dh/dh.obj src/pk/dsa/dsa_decrypt_key.obj src/pk/dsa/dsa_encrypt_key.obj src/pk/dsa/dsa_export.obj \
+src/pk/dsa/dsa_free.obj src/pk/dsa/dsa_import.obj src/pk/dsa/dsa_make_key.obj src/pk/dsa/dsa_shared_secret.obj \
+src/pk/dsa/dsa_sign_hash.obj src/pk/dsa/dsa_verify_hash.obj src/pk/dsa/dsa_verify_key.obj src/pk/ecc/ecc.obj \
+src/pk/ecc/ecc_ansi_x963_export.obj src/pk/ecc/ecc_ansi_x963_import.obj src/pk/ecc/ecc_decrypt_key.obj \
 src/pk/ecc/ecc_encrypt_key.obj src/pk/ecc/ecc_export.obj src/pk/ecc/ecc_free.obj src/pk/ecc/ecc_get_size.obj \
 src/pk/ecc/ecc_import.obj src/pk/ecc/ecc_make_key.obj src/pk/ecc/ecc_shared_secret.obj \
 src/pk/ecc/ecc_sign_hash.obj src/pk/ecc/ecc_sizes.obj src/pk/ecc/ecc_test.obj src/pk/ecc/ecc_verify_hash.obj \
@@ -118,11 +127,11 @@ src/pk/rsa/rsa_make_key.obj src/pk/rsa/rsa_sign_hash.obj src/pk/rsa/rsa_verify_h
 src/prngs/rc4.obj src/prngs/rng_get_bytes.obj src/prngs/rng_make_prng.obj src/prngs/sober128.obj \
 src/prngs/sprng.obj src/prngs/yarrow.obj 
 
-HEADERS=src/headers/tomcrypt_cfg.h src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h \
-src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cipher.h \
-src/headers/tomcrypt_pk.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_math.h \
-src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
-src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
+HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
+src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_custom.h.orig \
+src/headers/tomcrypt_hash.h src/headers/tomcrypt_hkdf.h src/headers/tomcrypt_mac.h \
+src/headers/tomcrypt_macros.h src/headers/tomcrypt_math.h src/headers/tomcrypt_misc.h \
+src/headers/tomcrypt_pk.h src/headers/tomcrypt_pkcs.h src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
 
 #END_INS
 
diff --git a/makefile.shared b/makefile.shared
index 2848c36..49de3b0 100644
--- a/makefile.shared
+++ b/makefile.shared
@@ -102,27 +102,32 @@ endif
 OBJECTS=src/ciphers/aes/aes_enc.o src/ciphers/aes/aes.o src/ciphers/anubis.o src/ciphers/blowfish.o \
 src/ciphers/camellia.o src/ciphers/cast5.o src/ciphers/des.o src/ciphers/kasumi.o src/ciphers/khazad.o \
 src/ciphers/kseed.o src/ciphers/multi2.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \
-src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/saferp.o src/ciphers/safer/safer_tab.o \
+src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/safer_tab.o src/ciphers/safer/saferp.o \
 src/ciphers/skipjack.o src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_memory.o \
 src/encauth/ccm/ccm_memory_ex.o src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o \
 src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
-src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_encrypt.o \
+src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
 src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \
 src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
 src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
 src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
 src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
-src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o \
-src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_encrypt.o \
-src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o src/encauth/ocb/ocb_shift_xor.o \
-src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o src/hashes/chc/chc.o \
-src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
-src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o src/hashes/md5.o \
-src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o src/hashes/sha1.o \
-src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o src/hashes/whirl/whirl.o \
-src/mac/f9/f9_done.o src/mac/f9/f9_file.o src/mac/f9/f9_init.o src/mac/f9/f9_memory.o \
-src/mac/f9/f9_memory_multi.o src/mac/f9/f9_process.o src/mac/f9/f9_test.o src/mac/hmac/hmac_done.o \
-src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
+src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
+src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
+src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
+src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \
+src/encauth/ocb3/ocb3_decrypt_verify_memory.o src/encauth/ocb3/ocb3_done.o \
+src/encauth/ocb3/ocb3_encrypt.o src/encauth/ocb3/ocb3_encrypt_authenticate_memory.o \
+src/encauth/ocb3/ocb3_encrypt_last.o src/encauth/ocb3/ocb3_init.o \
+src/encauth/ocb3/ocb3_int_aad_add_block.o src/encauth/ocb3/ocb3_int_calc_offset_zero.o \
+src/encauth/ocb3/ocb3_int_ntz.o src/encauth/ocb3/ocb3_int_xor_blocks.o src/encauth/ocb3/ocb3_test.o \
+src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \
+src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
+src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o \
+src/hashes/sha1.o src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \
+src/hashes/whirl/whirl.o src/mac/f9/f9_done.o src/mac/f9/f9_file.o src/mac/f9/f9_init.o \
+src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o src/mac/f9/f9_process.o src/mac/f9/f9_test.o \
+src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
 src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \
 src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
 src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \
@@ -134,68 +139,72 @@ src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \
 src/mac/xcbc/xcbc_memory_multi.o src/mac/xcbc/xcbc_process.o src/mac/xcbc/xcbc_test.o \
 src/math/fp/ltc_ecc_fp_mulmod.o src/math/gmp_desc.o src/math/ltm_desc.o src/math/multi.o \
 src/math/rand_prime.o src/math/tfm_desc.o src/misc/base64/base64_decode.o \
-src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt_argchk.o \
-src/misc/crypt/crypt.o src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
-src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher.o \
-src/misc/crypt/crypt_find_cipher_id.o src/misc/crypt/crypt_find_hash_any.o \
-src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_id.o \
-src/misc/crypt/crypt_find_hash_oid.o src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_fsa.o \
-src/misc/crypt/crypt_hash_descriptor.o src/misc/crypt/crypt_hash_is_valid.o \
-src/misc/crypt/crypt_ltc_mp_descriptor.o src/misc/crypt/crypt_prng_descriptor.o \
-src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_register_cipher.o \
-src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o \
-src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
-src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o src/misc/pkcs5/pkcs_5_1.o \
-src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o src/misc/hkdf/hkdf.o \
-src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o \
-src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o \
-src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o \
-src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o \
-src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o \
-src/modes/ctr/ctr_encrypt.o src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o \
-src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o \
-src/modes/ecb/ecb_encrypt.o src/modes/ecb/ecb_start.o src/modes/f8/f8_decrypt.o src/modes/f8/f8_done.o \
-src/modes/f8/f8_encrypt.o src/modes/f8/f8_getiv.o src/modes/f8/f8_setiv.o src/modes/f8/f8_start.o \
-src/modes/f8/f8_test_mode.o src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o \
-src/modes/lrw/lrw_encrypt.o src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o \
-src/modes/lrw/lrw_setiv.o src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o \
-src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o src/modes/ofb/ofb_encrypt.o \
-src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \
-src/modes/xts/xts_decrypt.o src/modes/xts/xts_done.o src/modes/xts/xts_encrypt.o \
-src/modes/xts/xts_init.o src/modes/xts/xts_mult_x.o src/modes/xts/xts_test.o \
-src/pk/asn1/der/bit/der_decode_bit_string.o src/pk/asn1/der/bit/der_encode_bit_string.o \
-src/pk/asn1/der/bit/der_length_bit_string.o src/pk/asn1/der/boolean/der_decode_boolean.o \
-src/pk/asn1/der/boolean/der_encode_boolean.o src/pk/asn1/der/boolean/der_length_boolean.o \
-src/pk/asn1/der/choice/der_decode_choice.o src/pk/asn1/der/ia5/der_decode_ia5_string.o \
-src/pk/asn1/der/ia5/der_encode_ia5_string.o src/pk/asn1/der/ia5/der_length_ia5_string.o \
-src/pk/asn1/der/integer/der_decode_integer.o src/pk/asn1/der/integer/der_encode_integer.o \
-src/pk/asn1/der/integer/der_length_integer.o \
+src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt.o \
+src/misc/crypt/crypt_argchk.o src/misc/crypt/crypt_cipher_descriptor.o \
+src/misc/crypt/crypt_cipher_is_valid.o src/misc/crypt/crypt_find_cipher.o \
+src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher_id.o \
+src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_any.o \
+src/misc/crypt/crypt_find_hash_id.o src/misc/crypt/crypt_find_hash_oid.o \
+src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_fsa.o src/misc/crypt/crypt_hash_descriptor.o \
+src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_ltc_mp_descriptor.o \
+src/misc/crypt/crypt_prng_descriptor.o src/misc/crypt/crypt_prng_is_valid.o \
+src/misc/crypt/crypt_register_cipher.o src/misc/crypt/crypt_register_hash.o \
+src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_unregister_cipher.o \
+src/misc/crypt/crypt_unregister_hash.o src/misc/crypt/crypt_unregister_prng.o \
+src/misc/error_to_string.o src/misc/hkdf/hkdf.o src/misc/hkdf/hkdf_test.o src/misc/pk_get_oid.o \
+src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o src/modes/cbc/cbc_decrypt.o \
+src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
+src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
+src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o \
+src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o \
+src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o src/modes/ctr/ctr_getiv.o \
+src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \
+src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
+src/modes/ecb/ecb_start.o src/modes/f8/f8_decrypt.o src/modes/f8/f8_done.o src/modes/f8/f8_encrypt.o \
+src/modes/f8/f8_getiv.o src/modes/f8/f8_setiv.o src/modes/f8/f8_start.o src/modes/f8/f8_test_mode.o \
+src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o src/modes/lrw/lrw_encrypt.o \
+src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o src/modes/lrw/lrw_setiv.o \
+src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
+src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
+src/modes/ofb/ofb_start.o src/modes/xts/xts_decrypt.o src/modes/xts/xts_done.o \
+src/modes/xts/xts_encrypt.o src/modes/xts/xts_init.o src/modes/xts/xts_mult_x.o \
+src/modes/xts/xts_test.o src/pk/asn1/der/bit/der_decode_bit_string.o \
+src/pk/asn1/der/bit/der_decode_raw_bit_string.o src/pk/asn1/der/bit/der_encode_bit_string.o \
+src/pk/asn1/der/bit/der_encode_raw_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \
+src/pk/asn1/der/boolean/der_decode_boolean.o src/pk/asn1/der/boolean/der_encode_boolean.o \
+src/pk/asn1/der/boolean/der_length_boolean.o src/pk/asn1/der/choice/der_decode_choice.o \
+src/pk/asn1/der/ia5/der_decode_ia5_string.o src/pk/asn1/der/ia5/der_encode_ia5_string.o \
+src/pk/asn1/der/ia5/der_length_ia5_string.o src/pk/asn1/der/integer/der_decode_integer.o \
+src/pk/asn1/der/integer/der_encode_integer.o src/pk/asn1/der/integer/der_length_integer.o \
 src/pk/asn1/der/object_identifier/der_decode_object_identifier.o \
 src/pk/asn1/der/object_identifier/der_encode_object_identifier.o \
 src/pk/asn1/der/object_identifier/der_length_object_identifier.o \
 src/pk/asn1/der/octet/der_decode_octet_string.o src/pk/asn1/der/octet/der_encode_octet_string.o \
 src/pk/asn1/der/octet/der_length_octet_string.o \
-src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
-src/pk/asn1/der/teletex_string/der_length_teletex_string.o \
 src/pk/asn1/der/printable_string/der_decode_printable_string.o \
 src/pk/asn1/der/printable_string/der_encode_printable_string.o \
 src/pk/asn1/der/printable_string/der_length_printable_string.o \
 src/pk/asn1/der/sequence/der_decode_sequence_ex.o \
 src/pk/asn1/der/sequence/der_decode_sequence_flexi.o \
 src/pk/asn1/der/sequence/der_decode_sequence_multi.o \
+src/pk/asn1/der/sequence/der_decode_subject_public_key_info.o \
 src/pk/asn1/der/sequence/der_encode_sequence_ex.o \
-src/pk/asn1/der/sequence/der_encode_sequence_multi.o src/pk/asn1/der/sequence/der_length_sequence.o \
-src/pk/asn1/der/sequence/der_sequence_free.o src/pk/asn1/der/set/der_encode_set.o \
-src/pk/asn1/der/set/der_encode_setof.o src/pk/asn1/der/short_integer/der_decode_short_integer.o \
+src/pk/asn1/der/sequence/der_encode_sequence_multi.o \
+src/pk/asn1/der/sequence/der_encode_subject_public_key_info.o \
+src/pk/asn1/der/sequence/der_length_sequence.o src/pk/asn1/der/sequence/der_sequence_free.o \
+src/pk/asn1/der/set/der_encode_set.o src/pk/asn1/der/set/der_encode_setof.o \
+src/pk/asn1/der/short_integer/der_decode_short_integer.o \
 src/pk/asn1/der/short_integer/der_encode_short_integer.o \
-src/pk/asn1/der/short_integer/der_length_short_integer.o src/pk/asn1/der/utctime/der_decode_utctime.o \
-src/pk/asn1/der/utctime/der_encode_utctime.o src/pk/asn1/der/utctime/der_length_utctime.o \
-src/pk/asn1/der/utf8/der_decode_utf8_string.o src/pk/asn1/der/utf8/der_encode_utf8_string.o \
-src/pk/asn1/der/utf8/der_length_utf8_string.o src/pk/dsa/dsa_decrypt_key.o \
-src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o \
-src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o \
-src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc_ansi_x963_export.o \
-src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc.o src/pk/ecc/ecc_decrypt_key.o \
+src/pk/asn1/der/short_integer/der_length_short_integer.o \
+src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
+src/pk/asn1/der/teletex_string/der_length_teletex_string.o \
+src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_utctime.o \
+src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \
+src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \
+src/pk/dh/dh.o src/pk/dsa/dsa_decrypt_key.o src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o \
+src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_shared_secret.o \
+src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o \
+src/pk/ecc/ecc_ansi_x963_export.o src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o \
 src/pk/ecc/ecc_encrypt_key.o src/pk/ecc/ecc_export.o src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_size.o \
 src/pk/ecc/ecc_import.o src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_shared_secret.o \
 src/pk/ecc/ecc_sign_hash.o src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o src/pk/ecc/ecc_verify_hash.o \
@@ -213,11 +222,11 @@ src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_verify_hash.
 src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
 src/prngs/sprng.o src/prngs/yarrow.o 
 
-HEADERS=src/headers/tomcrypt_cfg.h src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h \
-src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cipher.h \
-src/headers/tomcrypt_pk.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_math.h \
-src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
-src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
+HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
+src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_custom.h.orig \
+src/headers/tomcrypt_hash.h src/headers/tomcrypt_hkdf.h src/headers/tomcrypt_mac.h \
+src/headers/tomcrypt_macros.h src/headers/tomcrypt_math.h src/headers/tomcrypt_misc.h \
+src/headers/tomcrypt_pk.h src/headers/tomcrypt_pkcs.h src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
 
 #END_INS
 
diff --git a/makefile.unix b/makefile.unix
index 53882e2..bda4d7f 100644
--- a/makefile.unix
+++ b/makefile.unix
@@ -43,27 +43,32 @@ GROUP=wheel
 OBJECTS=src/ciphers/aes/aes_enc.o src/ciphers/aes/aes.o src/ciphers/anubis.o src/ciphers/blowfish.o \
 src/ciphers/camellia.o src/ciphers/cast5.o src/ciphers/des.o src/ciphers/kasumi.o src/ciphers/khazad.o \
 src/ciphers/kseed.o src/ciphers/multi2.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \
-src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/saferp.o src/ciphers/safer/safer_tab.o \
+src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/safer_tab.o src/ciphers/safer/saferp.o \
 src/ciphers/skipjack.o src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_memory.o \
 src/encauth/ccm/ccm_memory_ex.o src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o \
 src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
-src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_encrypt.o \
+src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
 src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \
 src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
 src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
 src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
 src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
-src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o \
-src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_encrypt.o \
-src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o src/encauth/ocb/ocb_shift_xor.o \
-src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o src/hashes/chc/chc.o \
-src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
-src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o src/hashes/md5.o \
-src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o src/hashes/sha1.o \
-src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o src/hashes/whirl/whirl.o \
-src/mac/f9/f9_done.o src/mac/f9/f9_file.o src/mac/f9/f9_init.o src/mac/f9/f9_memory.o \
-src/mac/f9/f9_memory_multi.o src/mac/f9/f9_process.o src/mac/f9/f9_test.o src/mac/hmac/hmac_done.o \
-src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
+src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
+src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
+src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
+src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \
+src/encauth/ocb3/ocb3_decrypt_verify_memory.o src/encauth/ocb3/ocb3_done.o \
+src/encauth/ocb3/ocb3_encrypt.o src/encauth/ocb3/ocb3_encrypt_authenticate_memory.o \
+src/encauth/ocb3/ocb3_encrypt_last.o src/encauth/ocb3/ocb3_init.o \
+src/encauth/ocb3/ocb3_int_aad_add_block.o src/encauth/ocb3/ocb3_int_calc_offset_zero.o \
+src/encauth/ocb3/ocb3_int_ntz.o src/encauth/ocb3/ocb3_int_xor_blocks.o src/encauth/ocb3/ocb3_test.o \
+src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \
+src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
+src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o \
+src/hashes/sha1.o src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \
+src/hashes/whirl/whirl.o src/mac/f9/f9_done.o src/mac/f9/f9_file.o src/mac/f9/f9_init.o \
+src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o src/mac/f9/f9_process.o src/mac/f9/f9_test.o \
+src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
 src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \
 src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
 src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \
@@ -75,68 +80,72 @@ src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \
 src/mac/xcbc/xcbc_memory_multi.o src/mac/xcbc/xcbc_process.o src/mac/xcbc/xcbc_test.o \
 src/math/fp/ltc_ecc_fp_mulmod.o src/math/gmp_desc.o src/math/ltm_desc.o src/math/multi.o \
 src/math/rand_prime.o src/math/tfm_desc.o src/misc/base64/base64_decode.o \
-src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt_argchk.o \
-src/misc/crypt/crypt.o src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
-src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher.o \
-src/misc/crypt/crypt_find_cipher_id.o src/misc/crypt/crypt_find_hash_any.o \
-src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_id.o \
-src/misc/crypt/crypt_find_hash_oid.o src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_fsa.o \
-src/misc/crypt/crypt_hash_descriptor.o src/misc/crypt/crypt_hash_is_valid.o \
-src/misc/crypt/crypt_ltc_mp_descriptor.o src/misc/crypt/crypt_prng_descriptor.o \
-src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_register_cipher.o \
-src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o \
-src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
-src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o src/misc/pkcs5/pkcs_5_1.o \
-src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o src/misc/hkdf/hkdf.o \
-src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o \
-src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o \
-src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o \
-src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o \
-src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o \
-src/modes/ctr/ctr_encrypt.o src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o \
-src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o \
-src/modes/ecb/ecb_encrypt.o src/modes/ecb/ecb_start.o src/modes/f8/f8_decrypt.o src/modes/f8/f8_done.o \
-src/modes/f8/f8_encrypt.o src/modes/f8/f8_getiv.o src/modes/f8/f8_setiv.o src/modes/f8/f8_start.o \
-src/modes/f8/f8_test_mode.o src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o \
-src/modes/lrw/lrw_encrypt.o src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o \
-src/modes/lrw/lrw_setiv.o src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o \
-src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o src/modes/ofb/ofb_encrypt.o \
-src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \
-src/modes/xts/xts_decrypt.o src/modes/xts/xts_done.o src/modes/xts/xts_encrypt.o \
-src/modes/xts/xts_init.o src/modes/xts/xts_mult_x.o src/modes/xts/xts_test.o \
-src/pk/asn1/der/bit/der_decode_bit_string.o src/pk/asn1/der/bit/der_encode_bit_string.o \
-src/pk/asn1/der/bit/der_length_bit_string.o src/pk/asn1/der/boolean/der_decode_boolean.o \
-src/pk/asn1/der/boolean/der_encode_boolean.o src/pk/asn1/der/boolean/der_length_boolean.o \
-src/pk/asn1/der/choice/der_decode_choice.o src/pk/asn1/der/ia5/der_decode_ia5_string.o \
-src/pk/asn1/der/ia5/der_encode_ia5_string.o src/pk/asn1/der/ia5/der_length_ia5_string.o \
-src/pk/asn1/der/integer/der_decode_integer.o src/pk/asn1/der/integer/der_encode_integer.o \
-src/pk/asn1/der/integer/der_length_integer.o \
+src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt.o \
+src/misc/crypt/crypt_argchk.o src/misc/crypt/crypt_cipher_descriptor.o \
+src/misc/crypt/crypt_cipher_is_valid.o src/misc/crypt/crypt_find_cipher.o \
+src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher_id.o \
+src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_any.o \
+src/misc/crypt/crypt_find_hash_id.o src/misc/crypt/crypt_find_hash_oid.o \
+src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_fsa.o src/misc/crypt/crypt_hash_descriptor.o \
+src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_ltc_mp_descriptor.o \
+src/misc/crypt/crypt_prng_descriptor.o src/misc/crypt/crypt_prng_is_valid.o \
+src/misc/crypt/crypt_register_cipher.o src/misc/crypt/crypt_register_hash.o \
+src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_unregister_cipher.o \
+src/misc/crypt/crypt_unregister_hash.o src/misc/crypt/crypt_unregister_prng.o \
+src/misc/error_to_string.o src/misc/hkdf/hkdf.o src/misc/hkdf/hkdf_test.o src/misc/pk_get_oid.o \
+src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o src/modes/cbc/cbc_decrypt.o \
+src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
+src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
+src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o \
+src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o \
+src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o src/modes/ctr/ctr_getiv.o \
+src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \
+src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
+src/modes/ecb/ecb_start.o src/modes/f8/f8_decrypt.o src/modes/f8/f8_done.o src/modes/f8/f8_encrypt.o \
+src/modes/f8/f8_getiv.o src/modes/f8/f8_setiv.o src/modes/f8/f8_start.o src/modes/f8/f8_test_mode.o \
+src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o src/modes/lrw/lrw_encrypt.o \
+src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o src/modes/lrw/lrw_setiv.o \
+src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
+src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
+src/modes/ofb/ofb_start.o src/modes/xts/xts_decrypt.o src/modes/xts/xts_done.o \
+src/modes/xts/xts_encrypt.o src/modes/xts/xts_init.o src/modes/xts/xts_mult_x.o \
+src/modes/xts/xts_test.o src/pk/asn1/der/bit/der_decode_bit_string.o \
+src/pk/asn1/der/bit/der_decode_raw_bit_string.o src/pk/asn1/der/bit/der_encode_bit_string.o \
+src/pk/asn1/der/bit/der_encode_raw_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \
+src/pk/asn1/der/boolean/der_decode_boolean.o src/pk/asn1/der/boolean/der_encode_boolean.o \
+src/pk/asn1/der/boolean/der_length_boolean.o src/pk/asn1/der/choice/der_decode_choice.o \
+src/pk/asn1/der/ia5/der_decode_ia5_string.o src/pk/asn1/der/ia5/der_encode_ia5_string.o \
+src/pk/asn1/der/ia5/der_length_ia5_string.o src/pk/asn1/der/integer/der_decode_integer.o \
+src/pk/asn1/der/integer/der_encode_integer.o src/pk/asn1/der/integer/der_length_integer.o \
 src/pk/asn1/der/object_identifier/der_decode_object_identifier.o \
 src/pk/asn1/der/object_identifier/der_encode_object_identifier.o \
 src/pk/asn1/der/object_identifier/der_length_object_identifier.o \
 src/pk/asn1/der/octet/der_decode_octet_string.o src/pk/asn1/der/octet/der_encode_octet_string.o \
 src/pk/asn1/der/octet/der_length_octet_string.o \
-src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
-src/pk/asn1/der/teletex_string/der_length_teletex_string.o \
 src/pk/asn1/der/printable_string/der_decode_printable_string.o \
 src/pk/asn1/der/printable_string/der_encode_printable_string.o \
 src/pk/asn1/der/printable_string/der_length_printable_string.o \
 src/pk/asn1/der/sequence/der_decode_sequence_ex.o \
 src/pk/asn1/der/sequence/der_decode_sequence_flexi.o \
 src/pk/asn1/der/sequence/der_decode_sequence_multi.o \
+src/pk/asn1/der/sequence/der_decode_subject_public_key_info.o \
 src/pk/asn1/der/sequence/der_encode_sequence_ex.o \
-src/pk/asn1/der/sequence/der_encode_sequence_multi.o src/pk/asn1/der/sequence/der_length_sequence.o \
-src/pk/asn1/der/sequence/der_sequence_free.o src/pk/asn1/der/set/der_encode_set.o \
-src/pk/asn1/der/set/der_encode_setof.o src/pk/asn1/der/short_integer/der_decode_short_integer.o \
+src/pk/asn1/der/sequence/der_encode_sequence_multi.o \
+src/pk/asn1/der/sequence/der_encode_subject_public_key_info.o \
+src/pk/asn1/der/sequence/der_length_sequence.o src/pk/asn1/der/sequence/der_sequence_free.o \
+src/pk/asn1/der/set/der_encode_set.o src/pk/asn1/der/set/der_encode_setof.o \
+src/pk/asn1/der/short_integer/der_decode_short_integer.o \
 src/pk/asn1/der/short_integer/der_encode_short_integer.o \
-src/pk/asn1/der/short_integer/der_length_short_integer.o src/pk/asn1/der/utctime/der_decode_utctime.o \
-src/pk/asn1/der/utctime/der_encode_utctime.o src/pk/asn1/der/utctime/der_length_utctime.o \
-src/pk/asn1/der/utf8/der_decode_utf8_string.o src/pk/asn1/der/utf8/der_encode_utf8_string.o \
-src/pk/asn1/der/utf8/der_length_utf8_string.o src/pk/dsa/dsa_decrypt_key.o \
-src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o \
-src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o \
-src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc_ansi_x963_export.o \
-src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc.o src/pk/ecc/ecc_decrypt_key.o \
+src/pk/asn1/der/short_integer/der_length_short_integer.o \
+src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
+src/pk/asn1/der/teletex_string/der_length_teletex_string.o \
+src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_utctime.o \
+src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \
+src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \
+src/pk/dh/dh.o src/pk/dsa/dsa_decrypt_key.o src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o \
+src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_shared_secret.o \
+src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o \
+src/pk/ecc/ecc_ansi_x963_export.o src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o \
 src/pk/ecc/ecc_encrypt_key.o src/pk/ecc/ecc_export.o src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_size.o \
 src/pk/ecc/ecc_import.o src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_shared_secret.o \
 src/pk/ecc/ecc_sign_hash.o src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o src/pk/ecc/ecc_verify_hash.o \
@@ -154,11 +163,11 @@ src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_verify_hash.
 src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
 src/prngs/sprng.o src/prngs/yarrow.o 
 
-HEADERS=src/headers/tomcrypt_cfg.h src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h \
-src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cipher.h \
-src/headers/tomcrypt_pk.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_math.h \
-src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
-src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
+HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
+src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_custom.h.orig \
+src/headers/tomcrypt_hash.h src/headers/tomcrypt_hkdf.h src/headers/tomcrypt_mac.h \
+src/headers/tomcrypt_macros.h src/headers/tomcrypt_math.h src/headers/tomcrypt_misc.h \
+src/headers/tomcrypt_pk.h src/headers/tomcrypt_pkcs.h src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
 
 #END_INS
 
diff --git a/notes/ocb3_tv.txt b/notes/ocb3_tv.txt
new file mode 100644
index 0000000..046f624
--- /dev/null
+++ b/notes/ocb3_tv.txt
@@ -0,0 +1,496 @@
+OCB3 Test Vectors.  Uses the 00010203...NN-1 pattern for nonce/plaintext/key.  The outputs
+are of the form ciphertext,tag for a given NN.  The key for step N>1 is the tag of the previous
+step repeated sufficiently.  The nonce is fixed throughout. AAD is fixed to 3 bytes (ASCII) 'AAD'.
+
+OCB-aes (16 byte key)
+  0: , CDE5AA0562BC4D474EFBB4120E4C5BFF
+  1: 9E, B60840CA7005A169C1240E3BFB401AB8
+  2: 75DF, C606FAD65B2CD087774CD0EB341AD265
+  3: 78309B, 26179C93AB865167FC583166E6AFD275
+  4: 0DA474F6, A55358F6EBF78F63C45AEFA5C63FAF17
+  5: 2BE7DEDEA2, 95E6590B2A19D85F25E4A76861F7CDB3
+  6: BE808ABA55FC, 6C9E74B2BA0D628834A2C2FD8AF9CF39
+  7: 7B20C2D42F94E5, 5B293A423119EF044A5E5E5E70FC87DD
+  8: B7CE5AFA00FC9843, D5AC1CF000137D8E0710DC63457E5F73
+  9: E8EF6A913D905BEAEC, A96A005A2A0F08BCEFA7169D69E347E2
+ 10: A15B41ED2FE26F90C0B7, D8453A7F07D90AA3E48BBE792DEFBC84
+ 11: 5CCED9699C5524623AEF4A, D7450C6465DF3AD2513B799521995821
+ 12: AE70D6492673FC870675AAE2, 697EB5B96673EB7FE48A07A1F2C1E957
+ 13: 23C3E43575A9D80938BE58D6F1, 2CAFDB3ADABFBE0EE48FB1DD31D67ABA
+ 14: 235E50ED798584EEB7CE7F31490F, C26DA5513F19D6C9345EEE2D9B24EE30
+ 15: 99BECD55D0CA96718E5F9DDDD127BF, E1A4FAF9F68CD80C997EB59FA8B6A38A
+ 16: 8EDDAE4DE1D32CA64D741A8D0371745C, 603603E91FB7EBA3F9247420C3AB36FD
+ 17: 52F17D54375D514A518EFA8A1081990846, 7B5C4EBB3B1AA523288770151550B97D
+ 18: EFC039545414A9D26B58934BBAE30D587082, FA4CFB8B873933154A24C58A1F469146
+ 19: E4756B6C55FE1973E4CD1ED5CD15AAC1FAEFD3, F32D28D2559EFF18B2F00F344DA975BA
+ 20: 8F47FC80A73ADDE004F69BCABFBAFAAC7EE38D50, D80913FBFAADF1C5C3FA8734C74DEBBD
+ 21: CBC47AE59B62F9A5AC8B1A0B27A54EA98DF1FEFE29, C34597A3E452216F9D8B53FB32E11B86
+ 22: FFECFCE641E2F16F656A47157248D39C78A928378831, E8D7ED60F3BD44DCD676F06C43BF18CF
+ 23: 8B4C8A02A2D2CA06691A29AB7E856C058946A404DFB78E, A8F44E1BDF86BDC4CC80BE55B2A8906D
+ 24: 97D0A8D76D8CEA8E378B66E94B498127997C60A9EB0E1D03, AFB2B208164DBE1408694BFE8E87A5B9
+ 25: 81BB7CC0A206760A631EF633BF5897B407BD27A20C28DE334A, ED82026689CD89BD4E777A74DAC791DB
+ 26: AB69BF543CB1E731CAEADA9C8F09AB81720D446BDA453AF87D1E, FC588E24304E8CB47ACDCF1AF111DA99
+ 27: C5FC023E000F16C42CE63AB26C3FA4FFD8373E4EEC97AB8EC0A9CB, 99598DBDE114FCFED0B5EC710A61B99A
+ 28: AA200F54FDDFEEF3AFA3447149F5996643E4E63ADD57339129F83BCD, 1C6645CC83112B031F156E9D191BE806
+ 29: 3E75A6B5DA18FE0F918094CDE11F0109BD206D68C570E4DCD7C0BA6E05, 669779DE7B8E1A657DE51C4FBD8FA8FA
+ 30: 79EA616591785C8EA654E90E819920E20A53CB420147527FA9D2F92B9835, CBC3557ECB9D850CA17ADB726EB020FF
+ 31: 35709AAA8B6C28254C1A75FE6CF13E7D90EDF1AEA677FB1057FB6C0ACCAB98, 491E0662C259D03C2E72A58736B6F709
+ 32: 59459AD454CCECF40D4FF30E748CD1BA17314C9EF158D223AE2A736ADF7E2397, 2C3240DDD2FA281A567D38C4FA598ECE
+
+OCB-blowfish (8 byte key)
+  0: , 33332FA5A79E3645
+  1: 38, 66779E3613C5540F
+  2: 3443, 48D3E25F4007A1E3
+  3: D1ED65, 486767AAD7B4DCCF
+  4: 6FC4D34A, 50706E35463CE200
+  5: 7F05718FCB, 4AFB55795A94172B
+  6: 9AAA6E72BC1B, E060FA18168A31FC
+  7: AE90EE07B41CBF, F47C611E9C02D095
+  8: D4D67E11C84600BF, 9DACA76000861745
+  9: C4DBBD53B65A321CC8, 9E5A12890282120C
+ 10: 74C14E2DE4BEC704CF1D, F1D432FBF8B17265
+ 11: A57514B6A91B733A1467C2, 6E54A6A9F56D8459
+ 12: 9CAB77627D8EFA9438451F3C, 4925FF74D2CDB33F
+ 13: 2E5BC3A020EC249DA94E8DB4E8, 30739AD56648C917
+ 14: 807B29C5AF9AF93906CFE876B081, 97901FE44444A99F
+ 15: 6BD70492F763A704CD5351E691BF07, 2459A0B9332CF14A
+ 16: 1F4919EB6CAD8D19B755157FD1A2E89A, F7EAE8DB5F5FA9B1
+
+OCB-xtea (16 byte key)
+  0: , 311A7010FB045BEE
+  1: F8, E65BD38F1C4E7BFF
+  2: 7AE4, 5B78197CE29D8FD4
+  3: 36A39F, 98FEA390BC03F915
+  4: 9AE3921C, 76F6EEBC194DEFE4
+  5: E925968C09, 105E0FBF3B664875
+  6: 537DE3B6AADF, B2C57709CEDBBA10
+  7: 4525D6927B4343, D83CB96C7ADA6241
+  8: 807A0E8382A91CE9, F6DF1EAA4929EEEE
+  9: 59C09E427C56CDF015, 885813D7F4D4CB40
+ 10: F785DAB910D186761A82, 46346AB52983186D
+ 11: F11CE4DAAEBCC204B318F2, 67E95CA14FB4FD3D
+ 12: 4A7FD586015561801115981F, 70DAC17D50DB4E5C
+ 13: CF03722B78DE7AE951B5E6442A, F40D80E40690378E
+ 14: B17224FE335A8CC17425D0AA3382, 2BEEC3D3828EA9E8
+ 15: 5B333EE0CC163F8C22E5E0747AE7F6, 29BCD90905505D05
+ 16: 7FC2C0D4E865D082174AE033E71DD3A9, E34E60A7D43F8EDB
+
+OCB-rc5 (8 byte key)
+  0: , 4287F61BB46382B2
+  1: B9, 753F79A4BB0CC986
+  2: 4FC1, 77132F07D73B20C4
+  3: F1009F, D0113ABB5CD465FB
+  4: D68B146D, 5CFA18D483741043
+  5: 3EE7237B8F, 0AAF3E6746AC93E4
+  6: D6C5D714B773, E1C3A97890A4B86B
+  7: CF1ABC07E56F1A, 96215C8CC5471BBF
+  8: 9783988AE164F9E1, 0680B375E3A0D562
+  9: 9ACCEC35CF126304F6, F74653152A177CE9
+ 10: D94C215F59ED195DDB5D, A5AD88DFFAA297F7
+ 11: 911BCE3E464282F3F67A3C, 561F90837B05F0EE
+ 12: 48F8A06D30CA2C53D2B7176C, 5BA9AEA8003B2DD7
+ 13: B66F45A34FFA2CE7086D63E1EB, 0C8D09F2F4C46C79
+ 14: 15EFFA2ED88EDBE91FBBAED12128, AFCD680C7DCDBE27
+ 15: 5B54DEDCB7D14FD48373C1B93CF084, 226A5920A2E712D9
+ 16: DDDACAEAE7BAB3029B1D841502F3F8F1, 98527F33CD759F1E
+
+OCB-rc6 (16 byte key)
+  0: , 3BB834902D39E5E91D89B0DC0DDF65EF
+  1: 2E, 9B9135C04DA988AD3D2A71B8330EA0C7
+  2: D7CC, A4D984EC457906AC76D633086DDA5FBB
+  3: 394491, 35413A2E1936F2C5347BC3F11DE5C5E6
+  4: CDB4E8BC, C92E3FB50FDA7292D8889CAF1239C669
+  5: E073807488, 293B4362693F5CB7F87B499B5DE802FB
+  6: C423B1D2250B, 4C1C672BF015B68FFC5496C1E4845038
+  7: 0A9221803183AC, CB7E94F239CDAFAA2E85C8F6F84D291C
+  8: B11DF4E8DFE0DDF5, 388330327A540AA342FCCE9DA8722974
+  9: 4F22BE632E97EAC40A, 52A80B5BABAD91063F005A90366F5D03
+ 10: C078544308477C436C1A, B71ECF0393B5EDAC6A6885E589B8495F
+ 11: 70D055E1DD32D2968F27E9, CC203EB94EA969ADA6AC66E38114AC15
+ 12: 444A3B67B3DFBEBF25CF1EB8, 0D46A4E88E25DE2B876B53D6221BC155
+ 13: 82DFFC0FF3AA208EAEC9AFFC95, 90EB11D825B92AF732659F5E3A57AB3F
+ 14: AED1A39332ECFF633DB4DD4F53D4, BB14AB91B3CCE190F780BA05D94B4FF1
+ 15: E98CDF3BAA07AF91F30D984D1B31D0, B74AA68488959CEB0434D0DF258E6206
+ 16: C6EA56068EC393603313926A54E79808, 8D7EC011133F2E419AE27DB99265BB51
+ 17: F28D6DC79AC812B4E14925AABC7A18800B, F125CFFDA992F6336D88E3D6CD5DC739
+ 18: 419AB005309458BF84572AF5EED46DC0D90F, B0A5A2D13EC928BF3DD2434079A20528
+ 19: 64D64C8F3ECDF0DD43B6BEFA045FAE72D79D0D, 9FB86FB186B57602E609F08E76FDD8D0
+ 20: A8EFCDA63D38273404E91241C40992A82DB63F23, AF116B5369C3B6C5A8709252537DDDDA
+ 21: 39A5A5EF3CD91B27138BBB784CBE027B57A81603DE, ECDF09F22FB185D110F6997C891F8569
+ 22: 464381184976612C15D1589DC1AAC2C922D69F3FFD31, C18416F51FA8502C06AAEABDBE5AB22E
+ 23: 21F0118E17188E09D5E5C6E53DB97BA2585A122FECD6E9, DD7B583A17B07967917D7603D453301C
+ 24: 109AE231C1810250AB181BB094099D4B21B08B948A9F7934, BA3BD871DCEC2A0D75C1B54F3C5AE870
+ 25: 080BA8AAFB8056A102BFB37864FF0533278F2AB3A23D42F719, 4566DED8A3B4E9CA441B87EC18BD5E4A
+ 26: B7531B5B0E7401491248451B6833F738F4700B9F7FA13C262125, 9F6B4E956A338907E34BB91EFA5D2A26
+ 27: 7473E5550DB57A75C1E63859580DBB7E0E4704E4360EF4AA0FB3DF, 0E1C543C18F93E853143C8B21CDF6327
+ 28: 8D8CB57288A98D1A3CC315045DDAE1388C90F6C6EBD9704E91F9657A, 9FF33BCB85A5AE936244B7C24C2F7909
+ 29: D4951C16BE95E67C9FA9579465AB44187C1777B0C4050D3878FA82B7A9, C9F3EF7588B041DF17E5333EB397D015
+ 30: E28CAEB88F590D3D7D0FB6F7DD7EAA88C091D67B72E67B297E280F048C68, CB855FF11691C31A423A88525F7941EC
+ 31: A043763CAB64783E8637382E5DCA023356DC8FC02F7A9F314B448DC7C2A4AA, D35E089232C405B0928A99149555C406
+ 32: DB2F18A11D7726DC6EFAFFDB160846968EDE06A251E03CB92ACE0F435E6DD698, 7FBF8E2F2047216C0062B6B070FC39C5
+
+OCB-safer+ (16 byte key)
+  0: , 818F824701DF2D6F384E39A6B33C8C7B
+  1: BD, D1BA735E4601B977CEE4C846DF801030
+  2: 97E3, 4ACAA433A1F4BE2459D8FB5A46C83D97
+  3: 54A32B, 837526FBF9334EEE32444898D72A6FAF
+  4: 550BF0B6, 66993BCE9CEEBB0E42E734EE72F71F6A
+  5: B9DBB41DDA, 5BF83E90030911DEC1F706A0CA3EAEF8
+  6: CFFF407F7559, C3F9471E5B38384FB1882D4B0FCD4164
+  7: 27AACCF405075B, 16E59258A2639EBB74A622FE58B10D50
+  8: 6E0E5FCE730A1E0F, 74F51050BAC882A782DD1D66A83367AA
+  9: F4A70127DDD496C035, BD93EAFFD5A2C36A354950DC3548925F
+ 10: D6C82811BF1493C3065E, 9252733A1C829D9328E810D8E1A68AC2
+ 11: 6AC43EB973A878E80ADF13, 9EE33A4F9F9FE039A7BC0B3395AABC24
+ 12: E54F88B6A05961399FD4A842, 11354D65DB61A2F42683E3ABE65C1518
+ 13: 2771576E1EC6533061395C206C, 1BC2281E33BB360A7EB488A87FD3422A
+ 14: 59FACB5C29A24EA7B2ACFF73C3D5, 1D1E65A92DCE815BFC61C067F919C9D5
+ 15: CEB8B9CD33CBB8638BB3AA463DCAFC, 4B6307B67D62F0C9C2A17407E6A6D37C
+ 16: 1E9BF87DB8A50018945D20F1711939E8, D21689B5C7AA20421E1B0543C44CDBF8
+ 17: CF466CFF02460FDFEDDD55D32E7B81F7DE, 34853E04F800B867FD81101337396B5C
+ 18: 7825EC997E35D69B7807EF09520FE262D9ED, 0C56E50B01DDB6F79C0796F644566365
+ 19: 0DE8DC870E440E81E884FBD240F135C0C51904, BFA98A06FC10F61ACA04A3EB83F4E4C9
+ 20: D7B6238F58DFA34AFB01F7E863A6239A643EF85D, 72D58FFFCB8EDD2B212E384499556655
+ 21: 0C39A6472C20069C81B86D017C29996D332A7934B6, 00200B481BD27D3E7F3B5A93B01E8CD8
+ 22: AFD445996544CADF9DB1095A8ABD1B85139C49ECE807, AFA537A91C7B5B461285C1916587C5BC
+ 23: F5971CA871AC2AD43E5FD3B7F135F8F114E1CB8475CE3F, D2AEEFCC904BCC19BF1746D4F4C12B2F
+ 24: 0E501E14E1D90A21882A39AD8BF30415A5A19F45F930C9B4, 994BEFD4A19281466D6DA15A136AE7B3
+ 25: 91DE86170B63B8A3429DE5A9686CC7033A76ABAACD196E1AC6, 1D19585EB7F4215499C3E5E95E6D9B3B
+ 26: C32E3723685B361A29A931AEA09029A3ADF4DB5E6FE03ABA1374, B7E237316BE981CF1BB7EA2C0AAB4FE2
+ 27: A7C3BEA3BB8590EA4533EE86CF6A98F555E4C75C31648F7539FBA2, 4FED5804515A9C83A1CD7E0FF18EA714
+ 28: 4B801BE2237D8E46B2989A4CB914929B9DED959F14DB78006ED1BEC5, 6A8315F87E69535EA157E1F7C46772F6
+ 29: 868A2EB898BD7AF43846C7792BD0C30BAF0B278796BD8CF74BC5BF0BC2, 600A8C9D4DAA2907DA94F0F6C5ECE1F2
+ 30: 8F9C5C2BF2C5BFB33535E5A7793D18341B9B6D5A788765196068843B0E49, 6EDC9F4E8BD16E030E6F63ECBAC407B6
+ 31: 626D32D56088410B8B0E106ABCFB6B80A3F51C68A6FA648C45B93B5FA79A1B, A1C9660396698CDE92C48E5C79C95FB4
+ 32: 23735C7C0AE0FF5FCAC7D16377090DCA9FD0E679248E04EAC56752BD0AA790F3, 7C8EE978EEF3E9BC9F5E18902CADFA94
+
+OCB-twofish (16 byte key)
+  0: , 594164A8DAEA1C847BCD04E06EB69AA1
+  1: 82, D86AD044B55DC09DC6302700B728C9F2
+  2: CAC8, 910C748DABA8A3CEE24C888295E15BF7
+  3: AA0A64, CDF692384CB4A1F2B9355F7DA2CF6D82
+  4: 8558D35A, 4F542602753901709C33D1B3FDFBDBFD
+  5: E3AE8A5EDE, 8196572296F1D18D5AAAE6EB7B3DE383
+  6: E602A86B84F4, 2F6FE22A3A5506BA8FABA92CF153B53D
+  7: D9FDAC7CFC1C7F, 735A47BA7F9F8242AF59B65555A89D8E
+  8: D1ECDD40593FC01A, E98A3D894F217A645C5576EABBD0DEAE
+  9: 0A085D49B094924621, B50611A43EEBA79B129A4A7CDE1D6933
+ 10: D28C9B15530A73167396, AE4BDA212228FF92044359A8BD49FDCF
+ 11: 4ACC04003B2DB52BF6AC9E, 14436E44AEAD95DB04151409AE0554E9
+ 12: DF4A0500653E45E0C9B0955B, 5D1F14392C117752D25C608B88D27FE4
+ 13: 779E1F3875A3DD5957585119CE, 09CA0CE358A026F4A0587AACA17D6483
+ 14: CFFC6F342044C9FE27A77DE2F08C, 86E1A306D08BF4DBF1E9C0B8109F542F
+ 15: F512032FCE7598AF164F8BDC979F4C, D9923D9B1434A1C7E8A705B28EFFFF44
+ 16: 8F81FCF56B506E0848C49D252053F86B, 1DF7C9EE369191347758689A06E725F7
+ 17: BFF875AE91FD5334B7BF7C0A589F86A27C, DF7FE649DFE3101D3EF0FA54D89D33FE
+ 18: 4659BEA017C75E61588021CF8937D7C2C6A5, CFCD5D0F8122361909138E92B6C03134
+ 19: 9484B68F9F02BEF42A8E861435026112C5CFF0, 3FC907A83E8DA1AF5FFCB2691FADAEB1
+ 20: E13ABD911540BABA4F7F86A40DACD095C0DA2A3B, 2553A726A8E320D4A42B670933304075
+ 21: 2F412FC9B166B8F4069245324946E9D2C70BC893DD, 2E434FE6C1C71F390BA463263EB49EB3
+ 22: 1B4FC8CFC047959880F22A36ABB1E825260EDFEBE84D, 455666419750CF6012659EB68EA93706
+ 23: 86DE014441AE5E868C335AC480A227507304F416AA1DB0, 4861EB2C1860B5FE68FD844C93F957D7
+ 24: 98DB0F92C96A6A4A76FD8388852E30EE9D4B397DD36DCA23, A6A5136EF28DD468B8C9BA27D0423E08
+ 25: 012701CDF2BC3F72A6DDBFA8ABE102D44531AB30693F3C92D9, 7A0AF791A2AA53FFA3C17867B9B39FB9
+ 26: 3B6A8D60F5A580EC5676D3F656E98BFDF4A3F1C38F63B51A0A0B, 74CF48B317AB5966856CD1F84C1C53A5
+ 27: B5DA5A540BD8C1FE05DF994A780E8FC54D0C84F9979515E4EF60B6, C1CB0C8D114C218D4C7650BB9F2F9732
+ 28: AFD1259572B60A5ED77B8CDF9E8C31CFDA25FFAD45A6CDD614F83500, BF4F4E01D34B69F7460361C0B653137A
+ 29: 1CDF78F6CF70428A19C87EFC9F2A861AB35CB03638003F701C57F5A108, B005D9CB01E35A08329ED34EEDB51C2B
+ 30: 97A60FD030DCFB8E8DA4FAC24682C8A7901168504E6D494431EDC44BD2EB, 9958A0B0908DD27D3377268EDDFF8196
+ 31: AD36ED716E5C956BC6766EA376E18EC1456258DF590E3425235493ECBAE133, F31D35D8D6E24C90E47C12E35F300826
+ 32: EFABA1D19F94A4C288E3EF8353A919F06EC1AFD2ED802C82BA6806F26B93B581, D599015BC0A240AB62E85D3284E111BC
+
+OCB-safer-k64 (8 byte key)
+  0: , ADC114C0D077300D
+  1: A9, F24A07BC00CAAA0C
+  2: 75A7, DAD101DA4CB6D700
+  3: 0EFFA0, 9A098D97F685CE48
+  4: 16438C72, 739EE029D575F395
+  5: 303FABFBF8, 00C4C2494022E52C
+  6: B1209255BE6C, D068FBF0EA49BAEB
+  7: F784608D57ED05, F3395D67FFDAD746
+  8: 7AF185590214412E, DC524433F8A75A16
+  9: 44FE566F96CF0B8A37, 71846BF7025901E7
+ 10: 1618A09FAC353DDB5685, BBDA87FF67B5DF14
+ 11: 7F1907238DFBD66679FC63, 48F1009DD129B0B7
+ 12: 40B3AD0A9C2B65670C0FD968, BA95C8A250D6EC75
+ 13: A64662338728218AE4A9D387D9, DF0079004B48083E
+ 14: CBDCDB3E912682AD5990ECCA0453, 102A70C169347128
+ 15: 3A924FAFAAE941784360E30D0757AC, 16B8BED72BEC1950
+ 16: FB1E63659F958EA320BD015599A3551F, 5AFE10D792095AFD
+
+OCB-safer-sk64 (8 byte key)
+  0: , 52BD1FFF50351BCE
+  1: F7, 4274F3D1A0CF5BA1
+  2: 28B3, 4BD97A9EBA18E5FA
+  3: 1EA215, B6D28CD00E7B1098
+  4: 93129898, 7A9F3FF172C91AE5
+  5: 36BC2888B7, E6A37037F50199F7
+  6: 1A24F1C9D32D, 3A0472F6372EDDE9
+  7: 1A799D9CE0C2CD, E3BFF559234C265D
+  8: 1C43DDAA18FC9A97, 851499FD6C0313C5
+  9: 08AD38225230BDE500, 5B9558370016257E
+ 10: 3E00DA672753F931226B, 47901E285CA2AD82
+ 11: 892F0D4C2302EDEC2C3587, 1D4C71FB290104E9
+ 12: 124E7EBE7D643EB6B2426644, 0DA9ECE397151EFB
+ 13: AB1BFEA636E3E4189677433CAF, FEF2E8389207857D
+ 14: 79A206C4B23DBBD7422432A32093, 04FE9BD236AAAEB2
+ 15: D8997D69B89058F0AE974A241DB76F, F395D15E6F18E555
+ 16: CE7B2A79A46AB5F0FC5B55A0F751245F, D6E1523F75489CC9
+
+OCB-safer-k128 (16 byte key)
+  0: , 233F1509E202E728
+  1: E5, 47D8BEBAF965745E
+  2: 754D, 290AF209DF1FAACB
+  3: 76EE38, 2B2077CD08A9F56A
+  4: 54B277EF, 8498AE1104DB117F
+  5: 549B360B06, 8B6B990840CFD666
+  6: 4687E79DAD45, A72CC518980419E2
+  7: 00A89236339443, 1BD4A6F472218B05
+  8: 2898F27243B4DC08, B0CF6DE09DF4F6EB
+  9: C0FD319C9AD18A842F, AD6526380D323480
+ 10: BC924B95E3CA0EF2EF51, 262F667D40D4EDE5
+ 11: 0255999B9317DE741F3C73, C148B4E3C0D7D6E3
+ 12: F4DAAE53F04D5E977CD98015, BB254770D37F80CB
+ 13: ADE0774EE8F303A96FA110DE09, 9547EEFE854DD99C
+ 14: 0824C8FF6D62C849A8EAEFD06B4C, 613B264BDCD0DF4D
+ 15: 6C69F69F3F4A28798E141003E7A9DD, 1BBB5B912118AE95
+ 16: 4727E3139B38396F294CC2D532BE5FA5, CE8039B0BF3D7247
+
+OCB-safer-sk128 (16 byte key)
+  0: , 6B06914D0E070584
+  1: 33, 6E16F49996CED793
+  2: 2C9D, 9001E62BEB613A8F
+  3: BA9381, 791EE199D5BFD651
+  4: F7A81D0C, D128ACC4FAB2941E
+  5: 66D1DC880E, 08D3EB7D405F26E0
+  6: 90F8FCEC0067, 23CD39807B169E1F
+  7: 7D559F904AC0E3, A9C685E5657F4A34
+  8: F317A68CAE96032A, 9654658AF84528E0
+  9: 3FC34820F421D931B9, B480CAE6B6D61FFF
+ 10: 173ADC60BCCBCFB18966, 1392B2FBB86EA6EE
+ 11: E1EDC19C2E4AE5A20668EC, 17A2A7FB18440B50
+ 12: 0F346BDD0C5F1685B281493C, 8169618CFBBC84A6
+ 13: 74597EA4DB09F6A38565316AA0, 192F1B3F863B20BD
+ 14: E5470A157BB18E7456A79C5E40AC, F49954A039514F1E
+ 15: F055944B9C518AE9D44AB407C32F35, 0A45830C1175B3A0
+ 16: DADA8AEBF57928C9D13EABC840B335A4, 67AE540EAC0129DA
+
+OCB-rc2 (8 byte key)
+  0: , CB28E7BD706EFF65
+  1: C8, 7E3F5A176F71601E
+  2: B632, C91680B7A52A3DFC
+  3: 41435E, A97F1A5EDA202127
+  4: 81BC4015, CDE53BAE0F178F51
+  5: 97628A29F6, 5CFD18FF1112E76F
+  6: 6218ED3F0875, 10F80C337AC529B0
+  7: 797E08DE799E97, A3E5BB262953E00F
+  8: 5ECFED1D31A7207E, 559893E2748E3982
+  9: 91BB1BDF184D3733E7, 9EC128ADD1B550DD
+ 10: B31DC920C7EEE1F29E72, F37AE3B755C95181
+ 11: 9061478D7846AE093557D6, 9515937DAD0C3859
+ 12: 56918DD08F7D60502FDD9CB5, 24B6903992B8107A
+ 13: 3F1D1C1F745EAB05459B2DB86E, B4475B5A5ACB91E5
+ 14: E00B385EC963602982A0BBDC3182, CA06E1DD1CB9637C
+ 15: 40BB2FBC9DD133E3958D5073DF9FF9, 2E5ECB03309630F4
+ 16: 0AEE1927D6439C8BFCE6984DEEF2E6E9, 398561F898EE36E5
+
+OCB-des (8 byte key)
+  0: , E5E4D924A3DDA7CE
+  1: BA, 2AEDAEF9CA1A9C7B
+  2: 0F37, A8FF952EBCB5C27C
+  3: 2AAC55, 9D7CD4AEEDAEFBC3
+  4: 9D1A16A0, 5064135780E6BFC9
+  5: E1B26204F1, 1F1D5449C214F528
+  6: 6A0D8B244E3E, 78DAD555E2977E74
+  7: 08CAA94D23DE55, A1A1B7972E3B5413
+  8: C1EAB716F806D038, 906CD254EAD1F9D2
+  9: F4E8F83B0B48250236, 12D96AD38BF22277
+ 10: 4FACF4CA8F9D9C1CB61D, 6448284C9D8A6B38
+ 11: 8AAD13A87B869AF1FD5CBB, 5C44F3C0642313B4
+ 12: E50E78A36CF3AAD27A962F82, B796C10A692F72E4
+ 13: CBB785CDA5263F8B45915942FA, D7D18C57408D00C8
+ 14: 39EDAA0F16DF4BE3E1F4CC9B93F5, 5A78D4D529E658A2
+ 15: 1D8B9D2A0779F31AF61A172E563E21, DD9D78D160903970
+ 16: 4F5AFE126EA161ED8EDFA6AD9640B9DC, BE20EEFB088C1BC2
+
+OCB-3des (24 byte key)
+  0: , 30D1F1D526BCDE16
+  1: CA, 737A0D73F465DEC6
+  2: CB98, 3F772C5AC706F24F
+  3: 0C764C, BC80B99A6ED9FBF5
+  4: 01525168, 6DE48387E0F56E2F
+  5: D7463F67FA, 90018E688367A3E7
+  6: BF3DD0750CFE, 6E1965C24DA3E913
+  7: 8EFCACB99A8D0A, 0727B907696F8FAD
+  8: F8E92EF758BA48CB, F863DC4B8E73339C
+  9: 5E9DA0FBDDCD0DD3EF, BE6482A44DC7E537
+ 10: 5A5466EA4BB3CAE7B020, FBED57DA0D91AF2F
+ 11: 78F1B76EDAE923B875E1A0, B6C4FEB194193A65
+ 12: 5CA677153C30E14C457807BA, 7F0FCE7505AF14D4
+ 13: E748CE1E7F9FFAB9C9983D16E2, 01D3ABECE0DEA2A2
+ 14: CAD89FC73FE93E17D2AB4D8B36E8, D682B9F5F39513C0
+ 15: D3B5BDDE86E988628357B3EC622357, 12180A98DBEA8D4B
+ 16: C9962CDA2141ECF9F8E5178307E526F7, 105CF6D040987D93
+
+OCB-cast5 (8 byte key)
+  0: , 53EB91E57923FE43
+  1: 53, AC15D2C444C5E407
+  2: F3B4, 448E3405E97FF5F4
+  3: EA2BF7, 23A7798222027AFC
+  4: 2EE3166D, 0BA3E584C8B6C7C7
+  5: 3A8EFA1923, 088B5F14925C1054
+  6: D4C03D32CCBA, 7A19BF98BBE14AF3
+  7: A2CD3D4233DAB8, C44AEB4C39572364
+  8: A0EB1F16AA4E2F82, FB7CC3CB4EC595C0
+  9: DD3A71458B8DAD91CE, 1565FF64BCC0094B
+ 10: 399948E91E4EE7D2E0CC, 03BA85E452E52DE8
+ 11: 8B589B04321BC35F591499, 14E0DBB700E7BE85
+ 12: D2C1A33EBE900EFB656797C8, 13498FF76B676EED
+ 13: 534C1BA008EC89D2AF43B21725, EEE64FC92802CCEF
+ 14: 5368EB18C2157B667D098B8580BE, AF8BCAAC5AFDB0B8
+ 15: 6BD7F55DE1A4718A6B3B6EA4D43031, 1C6BEAC4FE0D480E
+ 16: FA1E5410E622051400CAD151211916A7, 3EC52677421255D2
+
+OCB-noekeon (16 byte key)
+  0: , 7F0EEED1FD7FFECEE2CAC95477884E58
+  1: 74, 97B25EB4C8A4A01BD8F4F4CA2AC26B13
+  2: 20FF, B6D315A991297456529355CBAB74B231
+  3: 8FD23D, 6DEC092FBEA42213EE4B795E52A91484
+  4: 868F9D8B, 7A4E1EFD87F0A4D82571E025DC8976DA
+  5: EF59D700F0, A7D7A4CA5AEAA4F193C4CC7A6A311C86
+  6: BCD16ED4DE78, 8C661423A4EBE84AA863BC62894D2FDE
+  7: D1996ECF096D77, C99D7F79307F08986E151F44A9B3409E
+  8: 88BADF7ED86D024C, A39E95FDE8C15D3F0B4D439A3E9512CA
+  9: 2DB1F66EC64B3A3309, B85B0530B581FF599F04E285B0DBD562
+ 10: 6627C3586AB1A43777AA, DCD0B6E4749D0D983B777947B2E7DF94
+ 11: D47B10151EA15496D68D0A, 5462DBDB94D194DB01D03CB5719799C4
+ 12: D997EF4B4782C959D7FEF298, 00E39632CE89CBF5892D8A55BABD66CD
+ 13: C3684D24C78AF4542E088949D3, 302FD96F20FA01F841DF8E3FF634EA65
+ 14: C0FF61350FFC8FA4CEA857E69770, 1EA083FEEA89B019044A56176D47A209
+ 15: 35896DB08FA2B837AE7F73F563F1A5, 5A1DCAA52F051A78552AE4BECDEB5EBD
+ 16: C44C28E2EF2B145B57030B5D403300AD, 615F4D3C2342397C323D91BFB6F35537
+ 17: 925BFCFD598EE2167823204E531C09D744, 769A60612D34E0D76C65812E437B366B
+ 18: 56FF27AF89F9A438EDA0F00D83C864A58C90, 4122513495F866E7A154FFBB49ADE999
+ 19: BB9C0633EB07E5053E3BD64B7ADC2D15C497B9, 42074FDF7C3D5919769C3168FC0DA9B7
+ 20: E77E666D6B6C206274E8AA6BC21E615399B10B60, 15DE064D9EF7F61518FBC130AFD27633
+ 21: 26835663DB363A54E5B5DF6C080579E007A3936979, F4D635FE378D957143EF215FEFF1964F
+ 22: 20F33C26AA97C924FAA320D147703A2E44A0CD2DE9D0, 8BF2C8D6A46F938146FD964C272315C4
+ 23: ED3EB5440B984DD5DD81136AA7BFF25A51329EEF01FE59, 7A07644AFD20B4AEE7612A8B365CBBFF
+ 24: 51086917EFC1EAF5DF11811573ACB5977FCF090E2A287223, EAC6812D7218A315D6859BB7A71899B9
+ 25: ABFB3BA3588D0B04ECFAC7A43B8801C5C309AEE607E5EDBE24, AFCC1659F0D6CA1B9FA37ADC5B13E6C3
+ 26: 77381C4A7E18FF7FD5F3ED5710B924C7935A9CDC0B8EA761FD68, CBC15B38DCB4549514F49650EA47E4F4
+ 27: 91AD26366BDC121CC316BCFF1C73B97D73F4D267F1501967C9724C, 9D4A729FB78ED0A38E741FC380D62323
+ 28: E3B7762DEECAA467384D25304A8C20887C3424230D84DA976F6C3316, CC2C5112C9208CFE165DB913FCB8A331
+ 29: 7AE2A23472737F9587065CC5254DD64074C6C8D64E7E6198927FA30788, 9F4542664F18DBD85286D59EE8E33D7F
+ 30: 67AFAD81B4283C81131D0C7E411872D937A6D657D780FA23D62624B62154, 6B2DBA7CDC032A51D9FBAE63EACA43B7
+ 31: 1424442606ECB6ABCA1CDA3CF492357AB7EB828537A9B8E1057644663CBB03, 4B4A8B2C2BEEE927161080570B7E7A8E
+ 32: A26EA76C18D7145F8569335458BA0919A7E70BB9EBF328D2C22D07B2CFA6B38E, 0AA05190DA1D44EADC609CED2368737A
+
+OCB-skipjack (10 byte key)
+  0: , 509609FAF6B2A760
+  1: 1C, D19D4AD11B65B435
+  2: 328A, 252CB779130397D6
+  3: 6DA4D8, D67C555D873050DB
+  4: 31D7BF8B, C92EF449E99E4689
+  5: AE263BC571, 4D840A59C00B4462
+  6: D3BFDC4AB208, A28415ACC9B0110A
+  7: A5B72B226A5DDD, B414058C98FD853B
+  8: CAA29B280DDD3C15, 4D26BF4D0C89E38E
+  9: 5254ABED0835B8EB8D, 606061B9A2E80198
+ 10: 2EF661B59DD3F2EF31EF, 9185BD6F1AB894B1
+ 11: 65124843D1E57AF3F68BD8, 8B3D629B42A7083E
+ 12: EEB3427A492FEA461196E2FD, 5B02BB30264C4773
+ 13: BDF601AE59455530E8CD5D4733, 42CCC4F51CDD9AD1
+ 14: 8563FEEB2847AEA38D940953882C, E233C6110A0E77F8
+ 15: 766A8BD4C655ECC0589BD0A3EE65A5, 1374E4A3F96D13F8
+ 16: 85BB8A319C9FAC34E3FD694727747DE3, ED65F930AE6DE12A
+
+OCB-anubis (16 byte key)
+  0: , E8D6A3FB8D3E664DA78571CA8BFCB95B
+  1: EA, 03E38265C85DE60108B7098A51B5E341
+  2: 670D, EEC6A709FD9A74551467CE9F330D9032
+  3: 42A726, 1E45B0C7F9B143FE17904412B8F88DA0
+  4: 7AA61A9D, A89163D9B707F3B83082BDCA2CC00712
+  5: C3D7E3EB14, 0DE7F3A68788E854603CEF766A25B63C
+  6: A160A9CCE0C9, 6DC1504CD1368E83BDBC113EB95DD895
+  7: 18415CDBFB78CF, EF372363366B5868AC287F1B43CCD739
+  8: E40D6DD638AA2C9C, CB3B89CAA74ADAD76CD6ACC7C2CEF3B1
+  9: 7AEA37ABB7582721D6, E01A28646610DEB22E7539CBB6696BF4
+ 10: 03F16C187F6DEB996299, 74F6018D51DE37D77A30021583F07658
+ 11: 9E080BBD30A520A3B47AC5, 0457907DA3AD8467B3F0CA41B82E584F
+ 12: E673042F50FD247F04734C59, C7917428BCC7D932DE373CB03954A7C7
+ 13: 0A0F2CFB5D4F3F7EAD1B0E3C57, 2717CAA7A3AEE7873969971F884E70FB
+ 14: 8DD2128500F515F917862726FCB8, 3313A88FA208776F305F1BB344748E85
+ 15: 625D855CFA0097B136B47E41AB21A8, 8B7FB512341B339AAA45F9345B16B66C
+ 16: 6DC9BF9F13D8ACED3C07DFE183C4C21D, 1E8B9686F5D564448AE06B5C6408D2BF
+ 17: 6193393E9CE9087EF765574FEFCBD599BA, A2C14ED8BDDFDC988AF9CF2C71CF6277
+ 18: 3F06E79CEB0FF301A0C6D8076D4241F549E5, E1838748BF36D2D37D477B89E7327338
+ 19: 15963F7AD2C5DA43D46523880E0329F70527ED, 6471F1CFAB79ED06BDCFEBDF0AD3C98B
+ 20: 3632F3B578836AFC8B9456DEBD853564602AEFD5, 4FE167E3AF7AC854D02758F68DBFFD08
+ 21: 576EBD9F85575741C7FB50AB8DC1C9E8762FEAB590, ACB4386F6EA5F1C30C10C1D032A32CF7
+ 22: 8DE26C7278A29F8721EBA3B66FC8900242EC213C047E, 46F25D10117CBCDDC5FB2CE2044342E9
+ 23: EC5781849EF2B46A02F9624CD225A4FED1E6F876B10437, 014680D2681AA27B55EADF71E198B091
+ 24: C7FE74EAC6C697C2878132D127541BC4CCFF6C6EE0AF9926, 9BB9C5AFC2321FE0B771C99B1A4CF273
+ 25: 232091C00F1CF16D2A7D05A403412A13A0070491370E86DD53, 5F7AB245670B2D2FF8B70B520ABC4070
+ 26: 6D3A0812C0EDF89E4A9EADE407C4E7CBCB068F0BD8463B67B0D9, 96E638BD35F910653098D36EE011A8E1
+ 27: BCC775956A49BF8914E37A59D32DB49D334B40133ED0D72692D7D3, 4F9B0FBEEF6DDD17A7D30392E2B14C77
+ 28: BFA70C11B18D1E9E74A2C91C967E5F0F9B5A43001ECF7C8F286DFFAE, 0D71543408255921DE67189D999D2A18
+ 29: 4FDCE50EF26DCB4106A81554B2F97166C6D9A018E340FDE9E2B7FD350E, 6A73C694FA85CB83272C0EA856B83E0B
+ 30: D0C9F3D92BADF1A874DD47B1926B509191AF06D720D4C05F4BB6F314D6DC, 2F54556E01233BE6B309FBD11D2B9289
+ 31: CB9F54B5936B90530B68A11A50CA4568AC2423A137066AAE38C2C5420DCBAB, 58277F655B1F71939B61E49200E8DC3B
+ 32: 08015545AC92A9F77C8B1ABB42CF3EF2C48C5A1E40C5F0980684A21D8E03F445, 54FA9E6195A3ECE7AF469FC179C36739
+
+OCB-khazad (16 byte key)
+  0: , 2D528A56D24DA0B1
+  1: DD, 195FF8AA3642FCBF
+  2: 8081, F96BF0542DBABB49
+  3: A3BDB4, 53B2301ADA9F2471
+  4: B65B1104, BC470E5528C50AA0
+  5: E3020368BE, 36911628972321F4
+  6: F6D17AFCA3E8, 2BBA5E3BEA80D17F
+  7: CBF398ECFCA361, D79987D6D0751DC8
+  8: D625BD23AC106E16, 91CEEEE861A07568
+  9: E28B40E0D810AB8B28, EC2AB51CB46F101C
+ 10: A831B14C2E0F1C583F5E, 17AB8A4B822A4D9C
+ 11: 1CA32A525BA0A8A141E852, 7E2A30A9FE7BCA18
+ 12: 9B7F20DBEE7E7735FE7BB8A0, E881254902FFB81A
+ 13: DEA8DB05EEBD550B9A36B5043C, F7DE10A41ED5450E
+ 14: B6681197883BCC1EF3F880D15CC8, 7CC43F7E2D10C161
+ 15: B5F13633767C37E2A5BE44B95AC80D, C66A029513179FAF
+ 16: BBAB31F93B165465FE5E2133810E46C2, 146A3AA6A6A68E2A
+
+OCB-camellia (16 byte key)
+  0: , 3F877FAB2796D87C990AE311F952ABD1
+  1: 00, DD1FC339F770744F39B1A41A3A82CAEA
+  2: 2676, D350A1789213678BDCF07F1C42856456
+  3: F2BF5D, 012AD9BAA22496920EAC7ED7747C261E
+  4: 7C421EA6, 1187E883BE6BD6D6A67F175B187F276C
+  5: E709524F55, 36B849B052B8C5BA55AD9526333C0FF2
+  6: F49A3BEDA44C, CBCDE03DD9C5EBC7591329C5023F4F7C
+  7: 6BC6BA030C3E8A, 726E39A65F92ED22728ED4351DEECCFA
+  8: EBFCF5FED85EEACC, 5E390FA62857DAC97225368029263E00
+  9: 3DD92B177D039DF76F, 224D361D1A7D660485A9B3FD11DE370A
+ 10: C90774C14A42828E7EDB, E6A48823F8F004EE5A178C37B87BA06A
+ 11: 39089E93DC6E76B827B701, C2AAC46E4D1DE7F319B1E2592F9A29B9
+ 12: 0C0C8ED5B3DD2C0A67606172, 2EA84EE1736B4F6F0C0A133C345B328E
+ 13: AF6770413CDF0DCE68F447F76D, AB462C2F2524940FAB9A57A17FA2783B
+ 14: C210E4CBBB5FD339B3FF90A722BD, 05A92BEFBFFEDA7F5FEB9BBC6E7BC363
+ 15: 90FC04748C52CAA59BF6C92FF11F1B, 991C959C9E3B58D783120FAFF45C29E6
+ 16: AB86F4DC4EDD4556F168A98249235F02, 92585560E23DFCF81B8551AA94135BB2
+ 17: A160C9534C3E2185013F6D5D76E0218E7D, 9A3CDDFB67DB71D8E5BC4BE4D8EFDC4B
+ 18: C08635F10D090C6A5DF4DC43DD9B58D50EC5, CC8A076D653B3FBC2AE34A8A0FF42609
+ 19: 24C18B9EED5029BFAE91D440608BE46F9798AA, 9A56608D45081C2E5A8C9CC163A307DE
+ 20: 5946CFA51DD90646F09CE74F96D4603CFB20B7A2, 1CD0CE9985AC99F2600B5D762BF46EC0
+ 21: 08D8BB0667DC8106E365D7D685392DB987EFA5D3DF, C969DB2859DB494DDD57E9F93CF2C279
+ 22: 4AF8331829032CD8BCFEF44CFB2DBC8F0931E055B7A2, 623C86EC7059B580124530CA201740F0
+ 23: 45A7C23FD71657BEDA626937C187038D9E1872FBE029D8, 32E954062276603C2F588852C6A17B6F
+ 24: 2EACBAD372A281A6AC79D6A13EF4D8F5FB0AA15224C7DBEF, 059A4622EB369FFD2A50565351202907
+ 25: 405576484E48609F1BB950DEBE5F3915660A80E632E033DB4C, CAEAAB99D713B860F29E03AF719B5FC6
+ 26: CC701CFF33D7CD69D6E9C20E15FC629B5375A3C9F8A9CCBB194A, B5F1CCD9E6C6DA25766CC11FFF313040
+ 27: 1FD00A679D2F29518B5663A10CEBB83975C1D3183FD9F9617BBCB8, 03FCE87FFFEE68464DBCF9181280C0EB
+ 28: B92D0C160F1A13504B55D9969CF9A51A3F0DFCB4911F7A4712D0E8FC, 8B858E49BFEE49A17F2D7E9A83CF2143
+ 29: 5EC88A34A42C155A1F59947BBFD90B3FC8699EC8294EDEBEA75D8416CE, 1B8A62889CDCFAAB60FE80D8E9B764CE
+ 30: 1A2D76510AA8AEC8ADCC71458E13592DDEC46CB2C92D551CDF4DA3C190F4, AD08510F3F1A2CBC608634D6431BECD5
+ 31: 19ECDC6B7F8EC795F9E6D7E0E02F410228F9EBDA404BF3D998F99D938D3009, 58AF4CAFE7DDE4E99EC617D3A2AE600D
+ 32: 6FCB93EBC43D6EE05E3EF20109328DFABE6D9D814BFCB7180AE36BBA1B96ECC8, 36032D6860317FF56E7033DCD8161FDC
+
diff --git a/src/encauth/ocb/ocb_init.c b/src/encauth/ocb/ocb_init.c
index 604ae0e..22b2f46 100644
--- a/src/encauth/ocb/ocb_init.c
+++ b/src/encauth/ocb/ocb_init.c
@@ -60,11 +60,15 @@ int ocb_init(ocb_state *ocb, int cipher,
 
    /* determine which polys to use */
    ocb->block_len = cipher_descriptor[cipher].block_length;
-   for (poly = 0; poly < (int)(sizeof(polys)/sizeof(polys[0])); poly++) {
+   x = (int)(sizeof(polys)/sizeof(polys[0]));
+   for (poly = 0; poly < x; poly++) {
        if (polys[poly].len == ocb->block_len) { 
           break;
        }
    }
+   if (poly == x) {
+      return CRYPT_INVALID_ARG; /* block_len not found in polys */
+   }
    if (polys[poly].len != ocb->block_len) {
       return CRYPT_INVALID_ARG;
    }   
diff --git a/src/encauth/ocb3/ocb3_add_aad.c b/src/encauth/ocb3/ocb3_add_aad.c
new file mode 100644
index 0000000..4608670
--- /dev/null
+++ b/src/encauth/ocb3/ocb3_add_aad.c
@@ -0,0 +1,81 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+/**
+   @file ocb3_add_aad.c
+   OCB implementation, add AAD data, by Karel Miko
+*/
+#include "tomcrypt.h"
+
+#ifdef LTC_OCB3_MODE
+
+/**
+   Add AAD - additional associated data
+   @param ocb       The OCB state
+   @param aad       The AAD data
+   @param aadlen    The size of AAD data (octets)
+   @return CRYPT_OK if successful
+*/
+int ocb3_add_aad(ocb3_state *ocb, const unsigned char *aad, unsigned long aadlen)
+{
+   int err, x, full_blocks, full_blocks_len, last_block_len;
+   unsigned char *data;
+   unsigned long datalen, l;
+
+   LTC_ARGCHK(ocb    != NULL);
+   LTC_ARGCHK(aad    != NULL);
+
+   if (aadlen == 0) return CRYPT_OK;
+
+   if (ocb->adata_buffer_bytes > 0) {
+     l = ocb->block_len - ocb->adata_buffer_bytes;
+     if (l > aadlen) l = aadlen;
+     XMEMCPY(ocb->adata_buffer+ocb->adata_buffer_bytes, aad, l);
+     ocb->adata_buffer_bytes += l;
+
+     if (ocb->adata_buffer_bytes == ocb->block_len) {
+       if ((err = ocb3_int_aad_add_block(ocb, ocb->adata_buffer)) != CRYPT_OK) {
+         return err;
+       }
+       ocb->adata_buffer_bytes = 0;
+     }
+
+     data = (unsigned char *)aad + l;
+     datalen = aadlen - l;
+   }
+   else {
+     data = (unsigned char *)aad;
+     datalen = aadlen;
+   }
+
+   if (datalen <= 0) return CRYPT_OK;
+
+   full_blocks = datalen/ocb->block_len;
+   full_blocks_len = full_blocks * ocb->block_len;
+   last_block_len = datalen - full_blocks_len;
+
+   for (x=0; x<full_blocks; x++) {
+     if ((err = ocb3_int_aad_add_block(ocb, data+x*ocb->block_len)) != CRYPT_OK) {
+       return err;
+     }
+   }
+
+   if (last_block_len>0) {
+     XMEMCPY(ocb->adata_buffer, data+full_blocks_len, last_block_len);
+     ocb->adata_buffer_bytes = last_block_len;
+   }
+
+   return CRYPT_OK;
+}
+
+#endif
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */
diff --git a/src/encauth/ocb3/ocb3_decrypt.c b/src/encauth/ocb3/ocb3_decrypt.c
new file mode 100644
index 0000000..24d6ad1
--- /dev/null
+++ b/src/encauth/ocb3/ocb3_decrypt.c
@@ -0,0 +1,86 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
+ */
+
+/**
+   @file ocb3_decrypt.c
+   OCB implementation, decrypt data, by Tom St Denis
+*/
+#include "tomcrypt.h"
+
+#ifdef LTC_OCB3_MODE
+
+/**
+   Decrypt blocks of ciphertext with OCB
+   @param ocb     The OCB state
+   @param ct      The ciphertext (length multiple of the block size of the block cipher)
+   @param ctlen   The length of the input (octets)
+   @param pt      [out] The plaintext (length of ct)
+   @return CRYPT_OK if successful
+*/
+int ocb3_decrypt(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt)
+{
+   unsigned char tmp[MAXBLOCKSIZE];
+   int err, i, full_blocks;
+   unsigned char *pt_b, *ct_b;
+
+   LTC_ARGCHK(ocb != NULL);
+   LTC_ARGCHK(pt  != NULL);
+   LTC_ARGCHK(ct  != NULL);
+   if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
+      return err;
+   }
+   if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length) {
+      return CRYPT_INVALID_ARG;
+   }
+
+   if (ctlen % ocb->block_len) { /* ctlen has to bu multiple of block_len */
+      return CRYPT_INVALID_ARG;
+   }
+
+   full_blocks = ctlen/ocb->block_len;
+   for(i=0; i<full_blocks; i++) {
+     pt_b = (unsigned char *)pt+i*ocb->block_len;
+     ct_b = (unsigned char *)ct+i*ocb->block_len;
+
+     /* ocb->Offset_current[] = ocb->Offset_current[] ^ Offset_{ntz(block_index)} */
+     ocb3_int_xor_blocks(ocb->Offset_current, ocb->Offset_current, ocb->L_[ocb3_int_ntz(ocb->block_index)], ocb->block_len);
+
+     /* tmp[] = ct[] XOR ocb->Offset_current[] */
+     ocb3_int_xor_blocks(tmp, ct_b, ocb->Offset_current, ocb->block_len);
+
+     /* decrypt */
+     if ((err = cipher_descriptor[ocb->cipher].ecb_decrypt(tmp, tmp, &ocb->key)) != CRYPT_OK) {
+        goto LBL_ERR;
+     }
+
+     /* pt[] = tmp[] XOR ocb->Offset_current[] */
+     ocb3_int_xor_blocks(pt_b, tmp, ocb->Offset_current, ocb->block_len);
+
+     /* ocb->checksum[] = ocb->checksum[] XOR pt[] */
+     ocb3_int_xor_blocks(ocb->checksum, ocb->checksum, pt_b, ocb->block_len);
+
+     ocb->block_index++;
+   }
+
+   err = CRYPT_OK;
+
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
+   zeromem(tmp, sizeof(tmp));
+#endif
+   return err;
+}
+
+#endif
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */
diff --git a/src/encauth/ocb3/ocb3_decrypt_last.c b/src/encauth/ocb3/ocb3_decrypt_last.c
new file mode 100644
index 0000000..a932d53
--- /dev/null
+++ b/src/encauth/ocb3/ocb3_decrypt_last.c
@@ -0,0 +1,105 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+/**
+   @file ocb3_decrypt_last.c
+   OCB implementation, internal helper, by Karel Miko
+*/
+#include "tomcrypt.h"
+
+#ifdef LTC_OCB3_MODE
+
+/**
+   Finish an OCB (decryption) stream
+   @param ocb    The OCB state
+   @param ct     The remaining ciphertext
+   @param ctlen  The length of the ciphertext (octets)
+   @param pt     [out] The output buffer
+   @return CRYPT_OK if successful
+*/
+int ocb3_decrypt_last(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt)
+{
+   unsigned char iOffset_star[MAXBLOCKSIZE];
+   unsigned char iPad[MAXBLOCKSIZE];
+   int err, x, full_blocks, full_blocks_len, last_block_len;
+
+   LTC_ARGCHK(ocb != NULL);
+   LTC_ARGCHK(ct  != NULL);
+   if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
+      goto LBL_ERR;
+   }
+
+   full_blocks = ctlen/ocb->block_len;
+   full_blocks_len = full_blocks * ocb->block_len;
+   last_block_len = ctlen - full_blocks_len;
+
+   /* process full blocks first */
+   if (full_blocks>0) {
+     if ((err = ocb3_decrypt(ocb, ct, full_blocks_len, pt)) != CRYPT_OK) {
+       goto LBL_ERR;
+     }
+   }
+
+   if (last_block_len>0) {
+     /* Offset_* = Offset_m xor L_* */
+     ocb3_int_xor_blocks(iOffset_star, ocb->Offset_current, ocb->L_star, ocb->block_len);
+
+     /* Pad = ENCIPHER(K, Offset_*) */
+     if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(iOffset_star, iPad, &ocb->key)) != CRYPT_OK) {
+       goto LBL_ERR;
+     }
+
+     /* P_* = C_* xor Pad[1..bitlen(C_*)] */
+     ocb3_int_xor_blocks(pt+full_blocks_len, (unsigned char *)ct+full_blocks_len, iPad, last_block_len);
+
+     /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */
+     ocb3_int_xor_blocks(ocb->checksum, ocb->checksum, pt+full_blocks_len, last_block_len);
+     for(x=last_block_len; x<ocb->block_len; x++) {
+       if (x == last_block_len)
+         ocb->checksum[x] ^= 0x80;
+       else
+         ocb->checksum[x] ^= 0x00;
+     }
+
+     /* Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) */
+     /* at this point we calculate only: Tag_part = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) */
+     for(x=0; x<ocb->block_len; x++) {
+       ocb->tag_part[x] = (ocb->checksum[x] ^ iOffset_star[x]) ^ ocb->L_dollar[x];
+     }
+     if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->tag_part, ocb->tag_part, &ocb->key)) != CRYPT_OK) {
+       goto LBL_ERR;
+     }
+   }
+   else {
+     /* Tag = ENCIPHER(K, Checksum_m xor Offset_m xor L_$) xor HASH(K,A) */
+     /* at this point we calculate only: Tag_part = ENCIPHER(K, Checksum_m xor Offset_m xor L_$) */
+     for(x=0; x<ocb->block_len; x++) {
+       ocb->tag_part[x] = (ocb->checksum[x] ^ ocb->Offset_current[x]) ^ ocb->L_dollar[x];
+     }
+     if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->tag_part, ocb->tag_part, &ocb->key)) != CRYPT_OK) {
+       goto LBL_ERR;
+     }
+   }
+
+   err = CRYPT_OK;
+
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
+   zeromem(iOffset_star, MAXBLOCKSIZE);
+   zeromem(iPad, MAXBLOCKSIZE);
+#endif
+
+   return err;
+}
+
+#endif
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */
diff --git a/src/encauth/ocb3/ocb3_decrypt_verify_memory.c b/src/encauth/ocb3/ocb3_decrypt_verify_memory.c
new file mode 100644
index 0000000..ce8fe9c
--- /dev/null
+++ b/src/encauth/ocb3/ocb3_decrypt_verify_memory.c
@@ -0,0 +1,112 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
+ */
+
+/**
+  @file ocb3_decrypt_verify_memory.c
+  OCB implementation, helper to decrypt block of memory, by Tom St Denis
+*/
+#include "tomcrypt.h"
+
+#ifdef LTC_OCB3_MODE
+
+/**
+   Decrypt and compare the tag with OCB
+   @param cipher     The index of the cipher desired
+   @param key        The secret key
+   @param keylen     The length of the secret key (octets)
+   @param nonce      The session nonce (length of the block size of the block cipher)
+   @param noncelen   The length of the nonce (octets)
+   @param adata      The AAD - additional associated data
+   @param adatalen   The length of AAD (octets)
+   @param ct         The ciphertext
+   @param ctlen      The length of the ciphertext (octets)
+   @param pt         [out] The plaintext
+   @param tag        The tag to compare against
+   @param taglen     The length of the tag (octets)
+   @param stat       [out] The result of the tag comparison (1==valid, 0==invalid)
+   @return CRYPT_OK if successful regardless of the tag comparison
+*/
+int ocb3_decrypt_verify_memory(int cipher,
+    const unsigned char *key,    unsigned long keylen,
+    const unsigned char *nonce,  unsigned long noncelen,
+    const unsigned char *adata,  unsigned long adatalen,
+    const unsigned char *ct,     unsigned long ctlen,
+          unsigned char *pt,
+    const unsigned char *tag,    unsigned long taglen,
+          int           *stat)
+{
+   int            err;
+   ocb3_state     *ocb;
+   unsigned char *buf;
+   unsigned long  buflen;
+
+   LTC_ARGCHK(key    != NULL);
+   LTC_ARGCHK(nonce  != NULL);
+   LTC_ARGCHK(pt     != NULL);
+   LTC_ARGCHK(ct     != NULL);
+   LTC_ARGCHK(tag    != NULL);
+   LTC_ARGCHK(stat    != NULL);
+
+   /* default to zero */
+   *stat = 0;
+
+   /* allocate memory */
+   buf = XMALLOC(taglen);
+   ocb = XMALLOC(sizeof(ocb3_state));
+   if (ocb == NULL || buf == NULL) {
+      if (ocb != NULL) {
+         XFREE(ocb);
+      }
+      if (buf != NULL) {
+         XFREE(buf);
+      }
+      return CRYPT_MEM;
+   }
+
+   if ((err = ocb3_init(ocb, cipher, key, keylen, nonce, noncelen)) != CRYPT_OK) {
+      goto LBL_ERR;
+   }
+
+   if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) {
+      goto LBL_ERR;
+   }
+
+   if ((err = ocb3_decrypt_last(ocb, ct, ctlen, pt)) != CRYPT_OK) {
+      goto LBL_ERR;
+   }
+
+   buflen = taglen;
+   if ((err = ocb3_done(ocb, buf, &buflen)) != CRYPT_OK) {
+      goto LBL_ERR;
+   }
+
+   /* compare tags */
+   if (buflen >= taglen && XMEMCMP(buf, tag, taglen) == 0) {
+      *stat = 1;
+   }
+
+   err = CRYPT_OK;
+
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
+   zeromem(ocb, sizeof(ocb3_state));
+#endif
+
+   XFREE(ocb);
+   XFREE(buf);
+   return err;
+}
+
+#endif
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */
diff --git a/src/encauth/ocb3/ocb3_done.c b/src/encauth/ocb3/ocb3_done.c
new file mode 100644
index 0000000..4102d9c
--- /dev/null
+++ b/src/encauth/ocb3/ocb3_done.c
@@ -0,0 +1,92 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
+ */
+
+/**
+   @file ocb3_done.c
+   OCB implementation, INTERNAL ONLY helper, by Tom St Denis
+*/
+#include "tomcrypt.h"
+
+#ifdef LTC_OCB3_MODE
+
+/**
+   Finish OCB processing and compute the tag
+   @param ocb     The OCB state
+   @param tag     [out] The destination for the authentication tag
+   @param taglen  [in/out] The max size and resulting size of the authentication tag
+   @return CRYPT_OK if successful
+*/
+int ocb3_done(ocb3_state *ocb, unsigned char *tag, unsigned long *taglen)
+{
+   unsigned char tmp[MAXBLOCKSIZE];
+   int err, x;
+
+   LTC_ARGCHK(ocb    != NULL);
+   LTC_ARGCHK(tag    != NULL);
+   LTC_ARGCHK(taglen != NULL);
+   if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
+      goto LBL_ERR;
+   }
+
+   /* finalize AAD processing */
+
+   if (ocb->adata_buffer_bytes>0) {
+     /* Offset_* = Offset_m xor L_* */
+     ocb3_int_xor_blocks(ocb->aOffset_current, ocb->aOffset_current, ocb->L_star, ocb->block_len);
+
+     /* CipherInput = (A_* || 1 || zeros(127-bitlen(A_*))) xor Offset_* */
+     ocb3_int_xor_blocks(tmp, ocb->adata_buffer, ocb->aOffset_current, ocb->adata_buffer_bytes);
+     for(x=ocb->adata_buffer_bytes; x<ocb->block_len; x++) {
+       if (x == ocb->adata_buffer_bytes) {
+         tmp[x] = 0x80 ^ ocb->aOffset_current[x];
+       }
+       else {
+         tmp[x] = 0x00 ^ ocb->aOffset_current[x];
+       }
+     }
+
+     /* Sum = Sum_m xor ENCIPHER(K, CipherInput) */
+     if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(tmp, tmp, &ocb->key)) != CRYPT_OK) {
+       goto LBL_ERR;
+     }
+     ocb3_int_xor_blocks(ocb->aSum_current, ocb->aSum_current, tmp, ocb->block_len);
+   }
+
+   /* finalize TAG computing */
+
+   /* at this point ocb->aSum_current = HASH(K, A) */
+   /* tag = tag ^ HASH(K, A) */
+   ocb3_int_xor_blocks(tmp, ocb->tag_part, ocb->aSum_current, ocb->block_len);
+
+   /* fix taglen if needed */
+   if ((int)*taglen > ocb->block_len) {
+     *taglen = (unsigned long)ocb->block_len;
+   }
+
+   /* copy tag bytes */
+   for(x=0; x<(int)*taglen; x++) tag[x] = tmp[x];
+
+   err = CRYPT_OK;
+
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
+   zeromem(tmp, MAXBLOCKSIZE);
+   zeromem(ocb, sizeof(*ocb));
+#endif
+
+   return err;
+}
+
+#endif
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */
diff --git a/src/encauth/ocb3/ocb3_encrypt.c b/src/encauth/ocb3/ocb3_encrypt.c
new file mode 100644
index 0000000..1450478
--- /dev/null
+++ b/src/encauth/ocb3/ocb3_encrypt.c
@@ -0,0 +1,86 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
+ */
+
+/**
+   @file ocb3_encrypt.c
+   OCB implementation, encrypt data, by Tom St Denis
+*/
+#include "tomcrypt.h"
+
+#ifdef LTC_OCB3_MODE
+
+/**
+   Encrypt blocks of data with OCB
+   @param ocb     The OCB state
+   @param pt      The plaintext (length multiple of the block size of the block cipher)
+   @param ptlen   The length of the input (octets)
+   @param ct      [out] The ciphertext (same size as the pt)
+   @return CRYPT_OK if successful
+*/
+int ocb3_encrypt(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct)
+{
+   unsigned char tmp[MAXBLOCKSIZE];
+   int err, i, full_blocks;
+   unsigned char *pt_b, *ct_b;
+
+   LTC_ARGCHK(ocb != NULL);
+   LTC_ARGCHK(pt  != NULL);
+   LTC_ARGCHK(ct  != NULL);
+   if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
+      return err;
+   }
+   if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length) {
+      return CRYPT_INVALID_ARG;
+   }
+
+   if (ptlen % ocb->block_len) { /* ptlen has to bu multiple of block_len */
+      return CRYPT_INVALID_ARG;
+   }
+
+   full_blocks = ptlen/ocb->block_len;
+   for(i=0; i<full_blocks; i++) {
+     pt_b = (unsigned char *)pt+i*ocb->block_len;
+     ct_b = (unsigned char *)ct+i*ocb->block_len;
+
+     /* ocb->Offset_current[] = ocb->Offset_current[] ^ Offset_{ntz(block_index)} */
+     ocb3_int_xor_blocks(ocb->Offset_current, ocb->Offset_current, ocb->L_[ocb3_int_ntz(ocb->block_index)], ocb->block_len);
+
+     /* tmp[] = pt[] XOR ocb->Offset_current[] */
+     ocb3_int_xor_blocks(tmp, pt_b, ocb->Offset_current, ocb->block_len);
+
+     /* encrypt */
+     if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(tmp, tmp, &ocb->key)) != CRYPT_OK) {
+        goto LBL_ERR;
+     }
+
+     /* ct[] = tmp[] XOR ocb->Offset_current[] */
+     ocb3_int_xor_blocks(ct_b, tmp, ocb->Offset_current, ocb->block_len);
+
+     /* ocb->checksum[] = ocb->checksum[] XOR pt[] */
+     ocb3_int_xor_blocks(ocb->checksum, ocb->checksum, pt_b, ocb->block_len);
+
+     ocb->block_index++;
+   }
+
+   err = CRYPT_OK;
+
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
+   zeromem(tmp, sizeof(tmp));
+#endif
+   return err;
+}
+
+#endif
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */
diff --git a/src/encauth/ocb3/ocb3_encrypt_authenticate_memory.c b/src/encauth/ocb3/ocb3_encrypt_authenticate_memory.c
new file mode 100644
index 0000000..60264a2
--- /dev/null
+++ b/src/encauth/ocb3/ocb3_encrypt_authenticate_memory.c
@@ -0,0 +1,87 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
+ */
+
+/**
+  @file ocb3_encrypt_authenticate_memory.c
+  OCB implementation, encrypt block of memory, by Tom St Denis
+*/
+#include "tomcrypt.h"
+
+#ifdef LTC_OCB3_MODE
+
+/**
+   Encrypt and generate an authentication code for a buffer of memory
+   @param cipher     The index of the cipher desired
+   @param key        The secret key
+   @param keylen     The length of the secret key (octets)
+   @param nonce      The session nonce (length of the block ciphers block size)
+   @param noncelen   The length of the nonce (octets)
+   @param adata      The AAD - additional associated data
+   @param adatalen   The length of AAD (octets)
+   @param pt         The plaintext
+   @param ptlen      The length of the plaintext (octets)
+   @param ct         [out] The ciphertext
+   @param tag        [out] The authentication tag
+   @param taglen     [in/out] The max size and resulting size of the authentication tag
+   @return CRYPT_OK if successful
+*/
+int ocb3_encrypt_authenticate_memory(int cipher,
+    const unsigned char *key,    unsigned long keylen,
+    const unsigned char *nonce,  unsigned long noncelen,
+    const unsigned char *adata,  unsigned long adatalen,
+    const unsigned char *pt,     unsigned long ptlen,
+          unsigned char *ct,
+          unsigned char *tag,    unsigned long *taglen)
+{
+   int err;
+   ocb3_state *ocb;
+
+   LTC_ARGCHK(key    != NULL);
+   LTC_ARGCHK(nonce  != NULL);
+   LTC_ARGCHK(pt     != NULL);
+   LTC_ARGCHK(ct     != NULL);
+   LTC_ARGCHK(tag    != NULL);
+   LTC_ARGCHK(taglen != NULL);
+
+   /* allocate memory */
+   ocb = XMALLOC(sizeof(ocb3_state));
+   if (ocb == NULL) {
+      return CRYPT_MEM;
+   }
+
+   if ((err = ocb3_init(ocb, cipher, key, keylen, nonce, noncelen)) != CRYPT_OK) {
+      goto LBL_ERR;
+   }
+
+   if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) {
+      goto LBL_ERR;
+   }
+
+   if ((err = ocb3_encrypt_last(ocb, pt, ptlen, ct)) != CRYPT_OK) {
+      goto LBL_ERR;
+   }
+
+   err = ocb3_done(ocb, tag, taglen);
+
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
+   zeromem(ocb, sizeof(ocb3_state));
+#endif
+
+   XFREE(ocb);
+   return err;
+}
+
+#endif
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */
diff --git a/src/encauth/ocb3/ocb3_encrypt_last.c b/src/encauth/ocb3/ocb3_encrypt_last.c
new file mode 100644
index 0000000..b21cfae
--- /dev/null
+++ b/src/encauth/ocb3/ocb3_encrypt_last.c
@@ -0,0 +1,107 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+/**
+   @file ocb3_encrypt_last.c
+   OCB implementation, internal helper, by Karel Miko
+*/
+#include "tomcrypt.h"
+
+#ifdef LTC_OCB3_MODE
+
+/**
+   Finish an OCB (encryption) stream
+   @param ocb    The OCB state
+   @param pt     The remaining plaintext
+   @param ptlen  The length of the plaintext (octets)
+   @param ct     [out] The output buffer
+   @return CRYPT_OK if successful
+*/
+int ocb3_encrypt_last(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct)
+{
+   unsigned char iOffset_star[MAXBLOCKSIZE];
+   unsigned char iPad[MAXBLOCKSIZE];
+   int err, x, full_blocks, full_blocks_len, last_block_len;
+
+   LTC_ARGCHK(ocb != NULL);
+   LTC_ARGCHK(pt  != NULL);
+   if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
+      goto LBL_ERR;
+   }
+
+   full_blocks = ptlen/ocb->block_len;
+   full_blocks_len = full_blocks * ocb->block_len;
+   last_block_len = ptlen - full_blocks_len;
+
+   /* process full blocks first */
+   if (full_blocks>0) {
+     if ((err = ocb3_encrypt(ocb, pt, full_blocks_len, ct)) != CRYPT_OK) {
+       goto LBL_ERR;
+     }
+   }
+
+   /* at this point: m = ocb->block_index (last block index), Offset_m = ocb->Offset_current */
+
+   if (last_block_len>0) {
+     /* Offset_* = Offset_m xor L_* */
+     ocb3_int_xor_blocks(iOffset_star, ocb->Offset_current, ocb->L_star, ocb->block_len);
+
+     /* Pad = ENCIPHER(K, Offset_*) */
+     if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(iOffset_star, iPad, &ocb->key)) != CRYPT_OK) {
+       goto LBL_ERR;
+     }
+
+     /* C_* = P_* xor Pad[1..bitlen(P_*)] */
+     ocb3_int_xor_blocks(ct+full_blocks_len, pt+full_blocks_len, iPad, last_block_len);
+
+     /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */
+     ocb3_int_xor_blocks(ocb->checksum, ocb->checksum, pt+full_blocks_len, last_block_len);
+     for(x=last_block_len; x<ocb->block_len; x++) {
+       if (x == last_block_len)
+         ocb->checksum[x] ^= 0x80;
+       else
+         ocb->checksum[x] ^= 0x00;
+     }
+
+     /* Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) */
+     /* at this point we calculate only: Tag_part = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) */
+     for(x=0; x<ocb->block_len; x++) {
+       ocb->tag_part[x] = (ocb->checksum[x] ^ iOffset_star[x]) ^ ocb->L_dollar[x];
+     }
+     if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->tag_part, ocb->tag_part, &ocb->key)) != CRYPT_OK) {
+       goto LBL_ERR;
+     }
+   }
+   else {
+     /* Tag = ENCIPHER(K, Checksum_m xor Offset_m xor L_$) xor HASH(K,A) */
+     /* at this point we calculate only: Tag_part = ENCIPHER(K, Checksum_m xor Offset_m xor L_$) */
+     for(x=0; x<ocb->block_len; x++) {
+       ocb->tag_part[x] = (ocb->checksum[x] ^ ocb->Offset_current[x]) ^ ocb->L_dollar[x];
+     }
+     if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->tag_part, ocb->tag_part, &ocb->key)) != CRYPT_OK) {
+       goto LBL_ERR;
+     }
+   }
+
+   err = CRYPT_OK;
+
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
+   zeromem(iOffset_star, MAXBLOCKSIZE);
+   zeromem(iPad, MAXBLOCKSIZE);
+#endif
+
+   return err;
+}
+
+#endif
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */
diff --git a/src/encauth/ocb3/ocb3_init.c b/src/encauth/ocb3/ocb3_init.c
new file mode 100644
index 0000000..926288b
--- /dev/null
+++ b/src/encauth/ocb3/ocb3_init.c
@@ -0,0 +1,138 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
+ */
+
+/**
+   @file ocb3_init.c
+   OCB implementation, initialize state, by Tom St Denis
+*/
+#include "tomcrypt.h"
+
+#ifdef LTC_OCB3_MODE
+
+static const struct {
+    int           len;
+    unsigned char poly_div[MAXBLOCKSIZE],
+                  poly_mul[MAXBLOCKSIZE];
+} polys[] = {
+{
+    8,
+    { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0D },
+    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1B }
+}, {
+    16,
+    { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x43 },
+    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87 }
+}
+};
+
+/**
+   Initialize an OCB context
+   @param ocb       [out] The destination of the OCB state
+   @param cipher    The index of the desired cipher
+   @param key       The secret key
+   @param keylen    The length of the secret key (octets)
+   @param nonce     The session nonce
+   @param noncelen  The length of the session nonce (octets)
+   @return CRYPT_OK if successful
+*/
+int ocb3_init(ocb3_state *ocb, int cipher,
+             const unsigned char *key, unsigned long keylen,
+             const unsigned char *nonce, unsigned long noncelen)
+{
+   int poly, x, y, m, err;
+   unsigned char *previous, *current;
+
+   LTC_ARGCHK(ocb   != NULL);
+   LTC_ARGCHK(key   != NULL);
+   LTC_ARGCHK(nonce != NULL);
+
+   /* valid cipher? */
+   if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
+      return err;
+   }
+   ocb->cipher = cipher;
+
+   /* determine which polys to use */
+   ocb->block_len = cipher_descriptor[cipher].block_length;
+   x = (int)(sizeof(polys)/sizeof(polys[0]));
+   for (poly = 0; poly < x; poly++) {
+       if (polys[poly].len == ocb->block_len) {
+          break;
+       }
+   }
+   if (poly == x) {
+      return CRYPT_INVALID_ARG; /* block_len not found in polys */
+   }
+   if (polys[poly].len != ocb->block_len) {
+      return CRYPT_INVALID_ARG;
+   }
+
+   /* schedule the key */
+   if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &ocb->key)) != CRYPT_OK) {
+      return err;
+   }
+
+   /* L_* = ENCIPHER(K, zeros(128)) */
+   zeromem(ocb->L_star, ocb->block_len);
+   if ((err = cipher_descriptor[cipher].ecb_encrypt(ocb->L_star, ocb->L_star, &ocb->key)) != CRYPT_OK) {
+      return err;
+   }
+
+   /* compute L_$, L_0, L_1, ... */
+   for (x = -1; x < 32; x++) {
+       if (x == -1) {                /* gonna compute: L_$ = double(L_*) */
+         current  = ocb->L_dollar;
+         previous = ocb->L_star;
+       }
+       else if (x == 0) {            /* gonna compute: L_0 = double(L_$) */
+         current  = ocb->L_[0];
+         previous = ocb->L_dollar;
+       }
+       else {                        /* gonna compute: L_i = double(L_{i-1}) for every integer i > 0 */
+         current  = ocb->L_[x];
+         previous = ocb->L_[x-1];
+       }
+       m = previous[0] >> 7;
+       for (y = 0; y < ocb->block_len-1; y++) {
+           current[y] = ((previous[y] << 1) | (previous[y+1] >> 7)) & 255;
+       }
+       current[ocb->block_len-1] = (previous[ocb->block_len-1] << 1) & 255;
+       if (m == 1) {
+          /* current[] = current[] XOR polys[poly].poly_mul[]*/
+          ocb3_int_xor_blocks(current, current, polys[poly].poly_mul, ocb->block_len);
+       }
+    }
+
+    /* initialize ocb->Offset_current = Offset_0 */
+    ocb3_int_calc_offset_zero(ocb, nonce, noncelen);
+
+    /* initialize checksum to all zeros */
+    zeromem(ocb->checksum, ocb->block_len);
+
+    /* set block index */
+    ocb->block_index = 1;
+
+    /* initialize AAD related stuff */
+    ocb->ablock_index = 1;
+    ocb->adata_buffer_bytes = 0;
+    zeromem(ocb->aOffset_current, ocb->block_len);
+    zeromem(ocb->aSum_current, ocb->block_len);
+
+    return CRYPT_OK;
+}
+
+#endif
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */
diff --git a/src/encauth/ocb3/ocb3_int_aad_add_block.c b/src/encauth/ocb3/ocb3_int_aad_add_block.c
new file mode 100644
index 0000000..0b7d8f7
--- /dev/null
+++ b/src/encauth/ocb3/ocb3_int_aad_add_block.c
@@ -0,0 +1,49 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+/**
+   @file ocb3_int_aad_add_block.c
+   OCB implementation, INTERNALL ONLY helper, by Karel Miko
+*/
+#include "tomcrypt.h"
+
+#ifdef LTC_OCB3_MODE
+
+/**
+   Add one block of AAD data (internal function)
+   @param ocb        The OCB state
+   @param aad_block  [in] AAD data (block_len size)
+   @return CRYPT_OK if successful
+*/
+int ocb3_int_aad_add_block(ocb3_state *ocb, const unsigned char *aad_block)
+{
+   unsigned char tmp[MAXBLOCKSIZE];
+   int err;
+
+   /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
+   ocb3_int_xor_blocks(ocb->aOffset_current, ocb->aOffset_current, ocb->L_[ocb3_int_ntz(ocb->ablock_index)], ocb->block_len);
+
+   /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */
+   ocb3_int_xor_blocks(tmp, aad_block, ocb->aOffset_current, ocb->block_len);
+   if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(tmp, tmp, &ocb->key)) != CRYPT_OK) {
+     return err;
+   }
+   ocb3_int_xor_blocks(ocb->aSum_current, ocb->aSum_current, tmp, ocb->block_len);
+
+   ocb->ablock_index++;
+
+   return CRYPT_OK;
+}
+
+#endif
+
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */
diff --git a/src/encauth/ocb3/ocb3_int_calc_offset_zero.c b/src/encauth/ocb3/ocb3_int_calc_offset_zero.c
new file mode 100644
index 0000000..93b171f
--- /dev/null
+++ b/src/encauth/ocb3/ocb3_int_calc_offset_zero.c
@@ -0,0 +1,72 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+/**
+   @file ocb3_int_calc_offset_zero.c
+   OCB implementation, INTERNAL ONLY helper, by Karel Miko
+*/
+#include "tomcrypt.h"
+
+#ifdef LTC_OCB3_MODE
+
+/**
+   Sets 'ocb->Offset_current' to 'Offset_0' value (internal function)
+   @param ocb       The OCB state
+   @param nonce     The session nonce
+   @param noncelen  The length of the session nonce (octets)
+*/
+void ocb3_int_calc_offset_zero(ocb3_state *ocb, const unsigned char *nonce, unsigned long noncelen)
+{
+   int x, y, bottom;
+   int idx, shift;
+   unsigned char iNonce[MAXBLOCKSIZE];
+   unsigned char iKtop[MAXBLOCKSIZE];
+   unsigned char iStretch[MAXBLOCKSIZE+8];
+
+   /* Nonce = zeros(127-bitlen(N)) || 1 || N          */
+   zeromem(iNonce, sizeof(iNonce));
+   for (x = ocb->block_len-1, y=0; y<(int)noncelen; x--, y++) {
+     iNonce[x] = nonce[noncelen-y-1];
+   }
+   iNonce[x] = 0x01;
+
+   /* bottom = str2num(Nonce[123..128])               */
+   bottom = iNonce[ocb->block_len-1] & 0x3F;
+
+   /* Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6))   */
+   iNonce[ocb->block_len-1] = iNonce[ocb->block_len-1] & 0xC0;
+   if ((cipher_descriptor[ocb->cipher].ecb_encrypt(iNonce, iKtop, &ocb->key)) != CRYPT_OK) {
+      zeromem(ocb->Offset_current, ocb->block_len);
+      return;
+   }
+
+   /* Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) */
+   for (x = 0; x < ocb->block_len; x++) {
+     iStretch[x] = iKtop[x];
+   }
+   for (y = 0; y < 8; y++) {
+     iStretch[x+y] = iKtop[y] ^ iKtop[y+1];
+   }
+
+   /* Offset_0 = Stretch[1+bottom..128+bottom]        */
+   idx = bottom / 8;
+   shift = (bottom % 8);
+   for (x = 0; x < ocb->block_len; x++) {
+      ocb->Offset_current[x] = iStretch[idx+x] << shift;
+      if (shift > 0) {
+        ocb->Offset_current[x] |= iStretch[idx+x+1] >> (8-shift);
+      }
+   }
+}
+
+#endif
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */
diff --git a/src/encauth/ocb3/ocb3_int_ntz.c b/src/encauth/ocb3/ocb3_int_ntz.c
new file mode 100644
index 0000000..48239fe
--- /dev/null
+++ b/src/encauth/ocb3/ocb3_int_ntz.c
@@ -0,0 +1,41 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
+ */
+
+/**
+   @file ocb3_int_ntz.c
+   OCB implementation, INTERNAL ONLY helper, by Tom St Denis
+*/
+#include "tomcrypt.h"
+
+#ifdef LTC_OCB3_MODE
+
+/**
+   Returns the number of leading zero bits [from lsb up] (internal function)
+   @param x  The 32-bit value to observe
+   @return The number of bits [from the lsb up] that are zero
+*/
+int ocb3_int_ntz(unsigned long x)
+{
+   int c;
+   x &= 0xFFFFFFFFUL;
+   c = 0;
+   while ((x & 1) == 0) {
+      ++c;
+      x >>= 1;
+   }
+   return c;
+}
+
+#endif
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */
diff --git a/src/encauth/ocb3/ocb3_int_xor_blocks.c b/src/encauth/ocb3/ocb3_int_xor_blocks.c
new file mode 100644
index 0000000..92eb293
--- /dev/null
+++ b/src/encauth/ocb3/ocb3_int_xor_blocks.c
@@ -0,0 +1,40 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+/**
+   @file ocb3_int_xor_blocks.c
+   OCB implementation, INTERNAL ONLY helper, by Karel Miko
+*/
+#include "tomcrypt.h"
+
+#ifdef LTC_OCB3_MODE
+
+/**
+   Compute xor for two blocks of bytes 'out = block_a XOR block_b' (internal function)
+   @param out        The block of bytes (output)
+   @param block_a    The block of bytes (input)
+   @param block_b    The block of bytes (input)
+   @param block_len  The size of block_a, block_b, out
+*/
+void ocb3_int_xor_blocks(unsigned char *out, const unsigned char *block_a, const unsigned char *block_b, unsigned long block_len)
+{
+   int x;
+   if (out == block_a) {
+     for (x = 0; x < (int)block_len; x++) out[x] ^= block_b[x];
+   }
+   else {
+     for (x = 0; x < (int)block_len; x++) out[x] = block_a[x] ^ block_b[x];
+   }
+}
+
+#endif
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */
diff --git a/src/encauth/ocb3/ocb3_test.c b/src/encauth/ocb3/ocb3_test.c
new file mode 100644
index 0000000..ae0069c
--- /dev/null
+++ b/src/encauth/ocb3/ocb3_test.c
@@ -0,0 +1,246 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
+ */
+
+/**
+   @file ocb3_test.c
+   OCB implementation, self-test by Tom St Denis
+*/
+#include "tomcrypt.h"
+
+#ifdef LTC_OCB3_MODE
+
+/**
+   Test the OCB protocol
+   @return CRYPT_OK if successful
+*/
+int ocb3_test(void)
+{
+#ifndef LTC_TEST
+   return CRYPT_NOP;
+#else
+   /* test vectors from: http://tools.ietf.org/html/draft-krovetz-ocb-03 */
+   unsigned char key[16]   = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F };
+   unsigned char nonce[12] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B };
+   static const struct {
+         int ptlen;
+         int aadlen;
+         unsigned char pt[64], aad[64], ct[64], tag[16];
+   } tests[] = {
+
+	{ /* index:0 */
+	  0, /* PLAINTEXT length */
+	  0, /* AAD length */
+	  {  }, /* PLAINTEXT */
+	  {  }, /* AAD */
+	  {  }, /* CIPHERTEXT */
+	  { 0x19,0x7b,0x9c,0x3c,0x44,0x1d,0x3c,0x83,0xea,0xfb,0x2b,0xef,0x63,0x3b,0x91,0x82 }, /* TAG */
+	},
+	{ /* index:1 */
+	  8, /* PLAINTEXT length */
+	  8, /* AAD length */
+	  { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }, /* PLAINTEXT */
+	  { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }, /* AAD */
+	  { 0x92,0xb6,0x57,0x13,0x0a,0x74,0xb8,0x5a }, /* CIPHERTEXT */
+	  { 0x16,0xdc,0x76,0xa4,0x6d,0x47,0xe1,0xea,0xd5,0x37,0x20,0x9e,0x8a,0x96,0xd1,0x4e }, /* TAG */
+	},
+	{ /* index:2 */
+	  0, /* PLAINTEXT length */
+	  8, /* AAD length */
+	  {  }, /* PLAINTEXT */
+	  { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }, /* AAD */
+	  {  }, /* CIPHERTEXT */
+	  { 0x98,0xb9,0x15,0x52,0xc8,0xc0,0x09,0x18,0x50,0x44,0xe3,0x0a,0x6e,0xb2,0xfe,0x21 }, /* TAG */
+	},
+	{ /* index:3 */
+	  8, /* PLAINTEXT length */
+	  0, /* AAD length */
+	  { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }, /* PLAINTEXT */
+	  {  }, /* AAD */
+	  { 0x92,0xb6,0x57,0x13,0x0a,0x74,0xb8,0x5a }, /* CIPHERTEXT */
+	  { 0x97,0x1e,0xff,0xca,0xe1,0x9a,0xd4,0x71,0x6f,0x88,0xe8,0x7b,0x87,0x1f,0xbe,0xed }, /* TAG */
+	},
+	{ /* index:4 */
+	  16, /* PLAINTEXT length */
+	  16, /* AAD length */
+	  { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f }, /* PLAINTEXT */
+	  { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f }, /* AAD */
+	  { 0xbe,0xa5,0xe8,0x79,0x8d,0xbe,0x71,0x10,0x03,0x1c,0x14,0x4d,0xa0,0xb2,0x61,0x22 }, /* CIPHERTEXT */
+	  { 0x77,0x6c,0x99,0x24,0xd6,0x72,0x3a,0x1f,0xc4,0x52,0x45,0x32,0xac,0x3e,0x5b,0xeb }, /* TAG */
+	},
+	{ /* index:5 */
+	  0, /* PLAINTEXT length */
+	  16, /* AAD length */
+	  {  }, /* PLAINTEXT */
+	  { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f }, /* AAD */
+	  {  }, /* CIPHERTEXT */
+	  { 0x7d,0xdb,0x8e,0x6c,0xea,0x68,0x14,0x86,0x62,0x12,0x50,0x96,0x19,0xb1,0x9c,0xc6 }, /* TAG */
+	},
+	{ /* index:6 */
+	  16, /* PLAINTEXT length */
+	  0, /* AAD length */
+	  { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f }, /* PLAINTEXT */
+	  {  }, /* AAD */
+	  { 0xbe,0xa5,0xe8,0x79,0x8d,0xbe,0x71,0x10,0x03,0x1c,0x14,0x4d,0xa0,0xb2,0x61,0x22 }, /* CIPHERTEXT */
+	  { 0x13,0xcc,0x8b,0x74,0x78,0x07,0x12,0x1a,0x4c,0xbb,0x3e,0x4b,0xd6,0xb4,0x56,0xaf }, /* TAG */
+	},
+	{ /* index:7 */
+	  24, /* PLAINTEXT length */
+	  24, /* AAD length */
+	  { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17 }, /* PLAINTEXT */
+	  { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17 }, /* AAD */
+	  { 0xbe,0xa5,0xe8,0x79,0x8d,0xbe,0x71,0x10,0x03,0x1c,0x14,0x4d,0xa0,0xb2,0x61,0x22,0xfc,0xfc,0xee,0x7a,0x2a,0x8d,0x4d,0x48 }, /* CIPHERTEXT */
+	  { 0x5f,0xa9,0x4f,0xc3,0xf3,0x88,0x20,0xf1,0xdc,0x3f,0x3d,0x1f,0xd4,0xe5,0x5e,0x1c }, /* TAG */
+	},
+	{ /* index:8 */
+	  0, /* PLAINTEXT length */
+	  24, /* AAD length */
+	  {  }, /* PLAINTEXT */
+	  { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17 }, /* AAD */
+	  {  }, /* CIPHERTEXT */
+	  { 0x28,0x20,0x26,0xda,0x30,0x68,0xbc,0x9f,0xa1,0x18,0x68,0x1d,0x55,0x9f,0x10,0xf6 }, /* TAG */
+	},
+	{ /* index:9 */
+	  24, /* PLAINTEXT length */
+	  0, /* AAD length */
+	  { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17 }, /* PLAINTEXT */
+	  {  }, /* AAD */
+	  { 0xbe,0xa5,0xe8,0x79,0x8d,0xbe,0x71,0x10,0x03,0x1c,0x14,0x4d,0xa0,0xb2,0x61,0x22,0xfc,0xfc,0xee,0x7a,0x2a,0x8d,0x4d,0x48 }, /* CIPHERTEXT */
+	  { 0x6e,0xf2,0xf5,0x25,0x87,0xfd,0xa0,0xed,0x97,0xdc,0x7e,0xed,0xe2,0x41,0xdf,0x68 }, /* TAG */
+	},
+	{ /* index:10 */
+	  32, /* PLAINTEXT length */
+	  32, /* AAD length */
+	  { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f }, /* PLAINTEXT */
+	  { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f }, /* AAD */
+	  { 0xbe,0xa5,0xe8,0x79,0x8d,0xbe,0x71,0x10,0x03,0x1c,0x14,0x4d,0xa0,0xb2,0x61,0x22,0xce,0xaa,0xb9,0xb0,0x5d,0xf7,0x71,0xa6,0x57,0x14,0x9d,0x53,0x77,0x34,0x63,0xcb }, /* CIPHERTEXT */
+	  { 0xb2,0xa0,0x40,0xdd,0x3b,0xd5,0x16,0x43,0x72,0xd7,0x6d,0x7b,0xb6,0x82,0x42,0x40 }, /* TAG */
+	},
+	{ /* index:11 */
+	  0, /* PLAINTEXT length */
+	  32, /* AAD length */
+	  {  }, /* PLAINTEXT */
+	  { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f }, /* AAD */
+	  {  }, /* CIPHERTEXT */
+	  { 0xe1,0xe0,0x72,0x63,0x3b,0xad,0xe5,0x1a,0x60,0xe8,0x59,0x51,0xd9,0xc4,0x2a,0x1b }, /* TAG */
+	},
+	{ /* index:12 */
+	  32, /* PLAINTEXT length */
+	  0, /* AAD length */
+	  { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f }, /* PLAINTEXT */
+	  {  }, /* AAD */
+	  { 0xbe,0xa5,0xe8,0x79,0x8d,0xbe,0x71,0x10,0x03,0x1c,0x14,0x4d,0xa0,0xb2,0x61,0x22,0xce,0xaa,0xb9,0xb0,0x5d,0xf7,0x71,0xa6,0x57,0x14,0x9d,0x53,0x77,0x34,0x63,0xcb }, /* CIPHERTEXT */
+	  { 0x4a,0x3b,0xae,0x82,0x44,0x65,0xcf,0xda,0xf8,0xc4,0x1f,0xc5,0x0c,0x7d,0xf9,0xd9 }, /* TAG */
+	},
+	{ /* index:13 */
+	  40, /* PLAINTEXT length */
+	  40, /* AAD length */
+	  { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27 }, /* PLAINTEXT */
+	  { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27 }, /* AAD */
+	  { 0xbe,0xa5,0xe8,0x79,0x8d,0xbe,0x71,0x10,0x03,0x1c,0x14,0x4d,0xa0,0xb2,0x61,0x22,0xce,0xaa,0xb9,0xb0,0x5d,0xf7,0x71,0xa6,0x57,0x14,0x9d,0x53,0x77,0x34,0x63,0xcb,0x68,0xc6,0x57,0x78,0xb0,0x58,0xa6,0x35 }, /* CIPHERTEXT */
+	  { 0x65,0x9c,0x62,0x32,0x11,0xde,0xea,0x0d,0xe3,0x0d,0x2c,0x38,0x18,0x79,0xf4,0xc8 }, /* TAG */
+	},
+	{ /* index:14 */
+	  0, /* PLAINTEXT length */
+	  40, /* AAD length */
+	  {  }, /* PLAINTEXT */
+	  { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27 }, /* AAD */
+	  {  }, /* CIPHERTEXT */
+	  { 0x7a,0xeb,0x7a,0x69,0xa1,0x68,0x7d,0xd0,0x82,0xca,0x27,0xb0,0xd9,0xa3,0x70,0x96 }, /* TAG */
+	},
+	{ /* index:15 */
+	  40, /* PLAINTEXT length */
+	  0, /* AAD length */
+	  { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27 }, /* PLAINTEXT */
+	  {  }, /* AAD */
+	  { 0xbe,0xa5,0xe8,0x79,0x8d,0xbe,0x71,0x10,0x03,0x1c,0x14,0x4d,0xa0,0xb2,0x61,0x22,0xce,0xaa,0xb9,0xb0,0x5d,0xf7,0x71,0xa6,0x57,0x14,0x9d,0x53,0x77,0x34,0x63,0xcb,0x68,0xc6,0x57,0x78,0xb0,0x58,0xa6,0x35 }, /* CIPHERTEXT */
+	  { 0x06,0x0c,0x84,0x67,0xf4,0xab,0xab,0x5e,0x8b,0x3c,0x20,0x67,0xa2,0xe1,0x15,0xdc }, /* TAG */
+	},
+
+};
+
+   int err, x, idx, res;
+   unsigned long len;
+   unsigned char outct[MAXBLOCKSIZE], outtag[MAXBLOCKSIZE];
+
+    /* AES can be under rijndael or aes... try to find it */
+    if ((idx = find_cipher("aes")) == -1) {
+       if ((idx = find_cipher("rijndael")) == -1) {
+          return CRYPT_NOP;
+       }
+    }
+
+    for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
+        len = sizeof(outtag);
+        if ((err = ocb3_encrypt_authenticate_memory(idx,
+                                                   key, sizeof(key),
+                                                   nonce, sizeof(nonce),
+                                                   tests[x].aad, tests[x].aadlen,
+                                                   tests[x].pt, tests[x].ptlen,
+                                                   outct, outtag, &len)) != CRYPT_OK) {
+           return err;
+        }
+
+        if (XMEMCMP(outtag, tests[x].tag, len) || XMEMCMP(outct, tests[x].ct, tests[x].ptlen)) {
+#if 0
+           unsigned long y;
+           printf("\n\nFailure: \nCT:\n");
+           for (y = 0; y < (unsigned long)tests[x].ptlen; ) {
+               printf("0x%02x", outct[y]);
+               if (y < (unsigned long)(tests[x].ptlen-1)) printf(", ");
+               if (!(++y % 8)) printf("\n");
+           }
+           printf("\nTAG:\n");
+           for (y = 0; y < len; ) {
+               printf("0x%02x", outtag[y]);
+               if (y < len-1) printf(", ");
+               if (!(++y % 8)) printf("\n");
+           }
+#endif
+           return CRYPT_FAIL_TESTVECTOR;
+        }
+
+        if ((err = ocb3_decrypt_verify_memory(idx,
+                                             key, sizeof(key),
+                                             nonce, sizeof(nonce),
+                                             tests[x].aad, tests[x].aadlen,
+                                             outct, tests[x].ptlen,
+             outct, tests[x].tag, len, &res)) != CRYPT_OK) {
+           return err;
+        }
+        if ((res != 1) || XMEMCMP(tests[x].pt, outct, tests[x].ptlen)) {
+#if 0
+           unsigned long y;
+           printf("\n\nFailure-decrypt: \nPT:\n");
+           for (y = 0; y < (unsigned long)tests[x].ptlen; ) {
+               printf("0x%02x", outct[y]);
+               if (y < (unsigned long)(tests[x].ptlen-1)) printf(", ");
+               if (!(++y % 8)) printf("\n");
+           }
+           printf("\nres = %d\n\n", res);
+#endif
+        }
+    }
+    return CRYPT_OK;
+#endif /* LTC_TEST */
+}
+
+#endif /* LTC_OCB3_MODE */
+
+/* some comments
+
+   -- it's hard to seek
+   -- hard to stream [you can't emit ciphertext until full block]
+   -- The setup is somewhat complicated...
+*/
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */
diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h
index e34adfb..2e47744 100644
--- a/src/headers/tomcrypt_custom.h
+++ b/src/headers/tomcrypt_custom.h
@@ -231,6 +231,7 @@
 #endif
 
 #define LTC_OCB_MODE
+#define LTC_OCB3_MODE
 #define LTC_CCM_MODE
 #define LTC_GCM_MODE
 
diff --git a/src/headers/tomcrypt_mac.h b/src/headers/tomcrypt_mac.h
index 97686ce..2cd3ef0 100644
--- a/src/headers/tomcrypt_mac.h
+++ b/src/headers/tomcrypt_mac.h
@@ -193,6 +193,67 @@ int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
 
 #endif /* LTC_OCB_MODE */
 
+#ifdef LTC_OCB3_MODE
+typedef struct {
+   unsigned char     Offset_0[MAXBLOCKSIZE],       /* Offset_0 value */
+                     Offset_current[MAXBLOCKSIZE], /* Offset_{current_block_index} value */
+                     L_dollar[MAXBLOCKSIZE],       /* L_$ value */
+                     L_star[MAXBLOCKSIZE],         /* L_* value */
+                     L_[32][MAXBLOCKSIZE],         /* L_{i} values */
+                     tag_part[MAXBLOCKSIZE],       /* intermediate result of tag calculation */
+                     checksum[MAXBLOCKSIZE];       /* current checksum */
+
+   /* AAD related members */
+   unsigned char     aSum_current[MAXBLOCKSIZE],    /* AAD related helper variable */
+                     aOffset_current[MAXBLOCKSIZE], /* AAD related helper variable */
+                     adata_buffer[MAXBLOCKSIZE];    /* AAD buffer */
+   int               adata_buffer_bytes;            /* bytes in AAD buffer */
+   unsigned long     ablock_index;                  /* index # for current adata (AAD) block */
+
+   symmetric_key     key;                     /* scheduled key for cipher */
+   unsigned long     block_index;             /* index # for current data block */
+   int               cipher,                  /* cipher idx */
+                     block_len;               /* length of block */
+} ocb3_state;
+
+int ocb3_init(ocb3_state *ocb, int cipher,
+             const unsigned char *key, unsigned long keylen,
+             const unsigned char *nonce, unsigned long noncelen);
+
+int ocb3_encrypt(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct);
+int ocb3_decrypt(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt);
+int ocb3_encrypt_last(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct);
+int ocb3_decrypt_last(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt);
+int ocb3_add_aad(ocb3_state *ocb, const unsigned char *aad, unsigned long aadlen);
+int ocb3_done(ocb3_state *ocb, unsigned char *tag, unsigned long *taglen);
+
+int ocb3_encrypt_authenticate_memory(int cipher,
+    const unsigned char *key,    unsigned long keylen,
+    const unsigned char *nonce,  unsigned long noncelen,
+    const unsigned char *adata,  unsigned long adatalen,
+    const unsigned char *pt,     unsigned long ptlen,
+          unsigned char *ct,
+          unsigned char *tag,    unsigned long *taglen);
+
+int ocb3_decrypt_verify_memory(int cipher,
+    const unsigned char *key,    unsigned long keylen,
+    const unsigned char *nonce,  unsigned long noncelen,
+    const unsigned char *adata,  unsigned long adatalen,
+    const unsigned char *ct,     unsigned long ctlen,
+          unsigned char *pt,
+    const unsigned char *tag,    unsigned long taglen,
+          int           *stat);
+
+int ocb3_test(void);
+
+/* internal helper functions */
+int ocb3_int_aad_add_block(ocb3_state *ocb, const unsigned char *aad_block);
+void ocb3_int_calc_offset_zero(ocb3_state *ocb, const unsigned char *nonce, unsigned long noncelen);
+int ocb3_int_ntz(unsigned long x);
+void ocb3_int_xor_blocks(unsigned char *out, const unsigned char *block_a, const unsigned char *block_b, unsigned long block_len);
+
+#endif /* LTC_OCB3_MODE */
+
 #ifdef LTC_CCM_MODE
 
 #define CCM_ENCRYPT 0
diff --git a/src/misc/crypt/crypt.c b/src/misc/crypt/crypt.c
index e1b1ce0..28d6c74 100644
--- a/src/misc/crypt/crypt.c
+++ b/src/misc/crypt/crypt.c
@@ -231,6 +231,9 @@ const char *crypt_build_settings =
 #if defined(LTC_OCB_MODE)
     "   LTC_OCB_MODE\n"
 #endif
+#if defined(LTC_OCB3_MODE)
+    "   LTC_OCB3_MODE\n"
+#endif
 #if defined(LTC_CCM_MODE)
     "   LTC_CCM_MODE\n"
 #endif
diff --git a/testprof/mac_test.c b/testprof/mac_test.c
index c09bb1d..f2fa9da 100644
--- a/testprof/mac_test.c
+++ b/testprof/mac_test.c
@@ -24,6 +24,9 @@ int mac_test(void)
 #ifdef LTC_OCB_MODE
    DO(ocb_test());  
 #endif
+#ifdef LTC_OCB3_MODE
+   DO(ocb3_test());  
+#endif
 #ifdef LTC_CCM_MODE
    DO(ccm_test());
 #endif
diff --git a/testprof/x86_prof.c b/testprof/x86_prof.c
index aa25d33..cf9f356 100644
--- a/testprof/x86_prof.c
+++ b/testprof/x86_prof.c
@@ -1339,6 +1339,22 @@ void time_encmacs_(unsigned long MAC_SIZE)
    fprintf(stderr, "OCB \t\t\t%9llu\n", t2/(ulong64)(MAC_SIZE*1024));
 #endif
 
+#ifdef LTC_OCB3_MODE
+   t2 = -1;
+   for (x = 0; x < 10000; x++) {
+        t_start();
+        t1 = t_read();
+        z = 16;
+        if ((err = ocb3_encrypt_authenticate_memory(cipher_idx, key, 16, IV, 16, "", 0, buf, MAC_SIZE*1024, buf, tag, &z)) != CRYPT_OK) {
+           fprintf(stderr, "\nOCB3 error... %s\n", error_to_string(err));
+           exit(EXIT_FAILURE);
+        }
+        t1 = t_read() - t1;
+        if (t1 < t2) t2 = t1;
+   }
+   fprintf(stderr, "OCB3 \t\t\t%9llu\n", t2/(ulong64)(MAC_SIZE*1024));
+#endif
+
 #ifdef LTC_CCM_MODE
    t2 = -1;
    for (x = 0; x < 10000; x++) {