added libtomcrypt-0.82

2003-03-13 02:12:16 +00:00 · 2003-03-13 02:12:16 +00:00 · 7d21325daa
commit 7d21325daa
parent 0f999a4e9e
34 changed files with 819 additions and 2159 deletions
--- a/aes_tab.c
+++ b/aes_tab.c
@ -1,4 +1,4 @@
-/* The precompute tables for AES */
+/* The precomputed tables for AES */
 static const unsigned long ft_tab[4][256] = {
 {0xa56363c6UL, 0x847c7cf8UL, 0x997777eeUL, 0x8d7b7bf6UL, 0x0df2f2ffUL, 
--- a/bits.c
+++ b/bits.c
@ -21,8 +21,14 @@ static unsigned long rng_nix(unsigned char *buf, unsigned long len,
       return 0;
    }
    /* disable buffering */
    if (setvbuf(f, NULL, _IONBF, 0) != 0) {
       fclose(f);
       return 0;
    }   
    x = (unsigned long)fread(buf, 1, (size_t)len, f);
-    (void)fclose(f);
+    fclose(f);
    return x;
 #endif /* NO_FILE */
 }
@ -172,7 +178,7 @@ int rng_make_prng(int bits, int wprng, prng_state *prng,
      return err;
   }
-   bits = ((bits/8)+((bits&7)==0x80?1:0)) * 2;
+   bits = ((bits/8)+((bits&7)!=0?1:0)) * 2;
   if (rng_get_bytes(buf, (unsigned long)bits, callback) != (unsigned long)bits) {
      return CRYPT_ERROR_READPRNG;
   }
--- a/blowfish.c
+++ b/blowfish.c
@ -387,7 +387,7 @@ void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_
 void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
 {
    _blowfish_ecb_encrypt(pt, ct, key);
-    burn_stack(sizeof(unsigned long) * 2);
+    burn_stack(sizeof(unsigned long) * 2 + sizeof(int));
 }
 #endif
@ -429,7 +429,7 @@ void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_
 void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
 {
    _blowfish_ecb_decrypt(ct, pt, key);
-    burn_stack(sizeof(unsigned long) * 2);
+    burn_stack(sizeof(unsigned long) * 2 + sizeof(int));
 }
 #endif
--- a/cbc.c
+++ b/cbc.c
@ -43,6 +43,11 @@ int cbc_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_CBC *cbc)
       return err;
   }
   /* is blocklen valid? */
   if (cbc->blocklen < 0 || cbc->blocklen > (int)sizeof(cbc->IV)) {
      return CRYPT_INVALID_ARG;
   }    
   /* xor IV against plaintext */
   for (x = 0; x < cbc->blocklen; x++) {
       tmp[x] = pt[x] ^ cbc->IV[x];
@ -77,6 +82,11 @@ int cbc_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_CBC *cbc)
   }
   cipher_descriptor[cbc->cipher].ecb_decrypt(ct, tmp, &cbc->key);
   /* is blocklen valid? */
   if (cbc->blocklen < 0 || cbc->blocklen > (int)sizeof(cbc->IV)) {
      return CRYPT_INVALID_ARG;
   } 
   /* xor IV against the plaintext of the previous step */
   for (x = 0; x < cbc->blocklen; x++) { 
       /* copy CT in case ct == pt */
--- a/cfb.c
+++ b/cfb.c
@ -15,6 +15,7 @@ int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key,
      return err;
   }
   /* copy data */
   cfb->cipher = cipher;
   cfb->blocklen = cipher_descriptor[cipher].block_length;
@ -44,6 +45,13 @@ int cfb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
   if ((err = cipher_is_valid(cfb->cipher)) != CRYPT_OK) {
       return err;
   }
   /* is blocklen/padlen valid? */
   if (cfb->blocklen < 0 || cfb->blocklen > (int)sizeof(cfb->IV) ||
       cfb->padlen   < 0 || cfb->padlen   > (int)sizeof(cfb->pad)) {
      return CRYPT_INVALID_ARG;
   }
   while (len-- > 0) {
       if (cfb->padlen == cfb->blocklen) {
          cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->pad, cfb->IV, &cfb->key);
@ -68,6 +76,13 @@ int cfb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, s
   if ((err = cipher_is_valid(cfb->cipher)) != CRYPT_OK) {
       return err;
   }
   /* is blocklen/padlen valid? */
   if (cfb->blocklen < 0 || cfb->blocklen > (int)sizeof(cfb->IV) ||
       cfb->padlen   < 0 || cfb->padlen   > (int)sizeof(cfb->pad)) {
      return CRYPT_INVALID_ARG;
   }
   while (len-- > 0) {
       if (cfb->padlen == cfb->blocklen) {
          cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->pad, cfb->IV, &cfb->key);
--- a/11
+++ b/11
@ -1,3 +1,14 @@
 Mar 15th, 2003
 v0.82  -- Manual updated
       -- Added MSVC makefile [back, actually its written from scratch to work with NMAKE]
       -- Change to HMAC helper functions API to avoid buffer overflow [source changes]
       -- the rsa_encrypt_key was supposed to reject key sizes out of bounds ... 
          same fix to the rsa_sign_hash 
       -- Added code to ensure that that chaining mode code (cfb/ofb/ctr/cbc) have valid
          structures when being called.  E.g. the indexes to the pad/ivs are not out of bounds
       -- Cleaned up the DES code and simplified the core desfunc routine.
       -- Simplified one of the boolean functions in MD4
 Jan 16th, 2003
 v0.81  -- Merged in new makefile from Clay Culver and Mike Frysinger
       -- Sped up the ECC mulmod() routine by making the word size adapt to the input.  Saves a whopping 9 point
--- a/config.pl.README
+++ b/config.pl.README
@ -1,18 +0,0 @@
 How to use the config.pl script
 -------------------------------
 The configuration script "config.pl" is very simple to use.  It is designed to prompt the user for
 all the valid libtomcrypt build options then make "makefile.out" and "mycrypt_custom.h".  In order to
 run the script you need Perl installed.
 After running the script you can build the library two ways.
 1) Use the makefile.out it generates.  Simply type "make -f makefile.out" to build the library.
 2) Add the libtomcrypt source files to your project.  You have to make sure HAVE_CUSTOM is defined when you
 build the source files.  You have to copy "mycrypt_custom.h" into the your projects include path.
 You should copy the library and header files to their respective global search paths.
 To use the library with this system you need only include "mycrypt_custom.h" in your application.  It will
 include the required header files.
--- a/crypt.pdf
+++ b/crypt.pdf
--- a/crypt.tex
+++ b/crypt.tex
@ -1,6 +1,10 @@
 \documentclass{book}
 \usepackage{makeidx}
 \usepackage{amssymb}
 \usepackage{color}
 \usepackage{alltt}
 \usepackage{graphicx}
 \usepackage{layout}
 \def\union{\cup}
 \def\intersect{\cap}
 \def\getsrandom{\stackrel{\rm R}{\gets}}
@ -44,12 +48,12 @@
 \def\gap{\vspace{0.5ex}}
 \makeindex
 \begin{document}
-\title{A Tiny Crypto Library, \\ LibTomCrypt \\ Version 0.80}
+\title{A Tiny Crypto Library, \\ LibTomCrypt \\ Version 0.82}
 \author{Tom St Denis \\
 Algonquin College \\
 \\
-tomstdenis@yahoo.com \\
+tomstdenis@iahu.ca \\
-http://libtomcrypt.iahu.ca \\ \\
+http://libtomcrypt.org \\ \\
 Phone: 1-613-836-3160\\
 111 Banning Rd \\
 Kanata, Ontario \\
@ -66,10 +70,14 @@ pseudo-random number generators, public key cryptography (via RSA,DH or ECC/DH)
 routines.  It is designed to compile out of the box with the GNU C Compiler (GCC) version 2.95.3 (and higher) 
 and with MSVC version 6 in win32.
 The library has been successfully tested on quite a few other platforms ranging from the ARM7TDMI in a 
 Gameboy Advanced to various PowerPC processors and even the MIPS processor in the PlayStation 2.  Suffice it
 to say the code is portable.
 The library is designed so new ciphers/hashes/PRNGs can be added at runtime and the existing API (and helper API functions) will 
 be able to use the new designs automatically.  There exist self-check functions for each cipher and hash to ensure that
 they compile and execute to the published design specifications.  The library also performs extensive parameter error checking
-and will give verbose error messages.
+and will give verbose error messages when possible.
 Essentially the library saves the time of having to implement the ciphers, hashes, prngs yourself.  Typically implementing
 useful cryptography is an error prone business which means anything that can save considerable time and effort is a good
@ -89,11 +97,11 @@ number theory and cryptography.
 \subsection{What the library IS NOT for?}
-The library is not designed to be in anyway an implementation of the SSL, PKCS or OpenPGP standards.  The library is not 
+The library is not designed to be in anyway an implementation of the SSL, PKCS, P1363 or OpenPGP standards.  The library 
-designed  to be compliant with any known form of API or programming hierarchy.  It is not a port of any other 
+is not designed to be compliant with any known form of API or programming hierarchy.  It is not a port of any other 
 library and it is not platform specific (like the MS CSP).  So if you're looking to drop in some buzzword 
-compliant crypto this library is not for you.  The library has been written from scratch to provide basic 
+compliant crypto library this is not for you.  The library has been written from scratch to provide basic functions as 
-functions as well as non-standard higher level functions.  
+well as non-standard higher level functions.  
 This is not to say that the library is a ``homebrew'' project.  All of the symmetric ciphers and one-way hash functions
 conform to published test vectors.  The public key functions are derived from publicly available material and the majority
@ -101,8 +109,11 @@ of the code has been reviewed by a growing community of developers.
 \subsubsection{Why not?}
 You may be asking why I didn't choose to go all out and support standards like P1363, PKCS and the whole lot.  The reason
-is quite simple too much money gets in the way.  I just recently tried to access the P1363 draft documents and was denied (it 
+is quite simple too much money gets in the way.  When I tried to access the P1363 draft documents and was denied (it 
-requires a password).  If people are supposed to support these standards they had better make them more accessible.
+requires a password) I realized that they're just a business anyways.  See what happens is a company will sit down and
 invent a ``standard''.  Then they try to sell it to as many people as they can.  All of a sudden this ``standard'' is 
 everywhere.  Then the standard is updated every so often to keep people dependent.  Then you become RSA.  If people are 
 supposed to support these standards they had better make them more accessible.
 \section{Why did I write it?}
 You may be wondering, ``Tom, why did you write a crypto library.  I already have one.''.  Well the reason falls into
@ -122,6 +133,29 @@ know how to use Safer+ or RC6 or Serpent or ... as well.  With all of the core f
 that can be used to make a program automatically pick between ciphers, hashes and PRNGs at runtime.  That means your 
 application can support all ciphers/hashes/prngs without changing the source code.
 \subsection{Modular}
 The LibTomCrypt package has also been written to be very modular.  The block ciphers, one-way hashes and
 pseudo-random number generators (PRNG) are all used within the API through ``descriptor'' tables which 
 are essentially structures with pointers to functions.  While you can still call particular functions
 directly (\textit{e.g. sha256\_process()}) this descriptor interface allows the developer to customize their
 usage of the library.
 For example, consider a hardware platform with a specialized RNG device.  Obviously one would like to tap
 that for the PRNG needs within the library (\textit{e.g. making a RSA key}).  All the developer has todo
 is write a descriptor and the few support routines required for the device.  After that the rest of the 
 API can make use of it without change.  Similiarly imagine a few years down the road when AES2 (\textit{or whatever they call it}) is
 invented.  It can be added to the library and used within applications with zero modifications to the
 end applications provided they are written properly.
 This flexibility within the library means it can be used with any combination of primitive algorithms and 
 unlike libraries like OpenSSL is not tied to direct routines.  For instance, in OpenSSL there are CBC block
 mode routines for every single cipher.  That means every time you add or remove a cipher from the library
 you have to update the associated support code as well.  In LibTomCrypt the associated code (\textit{chaining modes in this case})
 are not directly tied to the ciphers.  That is a new cipher can be added to the library by simply providing 
 the key setup, ECB decrypt and encrypt and test vector routines.  After that all five chaining mode routines
 can make use of the cipher right away.
 \section{License}
 All of the source code except for the following files have been written by the author or donated to the project
@ -129,21 +163,24 @@ under the TDCAL license:
 \begin{enumerate}
   \item aes.c
   \item mpi.c
   \item rc2.c
   \item serpent.c
   \item safer.c
 \end{enumerate}
 ``aes.c'' and ``serpent.c'' were written by Brian Gladman (gladman@seven77.demon.co.uk).  They are copyrighted works
-but were both granted unrestricted usage in any project (commercial or otherwise).  ``mpi.c'' was written by Michael 
+but were both granted unrestricted usage in any project (commercial or otherwise).  ``mpi.c'' was originally written 
-Fromberger (sting@linguist.dartmouth.edu).  Similarly it is copyrighted work but is free for all purposes.  
+by Michael Fromberger (sting@linguist.dartmouth.edu) but has since been replaced with my LibTomMath library.  
 ``rc2.c'' is based on publicly available code that is not attributed to a person from the given source.  ``safer.c'' 
 was written by Richard De Moliner (demoliner@isi.ee.ethz.ch) and is public domain.
 The rest of the code was written either by Tom St Denis or contributed to the project under the ``Tom Doesn't Care
 About Licenses'' (TDCAL) license.  Essentially this license grants the user unlimited distribution and usage (including
-commercial usage).  I assume no risk from usage of the code nor do I guarantee it works as desired or stated.  
+commercial usage).  This means that you can use the package, you can re-distribute the package and even branch it.  I 
 still retain ownership over the name of the package.  If you want to branch the project you can use the code as a base
 but you must change the name.  The package is also royalty free which means you can use it in commercial products 
 without compensation towards the author.  I assume no risk from usage of the code nor do I guarantee it works as 
 desired or stated.  
 \section{Patent Disclosure}
@ -163,19 +200,16 @@ file ``libtomcrypt.a''.
 To install the library copy all of the ``.h'' files into your ``\#include'' path and the single libtomcrypt.a file into 
 your library path.
-With MSVC you can build the library with ``make -f makefile.vc''.  You must use GNU make to build it even with MSVC
+With MSVC you can build the library with ``nmake -f makefile.msvc''.  This will produce a ``tomcrypt.lib'' file which
-due to the limitations of the MS MAKE.
+is the core library.  Copy the header files into your MSVC include path and the library in the lib path (typically
 under where VC98 is installed).
 \section{Building against the library}
-To build an application against the library you obviously must first compile the library.  However, an important 
+In the recent versions the build steps have changed.  The build options are now stored in ``mycrypt\_custom.h'' and
-step is that the build options you use to build the library must be present when you build your application.  For 
+no longer in the makefile.  If you change a build option in that file you must re-build the library from clean to
-instance if ``RC5'' is defined in the makefile when you built the library then you must ensure ``RC5'' is defined when
+ensure the build is intact.  The perl script ``config.pl'' will help setup the custom header and a custom makefile
-you build your application.
+if you want one (the provided ``makefile'' will work with custom configs).
 The simplest way to work with this library is to take the makefile provided and simply add on your project to it as a 
 target (dependent on the library).  That way you can be assured that the library and your application are in sync with
 the build options you provide.
 \section{Thanks}
 I would like to give thanks to the following people (in no particular order) for helping me develop this project:
@ -806,7 +840,7 @@ int main(void)
    /* add the message */
    md5_process(&md, in, strlen(in));
-    /* get the hash */
+    /* get the hash in out[0..15] */
    md5_done(&md, out);
    return 0;
@ -898,11 +932,12 @@ int hash_filehandle(int hash, FILE *in,
                    unsigned char *dst, unsigned long *outlen);
 \end{verbatim}
-Both functions return {\bf CRYPT\_OK} on success, otherwise they return an error code.  The ``hash'' parameter is
+All three functions return {\bf CRYPT\_OK} on success, otherwise they return an error code.  The ``hash'' parameter is
 the location in the descriptor table of the hash.  The ``*outlen'' variable is used to keep track of the output size.  You
 must set it to the size of your output buffer before calling the functions.  When they complete succesfully they store
-the length of the message digest back in it.  The functions are otherwise straightforward.  The ``hash\_filehandle'' function
+the length of the message digest back in it.  The functions are otherwise straightforward.  The ``hash\_filehandle'' 
-assumes that ``in'' is an file handle opened in binary mode.  It will not reset the file position after hashing the content.
+function assumes that ``in'' is an file handle opened in binary mode.  It will not reset the file position after 
 hashing the content.
 To perform the above hash with md5 the following code could be used:
 \begin{small}
@ -992,23 +1027,29 @@ are finished with the HMAC process you must call the following function to get t
 int  hmac_done(hmac_state *hmac, unsigned char *hash);
 \end{verbatim}
 ``hmac'' is the HMAC state you are working with.  ``hash'' is the array of octets where the HMAC code should be stored.  You
-must ensure that your destination array is the right size (or just make it of size MAXBLOCKSIZE to be sure).  There are 
+must ensure that your destination array is the right size (or just make it of size MAXBLOCKSIZE to be sure).  
-two  utility functions provided to make using HMACs easier todo.
+
 There are two  utility functions provided to make using HMACs easier todo.  They accept the key and information about the
 message (file pointer, address in memory) and produce the HMAC result in one shot.  These are useful if you want to avoid
 calling the three step process yourself.
 \begin{verbatim}
 int hmac_memory(int hash, const unsigned char *key, unsigned long keylen,
                const unsigned char *data, unsigned long len, 
-                unsigned char *dst);
+                unsigned char *dst, unsigned long *dstlen);
 \end{verbatim}
-This will produce an HMAC code for the array of octets in ``data'' of length ``len''.  The index into the hash descriptor table must be provided in ``hash'' 
+This will produce an HMAC code for the array of octets in ``data'' of length ``len''.  The index into the hash descriptor 
-It uses the key from ``key'' with a key length of ``keylen''.  The result is stored in the array of octets``dst''.  
+table must be provided in ``hash'' it uses the key from ``key'' with a key length of ``keylen''.  
-Similarly for files there is the following function:
+The result is stored in the array of octets ``dst'' and the length in ``dstlen''.  Similarly for files there is the 
 following function:
 \begin{verbatim}
 int hmac_file(int hash, const char *fname, const unsigned char *key,
-              unsigned long keylen, unsigned char *dst);
+              unsigned long keylen, 
              unsigned char *dst, unsigned long *dstlen);
 \end{verbatim}
 ``hash'' is the index into the hash descriptor table of the hash you want to use.  ``fname'' is the filename to process.  ``key''
-is the array of octets to use as the key.  ``keylen'' is the length of the key.  ``dst'' is the array of octets where the result
+is the array of octets to use as the key.  ``keylen'' is the length of the key.  ``dst'' is the array of octets where the 
-should be stored.
+result should be stored.
 To test if the HMAC code is working there is the following function:
 \begin{verbatim}
@ -2046,12 +2087,12 @@ int base64_decode(const unsigned char *in, unsigned long len,
 \end{verbatim}
 \section{The Multiple Precision Integer Library (MPI)}
-The library comes with a copy of Michael Fromberger's\footnote{Michael J. Fromberger, sting@linguist.Thayer.dartmouth.edu} multiple
+The library comes with a copy of LibTomMath  which is a multiple precision integer library written by the
-precision integer library MPI.  MPI is a trivial to use ANSI C compatible large integer library.  It is free for all uses and
+author of LibTomCrypt.  LibTomMath is a trivial to use ANSI C compatible large integer library which is free 
-is distributed freely.
+for all uses and is distributed freely.
-At the heart of all MPI functions is the data type ``mp\_int'' (defined in mpi.h).  This data type is what will hold all large
+At the heart of all the functions is the data type ``mp\_int'' (defined in tommath.h).  This data type is what 
-integers.  In order to use an mp\_int one must initialize it first, for example:
+will hold all large integers.  In order to use an mp\_int one must initialize it first, for example:
 \begin{verbatim}
 #include <mycrypt.h> /* mycrypt.h includes mpi.h automatically */
 int main(void)
@ -2065,31 +2106,28 @@ int main(void)
 }
 \end{verbatim}
 If you are unfamiliar with the syntax of C the \& symbol is used to pass the address of ``bignum'' to the function.  All
-MPI functions require the address of the parameters.  To free the memory of a mp\_int use (for example):
+LibTomMath functions require the address of the parameters.  To free the memory of a mp\_int use (for example):
 \begin{verbatim}
 mp_clear(&bignum);
 \end{verbatim}
-All MPI functions have the basic form of one of the following:
+The functions also have the basic form of one of the following:
 \begin{verbatim}
 mp_XXX(mp_int *a);
 mp_XXX(mp_int *a, mp_int *b, mp_int *c);
 mp_XXX(mp_int *a, mp_int *b, mp_int *c, mp_int *d);
 \end{verbatim}
-Where they perform some operation and store the result in the mp\_int variable passed on the far right.  For example, to
+Where they perform some operation and store the result in the mp\_int variable passed on the far right.  
-compute $c = a + b \mbox{ }(\mbox{mod }m)$ you would call:
+For example, to compute $c = a + b \mbox{ }(\mbox{mod }m)$ you would call:
 \begin{verbatim}
 mp_addmod(&a, &b, &m, &c);
 \end{verbatim}
 The simplest way to get a complete listing of all MPI functions is to open ``mpi.h'' and look.  They're all fairly 
 well documented.
 \subsection{Binary Forms of ``mp\_int'' Variables}
-Often it is required to store a ``mp\_int'' in binary form for transport (e.g. exporting a key, packet encryption, etc.).
+Often it is required to store a ``mp\_int'' in binary form for transport (e.g. exporting a key, packet 
-MPI includes two functions to help when exporting numbers:
+encryption, etc.).  LibTomMath includes two functions to help when exporting numbers:
 \begin{verbatim}
 int mp_raw_size(mp_int *num);
 mp_toraw(&num, buf);
@ -2135,9 +2173,8 @@ will not be able to sign or decrypt messages at all.  Suppose $p$ was prime and
 the multi-prime RSA.  Suppose $q = rs$ for two primes $r$ and $s$ then $\phi(pq) = (p - 1)(r - 1)(s - 1)$ which clearly is 
 not equal to $(p - 1)(rs - 1)$.
-These are not technically part of the MPI
+These are not technically part of the LibTomMath library but this is the best place to document them.  
-library\footnote{As written by Michael Fromberger} but this is the best place to document them.  To test if a ``mp\_int'' is
+To test if a ``mp\_int'' is prime call:
 prime call:
 \begin{verbatim}
 int is_prime(mp_int *N, int *result);
 \end{verbatim}
@ -2279,8 +2316,8 @@ or define ENDIAN\_64BITWORD when its 64-bits.  If you do not define any of them
 which will work on all platforms.  Currently the system will automatically detect GCC or MSVC on a windows platform as well
 as GCC on a PS2 platform.
-\section{The makefile}
+\section{The Configure Script}
-There are also options you can specify from the makefiles themselves.  
+There are also options you can specify from the configure script or ``mycrypt\_config.h''.  
 \subsubsection{X memory routines}
 The makefiles must define three macros denoted as XMALLOC, XCALLOC and XFREE which resolve to the name of the respective
--- a/ctr.c
+++ b/ctr.c
@ -44,6 +44,12 @@ int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
       return err;
   }
   /* is blocklen/padlen valid? */
   if (ctr->blocklen < 0 || ctr->blocklen > (int)sizeof(ctr->ctr) ||
       ctr->padlen   < 0 || ctr->padlen   > (int)sizeof(ctr->pad)) {
      return CRYPT_INVALID_ARG;
   }
   while (len-- > 0) {
      /* is the pad empty? */
      if (ctr->padlen == ctr->blocklen) {
--- a/demos/hashsum.c
+++ b/demos/hashsum.c
@ -7,7 +7,7 @@
 * more functions ;)
 */
-#include <mycrypt.h>
+#include <mycrypt_custom.h>
 int errno;
--- a/demos/test.c
+++ b/demos/test.c
@ -7,9 +7,9 @@ out the functionality of the library */
 #include "timer.h"
 #endif
-#include "../mycrypt.h"
+#include <mycrypt.h>
-int     errno;
+int     errnum;
 int
@ -128,8 +128,8 @@ ecb_tests (void)
  printf ("ECB tests\n");
  for (x = 0; cipher_descriptor[x].name != NULL; x++) {
    printf (" %12s: ", cipher_descriptor[x].name);
-    if ((errno = cipher_descriptor[x].test ()) != CRYPT_OK) {
+    if ((errnum = cipher_descriptor[x].test ()) != CRYPT_OK) {
-      printf (" **failed** Reason: %s\n", error_to_string (errno));
+      printf (" **failed** Reason: %s\n", error_to_string (errnum));
      exit (-1);
    } else {
      printf ("passed\n");
@ -154,17 +154,17 @@ cbc_tests (void)
    blk[x] = IV[x] = x;
  /* now lets start a cbc session */
-  if ((errno =
+  if ((errnum =
       cbc_start (find_cipher ("blowfish"), IV, key, 16, 0,
 		  &cbc)) != CRYPT_OK) {
-    printf ("CBC Setup: %s\n", error_to_string (errno));
+    printf ("CBC Setup: %s\n", error_to_string (errnum));
    exit (-1);
  }
  /* now lets encode 32 bytes */
  for (x = 0; x < 4; x++) {
-    if ((errno = cbc_encrypt (blk + 8 * x, ct + 8 * x, &cbc)) != CRYPT_OK) {
+    if ((errnum = cbc_encrypt (blk + 8 * x, ct + 8 * x, &cbc)) != CRYPT_OK) {
-      printf ("CBC encrypt: %s\n", error_to_string (errno));
+      printf ("CBC encrypt: %s\n", error_to_string (errnum));
      exit (-1);
    }
  }
@ -177,17 +177,17 @@ cbc_tests (void)
    IV[x] = x;
  /* now lets start a cbc session */
-  if ((errno =
+  if ((errnum =
       cbc_start (find_cipher ("blowfish"), IV, key, 16, 0,
 		  &cbc)) != CRYPT_OK) {
-    printf ("CBC Setup: %s\n", error_to_string (errno));
+    printf ("CBC Setup: %s\n", error_to_string (errnum));
    exit (-1);
  }
  /* now lets decode 32 bytes */
  for (x = 0; x < 4; x++) {
-    if ((errno = cbc_decrypt (ct + 8 * x, blk + 8 * x, &cbc)) != CRYPT_OK) {
+    if ((errnum = cbc_decrypt (ct + 8 * x, blk + 8 * x, &cbc)) != CRYPT_OK) {
-      printf ("CBC decrypt: %s\n", error_to_string (errno));
+      printf ("CBC decrypt: %s\n", error_to_string (errnum));
      exit (-1);
    }
  }
@ -240,16 +240,16 @@ ofb_tests (void)
    blk[x] = IV[x] = x;
  /* now lets start a ofb session */
-  if ((errno =
+  if ((errnum =
       ofb_start (find_cipher ("cast5"), IV, key, 16, 0, &ofb)) != CRYPT_OK) {
-    printf ("OFB Setup: %s\n", error_to_string (errno));
+    printf ("OFB Setup: %s\n", error_to_string (errnum));
    exit (-1);
  }
  /* now lets encode 32 bytes */
  for (x = 0; x < 4; x++) {
-    if ((errno = ofb_encrypt (blk + 8 * x, ct + 8 * x, 8, &ofb)) != CRYPT_OK) {
+    if ((errnum = ofb_encrypt (blk + 8 * x, ct + 8 * x, 8, &ofb)) != CRYPT_OK) {
-      printf ("OFB encrypt: %s\n", error_to_string (errno));
+      printf ("OFB encrypt: %s\n", error_to_string (errnum));
      exit (-1);
    }
  }
@ -262,16 +262,16 @@ ofb_tests (void)
    IV[x] = x;
  /* now lets start a ofb session */
-  if ((errno =
+  if ((errnum =
       ofb_start (find_cipher ("cast5"), IV, key, 16, 0, &ofb)) != CRYPT_OK) {
-    printf ("OFB setup: %s\n", error_to_string (errno));
+    printf ("OFB setup: %s\n", error_to_string (errnum));
    exit (-1);
  }
  /* now lets decode 32 bytes */
  for (x = 0; x < 4; x++) {
-    if ((errno = ofb_decrypt (ct + 8 * x, blk + 8 * x, 8, &ofb)) != CRYPT_OK) {
+    if ((errnum = ofb_decrypt (ct + 8 * x, blk + 8 * x, 8, &ofb)) != CRYPT_OK) {
-      printf ("OFB decrypt: %s\n", error_to_string (errno));
+      printf ("OFB decrypt: %s\n", error_to_string (errnum));
      exit (-1);
    }
  }
@ -307,17 +307,17 @@ cfb_tests (void)
    blk[x] = IV[x] = x;
  /* now lets start a cfb session */
-  if ((errno =
+  if ((errnum =
       cfb_start (find_cipher ("blowfish"), IV, key, 16, 0,
 		  &cfb)) != CRYPT_OK) {
-    printf ("CFB setup: %s\n", error_to_string (errno));
+    printf ("CFB setup: %s\n", error_to_string (errnum));
    exit (-1);
  }
  /* now lets encode 32 bytes */
  for (x = 0; x < 4; x++) {
-    if ((errno = cfb_encrypt (blk + 8 * x, ct + 8 * x, 8, &cfb)) != CRYPT_OK) {
+    if ((errnum = cfb_encrypt (blk + 8 * x, ct + 8 * x, 8, &cfb)) != CRYPT_OK) {
-      printf ("CFB encrypt: %s\n", error_to_string (errno));
+      printf ("CFB encrypt: %s\n", error_to_string (errnum));
      exit (-1);
    }
  }
@ -330,17 +330,17 @@ cfb_tests (void)
    IV[x] = x;
  /* now lets start a cfb session */
-  if ((errno =
+  if ((errnum =
       cfb_start (find_cipher ("blowfish"), IV, key, 16, 0,
 		  &cfb)) != CRYPT_OK) {
-    printf ("CFB Setup: %s\n", error_to_string (errno));
+    printf ("CFB Setup: %s\n", error_to_string (errnum));
    exit (-1);
  }
  /* now lets decode 32 bytes */
  for (x = 0; x < 4; x++) {
-    if ((errno = cfb_decrypt (ct + 8 * x, blk + 8 * x, 8, &cfb)) != CRYPT_OK) {
+    if ((errnum = cfb_decrypt (ct + 8 * x, blk + 8 * x, 8, &cfb)) != CRYPT_OK) {
-      printf ("CFB decrypt: %s\n", error_to_string (errno));
+      printf ("CFB decrypt: %s\n", error_to_string (errnum));
      exit (-1);
    }
  }
@ -378,17 +378,17 @@ ctr_tests (void)
    blk[x] = count[x] = x;
  /* now lets start a ctr session */
-  if ((errno =
+  if ((errnum =
       ctr_start (find_cipher ("xtea"), count, key, 16, 0,
 		  &ctr)) != CRYPT_OK) {
-    printf ("CTR Setup: %s\n", error_to_string (errno));
+    printf ("CTR Setup: %s\n", error_to_string (errnum));
    exit (-1);
  }
  /* now lets encode 32 bytes */
  for (x = 0; x < 4; x++) {
-    if ((errno = ctr_encrypt (blk + 8 * x, ct + 8 * x, 8, &ctr)) != CRYPT_OK) {
+    if ((errnum = ctr_encrypt (blk + 8 * x, ct + 8 * x, 8, &ctr)) != CRYPT_OK) {
-      printf ("CTR encrypt: %s\n", error_to_string (errno));
+      printf ("CTR encrypt: %s\n", error_to_string (errnum));
      exit (-1);
    }
  }
@ -401,17 +401,17 @@ ctr_tests (void)
    count[x] = x;
  /* now lets start a cbc session */
-  if ((errno =
+  if ((errnum =
       ctr_start (find_cipher ("xtea"), count, key, 16, 0,
 		  &ctr)) != CRYPT_OK) {
-    printf ("CTR Setup: %s\n", error_to_string (errno));
+    printf ("CTR Setup: %s\n", error_to_string (errnum));
    exit (-1);
  }
  /* now lets decode 32 bytes */
  for (x = 0; x < 4; x++) {
-    if ((errno = ctr_decrypt (ct + 8 * x, blk + 8 * x, 8, &ctr)) != CRYPT_OK) {
+    if ((errnum = ctr_decrypt (ct + 8 * x, blk + 8 * x, 8, &ctr)) != CRYPT_OK) {
-      printf ("CTR decrypt: %s\n", error_to_string (errno));
+      printf ("CTR decrypt: %s\n", error_to_string (errnum));
      exit (-1);
    }
  }
@ -457,10 +457,12 @@ hash_tests (void)
  printf ("Hash tests\n");
  for (x = 0; hash_descriptor[x].name != NULL; x++) {
    printf (" %10s (%2d) ", hash_descriptor[x].name, hash_descriptor[x].ID);
-    if ((errno = hash_descriptor[x].test ()) != CRYPT_OK)
+    if ((errnum = hash_descriptor[x].test ()) != CRYPT_OK) {
-      printf ("**failed** Reason: %s\n", error_to_string (errno));
+      printf ("**failed** Reason: %s\n", error_to_string (errnum));
-    else
+      exit(-1);
    } else {
      printf ("passed\n");
    }
  }
 }
@ -477,17 +479,17 @@ pad_test (void)
  /* pad the message so that random filler is placed before and after it */
  y = 100;
-  if ((errno =
+  if ((errnum =
       rsa_pad (in, 16, out, &y, find_prng ("yarrow"), &prng)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  /* depad the message to get the original content */
  memset (in, 0, sizeof (in));
  x = 100;
-  if ((errno = rsa_depad (out, y, in, &x)) != CRYPT_OK) {
+  if ((errnum = rsa_depad (out, y, in, &x)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
@ -516,25 +518,25 @@ rsa_test (void)
  /* ---- SINGLE ENCRYPT ---- */
  /* encrypt a short 8 byte string */
-  if ((errno =
+  if ((errnum =
       rsa_make_key (&prng, find_prng ("yarrow"), 1024 / 8, 65537,
 		     &key)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  for (x = 0; x < 8; x++)
    in[x] = (unsigned char) (x + 1);
  y = sizeof (in);
-  if ((errno = rsa_exptmod (in, 8, out, &y, PK_PUBLIC, &key)) != CRYPT_OK) {
+  if ((errnum = rsa_exptmod (in, 8, out, &y, PK_PUBLIC, &key)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  /* decrypt it */
  zeromem (in, sizeof (in));
  x = sizeof (out);
-  if ((errno = rsa_exptmod (out, y, in, &x, PK_PRIVATE, &key)) != CRYPT_OK) {
+  if ((errnum = rsa_exptmod (out, y, in, &x, PK_PRIVATE, &key)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
@ -551,16 +553,16 @@ rsa_test (void)
  for (x = 0; x < 16; x++)
    in[x] = x;
  y = sizeof (out);
-  if ((errno =
+  if ((errnum =
       rsa_encrypt_key (in, 16, out, &y, &prng, find_prng ("yarrow"),
 			&key)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  zeromem (in, sizeof (in));
  x = sizeof (in);
-  if ((errno = rsa_decrypt_key (out, y, in, &x, &key)) != CRYPT_OK) {
+  if ((errnum = rsa_decrypt_key (out, y, in, &x, &key)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  printf ("RSA en/de crypt key routines: ");
@ -579,19 +581,19 @@ rsa_test (void)
  for (x = 0; x < 16; x++)
    in[x] = x;
  x = sizeof (in);
-  if ((errno = rsa_sign_hash (in, 16, out, &x, &key)) != CRYPT_OK) {
+  if ((errnum = rsa_sign_hash (in, 16, out, &x, &key)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  printf ("RSA signed hash: %lu bytes\n", x);
-  if ((errno = rsa_verify_hash (out, x, in, &stat, &key)) != CRYPT_OK) {
+  if ((errnum = rsa_verify_hash (out, x, in, &stat, &key)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  printf ("Verify hash: %s, ", stat ? "passed" : "failed");
  in[0] ^= 1;
-  if ((errno = rsa_verify_hash (out, x, in, &stat, &key)) != CRYPT_OK) {
+  if ((errnum = rsa_verify_hash (out, x, in, &stat, &key)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  printf ("%s\n", (!stat) ? "passed" : "failed");
@ -612,10 +614,10 @@ rsa_test (void)
    for (z = 1024; z <= limit; z += 512) {
      t = XCLOCK ();
      for (tt = 0; tt < 3; tt++) {
-	if ((errno =
+	if ((errnum =
 	     rsa_make_key (&prng, find_prng ("yarrow"), z / 8, 65537,
 			   &key)) != CRYPT_OK) {
-	  printf ("Error: %s\n", error_to_string (errno));
+	  printf ("Error: %s\n", error_to_string (errnum));
 	  exit (-1);
 	}
 	if (tt < 2)
@ -630,9 +632,9 @@ rsa_test (void)
      for (tt = 0; tt < 100; tt++) {
 	y = sizeof (in);
-	if ((errno =
+	if ((errnum =
 	     rsa_exptmod (in, 8, out, &y, PK_PUBLIC, &key)) != CRYPT_OK) {
-	  printf ("Error: %s\n", error_to_string (errno));
+	  printf ("Error: %s\n", error_to_string (errnum));
 	  exit (-1);
 	}
      }
@ -644,9 +646,9 @@ rsa_test (void)
      t = XCLOCK ();
      for (tt = 0; tt < 100; tt++) {
 	x = sizeof (out);
-	if ((errno =
+	if ((errnum =
 	     rsa_exptmod (out, y, in, &x, PK_PRIVATE, &key)) != CRYPT_OK) {
-	  printf ("Error: %s\n", error_to_string (errno));
+	  printf ("Error: %s\n", error_to_string (errnum));
 	  exit (-1);
 	}
      }
@ -688,14 +690,14 @@ base64_test (void)
  x = 100;
  if (base64_encode (buf[0], 16, buf[1], &x) != CRYPT_OK) {
-    printf ("  error: %s\n", error_to_string (errno));
+    printf ("  error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  printf ("  encoded 16 bytes to %ld bytes...[%s]\n", x, buf[1]);
  memset (buf[0], 0, 100);
  y = 100;
  if (base64_decode (buf[1], x, buf[0], &y) != CRYPT_OK) {
-    printf ("  error: %s\n", error_to_string (errno));
+    printf ("  error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  printf ("  decoded %ld bytes to %ld bytes\n", x, y);
@ -726,7 +728,7 @@ time_hash (void)
    t1 = XCLOCK ();
    z = sizeof (out);
    y = 0;
-    while (XCLOCK () - t1 < (3 * XCLOCKS_PER_SEC)) {
+    while (XCLOCK () - t1 < (5 * XCLOCKS_PER_SEC)) {
      hash_memory (x, input, 4096, out, &z);
      hash_memory (x, input, 4096, out, &z);
      hash_memory (x, input, 4096, out, &z);
@ -743,7 +745,23 @@ time_hash (void)
      hash_memory (x, input, 4096, out, &z);
      hash_memory (x, input, 4096, out, &z);
      hash_memory (x, input, 4096, out, &z);
-      y += 16;
+      hash_memory (x, input, 4096, out, &z);
      hash_memory (x, input, 4096, out, &z);
      hash_memory (x, input, 4096, out, &z);
      hash_memory (x, input, 4096, out, &z);
      hash_memory (x, input, 4096, out, &z);
      hash_memory (x, input, 4096, out, &z);
      hash_memory (x, input, 4096, out, &z);
      hash_memory (x, input, 4096, out, &z);
      hash_memory (x, input, 4096, out, &z);
      hash_memory (x, input, 4096, out, &z);
      hash_memory (x, input, 4096, out, &z);
      hash_memory (x, input, 4096, out, &z);
      hash_memory (x, input, 4096, out, &z);
      hash_memory (x, input, 4096, out, &z);
      hash_memory (x, input, 4096, out, &z);
      hash_memory (x, input, 4096, out, &z);
      y += 32;
    }
    t1 = XCLOCK () - t1;
    printf ("%-20s: Hash at %5.2f Mbit/sec\n", hash_descriptor[x].name,
@ -825,33 +843,33 @@ dh_tests (void)
  dh_key  usera, userb;
  clock_t t1;
-/*   if ((errno = dh_test()) != CRYPT_OK) printf("DH Error: %s\n", error_to_string(errno)); */
+/*   if ((errnum = dh_test()) != CRYPT_OK) printf("DH Error: %s\n", error_to_string(errnum)); */
  dh_sizes (&low, &high);
  printf ("DH Keys from %d to %d supported.\n", low * 8, high * 8);
  /* make up two keys */
-  if ((errno =
+  if ((errnum =
       dh_make_key (&prng, find_prng ("yarrow"), 96, &usera)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
-  if ((errno =
+  if ((errnum =
       dh_make_key (&prng, find_prng ("yarrow"), 96, &userb)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  /* make the shared secret */
  x = 4096;
-  if ((errno = dh_shared_secret (&usera, &userb, buf[0], &x)) != CRYPT_OK) {
+  if ((errnum = dh_shared_secret (&usera, &userb, buf[0], &x)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  y = 4096;
-  if ((errno = dh_shared_secret (&userb, &usera, buf[1], &y)) != CRYPT_OK) {
+  if ((errnum = dh_shared_secret (&userb, &usera, buf[1], &y)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  if (y != x) {
@ -865,20 +883,20 @@ dh_tests (void)
  /* now export userb */
  y = 4096;
-  if ((errno = dh_export (buf[1], &y, PK_PUBLIC, &userb)) != CRYPT_OK) {
+  if ((errnum = dh_export (buf[1], &y, PK_PUBLIC, &userb)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  dh_free (&userb);
  /* import and make the shared secret again */
-  if ((errno = dh_import (buf[1], y, &userb)) != CRYPT_OK) {
+  if ((errnum = dh_import (buf[1], y, &userb)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  z = 4096;
-  if ((errno = dh_shared_secret (&usera, &userb, buf[2], &z)) != CRYPT_OK) {
+  if ((errnum = dh_shared_secret (&usera, &userb, buf[2], &z)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
@ -902,13 +920,13 @@ dh_tests (void)
    for (ii = 0; ii < (int) (sizeof (sizes) / sizeof (sizes[0])); ii++) {
      t1 = XCLOCK ();
-      for (tt = 0; tt < 50; tt++) {
+      for (tt = 0; tt < 5; tt++) {
 	dh_make_key (&prng, find_prng ("yarrow"), sizes[ii], &usera);
 	dh_free (&usera);
      }
      t1 = XCLOCK () - t1;
      printf ("Make dh-%d key took %f msec\n", sizes[ii] * 8,
-	      1000.0 * (((double) t1 / 50.0) / (double) XCLOCKS_PER_SEC));
+	      1000.0 * (((double) t1 / 5.0) / (double) XCLOCKS_PER_SEC));
    }
  }
@ -917,16 +935,16 @@ dh_tests (void)
  for (x = 0; x < 16; x++)
    buf[0][x] = x;
  y = sizeof (buf[1]);
-  if ((errno =
+  if ((errnum =
       dh_encrypt_key (buf[0], 16, buf[1], &y, &prng, find_prng ("yarrow"),
 		       find_hash ("md5"), &usera)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  zeromem (buf[0], sizeof (buf[0]));
  x = sizeof (buf[0]);
-  if ((errno = dh_decrypt_key (buf[1], y, buf[0], &x, &usera)) != CRYPT_OK) {
+  if ((errnum = dh_decrypt_key (buf[1], y, buf[0], &x, &usera)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  printf ("DH en/de crypt key routines: ");
@ -945,19 +963,19 @@ dh_tests (void)
  for (x = 0; x < 16; x++)
    buf[0][x] = x;
  x = sizeof (buf[1]);
-  if ((errno =
+  if ((errnum =
       dh_sign_hash (buf[0], 16, buf[1], &x, &prng, find_prng ("yarrow"),
 		     &usera)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  if (dh_verify_hash (buf[1], x, buf[0], 16, &stat, &usera)) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  buf[0][0] ^= 1;
  if (dh_verify_hash (buf[1], x, buf[0], 16, &stat2, &usera)) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  printf ("dh_sign/verify_hash: %s (%d,%d), %lu\n",
@ -1002,10 +1020,10 @@ rng_tests (void)
  printf ("\n");
 #ifdef YARROW
-  if ((errno =
+  if ((errnum =
       rng_make_prng (128, find_prng ("yarrow"), &prng,
 		      &callback)) != CRYPT_OK) {
-    printf (" starting yarrow error: %s\n", error_to_string (errno));
+    printf (" starting yarrow error: %s\n", error_to_string (errnum));
    exit (-1);
  }
 #endif
@ -1021,8 +1039,8 @@ ecc_tests (void)
  ecc_key usera, userb;
  clock_t t1;
-  if ((errno = ecc_test ()) != CRYPT_OK) {
+  if ((errnum = ecc_test ()) != CRYPT_OK) {
-    printf ("ecc Error: %s\n", error_to_string (errno));
+    printf ("ecc Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
@ -1030,27 +1048,27 @@ ecc_tests (void)
  printf ("ecc Keys from %d to %d supported.\n", low * 8, high * 8);
  /* make up two keys */
-  if ((errno =
+  if ((errnum =
       ecc_make_key (&prng, find_prng ("yarrow"), 24, &usera)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
-  if ((errno =
+  if ((errnum =
       ecc_make_key (&prng, find_prng ("yarrow"), 24, &userb)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  /* make the shared secret */
  x = 4096;
-  if ((errno = ecc_shared_secret (&usera, &userb, buf[0], &x)) != CRYPT_OK) {
+  if ((errnum = ecc_shared_secret (&usera, &userb, buf[0], &x)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  y = 4096;
-  if ((errno = ecc_shared_secret (&userb, &usera, buf[1], &y)) != CRYPT_OK) {
+  if ((errnum = ecc_shared_secret (&userb, &usera, buf[1], &y)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
@ -1066,22 +1084,22 @@ ecc_tests (void)
  /* now export userb */
  y = 4096;
-  if ((errno = ecc_export (buf[1], &y, PK_PUBLIC, &userb)) != CRYPT_OK) {
+  if ((errnum = ecc_export (buf[1], &y, PK_PUBLIC, &userb)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  ecc_free (&userb);
  printf ("ECC-192 export took %ld bytes\n", y);
  /* import and make the shared secret again */
-  if ((errno = ecc_import (buf[1], y, &userb)) != CRYPT_OK) {
+  if ((errnum = ecc_import (buf[1], y, &userb)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  z = 4096;
-  if ((errno = ecc_shared_secret (&usera, &userb, buf[2], &z)) != CRYPT_OK) {
+  if ((errnum = ecc_shared_secret (&usera, &userb, buf[2], &z)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
@ -1106,10 +1124,10 @@ ecc_tests (void)
    for (ii = 0; ii < (int) (sizeof (sizes) / sizeof (sizes[0])); ii++) {
      t1 = XCLOCK ();
      for (tt = 0; tt < 25; tt++) {
-	if ((errno =
+	if ((errnum =
 	     ecc_make_key (&prng, find_prng ("yarrow"), sizes[ii],
 			   &usera)) != CRYPT_OK) {
-	  printf ("Error: %s\n", error_to_string (errno));
+	  printf ("Error: %s\n", error_to_string (errnum));
 	  exit (-1);
 	}
 	ecc_free (&usera);
@ -1121,28 +1139,28 @@ ecc_tests (void)
  }
 /* test encrypt_key */
-  ecc_make_key (&prng, find_prng ("yarrow"), 65, &usera);
+  ecc_make_key (&prng, find_prng ("yarrow"), 28, &usera);
-  for (x = 0; x < 16; x++)
+  for (x = 0; x < 32; x++)
    buf[0][x] = x;
  y = sizeof (buf[1]);
-  if ((errno =
+  if ((errnum =
-       ecc_encrypt_key (buf[0], 16, buf[1], &y, &prng, find_prng ("yarrow"),
+       ecc_encrypt_key (buf[0], 32, buf[1], &y, &prng, find_prng ("yarrow"),
-			find_hash ("md5"), &usera)) != CRYPT_OK) {
+			find_hash ("sha256"), &usera)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  zeromem (buf[0], sizeof (buf[0]));
  x = sizeof (buf[0]);
-  if ((errno = ecc_decrypt_key (buf[1], y, buf[0], &x, &usera)) != CRYPT_OK) {
+  if ((errnum = ecc_decrypt_key (buf[1], y, buf[0], &x, &usera)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  printf ("ECC en/de crypt key routines: ");
-  if (x != 16) {
+  if (x != 32) {
    printf ("Failed (length)\n");
    exit (-1);
  }
-  for (x = 0; x < 16; x++)
+  for (x = 0; x < 32; x++)
    if (buf[0][x] != x) {
      printf ("Failed (contents)\n");
      exit (-1);
@ -1152,19 +1170,19 @@ ecc_tests (void)
  for (x = 0; x < 16; x++)
    buf[0][x] = x;
  x = sizeof (buf[1]);
-  if ((errno =
+  if ((errnum =
       ecc_sign_hash (buf[0], 16, buf[1], &x, &prng, find_prng ("yarrow"),
 		      &usera)) != CRYPT_OK) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  if (ecc_verify_hash (buf[1], x, buf[0], 16, &stat, &usera)) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  buf[0][0] ^= 1;
  if (ecc_verify_hash (buf[1], x, buf[0], 16, &stat2, &usera)) {
-    printf ("Error: %s\n", error_to_string (errno));
+    printf ("Error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  printf ("ecc_sign/verify_hash: %s (%d,%d)\n",
@ -1374,35 +1392,35 @@ kr_display (pk_key * kr)
 void
 kr_test_makekeys (pk_key ** kr)
 {
-  if ((errno = kr_init (kr)) != CRYPT_OK) {
+  if ((errnum = kr_init (kr)) != CRYPT_OK) {
-    printf ("KR init error %s\n", error_to_string (errno));
+    printf ("KR init error %s\n", error_to_string (errnum));
    exit (-1);
  }
  /* make a DH key */
  printf ("KR: Making DH key...\n");
-  if ((errno =
+  if ((errnum =
       kr_make_key (*kr, &prng, find_prng ("yarrow"), DH_KEY, 128, "dhkey",
 		    "dh@dh.dh", "dhkey one")) != CRYPT_OK) {
-    printf ("Make key error: %s\n", error_to_string (errno));
+    printf ("Make key error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  /* make a ECC key */
  printf ("KR: Making ECC key...\n");
-  if ((errno =
+  if ((errnum =
       kr_make_key (*kr, &prng, find_prng ("yarrow"), ECC_KEY, 20, "ecckey",
 		    "ecc@ecc.ecc", "ecckey one")) != CRYPT_OK) {
-    printf ("Make key error: %s\n", error_to_string (errno));
+    printf ("Make key error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  /* make a RSA key */
  printf ("KR: Making RSA key...\n");
-  if ((errno =
+  if ((errnum =
       kr_make_key (*kr, &prng, find_prng ("yarrow"), RSA_KEY, 128, "rsakey",
 		    "rsa@rsa.rsa", "rsakey one")) != CRYPT_OK) {
-    printf ("Make key error: %s\n", error_to_string (errno));
+    printf ("Make key error: %s\n", error_to_string (errnum));
    exit (-1);
  }
@ -1426,18 +1444,18 @@ kr_test (void)
  for (i = 0; i < 3; i++) {
    len = sizeof (buf);
-    if ((errno = kr_export (kr, kr->ID, kr->key_type, buf, &len)) != CRYPT_OK) {
+    if ((errnum = kr_export (kr, kr->ID, kr->key_type, buf, &len)) != CRYPT_OK) {
-      printf ("Error exporting key %d, %s\n", i, error_to_string (errno));
+      printf ("Error exporting key %d, %s\n", i, error_to_string (errnum));
      exit (-1);
    }
    printf ("Exported key was: %lu bytes\n", len);
-    if ((errno = kr_del (&kr, kr->ID)) != CRYPT_OK) {
+    if ((errnum = kr_del (&kr, kr->ID)) != CRYPT_OK) {
-      printf ("Error deleting key %d, %s\n", i, error_to_string (errno));
+      printf ("Error deleting key %d, %s\n", i, error_to_string (errnum));
      exit (-1);
    }
    kr_display (kr);
-    if ((errno = kr_import (kr, buf, len)) != CRYPT_OK) {
+    if ((errnum = kr_import (kr, buf, len)) != CRYPT_OK) {
-      printf ("Error importing key %d, %s\n", i, error_to_string (errno));
+      printf ("Error importing key %d, %s\n", i, error_to_string (errnum));
      exit (-1);
    }
    kr_display (kr);
@ -1445,25 +1463,25 @@ kr_test (void)
  for (i = 0; i < 3; i++) {
    len = sizeof (buf);
-    if ((errno = kr_export (kr, kr->ID, PK_PUBLIC, buf, &len)) != CRYPT_OK) {
+    if ((errnum = kr_export (kr, kr->ID, PK_PUBLIC, buf, &len)) != CRYPT_OK) {
-      printf ("Error exporting key %d, %s\n", i, error_to_string (errno));
+      printf ("Error exporting key %d, %s\n", i, error_to_string (errnum));
      exit (-1);
    }
    printf ("Exported key was: %lu bytes\n", len);
-    if ((errno = kr_del (&kr, kr->ID)) != CRYPT_OK) {
+    if ((errnum = kr_del (&kr, kr->ID)) != CRYPT_OK) {
-      printf ("Error deleting key %d, %s\n", i, error_to_string (errno));
+      printf ("Error deleting key %d, %s\n", i, error_to_string (errnum));
      exit (-1);
    }
    kr_display (kr);
-    if ((errno = kr_import (kr, buf, len)) != CRYPT_OK) {
+    if ((errnum = kr_import (kr, buf, len)) != CRYPT_OK) {
-      printf ("Error importing key %d, %s\n", i, error_to_string (errno));
+      printf ("Error importing key %d, %s\n", i, error_to_string (errnum));
      exit (-1);
    }
    kr_display (kr);
  }
-  if ((errno = kr_clear (&kr)) != CRYPT_OK) {
+  if ((errnum = kr_clear (&kr)) != CRYPT_OK) {
-    printf ("Error clearing ring: %s\n", error_to_string (errno));
+    printf ("Error clearing ring: %s\n", error_to_string (errnum));
    exit (-1);
  }
@ -1471,29 +1489,29 @@ kr_test (void)
 /* TEST output to file */
 #ifndef NO_FILE
-  if ((errno = kr_init (&kr)) != CRYPT_OK) {
+  if ((errnum = kr_init (&kr)) != CRYPT_OK) {
-    printf ("KR init error %s\n", error_to_string (errno));
+    printf ("KR init error %s\n", error_to_string (errnum));
    exit (-1);
  }
  kr_test_makekeys (&kr);
  /* save to file */
  f = fopen ("ring.dat", "wb");
-  if ((errno = kr_save (kr, f, NULL)) != CRYPT_OK) {
+  if ((errnum = kr_save (kr, f, NULL)) != CRYPT_OK) {
-    printf ("kr_save error %s\n", error_to_string (errno));
+    printf ("kr_save error %s\n", error_to_string (errnum));
    exit (-1);
  }
  fclose (f);
  /* delete and load */
-  if ((errno = kr_clear (&kr)) != CRYPT_OK) {
+  if ((errnum = kr_clear (&kr)) != CRYPT_OK) {
-    printf ("clear error: %s\n", error_to_string (errno));
+    printf ("clear error: %s\n", error_to_string (errnum));
    exit (-1);
  }
  f = fopen ("ring.dat", "rb");
-  if ((errno = kr_load (&kr, f, NULL)) != CRYPT_OK) {
+  if ((errnum = kr_load (&kr, f, NULL)) != CRYPT_OK) {
-    printf ("kr_load error %s\n", error_to_string (errno));
+    printf ("kr_load error %s\n", error_to_string (errnum));
    exit (-1);
  }
  fclose (f);
@ -1501,8 +1519,8 @@ kr_test (void)
  printf ("After load and save...\n");
  kr_display (kr);
-  if ((errno = kr_clear (&kr)) != CRYPT_OK) {
+  if ((errnum = kr_clear (&kr)) != CRYPT_OK) {
-    printf ("clear error: %s\n", error_to_string (errno));
+    printf ("clear error: %s\n", error_to_string (errnum));
    exit (-1);
  }
 #endif
@ -1516,16 +1534,16 @@ kr_test (void)
    printf ("Testing a key with system %d, type %d:\t", _kr->system,
 	    _kr->key_type);
    len = sizeof (buf2);
-    if ((errno =
+    if ((errnum =
 	 kr_encrypt_key (kr, _kr->ID, buf, 16, buf2, &len, &prng,
 			 find_prng ("yarrow"),
 			 find_hash ("md5"))) != CRYPT_OK) {
-      printf ("Encrypt error, %d, %s\n", i, error_to_string (errno));
+      printf ("Encrypt error, %d, %s\n", i, error_to_string (errnum));
      exit (-1);
    }
    len = sizeof (buf3);
-    if ((errno = kr_decrypt_key (kr, buf2, buf3, &len)) != CRYPT_OK) {
+    if ((errnum = kr_decrypt_key (kr, buf2, buf3, &len)) != CRYPT_OK) {
-      printf ("decrypt error, %d, %s\n", i, error_to_string (errno));
+      printf ("decrypt error, %d, %s\n", i, error_to_string (errnum));
      exit (-1);
    }
    if (len != 16 || memcmp (buf3, buf, 16)) {
@ -1535,28 +1553,28 @@ kr_test (void)
    printf ("kr_encrypt_key passed, ");
    len = sizeof (buf2);
-    if ((errno =
+    if ((errnum =
 	 kr_sign_hash (kr, _kr->ID, buf, 32, buf2, &len, &prng,
 		       find_prng ("yarrow"))) != CRYPT_OK) {
-      printf ("kr_sign_hash failed, %i, %s\n", i, error_to_string (errno));
+      printf ("kr_sign_hash failed, %i, %s\n", i, error_to_string (errnum));
      exit (-1);
    }
    printf ("kr_sign_hash: ");
-    if ((errno = kr_verify_hash (kr, buf2, buf, 32, &stat)) != CRYPT_OK) {
+    if ((errnum = kr_verify_hash (kr, buf2, buf, 32, &stat)) != CRYPT_OK) {
-      printf ("kr_sign_hash failed, %i, %s\n", i, error_to_string (errno));
+      printf ("kr_sign_hash failed, %i, %s\n", i, error_to_string (errnum));
      exit (-1);
    }
    printf ("%s, ", stat ? "passed" : "failed");
    buf[15] ^= 1;
-    if ((errno = kr_verify_hash (kr, buf2, buf, 32, &stat)) != CRYPT_OK) {
+    if ((errnum = kr_verify_hash (kr, buf2, buf, 32, &stat)) != CRYPT_OK) {
-      printf ("kr_sign_hash failed, %i, %s\n", i, error_to_string (errno));
+      printf ("kr_sign_hash failed, %i, %s\n", i, error_to_string (errnum));
      exit (-1);
    }
    printf ("%s\n", (!stat) ? "passed" : "failed");
    buf[15] ^= 1;
    len = sizeof (buf);
-    if ((errno =
+    if ((errnum =
 	 kr_fingerprint (kr, _kr->ID, find_hash ("sha1"), buf,
 			 &len)) != CRYPT_OK) {
      printf ("kr_fingerprint failed, %i, %lu\n", i, len);
@ -1581,8 +1599,8 @@ kr_test (void)
  /* now export it as public and private */
  len = sizeof (buf);
-  if ((errno = kr_export (kr, kr->ID, PK_PUBLIC, buf, &len)) != CRYPT_OK) {
+  if ((errnum = kr_export (kr, kr->ID, PK_PUBLIC, buf, &len)) != CRYPT_OK) {
-    printf ("Error exporting key %d, %s\n", i, error_to_string (errno));
+    printf ("Error exporting key %d, %s\n", i, error_to_string (errnum));
    exit (-1);
  }
@ -1590,8 +1608,8 @@ kr_test (void)
  memset (buf + len, 0, sizeof (buf) - len);
  len = sizeof (buf2);
-  if ((errno = kr_export (kr, kr->ID, PK_PRIVATE, buf2, &len)) != CRYPT_OK) {
+  if ((errnum = kr_export (kr, kr->ID, PK_PRIVATE, buf2, &len)) != CRYPT_OK) {
-    printf ("Error exporting key  %s\n", error_to_string (errno));
+    printf ("Error exporting key  %s\n", error_to_string (errnum));
    exit (-1);
  }
@ -1602,8 +1620,8 @@ kr_test (void)
  kr_clear (&kr);
  kr_init (&kr);
  kr_display (kr);
-  if ((errno = kr_import (kr, buf, len)) != CRYPT_OK) {
+  if ((errnum = kr_import (kr, buf, len)) != CRYPT_OK) {
-    printf ("Error importing key %s\n", error_to_string (errno));
+    printf ("Error importing key %s\n", error_to_string (errnum));
    exit (-1);
  }
  kr_display (kr);
@ -1612,11 +1630,11 @@ kr_test (void)
  for (i = 0; i < 16; i++)
    buf[i] = i;
  len = sizeof (buf3);
-  if ((errno =
+  if ((errnum =
       kr_encrypt_key (kr, kr->ID, buf, 16, buf3, &len, &prng,
 		       find_prng ("yarrow"),
 		       find_hash ("md5"))) != CRYPT_OK) {
-    printf ("Encrypt error, %d, %s\n", i, error_to_string (errno));
+    printf ("Encrypt error, %d, %s\n", i, error_to_string (errnum));
    exit (-1);
  }
@ -1624,16 +1642,16 @@ kr_test (void)
  kr_clear (&kr);
  kr_init (&kr);
  kr_display (kr);
-  if ((errno = kr_import (kr, buf2, len)) != CRYPT_OK) {
+  if ((errnum = kr_import (kr, buf2, len)) != CRYPT_OK) {
-    printf ("Error importing key %s\n", error_to_string (errno));
+    printf ("Error importing key %s\n", error_to_string (errnum));
    exit (-1);
  }
  kr_display (kr);
  /* now decrypt */
  len = sizeof (buf2);
-  if ((errno = kr_decrypt_key (kr, buf3, buf2, &len)) != CRYPT_OK) {
+  if ((errnum = kr_decrypt_key (kr, buf3, buf2, &len)) != CRYPT_OK) {
-    printf ("decrypt error, %s\n", error_to_string (errno));
+    printf ("decrypt error, %s\n", error_to_string (errnum));
    exit (-1);
  }
@ -1697,14 +1715,14 @@ main (void)
  register_all_algs ();
-  if ((errno = yarrow_start (&prng)) != CRYPT_OK) {
+  if ((errnum = yarrow_start (&prng)) != CRYPT_OK) {
-    printf ("yarrow_start: %s\n", error_to_string (errno));
+    printf ("yarrow_start: %s\n", error_to_string (errnum));
  }
-  if ((errno = yarrow_add_entropy ("hello", 5, &prng)) != CRYPT_OK) {
+  if ((errnum = yarrow_add_entropy ("hello", 5, &prng)) != CRYPT_OK) {
-    printf ("yarrow_add_entropy: %s\n", error_to_string (errno));
+    printf ("yarrow_add_entropy: %s\n", error_to_string (errnum));
  }
-  if ((errno = yarrow_ready (&prng)) != CRYPT_OK) {
+  if ((errnum = yarrow_ready (&prng)) != CRYPT_OK) {
-    printf ("yarrow_ready: %s\n", error_to_string (errno));
+    printf ("yarrow_ready: %s\n", error_to_string (errnum));
  }
  printf (crypt_build_settings);
--- a/demos/test.c~
+++ b/demos/test.c~
--- a/des.c
+++ b/des.c
@ -241,35 +241,43 @@ void deskey(const unsigned char *key, short edf, unsigned long *keyout)
    unsigned long i, j, l, m, n, kn[32];
    unsigned char pc1m[56], pcr[56];
-    for(j=0; j < 56; j++)
+    for (j=0; j < 56; j++) {
    {
        l = (unsigned long)pc1[j];
-        m = l & 07;
+        m = l & 7;
        pc1m[j] = (unsigned char)((key[l >> 3U] & bytebit[m]) == bytebit[m] ? 1 : 0);
    }
-    for(i=0; i < 16; i++)
+    for (i=0; i < 16; i++) {
-    {
+        if (edf == DE1) {
-        if(edf == DE1) m = (15 - i) << 1;
+           m = (15 - i) << 1;
-        else m = i << 1;
+        } else {
           m = i << 1;
        }
        n = m + 1;
        kn[m] = kn[n] = 0L;
-        for(j=0; j < 28; j++) 
+        for (j=0; j < 28; j++) {
        {
            l = j + (unsigned long)totrot[i];
-            if(l < 28) pcr[j] = pc1m[l];
+            if (l < 28) {
-            else pcr[j] = pc1m[l - 28];
+               pcr[j] = pc1m[l];
            } else {
               pcr[j] = pc1m[l - 28];
            }
        }
-        for(/*j = 28*/; j < 56; j++)
+        for (/*j = 28*/; j < 56; j++) {
        {
            l = j + (unsigned long)totrot[i];
-            if(l < 56) pcr[j] = pc1m[l];
+            if (l < 56) {
-            else pcr[j] = pc1m[l - 28];
+               pcr[j] = pc1m[l];
            } else {
               pcr[j] = pc1m[l - 28];
            }
        }
-        for(j=0; j < 24; j++)
+        for (j=0; j < 24; j++)  {
-        {
+            if ((int)pcr[(int)pc2[j]] != 0) {
-            if((int)pcr[(int)pc2[j]] != 0)    kn[m] |= bigbyte[j];
+               kn[m] |= bigbyte[j];
-            if((int)pcr[(int)pc2[j+24]] != 0) kn[n] |= bigbyte[j];
+            }
            if ((int)pcr[(int)pc2[j+24]] != 0) {
               kn[n] |= bigbyte[j];
            }
        }
    }
@ -326,7 +334,7 @@ static void desfunc(unsigned long *block, const unsigned long *keys)
 static void _desfunc(unsigned long *block, const unsigned long *keys)
 #endif
 {
-    unsigned long fval, work, right, leftt;
+    unsigned long work, right, leftt;
    int round;
    leftt = block[0];
@ -348,38 +356,35 @@ static void _desfunc(unsigned long *block, const unsigned long *keys)
    leftt ^= work;
    right ^= (work << 8);
-    right = ((right << 1) | ((right >> 31) & 1L)) & 0xFFFFFFFFL;
+    right = ROL(right, 1);
    work = (leftt ^ right) & 0xaaaaaaaaL;
    leftt ^= work;
    right ^= work;
-    leftt = ((leftt << 1) | ((leftt >> 31) & 1L)) & 0xffffffffL;
+    leftt = ROL(leftt, 1);
-    for( round = 0; round < 8; round++)
+    for (round = 0; round < 8; round++) {
-    {
+        work  = ROR(right, 4) ^ *keys++;
-        work  = ((right << 28) | (right >> 4)) ^ *keys++;
+        leftt ^= SP7[work        & 0x3fL]
-        fval  = SP7[ work        & 0x3fL]
+              ^ SP5[(work >>  8) & 0x3fL]
-              | SP5[(work >>  8) & 0x3fL]
+              ^ SP3[(work >> 16) & 0x3fL]
-              | SP3[(work >> 16) & 0x3fL]
+              ^ SP1[(work >> 24) & 0x3fL];
              | SP1[(work >> 24) & 0x3fL];
        work  = right ^ *keys++;
-        fval |= SP8[ work        & 0x3fL]
+        leftt ^= SP8[ work        & 0x3fL]
-              | SP6[(work >>  8) & 0x3fL]
+              ^  SP6[(work >>  8) & 0x3fL]
-              | SP4[(work >> 16) & 0x3fL]
+              ^  SP4[(work >> 16) & 0x3fL]
-              | SP2[(work >> 24) & 0x3fL];
+              ^  SP2[(work >> 24) & 0x3fL];
        leftt ^= fval;
-        work = ((leftt << 28) | (leftt >> 4)) ^ *keys++;
+        work = ROR(leftt, 4) ^ *keys++;
-        fval  = SP7[ work        & 0x3fL]
+        right ^= SP7[ work        & 0x3fL]
-              | SP5[(work >>  8) & 0x3fL]
+              ^  SP5[(work >>  8) & 0x3fL]
-              | SP3[(work >> 16) & 0x3fL]
+              ^  SP3[(work >> 16) & 0x3fL]
-              | SP1[(work >> 24) & 0x3fL];
+              ^  SP1[(work >> 24) & 0x3fL];
        work  = leftt ^ *keys++;
-        fval |= SP8[ work        & 0x3fL]
+        right ^= SP8[ work        & 0x3fL]
-              | SP6[(work >>  8) & 0x3fL]
+              ^  SP6[(work >>  8) & 0x3fL]
-              | SP4[(work >> 16) & 0x3fL]
+              ^  SP4[(work >> 16) & 0x3fL]
-              | SP2[(work >> 24) & 0x3fL];
+              ^  SP2[(work >> 24) & 0x3fL];
        right ^= fval;
    }
    right = (right << 31) | (right >> 1);
    work = (leftt ^ right) & 0xaaaaaaaaL;
@ -412,7 +417,6 @@ static void desfunc(unsigned long *block, const unsigned long *keys)
 }
 #endif
 int des_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
 {
    _ARGCHK(key != NULL);
@ -484,7 +488,8 @@ void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *
 void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
 {
-    unsigned long work[2];
+    unsigned long work[2], *k[3];
    _ARGCHK(pt != NULL);
    _ARGCHK(ct != NULL);
    _ARGCHK(key != NULL);
--- a/dh.c
+++ b/dh.c
@ -207,10 +207,11 @@ void dh_sizes(int *low, int *high)
 int dh_get_size(dh_key *key)
 {
    _ARGCHK(key != NULL);
-    if (is_valid_idx(key->idx) == 1) 
+    if (is_valid_idx(key->idx) == 1) {
        return sets[key->idx].size;
-    else
+    } else {
        return INT_MAX; /* large value that would cause dh_make_key() to fail */
    }
 }
 int dh_make_key(prng_state *prng, int wprng, int keysize, dh_key *key)
--- a/ecc.c
+++ b/ecc.c
@ -253,18 +253,18 @@ static int dbl_point(ecc_point *P, ecc_point *R, mp_int *modulus, mp_int *mu)
   if (mp_mul_2(&P->y, &tmp) != MP_OKAY)                   { goto error; } /* tmp = 2*y */
   if (mp_invmod(&tmp, modulus, &tmp) != MP_OKAY)          { goto error; } /* tmp = 1/tmp mod modulus */
   if (mp_sqr(&P->x, &s) != MP_OKAY)                       { goto error; } /* s = x^2  */
-   if (mp_reduce(&s, modulus, mu) != MP_OKAY)            { goto error; }
+   if (mp_reduce(&s, modulus, mu) != MP_OKAY)              { goto error; }
   if (mp_mul_d(&s,(mp_digit)3, &s) != MP_OKAY)            { goto error; } /* s = 3*(x^2) */
   if (mp_sub_d(&s,(mp_digit)3, &s) != MP_OKAY)            { goto error; } /* s = 3*(x^2) - 3 */
-   if (mp_cmp_d(&s, 0) == MP_LT) {                         /* if s < 0 add modulus */
+   if (mp_cmp_d(&s, 0) == MP_LT) {                                         /* if s < 0 add modulus */
      if (mp_add(&s, modulus, &s) != MP_OKAY)              { goto error; }
   }
   if (mp_mul(&s, &tmp, &s) != MP_OKAY)                    { goto error; } /* s = tmp * s mod modulus */
-   if (mp_reduce(&s, modulus, mu) != MP_OKAY)            { goto error; }
+   if (mp_reduce(&s, modulus, mu) != MP_OKAY)              { goto error; }
   /* Xr = s^2 - 2Xp */
   if (mp_sqr(&s,  &tmpx) != MP_OKAY)                      { goto error; } /* tmpx = s^2  */
-   if (mp_reduce(&tmpx, modulus, mu) != MP_OKAY)         { goto error; } /* tmpx = tmpx mod modulus */
+   if (mp_reduce(&tmpx, modulus, mu) != MP_OKAY)           { goto error; } /* tmpx = tmpx mod modulus */
   if (mp_sub(&tmpx, &P->x, &tmpx) != MP_OKAY)             { goto error; } /* tmpx = tmpx - x */
   if (mp_submod(&tmpx, &P->x, modulus, &tmpx) != MP_OKAY) { goto error; } /* tmpx = tmpx - x mod modulus */
@ -321,11 +321,11 @@ static int add_point(ecc_point *P, ecc_point *Q, ecc_point *R, mp_int *modulus,
      if (mp_add(&s, modulus, &s) != MP_OKAY)                 { goto error; }
   }
   if (mp_mul(&s, &tmp, &s) != MP_OKAY)                       { goto error; } /* s = s * tmp mod modulus */
-   if (mp_reduce(&s, modulus, mu) != MP_OKAY)               { goto error; }
+   if (mp_reduce(&s, modulus, mu) != MP_OKAY)                 { goto error; }
   /* Xr = s^2 - Xp - Xq */
   if (mp_sqr(&s, &tmp) != MP_OKAY)                           { goto error; } /* tmp = s^2 mod modulus */
-   if (mp_reduce(&tmp, modulus, mu) != MP_OKAY)             { goto error; }
+   if (mp_reduce(&tmp, modulus, mu) != MP_OKAY)               { goto error; }
   if (mp_sub(&tmp, &P->x, &tmp) != MP_OKAY)                  { goto error; } /* tmp = tmp - Px */
   if (mp_sub(&tmp, &Q->x, &tmpx) != MP_OKAY)                 { goto error; } /* tmpx = tmp - Qx */
--- a/hash.c
+++ b/hash.c
@ -61,7 +61,6 @@ int hash_filehandle(int hash, FILE *in, unsigned char *dst, unsigned long *outle
 #endif
 }
 int hash_file(int hash, const char *fname, unsigned char *dst, unsigned long *outlen)
 {
 #ifdef NO_FILE
--- a/hmac.c
+++ b/hmac.c
@ -125,7 +125,8 @@ int hmac_done(hmac_state *hmac, unsigned char *hashOut)
 }
 int hmac_memory(int hash, const unsigned char *key, unsigned long keylen,
-                const unsigned char *data, unsigned long len, unsigned char *dst)
+                const unsigned char *data, unsigned long len, 
                unsigned char *dst, unsigned long *dstlen)
 {
    hmac_state hmac;
    int err;
@ -134,6 +135,14 @@ int hmac_memory(int hash, const unsigned char *key, unsigned long keylen,
    _ARGCHK(data != NULL);
    _ARGCHK(dst != NULL);
    if((err = hash_is_valid(hash)) != CRYPT_OK) {
        return err;
    }
    if (hash_descriptor[hash].hashsize > *dstlen) {
       return CRYPT_BUFFER_OVERFLOW;
    }
    *dstlen = hash_descriptor[hash].hashsize;
    if ((err = hmac_init(&hmac, hash, key, keylen)) != CRYPT_OK) {
        return err;
    }
@ -150,7 +159,8 @@ int hmac_memory(int hash, const unsigned char *key, unsigned long keylen,
 /* hmac_file added by Tom St Denis */
 int hmac_file(int hash, const char *fname, const unsigned char *key,
-                unsigned long keylen, unsigned char *dst)
+                unsigned long keylen, 
                unsigned char *dst, unsigned long *dstlen)
 {
 #ifdef NO_FILE
    return CRYPT_ERROR;
@ -165,6 +175,14 @@ int hmac_file(int hash, const char *fname, const unsigned char *key,
   _ARGCHK(key != NULL);
   _ARGCHK(dst != NULL);
   if((err = hash_is_valid(hash)) != CRYPT_OK) {
       return err;
   }
   if (hash_descriptor[hash].hashsize > *dstlen) {
      return CRYPT_BUFFER_OVERFLOW;
   }
   *dstlen = hash_descriptor[hash].hashsize;
   if ((err = hmac_init(&hmac, hash, key, keylen)) != CRYPT_OK) {
       return err;
   }
@ -436,11 +454,13 @@ Key First"
             0x1f, 0xb1, 0xf5, 0x62, 0xdb, 0x3a, 0xa5, 0x3e} }
    };
    unsigned long outlen;
    int err;
    int failed=0;
    for(i=0; i < (int)(sizeof(cases) / sizeof(cases[0])); i++) {
        int hash = find_hash(cases[i].algo);
-        if((err = hmac_memory(hash, cases[i].key, cases[i].keylen, cases[i].data, cases[i].datalen, digest)) != CRYPT_OK) {
+        outlen = sizeof(digest);
        if((err = hmac_memory(hash, cases[i].key, cases[i].keylen, cases[i].data, cases[i].datalen, digest, &outlen)) != CRYPT_OK) {
 #if 0
            printf("HMAC-%s test #%d\n", cases[i].algo, cases[i].num);
 #endif
--- a/2
+++ b/2
@ -9,7 +9,7 @@
 # a build. This is easy to remedy though, for those that have problems.
 # The version
-VERSION=0.81
+VERSION=0.82
 #ch1-01-1
 # Compiler and Linker Names
--- a/makefile.msvc
+++ b/makefile.msvc
@ -0,0 +1,23 @@
 #MSVC Makefile [tested with MSVC 6.00 with SP5]
 #
 #Tom St Denis
 CFLAGS = /I. /Ogityb2 /Gs /DWIN32 /W3
 default: library
 #List of objects to compile.
 OBJECTS=keyring.obj gf.obj mem.obj sprng.obj ecc.obj base64.obj dh.obj rsa.obj \
 bits.obj yarrow.obj cfb.obj ofb.obj ecb.obj ctr.obj cbc.obj hash.obj tiger.obj sha1.obj \
 md5.obj md4.obj md2.obj sha256.obj sha512.obj xtea.obj aes.obj serpent.obj des.obj \
 safer_tab.obj safer.obj safer+.obj rc4.obj rc2.obj rc6.obj rc5.obj cast5.obj noekeon.obj \
 blowfish.obj crypt.obj ampi.obj mpi.obj prime.obj twofish.obj packet.obj hmac.obj strings.obj
 library: $(OBJECTS)
 	lib /out:tomcrypt.lib $(OBJECTS)
 test.obj: demos/test.c
 	cl $(CFLAGS) /c demos/test.c
 test: library test.obj
 	cl test.obj tomcrypt.lib advapi32.lib	
--- a/makefile.out
+++ b/makefile.out
@ -5,7 +5,7 @@
 CC = gcc 
 AR = ar 
 LD = ld 
-CFLAGS += -Os -Wall -Wsign-compare -W -Wno-unused -Werror -I./  
+CFLAGS += -O3 -Wall -Wsign-compare -W -Wno-unused -Werror -I./  
 default: library
--- a/md4.c
+++ b/md4.c
@ -30,7 +30,7 @@ const struct _hash_descriptor md4_desc =
 /* F, G and H are basic MD4 functions. */
 #define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
-#define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
+#define G(x, y, z) ((x & y) | (z & (x | y)))
 #define H(x, y, z) ((x) ^ (y) ^ (z))
 /* ROTATE_LEFT rotates x left n bits. */
--- a/md5.c
+++ b/md5.c
@ -14,10 +14,10 @@ const struct _hash_descriptor md5_desc =
    &md5_test
 };
-#define F(x,y,z)  ( (x&y)|((~x)&z) )
+#define F(x,y,z)  ((x&y)|((~x)&z))
-#define G(x,y,z)  ( (x&z)|(y&(~z)) )
+#define G(x,y,z)  ((x&z)|(y&(~z)))
 #define H(x,y,z)  (x^y^z)
-#define I(x,y,z)  (y ^ (x | (~z)))
+#define I(x,y,z)  (y^(x|(~z)))
 #define FF(a,b,c,d,M,s,t) \
    a = (a + F(b,c,d) + M + t); a = ROL(a, s); a = (b + a);
--- a/mpi.c
+++ b/mpi.c
--- a/mycrypt.h
+++ b/mycrypt.h
@ -16,8 +16,8 @@ extern "C" {
 #endif
 /* version */
-#define CRYPT   0x0081
+#define CRYPT   0x0082
-#define SCRYPT  "0.81"
+#define SCRYPT  "0.82"
 /* max size of either a cipher/hash block or symmetric key [largest of the two] */
 #define MAXBLOCKSIZE           128
--- a/mycrypt_hash.h
+++ b/mycrypt_hash.h
@ -177,8 +177,10 @@ extern int hmac_process(hmac_state *hmac, const unsigned char *buf, unsigned lon
 extern int hmac_done(hmac_state *hmac, unsigned char *hash);
 extern int hmac_test(void);
 extern int hmac_memory(int hash, const unsigned char *key, unsigned long keylen,
-                       const unsigned char *data, unsigned long len, unsigned char *dst);
+                       const unsigned char *data, unsigned long len, 
                       unsigned char *dst, unsigned long *dstlen);
 extern int hmac_file(int hash, const char *fname, const unsigned char *key,
-                     unsigned long keylen, unsigned char *dst);
+                     unsigned long keylen, 
                     unsigned char *dst, unsigned long *dstlen);
 #endif
--- a/ofb.c
+++ b/ofb.c
@ -36,6 +36,13 @@ int ofb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
   if ((err = cipher_is_valid(ofb->cipher)) != CRYPT_OK) {
       return err;
   }
   /* is blocklen/padlen valid? */
   if (ofb->blocklen < 0 || ofb->blocklen > (int)sizeof(ofb->IV) ||
       ofb->padlen   < 0 || ofb->padlen   > (int)sizeof(ofb->IV)) {
      return CRYPT_INVALID_ARG;
   }
   while (len-- > 0) {
       if (ofb->padlen == ofb->blocklen) {
          cipher_descriptor[ofb->cipher].ecb_encrypt(ofb->IV, ofb->IV, &ofb->key);
--- a/rsa_sys.c
+++ b/rsa_sys.c
@ -14,6 +14,11 @@ int rsa_encrypt_key(const unsigned char *inkey, unsigned long inlen,
   _ARGCHK(outlen != NULL);
   _ARGCHK(key != NULL);
   /* only allow keys from 64 to 256 bits */
   if (inlen < 8 || inlen > 32) {
      return CRYPT_INVALID_ARG;
   }
   /* are the parameters valid? */
   if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
      return err; 
@ -148,6 +153,11 @@ int rsa_sign_hash(const unsigned char *in,  unsigned long inlen,
   _ARGCHK(outlen != NULL);
   _ARGCHK(key != NULL);
   /* reject nonsense sizes */
   if (inlen < 16) {
      return CRYPT_INVALID_ARG;
   }
   /* type of key? */
   if (key->type != PK_PRIVATE && key->type != PK_PRIVATE_OPTIMIZED) {
      return CRYPT_PK_NOT_PRIVATE;
--- a/safer+.c
+++ b/safer+.c
@ -154,7 +154,7 @@ static void _ilt(unsigned char *b, unsigned char *b2)
 #endif
 /* These are the 33, 128-bit bias words for the key schedule */
-const unsigned char safer_bias[33][16] = {
+static const unsigned char safer_bias[33][16] = {
 {  70, 151, 177, 186, 163, 183,  16,  10, 197,  55, 179, 201,  90,  40, 172, 100},
 { 236, 171, 170, 198, 103, 149,  88,  13, 248, 154, 246, 110, 102, 220,   5,  61},
 { 138, 195, 216, 137, 106, 233,  54,  73,  67, 191, 235, 212, 150, 155, 104, 160},
@ -469,14 +469,12 @@ int saferp_keysize(int *desired_keysize)
      return CRYPT_INVALID_KEYSIZE;
   if (*desired_keysize < 24) {
      *desired_keysize = 16;
      return CRYPT_OK;
   } else if (*desired_keysize < 32) {
      *desired_keysize = 24;
      return CRYPT_OK;
   } else {
      *desired_keysize = 32;
      return CRYPT_OK;
   }
   return CRYPT_OK;
 }
 #endif
--- a/sha256.c
+++ b/sha256.c
@ -33,7 +33,7 @@ static const unsigned long K[64] = {
 /* Various logical functions */
 #define Ch(x,y,z)       ((x & y) | (~x & z))
-#define Maj(x,y,z)      ((x & y) ^ (x & z) ^ (y & z))
+#define Maj(x,y,z)      (((x | y) & z) | (x & y)) 
 #define S(x, n)	        ROR((x),(n))
 #define R(x, n)	        (((x)&0xFFFFFFFFUL)>>(n))
 #define Sigma0(x)       (S(x, 2) ^ S(x, 13) ^ S(x, 22))
@ -85,6 +85,7 @@ static void sha256_compress(hash_state * md)
    for (i = 0; i < 8; i++) {
        md->sha256.state[i] = md->sha256.state[i] + S[i];
    }
 }
 #ifdef CLEAN_STACK
--- a/sha512.c
+++ b/sha512.c
@ -60,7 +60,7 @@ CONST64(0x5fcb6fab3ad6faec), CONST64(0x6c44198c4a475817)
 /* Various logical functions */
 #define Ch(x,y,z)       ((x & y) | (~x & z))
-#define Maj(x,y,z)      ((x & y) ^ (x & z) ^ (y & z))
+#define Maj(x,y,z)      (((x | y) & z) | (x & y)) 
 #define S(x, n)         ROR64((x),(n))
 #define R(x, n)         (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)n))
 #define Sigma0(x)       (S(x, 28) ^ S(x, 34) ^ S(x, 39))
--- a/tommath.h
+++ b/tommath.h
@ -12,6 +12,8 @@
 *
 * Tom St Denis, tomstdenis@iahu.ca, http://libtommath.iahu.ca
 */
 #include "mycrypt.h"
 #ifndef BN_H_
 #define BN_H_
--- a/twofish.c
+++ b/twofish.c
@ -518,7 +518,7 @@ static void _twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, sym
 void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
 #endif
 {
-    unsigned long a,b,c,d,ta,tb,tc,td,t1,t2;
+    unsigned long a,b,c,d,ta,tb,tc,td,t1,t2, *k;
    int r;
    _ARGCHK(pt != NULL);
@ -532,15 +532,23 @@ void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_k
    c ^= key->twofish.K[2];
    d ^= key->twofish.K[3];
-    for (r = 0; r < 16; ++r) {
+    k  = key->twofish.K + 8;
    for (r = 0; r < 16; r += 2) {
        t1 = g_func(a, key);
        t2 = g_func(ROL(b, 8), key);
        t2 += (t1 += t2);
-        t1 += key->twofish.K[r+r+8];
+        t1 += *k++;
-        t2 += key->twofish.K[r+r+9];
+        t2 += *k++;
        c  ^= t1; c = ROR(c, 1);
        d  = ROL(d, 1) ^ t2;
-        ta = a; a = c; c = ta; tb = b; b = d; d = tb;
+
        t1 = g_func(c, key);
        t2 = g_func(ROL(d, 8), key);
        t2 += (t1 += t2);
        t1 += *k++;
        t2 += *k++;
        a  ^= t1; a = ROR(a, 1);
        b  = ROL(b, 1) ^ t2;
    }
    /* output with "undo last swap" */
@ -568,7 +576,7 @@ static void _twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, sym
 void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
 #endif
 {
-    unsigned long a,b,c,d,ta,tb,tc,td,t1,t2;
+    unsigned long a,b,c,d,ta,tb,tc,td,t1,t2, *k;
    int r;
    _ARGCHK(pt != NULL);
@ -585,22 +593,21 @@ void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_k
    c = ta ^ key->twofish.K[4];
    d = tb ^ key->twofish.K[5];
-    /* loop is kept partially unrolled because it is slower [at least on an Athlon]
+    k = key->twofish.K + 39;
     * then the tight version.  */
    for (r = 14; r >= 0; r -= 2) {
        t1 = g_func(c, key);
        t2 = g_func(ROL(d, 8), key);
        t2 += (t1 += t2);
-        t1 += key->twofish.K[r+r+10];
+        t2 += *k--;
-        t2 += key->twofish.K[r+r+11];
+        t1 += *k--;
        a  = ROL(a, 1) ^ t1;
        b  = b ^ t2; b = ROR(b, 1);
        t1 = g_func(a, key);
        t2 = g_func(ROL(b, 8), key);
        t2 += (t1 += t2);
-        t1 += key->twofish.K[r+r+8];
+        t2 += *k--;
-        t2 += key->twofish.K[r+r+9];
+        t1 += *k--;
        c  = ROL(c, 1) ^ t1;
        d  = d ^ t2; d = ROR(d, 1);
    }
--- a/update_libtomcrypt.sh
+++ b/update_libtomcrypt.sh
@ -1,131 +0,0 @@
 #!/bin/tcsh
 # Get latest copy of libtomcrypt and install it using "tcsh"
 #
 # Tom St Denis
 echo libtomcrypt update script, Tom St Denis
 echo "http://libtomcrypt.iahu.ca\n"
 if ($1 == "--help") then
   echo "update_libtomcrypt.sh [makefile] [sig]-- Download and optionally build the libtomcrypt project.\n"
   echo "\t[makefile] --\tYou can optionally specify which makefile you want to build with. If you specify "
   echo "\t\t\t'nobuild' then the library is not built, just downloaded and unzipped.  If you "
   echo "\t\t\tleave it empty the default 'makefile' is used to build the library.\n"
   echo "\t[sig] -- \tOptionally verify [via GPG] the signature of the package."
   exit
 endif
 if ($1 == "" || $1 == "sig") then
   set make = "makefile"
 else
   set make = $1;
 endif
 if ($1 == "sig" || $2 == "sig") then
   set sig = "sig"
 else
   set sig = ""
 endif   
 rm -f latest
 echo Getting latest version number from website.
 wget -q http://iahu.ca:8080/download/latest
 if (-r latest) then 
   set a = `cat latest`
   echo "Latest release is v$a.\n"
   if (-d "libtomcrypt-$a" && (-r "libtomcrypt-$a/libtomcrypt.a" || $make == "nobuild")) then
      echo Libtomcrypt v$a is already installed on your system.
   else   
      echo "Downloading libtomcrypt v$a ..."
      if (-r "crypt-$a.tar.bz2") then 
         rm -f crypt-$a.tar.bz2
      endif
      wget http://iahu.ca:8080/download/crypt-$a.tar.bz2
      if (-r "crypt-$a.tar.bz2") then 
         if (-d "libtomcrypt-$a") then
            echo "WARNING!  Directory libtomcrypt-$a already exists.  Cannot continue.\n"
            exit            
         endif
         if ($sig == "sig") then
            if (!(-r public.asc)) then
               echo "Downloading and installing code signing key...\n"
               wget -q http://iahu.ca:8080/download/public.asc
               if (-r public.asc) then 
                  gpg --import public.asc
                  if ($? != 0) then
                     echo Could not import signing key required to verify the package.
                     exit
                  else
                     echo "\n********************************************************************************"
                     echo "A new key has been imported to your keyring.  You should check that it is valid."
                     echo "********************************************************************************"
                  endif
               else 
                  echo "Could not download the key to import."
                  exit
               endif
            endif
            echo Verifying signature...
            wget -q http://iahu.ca:8080/download/crypt-$a.tar.bz2.asc
            if (!(-r "crypt-$a.tar.bz2.asc")) then
               echo Could not download signature to test.
               exit
            endif
            gpg -q --verify crypt-$a.tar.bz2.asc
            if ($? != 0) then 
               echo "\n\nSignature for crypt-$a.tar.bz2 is ****not**** valid.\n\n"
               exit
            else
               echo "\n\nSignature for crypt-$a.tar.bz2 is valid.\n\n"
            endif
         endif
         bzip2 -d -c crypt-$a.tar.bz2 | tar -x 
         if (-d "libtomcrypt-$a") then
            if (-r "libtomcrypt-$a/$make") then 
               cd libtomcrypt-$a
               make -f $make
               if (-r "libtomcrypt.a") then
                  echo "\n\n*****************************************************************"
                  echo The library has been built and you can now install it either with
                  echo 
                  echo "cd libtomcrypt-$a ; make install"
                  echo
                  echo Or by editing the makefile and changing the user you wish to install 
                  echo it with, or simply copy "libtomcrypt.a" to your library directory and 
                  echo copy "*.h" to your include directory
                  echo "*****************************************************************"
               else 
                  echo "\n\n*****************************************************************"
                  echo The library failed to build.  Please note the errors and send them to tomstdenis@yahoo.com
                  echo "*****************************************************************"
               endif
            else if ($make == "nobuild") then
                  echo "\n\n*****************************************************************"
                  echo "The library was downloaded and unzipped into libtomcrypt-$a/"
                  echo "*****************************************************************"
            else
               echo "The makefile '$make' was not found in the archive.\n";
            endif
         else 
            echo "Could not unpack the libtomcrypt archive (corrupt?)."
         endif
         cd ..
      else
         echo "Could not download the libtomcrypt archive from server."
      endif
   endif
   if (-r "libtomcrypt-$a/changes") then
      perl <<!
      open(IN,"<libtomcrypt-$a/changes") or die "Can't open libtomcrypt change log.";
      print "\nChange log for v$a :\n";
      \$a = <IN>; print \$a; \$a = <IN>;
      while (<IN>) { 
         if (\$_ =~ m/^(v\d\.\d\d)/) { close(IN); exit(0); } 
         print "\$a"; \$a = \$_; 
      }
 !
   else 
      echo "Change log not found.  Is the package really installed?"
   endif
 else 
   echo "Could not download latest file from server to check version."
 endif