improve build.sh

Regressed when -Wundef was added

Fixes #210

.github/multiwrapper

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+# symlink this to dropbear/dbclient/dropbearkey next to dropbearmulti
+# good enough for testing purposes.
+
+DIR=$(dirname $0)
+PROG=$(basename $0)
+exec $DIR/dropbearmulti $PROG "$@"
+

.github/workflows/autoconf.yml

@@ -0,0 +1,25 @@
+# Checks that autoconf has been run if configure.ac was updated
+# Assumes that autoconf 2.71 was run, the same as ubuntu 22.04
+name: Autoconf Up To Date
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+jobs:
+  autoconf:
+    runs-on: 'ubuntu-22.04'
+
+    steps:
+      - name: deps
+        run: |
+          sudo apt-get -y update
+          sudo apt-get -y install autoconf
+
+      - uses: actions/checkout@v4
+
+      - name: run autoconf
+        run: autoconf && autoheader
+
+      - name: check no difference
+        run: git diff --exit-code

.github/workflows/build.yml

@@ -0,0 +1,290 @@
+# Can be used locally with https://github.com/nektos/act
+# Note the XXX line below.
+
+name: BuildTest
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+jobs:
+  build:
+    runs-on: ${{ matrix.os || 'ubuntu-22.04' }}
+    strategy:
+      matrix:
+        # XXX uncomment the line below to work with act, see https://github.com/nektos/act/issues/996
+        # name: []
+
+        # Rather than a boolean False we use eg
+        #   runcheck: 'no'
+        # Otherwise GH expressions will make a None var
+        # compare with False. We want an undefined default of True.
+
+        # MULTI and NOWRITEV are passed as integers to the build
+        include:
+          - name: plain linux
+
+          - name: multi binary
+            multi: 1
+            multilink: 1
+
+          - name: multi binary, dropbearmulti argv0
+            multi: 1
+            multiwrapper: 1
+
+          - name: client only
+            runcheck: 'no'
+            make_target: PROGRAMS=dbclient
+
+          - name: server only
+            runcheck: 'no'
+            make_target: PROGRAMS=dropbear
+
+          - name: bundled libtom, bionic , no writev()
+            # test can use an older distro with bundled libtommath
+            os: ubuntu-20.04
+            configure_flags: --enable-bundled-libtom --enable-werror
+            # NOWRITEV is unrelated, test here to save a job
+            nowritev: 1
+            # our tests expect >= python3.7
+            runcheck: 'no'
+
+          - name: linux clang
+            cc: clang
+
+          # Some platforms only have old compilers, we try to keep
+          # compatibilty. For some reason -std=c89 doesn't enforce
+          # early declarations so we specify it anyway.
+          - name: c89
+            extracflags: -std=c89 -Wdeclaration-after-statement
+            # enable all options
+            nondefault: 1
+            configure_flags: --enable-pam
+
+          - name: macos 14
+            os: macos-14
+            cc: clang
+            # OS X says daemon() and utmp are deprecated.
+            # OS X tests for undefined TARGET_OS_EMBEDDED in libc headers
+            extracflags: -Wno-deprecated-declarations -Wno-undef
+            runcheck: 'no'
+            apt: 'no'
+            # fails with:
+            # .../ranlib: file: libtomcrypt.a(cbc_setiv.o) has no symbols
+            ranlib: ranlib -no_warning_for_no_symbols
+
+          - name: macos 12
+            os: macos-12
+            cc: clang
+            # OS X says daemon() and utmp are deprecated.
+            # OS X tests for undefined TARGET_OS_EMBEDDED in libc headers
+            extracflags: -Wno-deprecated-declarations -Wno-undef
+            runcheck: 'no'
+            apt: 'no'
+            # fails with:
+            # .../ranlib: file: libtomcrypt.a(cbc_setiv.o) has no symbols
+            ranlib: ranlib -no_warning_for_no_symbols
+
+          # Check that debug code doesn't bitrot
+          - name: DEBUG_TRACE
+            nondefault: 1
+            configure_flags: --enable-pam
+            localoptions: |
+              #define DEBUG_TRACE 5
+
+          # Check off-by-default options don't bitrot
+          - name: nondefault options
+            nondefault: 1
+            configure_flags: --enable-pam
+
+          - name: most options disabled
+            configure_flags: --disable-harden --disable-zlib --disable-openpty --disable-lastlog
+            runcheck: 'no'
+            localoptions: |
+              #define DROPBEAR_RSA 0
+              #define INETD_MODE 0
+              #define DROPBEAR_REEXEC 0
+              #define DROPBEAR_SMALL_CODE 0
+              #define DROPBEAR_CLI_LOCALTCPFWD 0
+              #define DROPBEAR_CLI_REMOTETCPFWD 0
+              #define DROPBEAR_SVR_LOCALTCPFWD 0
+              #define DROPBEAR_SVR_REMOTETCPFWD 0
+              #define DROPBEAR_SVR_AGENTFWD 0
+              #define DROPBEAR_CLI_AGENTFWD 0
+              #define DROPBEAR_CLI_PROXYCMD 0
+              #define DROPBEAR_USER_ALGO_LIST 0
+              #define DROPBEAR_AES128 0
+              #define DROPBEAR_AES256 0
+              #define DROPBEAR_ENABLE_CTR_MODE 0
+              #define DROPBEAR_SHA1_HMAC 0
+              #define DROPBEAR_SHA2_256_HMAC 0
+              #define DROPBEAR_RSA 0
+              #define DROPBEAR_ECDSA 0
+              #define DROPBEAR_SK_KEYS 0
+              #define DROPBEAR_DELAY_HOSTKEY 0
+              #define DROPBEAR_DH_GROUP14_SHA1 0
+              #define DROPBEAR_DH_GROUP14_SHA256 0
+              #define DROPBEAR_ECDH 0
+              #define DROPBEAR_DH_GROUP1_CLIENTONLY 0
+              #define DO_MOTD 0
+              #define DROPBEAR_SVR_PUBKEY_AUTH 0
+              #define DROPBEAR_CLI_PASSWORD_AUTH 0
+              #define DROPBEAR_CLI_PUBKEY_AUTH 0
+              #define DROPBEAR_USE_PASSWORD_ENV 0
+              #define DROPBEAR_SFTPSERVER 0
+
+          - name: other algo combos
+            runcheck: 'no'
+            # disables all sha1
+            localoptions: |
+              #define DROPBEAR_SHA1_HMAC 0
+              #define DROPBEAR_RSA_SHA1 0
+              #define DROPBEAR_DH_GROUP14_SHA1 0
+              #define DROPBEAR_ECDSA 0
+              #define DROPBEAR_ED25519 0
+              #define DROPBEAR_SK_KEYS 0
+              #define DROPBEAR_ENABLE_GCM_MODE 1
+              #define DROPBEAR_3DES 1
+              #define DROPBEAR_DH_GROUP16 1
+              #define DROPBEAR_SHA2_512_HMAC 1
+              #define DROPBEAR_CLI_PUBKEY_AUTH 0
+
+          # # Fuzzers run standalone. A bit superfluous with cifuzz, but
+          # # good to run the whole corpus to keep it working.
+          # - name: fuzzing with address sanitizer
+          #   configure_flags: --enable-fuzz --disable-harden --enable-bundled-libtom --enable-werror
+          #   ldflags: -fsanitize=address
+          #   extracflags: -fsanitize=address
+          #   # -fsanitize=address prevents aslr, don't test it
+          #   pytest_addopts: -k "not aslr"
+          #   fuzz: True
+          #   cc: clang
+
+          # # Undefined Behaviour sanitizer
+          # - name: fuzzing with undefined behaviour sanitizer
+          #   configure_flags: --enable-fuzz --disable-harden --enable-bundled-libtom --enable-werror
+          #   ldflags: -fsanitize=undefined
+          #   # don't fail with alignment due to https://github.com/libtom/libtomcrypt/issues/549
+          #   extracflags: -fsanitize=undefined -fno-sanitize-recover=undefined -fsanitize-recover=alignment
+          #   pytest_addopts: -k "not aslr"
+          #   fuzz: True
+          #   cc: clang
+
+    env:
+      MULTI: ${{ matrix.multi }}
+      CC: ${{ matrix.cc || 'gcc' }}
+      LDFLAGS: ${{ matrix.ldflags }}
+      EXTRACFLAGS: ${{ matrix.extracflags }}
+      CONFIGURE_FLAGS: ${{ matrix.configure_flags || '--enable-werror' }}
+      MAKE_TARGET: ${{ matrix.make_target }}
+      # for fuzzing
+      CXX: clang++
+      RANLIB: ${{ matrix.ranlib || 'ranlib' }}
+      # pytest in "make check" recognises this for extra arguments
+      PYTEST_ADDOPTS: ${{ matrix.pytest_addopts }}
+      # some pytests depend on special setup from this file. see authorized_keys below.
+      DBTEST_IN_ACTION: true
+      LOCALOPTIONS: ${{ matrix.localoptions }}
+
+    steps:
+      - name: deps
+        if: ${{ matrix.apt != 'no' }}
+        run: |
+          sudo apt-get -y update
+          sudo apt-get -y install zlib1g-dev libtomcrypt-dev libtommath-dev mercurial python3-venv libpam0g-dev $CC
+
+      - uses: actions/checkout@v4
+
+      - name: configure
+        run: ./configure $CONFIGURE_FLAGS CFLAGS="-O2 -Wall -Wno-pointer-sign $EXTRACFLAGS" --prefix="$HOME/inst" || (cat config.log; exit 1)
+
+      - name: nowritev
+        if: ${{ matrix.nowritev }}
+        run: sed -i -e s/HAVE_WRITEV/DONT_HAVE_WRITEV/ config.h
+
+      - name: localoptions
+        run: |
+          echo "$LOCALOPTIONS" | tee localoptions.h
+
+      - name: nondefault
+        if: ${{ matrix.nondefault }}
+        run: |
+          # Turn on anything that's off by default. Rough but seems sufficient
+          grep ' 0$' src/default_options.h | sed 's/0$/1/' > localoptions.h
+          # PAM clashes with password
+          echo "#define DROPBEAR_SVR_PASSWORD_AUTH 0" >> localoptions.h
+          # 1 second timeout is too short
+          sed -i "s/DEFAULT_IDLE_TIMEOUT 1/DEFAULT_IDLE_TIMEOUT 99/" localoptions.h
+
+      - name: make
+        run: |
+          cat localoptions.h
+          make -j3 $MAKE_TARGET
+
+      - name: multilink
+        if: ${{ matrix.multilink }}
+        run: make multilink
+
+      - name: multi wrapper script
+        if: ${{ matrix.multiwrapper }}
+        run: |
+          cp .github/multiwrapper dropbear
+          cp .github/multiwrapper dbclient
+          cp .github/multiwrapper dropbearkey
+          cp .github/multiwrapper dropbearconvert
+
+      - name: makefuzz
+        run: make fuzzstandalone
+        if: ${{ matrix.fuzz }}
+
+        # avoid concurrent install, osx/freebsd is racey (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208093)
+      - name: make install
+        run: make install
+
+      - name: keys
+        if: ${{ matrix.runcheck != 'no' }}
+        run: |
+          mkdir -p ~/.ssh
+          # remove old files so we can rerun in-place with "act -r" during test development
+          rm -vf ~/.ssh/id_dropbear*
+          ~/inst/bin/dropbearkey -t ecdsa -f ~/.ssh/id_dropbear | grep ^ecdsa > ~/.ssh/authorized_keys
+
+          # to test setting SSH_PUBKEYINFO, replace the trailing comment
+          ~/inst/bin/dropbearkey -t ecdsa -f ~/.ssh/id_dropbear_key2 | grep ^ecdsa | sed 's/[^ ]*$/key2 extra/' >> ~/.ssh/authorized_keys
+          ~/inst/bin/dropbearkey -t ecdsa -f ~/.ssh/id_dropbear_key3 | grep ^ecdsa | sed 's/[^ ]*$/key3%char/' >> ~/.ssh/authorized_keys
+          ~/inst/bin/dropbearkey -t ecdsa -f ~/.ssh/id_dropbear_key4 | grep ^ecdsa | sed 's/[^ ]*$/key4,char/' >> ~/.ssh/authorized_keys
+          chmod 700 ~ ~/.ssh ~/.ssh/authorized_keys
+          ls -ld ~ ~/.ssh ~/.ssh/authorized_keys
+
+        # upload config.log if something has failed
+      - name: config.log
+        if: ${{ !env.ACT && (failure() || cancelled()) }}
+        uses: actions/upload-artifact@v2
+        with:
+          name: config.log
+          path: config.log
+
+      - name: check
+        if: ${{ matrix.runcheck != 'no' }}
+        run: make check
+
+      # Sanity check that the binary runs
+      - name: genrsa
+        if: ${{ matrix.runcheck != 'no' }}
+        run: ~/inst/bin/dropbearkey -t rsa -f testrsa
+      - name: genecdsa256
+        if: ${{ matrix.runcheck != 'no' }}
+        run: ~/inst/bin/dropbearkey -t ecdsa -f testec256 -s 256
+      - name: genecdsa384
+        if: ${{ matrix.runcheck != 'no' }}
+        run: ~/inst/bin/dropbearkey -t ecdsa -f testec384 -s 384
+      - name: genecdsa521
+        if: ${{ matrix.runcheck != 'no' }}
+        run: ~/inst/bin/dropbearkey -t ecdsa -f testec521 -s 521
+      - name: gened25519
+        if: ${{ matrix.runcheck != 'no' }}
+        run: ~/inst/bin/dropbearkey -t ed25519 -f tested25519
+
+      - name: fuzz
+        if: ${{ matrix.fuzz }}
+        run: ./fuzzers_test.sh

.github/workflows/cifuzz.yml

@@ -0,0 +1,30 @@
+# Runs fuzzers for a little while on pull requests.
+# From https://google.github.io/oss-fuzz/getting-started/continuous-integration/
+name: CIFuzz
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+jobs:
+  Fuzzing:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Build Fuzzers
+      id: build
+      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+      with:
+        oss-fuzz-project-name: 'dropbear'
+        dry-run: false
+    - name: Run Fuzzers
+      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+      with:
+        oss-fuzz-project-name: 'dropbear'
+        fuzz-seconds: 1200
+        dry-run: false
+    - name: Upload Crash
+      uses: actions/upload-artifact@v4
+      if: failure() && steps.build.outcome == 'success'
+      with:
+        name: artifacts
+        path: ./out/artifacts

.github/workflows/outoftree.yml

@@ -0,0 +1,25 @@
+# Can be used locally with https://github.com/nektos/act
+
+name: Out of tree build
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+jobs:
+  outoftree:
+    runs-on: 'ubuntu-22.04'
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: build
+        run: |
+          mkdir build
+          cd build
+          ../configure --enable-fuzz --enable-bundled-libtom --prefix=$PWD/inst
+          make -j3
+          make -j3 fuzzstandalone
+          make install
+          test -x inst/bin/dbclient
+          test -f inst/share/man/man8/dropbear.8

.github/workflows/tarball.yml

@@ -0,0 +1,36 @@
+name: tarball sha256sum
+on:
+  push:
+    branches:
+      - master
+jobs:
+  tarball:
+    runs-on: 'ubuntu-22.04'
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: release.sh
+        run: ./release.sh --testrel | tee log1.txt
+
+      - name: extract output
+        run: |
+          grep ^SHA256 log1.txt | tee sha256sum.txt
+          sed 's/.*= *//' < sha256sum.txt > hash.txt
+          mv `tail -n1 log1.txt` rel.tar.bz2
+
+      - name: sha256sum
+        uses: actions/upload-artifact@v4
+        with:
+          name: sha256sum
+          path: |
+            sha256sum.txt
+            hash.txt
+
+      - name: tarball
+        uses: actions/upload-artifact@v4
+        with:
+          name: tarball
+          # only keep for debugging
+          retention-days: 3
+          path: rel.tar.bz2

.gitignore

@@ -0,0 +1,33 @@
+*~
+*.o
+*.a
+*.da
+*.bb
+*.bbg
+*.prof
+.*.swp
+/obj
+/autom4te.cache
+/config.log
+/config.status
+/dbclient
+/dropbear
+/dropbearconvert
+/dropbearkey
+/dropbearmulti
+/fuzzcorpus
+/fuzzer-*
+/fuzzer-*.options
+/scp
+/scp-progress
+config.h
+default_options_guard.h
+localoptions.h
+Makefile
+tags
+.pytest*
+*.pyc
+/test/venv/
+/test/init/
+/test/fakekey
+.vscode/

.hgsigs

@@ -1,2 +0,0 @@
-aa2f51a6b81d33de5e9898a7f27c792a173d9b26 0 iD8DBQBOuADmjPn4sExkf7wRAv/fAJ9FJFvjDoF+wd1ipDx1wkzdeBQNqgCgykUrSbXv76FBbxKntVbk9oS3GjI=
-3f12086c2ef2b9ffe36a822fdb3ff647fcec1831 0 iD8DBQBOuSlQjPn4sExkf7wRAvkbAKCgE1e8xEMQ16CGeoywhIQ0QR4eNgCfZdYYlzjb/+521Uvh5/7FRYEmrho=

.hgtags

@@ -1,32 +0,0 @@
-03f65e461915a940939e4cc689fc89721ffc40de DROPBEAR_0.48.1
-0f967bfef5cd0056b7ec60e2305d917e51cbf30d DROPBEAR_0.44
-170329dc8ce5dfcf6298e1ad6699f109bf78e73d DROPBEAR_0.51
-1dbd2473482f320ea59f76ce961385cb3a0150a9 DROPBEAR_0.46
-2098857ab826dd42ae05a9a22c3ce2cc835b9844 DROPBEAR_0.45
-36160290a1b27451178be36752ed038840f59cdd LTC_DB_0.46
-39d5d58461d6e93337636e69d4cdf184a09c8d24 LTC_1.05
-55a99934db873be2e63b5968fb6532e5d9bd02e4 DROPBEAR_0.48
-59400faa4b44708c5d0b595e81193bc621e752d3 libtomcrypt-1.05
-66087d87c3555c78b47cf01f32bb5a32054c3ceb DROPBEAR_0.44test4
-677843bfa734238a67636b461a02c110c462ffaf DROPBEAR_0.44test1
-7faae8f46238e23975430876547b8950b4e75481 t:ltc-0.95-orig
-8220862baae829ebc762587b99c662480d57bb23 DROPBEAR_0.53
-86e0b50a9b588239c3fc9cc9cfe255ef586df17b ltm-0.30-orig
-88e0a1ad951add46b795511dc2698e36b4aee922 DROPBEAR_0.44test3
-8e94663164c6e106ccc5c9e997dedf6e04d77dd2 LTM_DB_0.44
-91fbc376f01084037cd5f6a5bf2e2db4903e8e99 libtommath-0.35
-97db060d0ef5f8cf8e67eb602ef037055a185ca9 libtommath-0.40
-aa2f51a6b81d33de5e9898a7f27c792a173d9b26 DROPBEAR_0.53.1
-ab370c629d363f8c9a3eca512bfa86e362034654 DROPBEAR_0.49
-c2ac796b130eeb6fa840873d8c230544c8ec7e4b DROPBEAR_0.44test2
-cd1143579f00b0248c79f63ca70efee4a35a57e8 LTC_DB_0.44
-ce104c8b0be1ff3f2c2590b7cdc3fd6870c865cd DROPBEAR_0.52
-d5faf4814ddbc5abd9e209409bb9e7a4686c8cd7 libtomcrypt-1.16
-d7da3b1e15401eb234ec866d5eac992fc4cd5878 t:ltc-0.95-db-merge1
-d8254fc979e99560c93ca2cece77a6df31927ea5 LTM_0.35
-e109027b9edfb02f0bdf96ec45bb1cd9ad41e7da LTM_DB_0.46
-e109027b9edfb02f0bdf96ec45bb1cd9ad41e7da LTM_DB_0.47
-e37b160c414cab6466622f63b0c4dcbf6ebc47a9 DROPBEAR_0.47
-e430a26064ee86ab79aef372118d6d03b2441996 DROPBEAR_0.50
-e5d119ea4c63656bc54ecfd865d04591ac2ed225 LTC_DB_0.47
-3f12086c2ef2b9ffe36a822fdb3ff647fcec1831 DROPBEAR_2011.54

DEVELOPING.md

@@ -0,0 +1,88 @@
+## Developer Notes
+
+#### Building
+
+See [INSTALL.md](INSTALL.md) for build instructions.
+[SMALL.md](SMALL.md) has hints for building smaller binaries, also see comments in [default_options.h](./src/default_options.h).
+
+Debug symbols can be generated by adding `-g` to `CFLAGS` environment variable.
+```
+export CFLAGS="$CFLAGS -g"
+```
+
+#### File dependencies
+The GitHub [test build script](./.github/workflows/build.yml) requires the [default_options.h](./src/default_options.h) be at the top of the repository tree.
+The script uses the file to generate `localoptions.h` with various features enabled/disabled.
+
+Following are generated files in the format `<target>: <generator>(<source>)`
+```
+- configure: autoconf(configure.ac)
+- src/config.h.in: autoheader(configure.ac)
+- src/config.h: configure(src/config.h.in)
+- Makefile: configure(Makefile.in)
+- default_options_guard.h: make(default_options.h)
+```
+Although generated, the first two files are checked in as they change very infrequently.
+
+#### Debug printing
+
+Set `#define DEBUG_TRACE 1` in [localoptions.h](./localoptions.h) to enable a `-v` verbose option for dropbear and dbclient.
+Higher numbers can be used to allow increased debug levels, with `-v` argument repeated.
+
+For development running `dropbear -F -E` is useful to run in the foreground.
+You can set `#define DEBUG_NOFORK 1` to make dropbear a one-shot server, easy to run under a debugger.
+
+#### Random sources
+
+Most cryptography requires a good random entropy source, both to generate secret keys and in the course of a session.
+Dropbear uses the Linux kernel's `getrandom()` syscall to ensure that the system RNG has been initialised before using it.
+On some systems there is insufficient entropy gathered during early boot - generating hostkeys then will block for some amount of time.
+Dropbear has a `-R` option to generate hostkeys upon the first connection as required - that will allow the system more time to gather entropy.
+
+#### Algorithms
+
+Default algorithm lists are specified in [common-algo.c](./src/common-algo.c). They are in priority order, the client's first matching choice is used (see [rfc4253](https://www.rfc-editor.org/rfc/rfc4253.html)). Dropbear client has `-c` and `-m` arguments to choose which are enabled at runtime (doesn't work for server as of June 2020).
+
+Enabling/disabling algorithms is done in [localoptions.h](./localoptions.h), see [default_options.h](./src/default_options.h).
+
+#### Style
+
+In general please conform to the current style of the file you are editing.
+
+Source code is indented with tabs, width set to 4 (though width shouldn't matter much).
+Braces are on the same line as functions/loops/if - try to keep consistency with existing code.
+
+All `if` statements should have braces, no exceptions.
+
+Add a single space between flow control statements and their open parenthesis:
+```
+if (...
+for (...
+switch (...
+etc.
+```
+
+Use `snake_case` for variable and function names.
+
+Avoid using pointer arithmetic, instead the functions in [buffer.h](./src/buffer.h) should be used.
+
+Some Dropbear platforms have old compilers.
+Variable declarations must be at the top of a scope and comments must be `/* */` rather than `//`.
+
+Pointer variables should be initialised to NULL - it can reduce the severity of bugs.
+
+#### Third party code
+
+Libtomcrypt and libtommath are periodically synced from upstream, so avoid making changes to that code which will need to be maintained.
+Improvements can be sent upstream to the libtom project.
+
+#### Non-root user
+
+Dropbear server will run fine as a non-root user, allowing logins only for that user.
+Password authentication probably won't work (can't read shadow passwords). You will need to create hostkeys that are readable.
+
+#### Connection setup
+
+Dropbear implements `first_kex_packet_follows` to reduce handshake latency [RFC 4253 7.1](https://www.rfc-editor.org/rfc/rfc4253.html#section-7.1).
+Some less common implementations don't handle that - it can be a cause of problems connecting.
+Note also that Dropbear may send several ssh packets within a single TCP packet - it's just a stream.

Dockerfile

@@ -0,0 +1,14 @@
+FROM alpine:3.17.1 AS builder
+
+RUN apk add --no-cache alpine-sdk
+RUN apk add --no-cache \
+    musl-dev \
+    zlib-dev \
+    tar \
+    bzip2 \
+    bash
+
+RUN mkdir -p /root/dropbear/
+WORKDIR /root/dropbear/
+
+ENTRYPOINT ["bash"]

FUZZER-NOTES.md

@@ -0,0 +1,55 @@
+## Fuzzing Dropbear
+
+Dropbear is process-per-session so it assumes calling `dropbear_exit()` is fine at any point to clean up.
+This makes fuzzing a bit trickier. A few pieces of wrapping infrastructure are used to work around this.
+
+The [libfuzzer](http://llvm.org/docs/LibFuzzer.html#fuzz-target) harness expects a long running process to continually run a test function with a string of crafted input.
+That process should not leak resources or exit.
+
+#### longjmp
+
+When dropbear runs in fuzz mode it sets up a [`setjmp()`](http://man7.org/linux/man-pages/man3/setjmp.3.html) target prior to launching the code to be fuzzed, and then [`dropbear_exit()`](./src/dbutil.c#L125) calls `longjmp()` back there.
+This avoids exiting though it doesn't free memory or other resources.
+
+#### malloc Wrapper
+
+Dropbear normally uses a [`m_malloc()`](./src/dbmalloc.c) function that is the same as `malloc()` but exits if allocation fails.
+In fuzzing mode this is replaced with a tracking allocator that stores all allocations in a linked list.
+After the `longjmp()` occurs the fuzzer target calls [`m_malloc_free_epoch(1, 1)`](./src/dbmalloc.c#L80) to clean up any unreleased memory.
+
+If the fuzz target runs to completion it calls `m_malloc_free_epoch(1, 0)` which will reset the tracked allocations but will not free memory.
+That allows libfuzzer's leak checking to detect leaks in normal operation.
+
+#### File Descriptor Input
+
+As a network process Dropbear reads and writes from a socket.
+The wrappers for `read()`/`write()`/`select()` in [fuzz-wrapfd.c](./fuzz/fuzz-wrapfd.c) will read from the fuzzer input that has been set up with `wrapfd_add()`. `write()` output is currently discarded.
+These also test error paths such as EINTR and short reads with certain probabilities.
+
+This allows running the entire dropbear server process with network input provided by the fuzzer, without many modifications to the main code.
+At the time of writing this only runs the pre-authentication stages, though post-authentication could be run similarly.
+
+#### Encryption and Randomness
+
+When running in fuzzing mode Dropbear uses a [fixed seed](./src/dbrandom.c#L185) every time so that failures can be reproduced.
+
+Since the fuzzer cannot generate valid encrypted input the packet decryption and message authentication calls are disabled, see [packet.c](./src/packet.c).
+MAC failures are set to occur with a low probability to test that error path.
+
+#### Fuzzers
+
+Current fuzzers are:
+
+* [fuzzer-preauth](./fuzz/fuzzer-preauth.c) - the fuzzer input is treated as a stream of session input.
+  This will test key exchange, packet ordering, authentication attempts etc.
+* [fuzzer-preauth_nomaths](./fuzz/fuzzer-preauth_nomaths.c) - the same as fuzzer-preauth but with asymmetric crypto routines replaced with dummies for faster runtime.
+  corpora are shared between fuzzers by [oss-fuzz](https://github.com/google/oss-fuzz) so this will help fuzzer-preauth too.
+* [fuzzer-verify](./fuzz/fuzzer-verify.c) - read a key and signature from fuzzer input and verify that signature.
+  It would not be expected to pass, though some keys with bad parameters are able to validate with a trivial signature - extra checks are added for that.
+* [fuzzer-pubkey](./fuzz/fuzzer-pubkey.c) - test parsing of an `authorized_keys` line.
+* [fuzzer-kexdh](./fuzz/fuzzer-kexdh.c) - test Diffie-Hellman key exchange where the fuzz input is the ephemeral public key that would be received over the network.
+  This is testing `mp_expt_mod()` and and other libtommath routines.
+* [fuzzer-kexecdh](./fuzz/fuzzer-kexecdh.c) - test Elliptic Curve Diffie-Hellman key exchange like fuzzer-kexdh.
+  This is testing libtommath ECC routines.
+* [fuzzer-kexcurve25519](./fuzz/fuzzer-kexcurve25519.c) - test Curve25519 Elliptic Curve Diffie-Hellman key exchange like fuzzer-kexecdh.
+  This is testing `dropbear_curve25519_scalarmult()` and other libtommath routines.

INSTALL

@@ -1,79 +0,0 @@
-Basic Dropbear build instructions:
-
-- Edit options.h to set which features you want.
-- Edit debug.h if you want any debug options (not usually required).
-
-(If using a non-tarball copy, "autoconf; autoheader")
-
-./configure      (optionally with --disable-zlib or --disable-syslog,
-                  or --help for other options)
-
-Now compile:
-
-make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
-
-And install (/usr/local/bin is usual default):
-
-make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install
-
-(you can leave items out of the PROGRAMS list to avoid compiling them. If you
-recompile after changing the PROGRAMS list, you *MUST* "make clean" before
-recompiling - bad things will happen otherwise)
-
-See MULTI for instructions on making all-in-one binaries.
-
-If you want to compile statically, add "STATIC=1" to the make command-line.
-
-Binaries can be stripped with "make strip"
-
-============================================================================
-
-If you're compiling for a 386-class CPU, you will probably need to add
-CFLAGS=-DLTC_NO_BSWAP so that libtomcrypt doesn't use 486+ instructions.
-
-============================================================================
-
-Compiling with uClibc:
-
-Firstly, make sure you have at least uclibc 0.9.17, as getusershell() in prior
-versions is broken. Also note that you may get strange issues if your uClibc
-headers don't match the library you are running with, ie the headers might
-say that shadow password support exists, but the libraries don't have it.
-
-Compiling for uClibc should be the same as normal, just set CC to the magic
-uClibc toolchain compiler (ie export CC=i386-uclibc-gcc or whatever).
-You can use "make STATIC=1" to make statically linked binaries, and it is
-advisable to strip the binaries too. If you're looking to make a small binary,
-you should remove unneeded ciphers and MD5, by editing options.h
-
-It is possible to compile zlib in, by copying zlib.h and zconf.h into a
-subdirectory (ie zlibincludes), and 
-
-export CFLAGS="-Izlibincludes -I../zlibincludes"
-export LDFLAGS=/usr/lib/libz.a
-
-before ./configure and make.
-
-If you disable zlib, you must explicitly disable compression for the client -
-OpenSSH is possibly buggy in this regard, it seems you need to disable it
-globally in ~/.ssh/config, not just in the host entry in that file.
-
-You may want to manually disable lastlog recording when using uClibc, configure
-with --disable-lastlog.
-
-One common problem is pty allocation. There are a number of types of pty
-allocation which can be used -- if they work properly, the end result is the
-same for each type. Running configure should detect the best type to use
-automatically, however for some systems, this may be incorrect. Some
-things to note:
-
-    If your system expects /dev/pts to be mounted (this is a uClibc option),
-	make sure that it is.
-
-	Make sure that your libc headers match the library version you are using.
-
-	If openpty() is being used (HAVE_OPENPTY defined in config.h) and it fails,
-	you can try compiling with --disable-openpty. You will probably then need
-	to create all the /dev/pty?? and /dev/tty?? devices, which can be
-	problematic for devfs. In general, openpty() is the best way to allocate
-	PTYs, so it's best to try and get it working.

INSTALL.md

@@ -0,0 +1,97 @@
+## Basic Dropbear Build Instructions
+
+### Build Options
+
+Custom build options can be configured in `localoptions.h` in the build directory. This is a local file, not checked in to git.
+
+Available options are described in [`src/default_options.h`](src/default_options.h)
+Options include available cryptographic algorithms, SSH features, and file paths.
+
+In addition, a `src/distrooptions.h` file will be used if it exists, for distributions to set configuration options.
+
+### Configure for your system
+```
+./configure
+```
+Optionally with `--disable-zlib` or `--disable-syslog`.
+Or `--help` for other options.
+
+You'll need to first run `autoconf; autoheader` if you edit `configure.ac`.
+
+### Compile:
+
+```
+make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
+```
+
+Optionally install, or copy the binaries another way:
+
+```
+make install
+```
+`/usr/local/bin` is usual default.
+
+or
+
+```
+make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install
+```
+
+To test the installation targeting a temporary forder set `DESTDIR`:
+```
+make install DESTDIR=/same/temp/location
+```
+
+You can leave items out of the `PROGRAMS` list to avoid compiling them.
+If you recompile after changing the `PROGRAMS` list, you **MUST** `make clean` before recompiling - bad things will happen otherwise.
+
+[DEVELOPING.md](DEVELOPING.md) has some notes on other developer topics, including debugging.
+
+See [MULTI.md](MULTI.md) for instructions on making all-in-one binaries.
+
+If you want to compile statically use
+```
+./configure --enable-static
+```
+
+By default Dropbear adds various build flags that improve robustness against programming bugs (good for security).
+If these cause problems they can be disabled with `./configure --disable-harden`.
+
+Binaries can be stripped with `make strip`.
+
+> **Note**
+> If you're compiling for a 386-class CPU, you will probably need to add CFLAGS=-DLTC_NO_BSWAP so that libtomcrypt doesn't use 486+ instructions.
+
+## Compiling with uClibc
+
+Firstly, make sure you have at least uclibc 0.9.17, as `getusershell()` in prior versions is broken.
+Also note that you may get strange issues if your uClibc headers don't match the library you are running with.
+I.e. the headers might say that shadow password support exists, but the libraries don't have it.
+
+Compiling for uClibc should be the same as normal, just set CC to the magic uClibc toolchain compiler (ie `export CC=i386-uclibc-gcc` or whatever).
+You can use `make STATIC=1` to make statically linked binaries, and it is advisable to strip the binaries too.
+If you're looking to make a small binary, you should remove unneeded ciphers and algorithms, by editing [localoptions.h](./localoptions.h).
+
+It is possible to compile zlib in, by copying zlib.h and zconf.h into a subdirectory (ie zlibincludes), and
+
+```
+export CFLAGS="-Izlibincludes -I../zlibincludes"
+export LDFLAGS=/usr/lib/libz.a
+```
+before `./configure` and `make`.
+
+If you disable zlib, you must explicitly disable compression for the client.
+OpenSSH is possibly buggy in this regard, it seems you need to disable it globally in `~/.ssh/config`, not just in the host entry in that file.
+
+You may want to manually disable lastlog recording when using uClibc, configure with `--disable-lastlog`.
+
+One common problem is pty allocation.
+There are a number of types of pty allocation which can be used -- if they work properly, the end result is the same for each type.
+Running configure should detect the best type to use automatically, however for some systems, this may be incorrect.
+Some things to note:
+
+* If your system expects `/dev/pts` to be mounted (this is a uClibc option), make sure that it is.
+* Make sure that your libc headers match the library version you are using.
+* If `openpty()` is being used (`HAVE_OPENPTY` defined in `config.h`) and it fails, you can try compiling with `--disable-openpty`. 
+  You will probably then need to create all the `/dev/pty??` and `/dev/tty??` devices, which can be problematic for `devfs`.
+  In general, `openpty()` is the best way to allocate PTYs, so it's best to try and get it working.

LICENSE

@@ -8,7 +8,7 @@ The majority of code is written by Matt Johnston, under the license below.
 Portions of the client-mode work are (c) 2004 Mihnea Stoenescu, under the
 same license:
 
-Copyright (c) 2002-2008 Matt Johnston
+Copyright (c) 2002-2020 Matt Johnston
 Portions copyright (c) 2004 Mihnea Stoenescu
 All rights reserved.
 
@@ -32,7 +32,8 @@ SOFTWARE.
 
 =====
 
-LibTomCrypt and LibTomMath are written by Tom St Denis, and are Public Domain.
+LibTomCrypt and LibTomMath are written by Tom St Denis and others, see
+libtomcrypt/LICENSE and libtommath/LICENSE.
 
 =====
 
@@ -87,3 +88,27 @@ NONINFRINGEMENT.  IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
 FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
 CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+=====
+
+curve25519.c:
+
+Modified TweetNaCl version 20140427, a self-contained public-domain C library.
+https://tweetnacl.cr.yp.to/
+
+Contributors (alphabetical order)
+Daniel J. Bernstein, University of Illinois at Chicago and Technische
+Universiteit Eindhoven
+Bernard van Gastel, Radboud Universiteit Nijmegen
+Wesley Janssen, Radboud Universiteit Nijmegen
+Tanja Lange, Technische Universiteit Eindhoven
+Peter Schwabe, Radboud Universiteit Nijmegen
+Sjaak Smetsers, Radboud Universiteit Nijmegen
+
+Acknowledgments
+This work was supported by the U.S. National Science Foundation under grant
+1018836. "Any opinions, findings, and conclusions or recommendations expressed
+in this material are those of the author(s) and do not necessarily reflect the
+views of the National Science Foundation."
+This work was supported by the Netherlands Organisation for Scientific
+Research (NWO) under grant 639.073.005 and Veni 2013 project 13114.

MULTI

@@ -1,26 +0,0 @@
-Multi-binary compilation
-========================
-
-To compile for systems without much space (floppy distributions etc), you
-can create a single binary. This will save disk space by avoiding repeated
-code between the various parts.
-If you are familiar with "busybox", it's the same principle.
-
-To compile the multi-binary, first "make clean" (if you've compiled
-previously), then
-
-make PROGRAMS="programs you want here" MULTI=1
-
-To use the binary, symlink it from the desired executable:
-
-ln -s dropbearmulti dropbear
-ln -s dropbearmulti dbclient
-etc
-
-then execute as normal:
-
-./dropbear <options here>
-
-"make install" doesn't currently work for multi-binary configuration, though
-in most situations where it is being used, the target and build systems will
-differ.

MULTI.md

@@ -0,0 +1,25 @@
+## Multi-Binary Compilation
+
+To compile for systems without much space (floppy distributions etc), you can create a single binary.
+This will save disk space by avoiding repeated code between the various parts.
+If you are familiar with BusyBox, it's the same principle.
+
+To compile the multi-binary, first `make clean` (if you've compiled previously), then
+
+```sh
+make PROGRAMS="programs you want here" MULTI=1
+```
+
+To use the binary, symlink it from the desired executable:
+
+```sh
+ln -s dropbearmulti dropbear
+ln -s dropbearmulti dbclient
+```
+etc.
+
+Then execute as normal:
+
+```
+./dropbear <options here>
+```

Makefile.in

@@ -2,100 +2,144 @@
 # @configure_input@
 
 # invocation:
-# make PROGRAMS="dropbear dbclient scp" MULTI=1 STATIC=1 SCPPROGRESS=1
+# make PROGRAMS="dropbear dbclient scp" MULTI=1 SCPPROGRESS=1
 #
-# to make a multiple-program statically linked binary "staticdropbearmulti".
+# to make a multiple-program binary "dropbearmulti".
 # This example will include dropbear, scp, dropbearkey, dropbearconvert, and
 # dbclient functionality, and includes the progress-bar functionality in scp.
-# Hopefully that seems intuitive.
 
 ifndef PROGRAMS
 	PROGRAMS=dropbear dbclient dropbearkey dropbearconvert
 endif
 
-LTC=libtomcrypt/libtomcrypt.a
-LTM=libtommath/libtommath.a
+srcdir=@srcdir@/src
+VPATH=@srcdir@/src
+
+STATIC_LTC=libtomcrypt/libtomcrypt.a
+STATIC_LTM=libtommath/libtommath.a
+
+LIBTOM_LIBS=@LIBTOM_LIBS@
 
 ifeq (@BUNDLED_LIBTOM@, 1)
-LIBTOM_DEPS=$(LTC) $(LTM)
-CFLAGS+=-I$(srcdir)/libtomcrypt/src/headers/ 
-LIBS+=$(LTC) $(LTM)
+	LIBTOM_DEPS=$(STATIC_LTC) $(STATIC_LTM)
+	LIBTOM_CLEAN=ltc-clean ltm-clean
+	CPPFLAGS+=-I$(srcdir)/../libtomcrypt/src/headers/
+	LIBTOM_LIBS=$(STATIC_LTC) $(STATIC_LTM)
 endif
 
-COMMONOBJS=dbutil.o buffer.o \
-		dss.o bignum.o \
-		signkey.o rsa.o random.o \
-		queue.o \
-		atomicio.o compat.o  fake-rfc2553.o 
+ifneq ($(wildcard ./localoptions.h),)
+	CPPFLAGS+=-DLOCALOPTIONS_H_EXISTS
+endif
+ifneq ($(wildcard $(srcdir)/distrooptions.h),)
+	CPPFLAGS+=-DDISTROOPTIONS_H_EXISTS
+endif
 
-SVROBJS=svr-kex.o svr-algo.o svr-auth.o sshpty.o \
+OBJ_DIR=./obj
+MAN_DIR=@srcdir@/manpages
+
+_COMMONOBJS=dbutil.o buffer.o dbhelpers.o \
+		dss.o bignum.o \
+		signkey.o rsa.o dbrandom.o \
+		queue.o \
+		atomicio.o compat.o fake-rfc2553.o \
+		ltc_prng.o ecc.o ecdsa.o sk-ecdsa.o crypto_desc.o \
+		curve25519.o ed25519.o sk-ed25519.o \
+		dbmalloc.o \
+		gensignkey.o gendss.o genrsa.o gened25519.o
+COMMONOBJS = $(patsubst %,$(OBJ_DIR)/%,$(_COMMONOBJS))
+
+_SVROBJS=svr-kex.o svr-auth.o sshpty.o \
 		svr-authpasswd.o svr-authpubkey.o svr-authpubkeyoptions.o svr-session.o svr-service.o \
 		svr-chansession.o svr-runopts.o svr-agentfwd.o svr-main.o svr-x11fwd.o\
 		svr-tcpfwd.o svr-authpam.o
+SVROBJS = $(patsubst %,$(OBJ_DIR)/%,$(_SVROBJS))
 
-CLIOBJS=cli-algo.o cli-main.o cli-auth.o cli-authpasswd.o cli-kex.o \
-		cli-session.o cli-service.o cli-runopts.o cli-chansession.o \
+_CLIOBJS=cli-main.o cli-auth.o cli-authpasswd.o cli-kex.o \
+		cli-session.o cli-runopts.o cli-chansession.o \
 		cli-authpubkey.o cli-tcpfwd.o cli-channel.o cli-authinteract.o \
-		cli-agentfwd.o list.o
+		cli-agentfwd.o cli-readconf.o
+CLIOBJS = $(patsubst %,$(OBJ_DIR)/%,$(_CLIOBJS))
 
-CLISVROBJS=common-session.o packet.o common-algo.o common-kex.o \
-			common-channel.o common-chansession.o termcodes.o loginrec.o \
-			tcp-accept.o listener.o process-packet.o \
-			common-runopts.o circbuffer.o
+_CLISVROBJS=common-session.o packet.o common-algo.o common-kex.o \
+		common-channel.o common-chansession.o termcodes.o loginrec.o \
+		tcp-accept.o listener.o process-packet.o dh_groups.o \
+		common-runopts.o circbuffer.o list.o netio.o chachapoly.o gcm.o
+CLISVROBJS = $(patsubst %,$(OBJ_DIR)/%,$(_CLISVROBJS))
 
-KEYOBJS=dropbearkey.o gendss.o genrsa.o
+_KEYOBJS=dropbearkey.o
+KEYOBJS = $(patsubst %,$(OBJ_DIR)/%,$(_KEYOBJS))
 
-CONVERTOBJS=dropbearconvert.o keyimport.o
+_CONVERTOBJS=dropbearconvert.o keyimport.o signkey_ossh.o
+CONVERTOBJS = $(patsubst %,$(OBJ_DIR)/%,$(_CONVERTOBJS))
 
-SCPOBJS=scp.o progressmeter.o atomicio.o scpmisc.o compat.o
+_SCPOBJS=scp.o progressmeter.o atomicio.o scpmisc.o compat.o
+SCPOBJS = $(patsubst %,$(OBJ_DIR)/%,$(_SCPOBJS))
 
-HEADERS=options.h dbutil.h session.h packet.h algo.h ssh.h buffer.h kex.h \
-		dss.h bignum.h signkey.h rsa.h random.h service.h auth.h \
-		debug.h channel.h chansession.h config.h queue.h sshpty.h \
-		termcodes.h gendss.h genrsa.h runopts.h includes.h \
-		loginrec.h atomicio.h x11fwd.h agentfwd.h tcpfwd.h compat.h \
-		listener.h fake-rfc2553.h
+ifeq (@DROPBEAR_FUZZ@, 1)
+	allobjs = $(COMMONOBJS) fuzz/fuzz-common.o  fuzz/fuzz-wrapfd.o $(CLISVROBJS) $(CLIOBJS) $(SVROBJS) @CRYPTLIB@
+	allobjs:=$(subst $(OBJ_DIR)/svr-main.o, ,$(allobjs))
+	allobjs:=$(subst $(OBJ_DIR)/cli-main.o, ,$(allobjs))
 
-dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS) @CRYPTLIB@ 
-dbclientobjs=$(COMMONOBJS) $(CLISVROBJS) $(CLIOBJS)
-dropbearkeyobjs=$(COMMONOBJS) $(KEYOBJS)
-dropbearconvertobjs=$(COMMONOBJS) $(CONVERTOBJS)
-scpobjs=$(SCPOBJS)
+	dropbearobjs=$(allobjs) $(OBJ_DIR)/svr-main.o
+	dbclientobjs=$(allobjs) $(OBJ_DIR)/cli-main.o
+	dropbearkeyobjs=$(allobjs) $(KEYOBJS)
+	dropbearconvertobjs=$(allobjs) $(CONVERTOBJS)
+	# CXX only set when fuzzing
+	CXX=@CXX@
+	FUZZ_CLEAN=fuzz-clean
+else
+	dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS)
+	dbclientobjs=$(COMMONOBJS) $(CLISVROBJS) $(CLIOBJS)
+	dropbearkeyobjs=$(COMMONOBJS) $(KEYOBJS)
+	dropbearconvertobjs=$(COMMONOBJS) $(CONVERTOBJS)
+	scpobjs=$(SCPOBJS)
+endif
 
-VPATH=@srcdir@
-srcdir=@srcdir@
+ifeq (@DROPBEAR_PLUGIN@, 1)
+	# rdynamic makes all the global symbols of dropbear available to all the loaded shared libraries
+	# this allow a plugin to reuse existing crypto/utilities like base64_decode/base64_encode without
+	# the need to rewrite them.
+	PLUGIN_LIBS=-ldl -rdynamic
+else
+	PLUGIN_LIBS=
+endif
 
 prefix=@prefix@
-exec_prefix=${prefix}
-bindir=${exec_prefix}/bin
-sbindir=${exec_prefix}/sbin
+exec_prefix=@exec_prefix@
+datarootdir = @datarootdir@
+bindir=@bindir@
+sbindir=@sbindir@
+mandir=@mandir@
+
+.DELETE_ON_ERROR:
 
 CC=@CC@
 AR=@AR@
 RANLIB=@RANLIB@
 STRIP=@STRIP@
 INSTALL=@INSTALL@
-CPPFLAGS=@CPPFLAGS@
-CFLAGS+=-I. -I$(srcdir) $(CPPFLAGS) @CFLAGS@
+CPPFLAGS+=@CPPFLAGS@ -I. -I$(srcdir)
+CFLAGS+=@CFLAGS@
 LIBS+=@LIBS@
 LDFLAGS=@LDFLAGS@
 
 EXEEXT=@EXEEXT@
 
+STATIC=@STATIC@
+
 # whether we're building client, server, or both for the common objects.
 # evilness so we detect 'dropbear' by itself as a word
-space:= $(empty) $(empty)
 ifneq (,$(strip $(foreach prog, $(PROGRAMS), $(findstring ZdropbearZ, Z$(prog)Z))))
-	CFLAGS+= -DDROPBEAR_SERVER
+	CPPFLAGS+= -DDROPBEAR_SERVER
 endif
 ifneq (,$(strip $(foreach prog, $(PROGRAMS), $(findstring ZdbclientZ, Z$(prog)Z))))
-	CFLAGS+= -DDROPBEAR_CLIENT
+	CPPFLAGS+= -DDROPBEAR_CLIENT
 endif
 
-
 # these are exported so that libtomcrypt's makefile will use them
 export CC
 export CFLAGS
+export CPPFLAGS
 export RANLIB AR STRIP
 
 ifeq ($(STATIC), 1)
@@ -103,54 +147,71 @@ ifeq ($(STATIC), 1)
 endif
 
 ifeq ($(MULTI), 1)
-	TARGETS=dropbearmulti
+	TARGETS=dropbearmulti$(EXEEXT)
 else
 	TARGETS=$(PROGRAMS)
 endif
 
 # for the scp progress meter. The -D doesn't affect anything else.
 ifeq ($(SCPPROGRESS), 1)
-	CFLAGS+=-DPROGRESS_METER
+	CPPFLAGS+=-DPROGRESS_METER
 endif
 
 all: $(TARGETS)
 
+# for simplicity assume all source depends on all headers
+HEADERS=$(wildcard $(srcdir)/*.h *.h) default_options_guard.h
+
+$(OBJ_DIR):
+	mkdir -p $@
+
+$(OBJ_DIR)/%.o: $(srcdir)/%.c $(HEADERS) | $(OBJ_DIR)
+	$(CC) $(CFLAGS) $(CPPFLAGS) $< -o $@ -c
+
+fuzz/%.o: $(srcdir)/../fuzz/%.c $(HEADERS)
+	$(CC) $(CFLAGS) $(CPPFLAGS) $< -o $@ -c
+
+default_options_guard.h: $(srcdir)/default_options.h
+	@echo Creating $@
+	@printf "/*\n > > > Do not edit this file (default_options_guard.h) < < <\nGenerated from "$^"\nLocal customisation goes in localoptions.h\n*/\n\n" > $@.tmp
+	@$(srcdir)/ifndef_wrapper.sh < $^ >> $@.tmp
+	mv -v $@.tmp $@
+	pwd
+	ls -l $@
+
 strip: $(TARGETS)
 	$(STRIP) $(addsuffix $(EXEEXT), $(TARGETS))
 
 install: $(addprefix inst_, $(TARGETS))
 
-installdropbearmulti: insdbmulti $(addprefix insmulti, $(PROGRAMS)) 
-
-insdbmulti: dropbearmulti
-	$(INSTALL) -d -m 755 $(DESTDIR)$(bindir)
-	$(INSTALL) -m 755 dropbearmulti$(EXEEXT) $(DESTDIR)$(bindir)
-	-chown root $(DESTDIR)$(bindir)/dropbearmulti$(EXEEXT)
-	-chgrp 0 $(DESTDIR)$(bindir)/dropbearmulti$(EXEEXT)
-
-insmultidropbear: dropbearmulti
-	$(INSTALL) -d -m 755 $(DESTDIR)$(sbindir)
+insmultidropbear: dropbearmulti$(EXEEXT)
+	$(INSTALL) -d $(DESTDIR)$(sbindir)
 	-rm -f $(DESTDIR)$(sbindir)/dropbear$(EXEEXT)
-	-ln -s $(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(sbindir)/dropbear$(EXEEXT) 
+	-ln -s $(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(sbindir)/dropbear$(EXEEXT)
+	$(INSTALL) -d $(DESTDIR)$(mandir)/man8
+	$(INSTALL) -m 644 $(MAN_DIR)/dropbear.8  $(DESTDIR)$(mandir)/man8/dropbear.8
 
-insmulti%: dropbearmulti
-	$(INSTALL) -d -m 755 $(DESTDIR)$(bindir)
-	-rm -f $(DESTDIR)$(bindir)/$*$(EXEEXT) 
-	-ln -s $(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(bindir)/$*$(EXEEXT) 
+insmulti%: dropbearmulti$(EXEEXT)
+	$(INSTALL) -d $(DESTDIR)$(bindir)
+	-rm -f $(DESTDIR)$(bindir)/$*$(EXEEXT)
+	-ln -s $(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(bindir)/$*$(EXEEXT)
+	$(INSTALL) -d $(DESTDIR)$(mandir)/man1
+	if test -e $(MAN_DIR)/$*.1; then $(INSTALL) -m 644 $(MAN_DIR)/$*.1 $(DESTDIR)$(mandir)/man1/$*.1; fi
 
-# dropbear should go in sbin, so it needs a seperate rule
+# dropbear should go in sbin, so it needs a separate rule
 inst_dropbear: dropbear
-	$(INSTALL) -d -m 755 $(DESTDIR)$(sbindir)
-	$(INSTALL) -m 755 dropbear$(EXEEXT) $(DESTDIR)$(sbindir)
-	-chown root $(DESTDIR)$(sbindir)/dropbear$(EXEEXT)
-	-chgrp 0 $(DESTDIR)$(sbindir)/dropbear$(EXEEXT)
+	$(INSTALL) -d $(DESTDIR)$(sbindir)
+	$(INSTALL) dropbear$(EXEEXT) $(DESTDIR)$(sbindir)
+	$(INSTALL) -d $(DESTDIR)$(mandir)/man8
+	$(INSTALL) -m 644 $(MAN_DIR)/dropbear.8 $(DESTDIR)$(mandir)/man8/dropbear.8
 
-inst_%: $*
-	$(INSTALL) -d -m 755 $(DESTDIR)$(bindir)
-	$(INSTALL) -m 755 $*$(EXEEXT) $(DESTDIR)$(bindir)
-	-chown root $(DESTDIR)$(bindir)/$*$(EXEEXT)
-	-chgrp 0 $(DESTDIR)$(bindir)/$*$(EXEEXT)
+inst_%: %
+	$(INSTALL) -d $(DESTDIR)$(bindir)
+	$(INSTALL) $*$(EXEEXT) $(DESTDIR)$(bindir)
+	$(INSTALL) -d $(DESTDIR)$(mandir)/man1
+	if test -e $(MAN_DIR)/$*.1; then $(INSTALL) -m 644 $(MAN_DIR)/$*.1 $(DESTDIR)$(mandir)/man1/$*.1; fi
 
+inst_dropbearmulti: $(addprefix insmulti, $(PROGRAMS))
 
 # for some reason the rule further down doesn't like $($@objs) as a prereq.
 dropbear: $(dropbearobjs)
@@ -158,8 +219,14 @@ dbclient: $(dbclientobjs)
 dropbearkey: $(dropbearkeyobjs)
 dropbearconvert: $(dropbearconvertobjs)
 
-dropbear dbclient dropbearkey dropbearconvert: $(HEADERS) $(LIBTOM_DEPS) Makefile
-	$(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBS)
+dropbear: $(HEADERS) $(LIBTOM_DEPS) Makefile
+	$(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS) @CRYPTLIB@ $(PLUGIN_LIBS)
+
+dbclient: $(HEADERS) $(LIBTOM_DEPS) Makefile
+	$(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS)
+
+dropbearkey dropbearconvert: $(HEADERS) $(LIBTOM_DEPS) Makefile
+	$(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS)
 
 # scp doesn't use the libs so is special.
 scp: $(SCPOBJS)  $(HEADERS) Makefile
@@ -169,14 +236,14 @@ scp: $(SCPOBJS)  $(HEADERS) Makefile
 # multi-binary compilation.
 MULTIOBJS=
 ifeq ($(MULTI),1)
-	MULTIOBJS=dbmulti.o $(sort $(foreach prog, $(PROGRAMS), $($(prog)objs))) @CRYPTLIB@ 
-	CFLAGS+=$(addprefix -DDBMULTI_, $(PROGRAMS)) -DDROPBEAR_MULTI
+	MULTIOBJS=$(OBJ_DIR)/dbmulti.o $(sort $(foreach prog, $(PROGRAMS), $($(prog)objs)))
+	CPPFLAGS+=$(addprefix -DDBMULTI_, $(PROGRAMS)) -DDROPBEAR_MULTI
 endif
 
-dropbearmulti: multilink 
+dropbearmulti$(EXEEXT): $(HEADERS) $(MULTIOBJS) $(LIBTOM_DEPS) Makefile
+	$(CC) $(LDFLAGS) -o $@ $(MULTIOBJS) $(LIBTOM_LIBS) $(LIBS) @CRYPTLIB@
 
-multibinary: $(HEADERS) $(MULTIOBJS) $(LIBTOM_DEPS) Makefile
-	$(CC) $(LDFLAGS) -o dropbearmulti$(EXEEXT) $(MULTIOBJS) $(LIBS)
+multibinary: dropbearmulti$(EXEEXT)
 
 multilink: multibinary $(addprefix link, $(PROGRAMS))
 
@@ -184,32 +251,99 @@ link%:
 	-rm -f $*$(EXEEXT)
 	-ln -s dropbearmulti$(EXEEXT) $*$(EXEEXT)
 
-$(LTC): options.h
-	cd libtomcrypt && $(MAKE) clean && $(MAKE)
+$(STATIC_LTC): $(HEADERS)
+	$(MAKE) -C libtomcrypt
 
-$(LTM): options.h
-	cd libtommath && $(MAKE)
+$(STATIC_LTM): $(HEADERS)
+	$(MAKE) -C libtommath
 
-.PHONY : clean sizes thisclean distclean tidy ltc-clean ltm-clean
+.PHONY : clean sizes thisclean distclean tidy ltc-clean ltm-clean lint check
 
 ltc-clean:
-	cd libtomcrypt && $(MAKE) clean
+	$(MAKE) -C libtomcrypt clean
 
 ltm-clean:
-	cd libtommath && $(MAKE) clean
+	$(MAKE) -C libtommath clean
 
 sizes: dropbear
 	objdump -t dropbear|grep ".text"|cut -d "." -f 2|sort -rn
 
-clean: ltc-clean ltm-clean thisclean
+clean: $(LIBTOM_CLEAN) $(FUZZ_CLEAN) thisclean
 
 thisclean:
-	-rm -f dropbear dbclient dropbearkey dropbearconvert scp scp-progress \
-			dropbearmulti *.o *.da *.bb *.bbg *.prof 
+	-rm -f dropbear$(EXEEXT) dbclient$(EXEEXT) dropbearkey$(EXEEXT) \
+			dropbearconvert$(EXEEXT) scp$(EXEEXT) scp-progress$(EXEEXT) \
+			dropbearmulti$(EXEEXT) *.o *.da *.bb *.bbg *.prof \
+			$(OBJ_DIR)/*
 
 distclean: clean tidy
-	-rm -f config.h
-	-rm -f Makefile
+	-rm -f src/config.h config.status config.log
+	-rm -f Makefile test/Makefile
+	-rm -f default_options_guard.h
 
 tidy:
 	-rm -f *~ *.gcov */*~
+
+lint:
+	cd $(srcdir); ./dropbear_lint.sh
+
+check: lint
+	make -C test
+
+## Fuzzing targets
+
+# list of fuzz targets
+FUZZ_TARGETS=fuzzer-preauth fuzzer-pubkey fuzzer-verify fuzzer-preauth_nomaths \
+	fuzzer-kexdh fuzzer-kexecdh fuzzer-kexcurve25519 fuzzer-client fuzzer-client_nomaths \
+	fuzzer-postauth_nomaths fuzzer-cliconf
+
+FUZZER_OPTIONS = $(addsuffix .options, $(FUZZ_TARGETS))
+FUZZ_OBJS = $(addprefix fuzz/,$(addsuffix .o,$(FUZZ_TARGETS))) \
+	fuzz/fuzz-sshpacketmutator.o
+
+list-fuzz-targets:
+	@echo $(FUZZ_TARGETS)
+
+# fuzzers that don't use libfuzzer, just a standalone harness that feeds inputs
+fuzzstandalone: FUZZLIB=fuzz/fuzz-harness.o
+fuzzstandalone: fuzz/fuzz-harness.o fuzz-targets
+
+# Build all the fuzzers. Usually like
+#   make fuzz-targets FUZZLIB=-lFuzzer.a
+# the library provides main(). Otherwise
+#   make fuzzstandalone
+# provides a main in fuzz-harness.c
+fuzz-targets: $(FUZZ_TARGETS) $(FUZZER_OPTIONS)
+
+$(FUZZ_TARGETS): $(LIBTOM_DEPS) $(allobjs) $(FUZZ_OBJS)
+	$(CXX) $(CXXFLAGS) fuzz/$@.o $(LDFLAGS) $(allobjs) -o $@$(EXEEXT) $(LIBTOM_LIBS) $(LIBS) $(FUZZLIB) @CRYPTLIB@
+
+# fuzzers that use the custom mutator - these expect a SSH network stream
+MUTATOR_FUZZERS=fuzzer-client fuzzer-client_nomaths \
+	fuzzer-preauth fuzzer-preauth_nomaths fuzzer-postauth_nomaths
+
+# Skip custom mutators for -fsanitize-memory since libfuzzer doesn't initialise memory
+# Pending fix for it https://github.com/google/oss-fuzz/issues/4605
+ifeq (,$(findstring fsanitize=memory, $(CFLAGS)))
+$(MUTATOR_FUZZERS): allobjs += fuzz/fuzz-sshpacketmutator.o
+endif
+
+fuzzer-%.options: Makefile
+	echo "[libfuzzer]"               > $@
+	echo "max_len = 50000"          >> $@
+
+# run this to update hardcoded hostkeys for for fuzzing.
+# hostkeys.c is checked in to hg.
+fuzz-hostkeys:
+	dropbearkey -t rsa -f keyr
+	dropbearkey -t dss -f keyd
+	dropbearkey -t ecdsa -size 256 -f keye
+	dropbearkey -t ed25519 -f keyed25519
+	echo > hostkeys.c
+	/usr/bin/xxd -i -a keyr >> hostkeys.c
+	/usr/bin/xxd -i -a keye >> hostkeys.c
+	/usr/bin/xxd -i -a keyd >> hostkeys.c
+	/usr/bin/xxd -i -a keyed25519 >> hostkeys.c
+
+fuzz-clean:
+	-rm -f fuzz/*.o $(FUZZ_TARGETS) $(FUZZER_OPTIONS)

README

@@ -1,74 +0,0 @@
-This is Dropbear, a smallish SSH 2 server and client.
-
-INSTALL has compilation instructions.
-
-MULTI has instructions on making a multi-purpose binary (ie a single binary
-which performs multiple tasks, to save disk space)
-
-SMALL has some tips on creating small binaries.
-
-See TODO for a few of the things I know need looking at, and please contact
-me if you have any questions/bugs found/features/ideas/comments etc :)
-
-Matt Johnston
-matt@ucc.asn.au
-
-
-In the absence of detailed documentation, some notes follow:
-============================================================================
-
-Server public key auth:
-
-You can use ~/.ssh/authorized_keys in the same way as with OpenSSH, just put
-the key entries in that file. They should be of the form:
-
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname
-
-You must make sure that ~/.ssh, and the key file, are only writable by the
-user. Beware of editors that split the key into multiple lines.
-
-NOTE: Dropbear ignores authorized_keys options such as those described in the
-OpenSSH sshd manpage, and will not allow a login for these keys. 
-
-============================================================================
-
-Client public key auth:
-
-Dropbear can do public key auth as a client, but you will have to convert
-OpenSSH style keys to Dropbear format, or use dropbearkey to create them.
-
-If you have an OpenSSH-style private key ~/.ssh/id_rsa, you need to do:
-
-dropbearconvert openssh dropbear ~/.ssh/id_rsa  ~/.ssh/id_rsa.db
-dbclient -i ~/.ssh/id_rsa.db <hostname>
-
-Currently encrypted keys aren't supported, neither is agent forwarding. At some
-stage both hopefully will be.
-
-============================================================================
-
-If you want to get the public-key portion of a Dropbear private key, look at
-dropbearkey's '-y' option.
-
-============================================================================
-
-To run the server, you need to generate server keys, this is one-off:
-./dropbearkey -t rsa -f dropbear_rsa_host_key
-./dropbearkey -t dss -f dropbear_dss_host_key
-
-or alternatively convert OpenSSH keys to Dropbear:
-./dropbearconvert openssh dropbear /etc/ssh/ssh_host_dsa_key dropbear_dss_host_key
-
-============================================================================
-
-If the server is run as non-root, you most likely won't be able to allocate a
-pty, and you cannot login as any user other than that running the daemon
-(obviously). Shadow passwords will also be unusable as non-root.
-
-============================================================================
-
-The Dropbear distribution includes a standalone version of OpenSSH's scp
-program. You can compile it with "make scp", you may want to change the path
-of the ssh binary, specified by _PATH_SSH_PROGRAM in options.h . By default
-the progress meter isn't compiled in to save space, you can enable it by 
-adding 'SCPPROGRESS=1' to the make commandline.

README.md

@@ -0,0 +1,84 @@
+## Dropbear SSH
+A smallish SSH server and client
+https://matt.ucc.asn.au/dropbear/dropbear.html
+
+[INSTALL.md](INSTALL.md) has compilation instructions.
+
+[MULTI.md](MULTI.md) has instructions on making a multi-purpose binary (ie a single binary which performs multiple tasks, to save disk space).
+
+[SMALL.md](SMALL.md) has some tips on creating small binaries.
+
+A mirror of the Dropbear website and tarballs is available at https://dropbear.nl/mirror/.
+
+Please contact me if you have any questions/bugs found/features/ideas/comments etc
+There is also a mailing list https://lists.ucc.asn.au/mailman/listinfo/dropbear
+
+Matt Johnston
+matt@ucc.asn.au
+
+
+### In the absence of detailed documentation, some notes follow
+
+----
+#### Server public key auth
+
+You can use `~/.ssh/authorized_keys` in the same way as with OpenSSH, just put the key entries in that file.
+They should be of the form:
+
+    ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0NkyU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname
+
+You must make sure that `~/.ssh`, and the key file, are only writable by the user.
+Beware of editors that split the key into multiple lines.
+
+Dropbear supports some options for authorized_keys entries, see the manpage.
+
+----
+#### Client public key auth
+
+Dropbear can do public key auth as a client.
+But you will have to convert OpenSSH style keys to Dropbear format, or use dropbearkey to create them.
+
+If you have an OpenSSH-style private key `~/.ssh/id_rsa`, you need to do:
+
+```sh
+dropbearconvert openssh dropbear ~/.ssh/id_rsa  ~/.ssh/id_rsa.db
+dbclient -i ~/.ssh/id_rsa.db <hostname>
+```
+
+Dropbear does not support encrypted hostkeys though can connect to ssh-agent.
+
+----
+If you want to get the public-key portion of a Dropbear private key, look at dropbearkey's `-y` option.
+It will print both public key and fingerprint. If you need the pub key only you can grep by a prefix `ssh-`: 
+```sh
+./dropbearkey -y -f ~/.ssh/id_ed25519 | grep "^ssh-" > ~/.ssh/id_ed25519.pub
+```
+
+----
+To run the server, you need to generate server keys, this is one-off:
+
+```sh
+./dropbearkey -t rsa -f dropbear_rsa_host_key
+./dropbearkey -t dss -f dropbear_dss_host_key
+./dropbearkey -t ecdsa -f dropbear_ecdsa_host_key
+./dropbearkey -t ed25519 -f dropbear_ed25519_host_key
+```
+
+Or alternatively convert OpenSSH keys to Dropbear:
+
+```sh
+./dropbearconvert openssh dropbear /etc/ssh/ssh_host_dsa_key dropbear_dss_host_key
+```
+
+You can also get Dropbear to create keys when the first connection is made - this is preferable to generating keys when the system boots.
+Make sure `/etc/dropbear/` exists and then pass `-R` to the dropbear server.
+
+----
+If the server is run as non-root, you most likely won't be able to allocate a pty, and you cannot login as any user other than that running the daemon (obviously).
+Shadow passwords will also be unusable as non-root.
+
+----
+The Dropbear distribution includes a standalone version of OpenSSH's `scp` program.
+You can compile it with `make scp`.
+You may want to change the path of the ssh binary, specified by `_PATH_SSH_PROGRAM` in `options.h`.
+By default the progress meter isn't compiled in to save space, you can enable it by adding `SCPPROGRESS=1` to the `make` commandline.

SMALL

@@ -1,53 +0,0 @@
-Tips for a small system:
-
-If you only want server functionality (for example), compile with
-	make PROGRAMS=dropbear
-rather than just
-	make dropbear
-so that client functionality in shared portions of Dropbear won't be included.
-The same applies if you are compiling just a client.
-
----
-
-The following are set in options.h:
-
-	- You can safely disable blowfish and twofish ciphers, and MD5 hmac, without
-	  affecting interoperability
-
-	- If you're compiling statically, you can turn off host lookups
-
-	- You can disable either password or public-key authentication, though note
-	  that the IETF draft states that pubkey authentication is required.
-
-	- Similarly with DSS and RSA, you can disable one of these if you know that
-	  all clients will be able to support a particular one. The IETF draft
-	  states that DSS is required, however you may prefer to use RSA. 
-	  DON'T disable either of these on systems where you aren't 100% sure about
-	  who will be connecting and what clients they will be using.
-
-	- Disabling the MOTD code and SFTP-SERVER may save a small amount of codesize
-
-	- You can disable x11, tcp and agent forwarding as desired. None of these are
-	  essential, although agent-forwarding is often useful even on firewall boxes.
-
----
-
-If you are compiling statically, you may want to disable zlib, as it will use
-a few tens of kB of binary-size (./configure --disable-zlib).
-
-You can create a combined binary, see the file MULTI, which will put all
-the functions into one binary, avoiding repeated code.
-
-If you're compiling with gcc, you might want to look at gcc's options for
-stripping unused code. The relevant vars to set before configure are:
-
-LDFLAGS=-Wl,--gc-sections
-CFLAGS="-ffunction-sections -fdata-sections"
-
-You can also experiment with optimisation flags such as -Os, note that in some
-cases these flags actually seem to increase size, so experiment before
-deciding.
-
-Of course using small C libraries such as uClibc and dietlibc can also help.
-
-If you have any queries, mail me and I'll see if I can help.

SMALL.md

@@ -0,0 +1,59 @@
+## Tips for a small system
+
+If you only want server functionality, compile with
+
+```
+make PROGRAMS=dropbear
+```
+
+rather than just
+
+```
+make dropbear
+```
+
+so that client functionality in shared portions of Dropbear won't be included.
+The same applies for `PROGRAMS=dbclient`.
+
+---
+The following are set in `localoptions.h`. See `default_options.h` for possibilities.
+
+You can disable either password or public-key authentication.
+
+Various algorithms can be disabled if they are not required by any connecting SSH clients/servers. 
+Disabling many is fine for a local install, though
+builds for public consumption require more consideration.
+
+You can disable x11, tcp and agent forwarding as desired. None of these are essential (depending on use cases).
+
+---
+If you are compiling statically, you may want to disable zlib, as it will use a few tens of kB of binary size
+```
+./configure --disable-zlib
+```
+
+You can create a combined binary, see the file [MULTI.md](MULTI.md), which will put all the functions into one binary, avoiding repeated code.
+
+If you're compiling with gcc, you might want to look at gcc's options for stripping unused code.
+The relevant vars to set before configure are:
+
+```
+LDFLAGS=-Wl,--gc-sections
+CFLAGS="-ffunction-sections -fdata-sections"
+```
+
+You can also experiment with optimisation flags such as `-Os`. Note that in some cases these flags actually seem to increase size, so experiment before
+deciding.
+
+Of course using small C libraries such as musl can also help.
+
+---
+Libtommath has its own default `CFLAGS` to improve speed. You can use
+
+```
+./configure LTM_CFLAGS=-Os
+```
+
+to reduce size at the expense of speed.
+
+If you have any queries, mail me and I'll see if I can help.

TODO

@@ -1,27 +0,0 @@
-Current:
-
-Things which might need doing:
-
-- default private dbclient keys
-
-- Make options.h generated from configure perhaps?
-
-- handle /etc/environment in AIX
-
-- check that there aren't timing issues with valid/invalid user authentication
-  feedback.
-
-- Binding to different interfaces
-
-- CTR mode
-- SSH_MSG_IGNORE sending to improve CBC security
-- DH Group Exchange possibly, or just add group14 (whatever it's called today)
-
-- fix scp.c for IRIX
-
-- Be able to use OpenSSH keys for the client? or at least have some form of 
-  encrypted keys.
-
-- Client agent forwarding
-
-- Handle restrictions in ~/.ssh/authorized_keys ?

_internal_/Dockerfile.python.nonroot

@@ -0,0 +1,21 @@
+FROM nvidia/cuda:11.1.1-cudnn8-devel-ubuntu18.04
+# use an older system (18.04) to avoid opencv incompatibility (issue#3524)
+
+ENV DEBIAN_FRONTEND noninteractive
+RUN apt-get update && apt-get install -y \
+	python3-opencv ca-certificates python3-dev git wget sudo ninja-build
+RUN ln -sv /usr/bin/python3 /usr/bin/python
+
+# create a non-root user
+ARG USER_ID=1000
+RUN useradd -m --no-log-init --system  --uid ${USER_ID} appuser -g sudo
+RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+USER appuser
+WORKDIR /home/appuser
+
+
+ENV PATH="/home/appuser/.local/bin:${PATH}"
+RUN wget https://bootstrap.pypa.io/pip/3.6/get-pip.py && \
+	python3 get-pip.py --user && \
+	rm get-pip.py
+

build.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+docker build -t dropbearbuild -f Dockerfile .
+
+docker run --rm -t -v $(pwd):/root/dropbear dropbearbuild -c "./configure --disable-utmp --disable-wtmp --disable-lastlog --disable-zlib --disable-syslog --enable-static --disable-harden && make clean && make -j4 MULTI=1 PROGRAMS=\"dropbear dropbearconvert dropbearkey\" && mv dropbearmulti dropbearmulti_ && make clean && mv dropbearmulti_ dropbearmulti"
+
+docker image rm dropbearbuild
+
+mkdir build
+cp dropbearmulti ./build

cli-algo.c

@@ -1,99 +0,0 @@
-/*
- * Dropbear - a SSH2 server
- * SSH client implementation
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * Copyright (c) 2004 by Mihnea Stoenescu
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#include "algo.h"
-#include "dbutil.h"
-
-
-/*
- * The chosen [encryption | MAC | compression] algorithm to each 
- * direction MUST be the first algorithm  on the client's list
- * that is also on the server's list.
- */
-algo_type * cli_buf_match_algo(buffer* buf, algo_type localalgos[],
-		int *goodguess) {
-
-	unsigned char * algolist = NULL;
-	unsigned char * remotealgos[MAX_PROPOSED_ALGO];
-	unsigned int len;
-	unsigned int count, i, j;
-	algo_type * ret = NULL;
-
-	*goodguess = 0;
-
-	/* get the comma-separated list from the buffer ie "algo1,algo2,algo3" */
-	algolist = buf_getstring(buf, &len);
-	TRACE(("cli_buf_match_algo: %s", algolist))
-	if (len > MAX_PROPOSED_ALGO*(MAX_NAME_LEN+1)) {
-		goto out; /* just a sanity check, no other use */
-	}
-
-	/* remotealgos will contain a list of the strings parsed out */
-	/* We will have at least one string (even if it's just "") */
-	remotealgos[0] = algolist;
-	count = 1;
-	/* Iterate through, replacing ','s with NULs, to split it into
-	 * words. */
-	for (i = 0; i < len; i++) {
-		if (algolist[i] == '\0') {
-			/* someone is trying something strange */
-			goto out;
-		}
-		if (algolist[i] == ',') {
-			algolist[i] = '\0';
-			remotealgos[count] = &algolist[i+1];
-			count++;
-		}
-		if (count >= MAX_PROPOSED_ALGO) {
-			break;
-		}
-	}
-
-	/* iterate and find the first match */
-
-	for (j = 0; localalgos[j].name != NULL; j++) {
-		if (localalgos[j].usable) {
-		len = strlen(localalgos[j].name);
-			for (i = 0; i < count; i++) {
-				if (len == strlen(remotealgos[i]) 
-						&& strncmp(localalgos[j].name, 
-							remotealgos[i], len) == 0) {
-					if (i == 0 && j == 0) {
-						/* was a good guess */
-						*goodguess = 1;
-					}
-					ret = &localalgos[j];
-					goto out;
-				}
-			}
-		}
-	}
-
-out:
-	m_free(algolist);
-	return ret;
-}
-

cli-main.c

@@ -1,142 +0,0 @@
-/*
- * Dropbear - a SSH2 server
- * SSH client implementation
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * Copyright (c) 2004 by Mihnea Stoenescu
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#include "includes.h"
-#include "dbutil.h"
-#include "runopts.h"
-#include "session.h"
-
-static void cli_dropbear_exit(int exitcode, const char* format, va_list param) ATTRIB_NORETURN;
-static void cli_dropbear_log(int priority, const char* format, va_list param);
-
-#ifdef ENABLE_CLI_PROXYCMD
-static void cli_proxy_cmd(int *sock_in, int *sock_out);
-#endif
-
-#if defined(DBMULTI_dbclient) || !defined(DROPBEAR_MULTI)
-#if defined(DBMULTI_dbclient) && defined(DROPBEAR_MULTI)
-int cli_main(int argc, char ** argv) {
-#else
-int main(int argc, char ** argv) {
-#endif
-
-	int sock_in, sock_out;
-	char* error = NULL;
-
-	_dropbear_exit = cli_dropbear_exit;
-	_dropbear_log = cli_dropbear_log;
-
-	disallow_core();
-
-	cli_getopts(argc, argv);
-
-	TRACE(("user='%s' host='%s' port='%s'", cli_opts.username,
-				cli_opts.remotehost, cli_opts.remoteport))
-
-	if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) {
-		dropbear_exit("signal() error");
-	}
-
-#ifdef ENABLE_CLI_PROXYCMD
-	if (cli_opts.proxycmd) {
-		cli_proxy_cmd(&sock_in, &sock_out);
-		m_free(cli_opts.proxycmd);
-	} else
-#endif
-	{
-		int sock = connect_remote(cli_opts.remotehost, cli_opts.remoteport, 
-				0, &error);
-		sock_in = sock_out = sock;
-	}
-
-	if (sock_in < 0) {
-		dropbear_exit("%s", error);
-	}
-
-	cli_session(sock_in, sock_out);
-
-	/* not reached */
-	return -1;
-}
-#endif /* DBMULTI stuff */
-
-static void cli_dropbear_exit(int exitcode, const char* format, va_list param) {
-
-	char fmtbuf[300];
-
-	if (!sessinitdone) {
-		snprintf(fmtbuf, sizeof(fmtbuf), "Exited: %s",
-				format);
-	} else {
-		snprintf(fmtbuf, sizeof(fmtbuf), 
-				"Connection to %s@%s:%s exited: %s", 
-				cli_opts.username, cli_opts.remotehost, 
-				cli_opts.remoteport, format);
-	}
-
-	/* Do the cleanup first, since then the terminal will be reset */
-	cli_session_cleanup();
-	common_session_cleanup();
-
-	_dropbear_log(LOG_INFO, fmtbuf, param);
-
-	exit(exitcode);
-}
-
-static void cli_dropbear_log(int UNUSED(priority), 
-		const char* format, va_list param) {
-
-	char printbuf[1024];
-
-	vsnprintf(printbuf, sizeof(printbuf), format, param);
-
-	fprintf(stderr, "%s: %s\n", cli_opts.progname, printbuf);
-
-}
-
-static void exec_proxy_cmd(void *user_data_cmd) {
-	const char *cmd = user_data_cmd;
-	char *usershell;
-
-	usershell = m_strdup(get_user_shell());
-	run_shell_command(cmd, ses.maxfd, usershell);
-	dropbear_exit("Failed to run '%s'\n", cmd);
-}
-
-#ifdef ENABLE_CLI_PROXYCMD
-static void cli_proxy_cmd(int *sock_in, int *sock_out) {
-	int ret;
-
-	fill_passwd(cli_opts.own_user);
-
-	ret = spawn_command(exec_proxy_cmd, cli_opts.proxycmd,
-			sock_out, sock_in, NULL, NULL);
-	if (ret == DROPBEAR_FAILURE) {
-		dropbear_exit("Failed running proxy command");
-		*sock_in = *sock_out = -1;
-	}
-}
-#endif // ENABLE_CLI_PROXYCMD

cli-runopts.c

@@ -1,724 +0,0 @@
-/*
- * Dropbear - a SSH2 server
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#include "includes.h"
-#include "runopts.h"
-#include "signkey.h"
-#include "buffer.h"
-#include "dbutil.h"
-#include "algo.h"
-#include "tcpfwd.h"
-#include "list.h"
-
-cli_runopts cli_opts; /* GLOBAL */
-
-static void printhelp();
-static void parse_hostname(const char* orighostarg);
-static void parse_multihop_hostname(const char* orighostarg, const char* argv0);
-static void fill_own_user();
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-static void loadidentityfile(const char* filename);
-#endif
-#ifdef ENABLE_CLI_ANYTCPFWD
-static void addforward(const char* str, m_list *fwdlist);
-#endif
-#ifdef ENABLE_CLI_NETCAT
-static void add_netcat(const char *str);
-#endif
-
-static void printhelp() {
-
-	fprintf(stderr, "Dropbear client v%s\n"
-#ifdef ENABLE_CLI_MULTIHOP
-					"Usage: %s [options] [user@]host[/port][,[user@]host/port],...] [command]\n"
-#else
-					"Usage: %s [options] [user@]host[/port] [command]\n"
-#endif
-					"Options are:\n"
-					"-p <remoteport>\n"
-					"-l <username>\n"
-					"-t    Allocate a pty\n"
-					"-T    Don't allocate a pty\n"
-					"-N    Don't run a remote command\n"
-					"-f    Run in background after auth\n"
-					"-y    Always accept remote host key if unknown\n"
-					"-s    Request a subsystem (use for sftp)\n"
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-					"-i <identityfile>   (multiple allowed)\n"
-#endif
-#ifdef ENABLE_CLI_AGENTFWD
-					"-A    Enable agent auth forwarding\n"
-#endif
-#ifdef ENABLE_CLI_LOCALTCPFWD
-					"-L <[listenaddress:]listenport:remotehost:remoteport> Local port forwarding\n"
-					"-g    Allow remote hosts to connect to forwarded ports\n"
-#endif
-#ifdef ENABLE_CLI_REMOTETCPFWD
-					"-R <[listenaddress:]listenport:remotehost:remoteport> Remote port forwarding\n"
-#endif
-					"-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n"
-					"-K <keepalive>  (0 is never, default %d)\n"
-					"-I <idle_timeout>  (0 is never, default %d)\n"
-#ifdef ENABLE_CLI_NETCAT
-					"-B <endhost:endport> Netcat-alike forwarding\n"
-#endif				
-#ifdef ENABLE_CLI_PROXYCMD
-					"-J <proxy_program> Use program pipe rather than TCP connection\n"
-#endif
-#ifdef DEBUG_TRACE
-					"-v    verbose (compiled with DEBUG_TRACE)\n"
-#endif
-					,DROPBEAR_VERSION, cli_opts.progname,
-					DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT);
-					
-}
-
-void cli_getopts(int argc, char ** argv) {
-	unsigned int i, j;
-	char ** next = 0;
-	unsigned int cmdlen;
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-	int nextiskey = 0; /* A flag if the next argument is a keyfile */
-#endif
-#ifdef ENABLE_CLI_LOCALTCPFWD
-	int nextislocal = 0;
-#endif
-#ifdef ENABLE_CLI_REMOTETCPFWD
-	int nextisremote = 0;
-#endif
-#ifdef ENABLE_CLI_NETCAT
-	int nextisnetcat = 0;
-#endif
-	char* dummy = NULL; /* Not used for anything real */
-
-	char* recv_window_arg = NULL;
-	char* keepalive_arg = NULL;
-	char* idle_timeout_arg = NULL;
-	char *host_arg = NULL;
-
-	/* see printhelp() for options */
-	cli_opts.progname = argv[0];
-	cli_opts.remotehost = NULL;
-	cli_opts.remoteport = NULL;
-	cli_opts.username = NULL;
-	cli_opts.cmd = NULL;
-	cli_opts.no_cmd = 0;
-	cli_opts.backgrounded = 0;
-	cli_opts.wantpty = 9; /* 9 means "it hasn't been touched", gets set later */
-	cli_opts.always_accept_key = 0;
-	cli_opts.is_subsystem = 0;
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-	cli_opts.privkeys = list_new();
-#endif
-#ifdef ENABLE_CLI_LOCALTCPFWD
-	cli_opts.localfwds = list_new();
-	opts.listen_fwd_all = 0;
-#endif
-#ifdef ENABLE_CLI_REMOTETCPFWD
-	cli_opts.remotefwds = list_new();
-#endif
-#ifdef ENABLE_CLI_AGENTFWD
-	cli_opts.agent_fwd = 0;
-	cli_opts.agent_keys_loaded = 0;
-#endif
-#ifdef ENABLE_CLI_PROXYCMD
-	cli_opts.proxycmd = NULL;
-#endif
-#ifndef DISABLE_ZLIB
-	opts.enable_compress = 1;
-#endif
-	/* not yet
-	opts.ipv4 = 1;
-	opts.ipv6 = 1;
-	*/
-	opts.recv_window = DEFAULT_RECV_WINDOW;
-
-	fill_own_user();
-
-	/* Iterate all the arguments */
-	for (i = 1; i < (unsigned int)argc; i++) {
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-		if (nextiskey) {
-			/* Load a hostkey since the previous argument was "-i" */
-			loadidentityfile(argv[i]);
-			nextiskey = 0;
-			continue;
-		}
-#endif
-#ifdef ENABLE_CLI_REMOTETCPFWD
-		if (nextisremote) {
-			TRACE(("nextisremote true"))
-			addforward(argv[i], cli_opts.remotefwds);
-			nextisremote = 0;
-			continue;
-		}
-#endif
-#ifdef ENABLE_CLI_LOCALTCPFWD
-		if (nextislocal) {
-			TRACE(("nextislocal true"))
-			addforward(argv[i], cli_opts.localfwds);
-			nextislocal = 0;
-			continue;
-		}
-#endif
-#ifdef ENABLE_CLI_NETCAT
-		if (nextisnetcat) {
-			TRACE(("nextisnetcat true"))
-			add_netcat(argv[i]);
-			nextisnetcat = 0;
-			continue;
-		}
-#endif
-		if (next) {
-			/* The previous flag set a value to assign */
-			*next = argv[i];
-			if (*next == NULL) {
-				dropbear_exit("Invalid null argument");
-			}
-			next = NULL;
-			continue;
-		}
-
-		if (argv[i][0] == '-') {
-			/* A flag *waves* */
-
-			switch (argv[i][1]) {
-				case 'y': /* always accept the remote hostkey */
-					cli_opts.always_accept_key = 1;
-					break;
-				case 'p': /* remoteport */
-					next = &cli_opts.remoteport;
-					break;
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-				case 'i': /* an identityfile */
-					/* Keep scp happy when it changes "-i file" to "-ifile" */
-					if (strlen(argv[i]) > 2) {
-						loadidentityfile(&argv[i][2]);
-					} else  {
-						nextiskey = 1;
-					}
-					break;
-#endif
-				case 't': /* we want a pty */
-					cli_opts.wantpty = 1;
-					break;
-				case 'T': /* don't want a pty */
-					cli_opts.wantpty = 0;
-					break;
-				case 'N':
-					cli_opts.no_cmd = 1;
-					break;
-				case 'f':
-					cli_opts.backgrounded = 1;
-					break;
-				case 's':
-					cli_opts.is_subsystem = 1;
-					break;
-#ifdef ENABLE_CLI_LOCALTCPFWD
-				case 'L':
-					nextislocal = 1;
-					break;
-				case 'g':
-					opts.listen_fwd_all = 1;
-					break;
-#endif
-#ifdef ENABLE_CLI_REMOTETCPFWD
-				case 'R':
-					nextisremote = 1;
-					break;
-#endif
-#ifdef ENABLE_CLI_NETCAT
-				case 'B':
-					nextisnetcat = 1;
-					break;
-#endif
-#ifdef ENABLE_CLI_PROXYCMD
-				case 'J':
-					next = &cli_opts.proxycmd;
-					break;
-#endif
-				case 'l':
-					next = &cli_opts.username;
-					break;
-				case 'h':
-					printhelp();
-					exit(EXIT_SUCCESS);
-					break;
-				case 'u':
-					/* backwards compatibility with old urandom option */
-					break;
-				case 'W':
-					next = &recv_window_arg;
-					break;
-				case 'K':
-					next = &keepalive_arg;
-					break;
-				case 'I':
-					next = &idle_timeout_arg;
-					break;
-#ifdef ENABLE_CLI_AGENTFWD
-				case 'A':
-					cli_opts.agent_fwd = 1;
-					break;
-#endif
-#ifdef DEBUG_TRACE
-				case 'v':
-					debug_trace = 1;
-					break;
-#endif
-				case 'F':
-				case 'e':
-				case 'c':
-				case 'm':
-				case 'D':
-#ifndef ENABLE_CLI_REMOTETCPFWD
-				case 'R':
-#endif
-#ifndef ENABLE_CLI_LOCALTCPFWD
-				case 'L':
-#endif
-				case 'o':
-				case 'b':
-					next = &dummy;
-				default:
-					fprintf(stderr, 
-						"WARNING: Ignoring unknown argument '%s'\n", argv[i]);
-					break;
-			} /* Switch */
-			
-			/* Now we handle args where they might be "-luser" (no spaces)*/
-			if (next && strlen(argv[i]) > 2) {
-				*next = &argv[i][2];
-				next = NULL;
-			}
-
-			continue; /* next argument */
-
-		} else {
-			TRACE(("non-flag arg: '%s'", argv[i]))
-
-			/* Either the hostname or commands */
-
-			if (host_arg == NULL) {
-				host_arg = argv[i];
-			} else {
-
-				/* this is part of the commands to send - after this we
-				 * don't parse any more options, and flags are sent as the
-				 * command */
-				cmdlen = 0;
-				for (j = i; j < (unsigned int)argc; j++) {
-					cmdlen += strlen(argv[j]) + 1; /* +1 for spaces */
-				}
-				/* Allocate the space */
-				cli_opts.cmd = (char*)m_malloc(cmdlen);
-				cli_opts.cmd[0] = '\0';
-
-				/* Append all the bits */
-				for (j = i; j < (unsigned int)argc; j++) {
-					strlcat(cli_opts.cmd, argv[j], cmdlen);
-					strlcat(cli_opts.cmd, " ", cmdlen);
-				}
-				/* It'll be null-terminated here */
-
-				/* We've eaten all the options and flags */
-				break;
-			}
-		}
-	}
-
-	/* And now a few sanity checks and setup */
-
-	if (host_arg == NULL) {
-		printhelp();
-		exit(EXIT_FAILURE);
-	}
-
-	if (cli_opts.remoteport == NULL) {
-		cli_opts.remoteport = "22";
-	}
-
-	/* If not explicitly specified with -t or -T, we don't want a pty if
-	 * there's a command, but we do otherwise */
-	if (cli_opts.wantpty == 9) {
-		if (cli_opts.cmd == NULL) {
-			cli_opts.wantpty = 1;
-		} else {
-			cli_opts.wantpty = 0;
-		}
-	}
-
-	if (cli_opts.backgrounded && cli_opts.cmd == NULL
-			&& cli_opts.no_cmd == 0) {
-		dropbear_exit("Command required for -f");
-	}
-	
-	if (recv_window_arg) {
-		opts.recv_window = atol(recv_window_arg);
-		if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) {
-			dropbear_exit("Bad recv window '%s'", recv_window_arg);
-		}
-	}
-	if (keepalive_arg) {
-		unsigned int val;
-		if (m_str_to_uint(keepalive_arg, &val) == DROPBEAR_FAILURE) {
-			dropbear_exit("Bad keepalive '%s'", keepalive_arg);
-		}
-		opts.keepalive_secs = val;
-	}
-
-	if (idle_timeout_arg) {
-		unsigned int val;
-		if (m_str_to_uint(idle_timeout_arg, &val) == DROPBEAR_FAILURE) {
-			dropbear_exit("Bad idle_timeout '%s'", idle_timeout_arg);
-		}
-		opts.idle_timeout_secs = val;
-	}
-
-#ifdef ENABLE_CLI_NETCAT
-	if (cli_opts.cmd && cli_opts.netcat_host) {
-		dropbear_log(LOG_INFO, "Ignoring command '%s' in netcat mode", cli_opts.cmd);
-	}
-#endif
-
-	/* The hostname gets set up last, since
-	 * in multi-hop mode it will require knowledge
-	 * of other flags such as -i */
-#ifdef ENABLE_CLI_MULTIHOP
-	parse_multihop_hostname(host_arg, argv[0]);
-#else
-	parse_hostname(host_arg);
-#endif
-}
-
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-static void loadidentityfile(const char* filename) {
-	sign_key *key;
-	int keytype;
-
-	key = new_sign_key();
-	keytype = DROPBEAR_SIGNKEY_ANY;
-	if ( readhostkey(filename, key, &keytype) != DROPBEAR_SUCCESS ) {
-		fprintf(stderr, "Failed loading keyfile '%s'\n", filename);
-		sign_key_free(key);
-	} else {
-		key->type = keytype;
-		key->source = SIGNKEY_SOURCE_RAW_FILE;
-		key->filename = m_strdup(filename);
-		list_append(cli_opts.privkeys, key);
-	}
-}
-#endif
-
-#ifdef ENABLE_CLI_MULTIHOP
-
-static char*
-multihop_passthrough_args() {
-	char *ret;
-	int total;
-	unsigned int len = 0;
-	m_list_elem *iter;
-	/* Fill out -i and -W options that make sense for all
-	 * the intermediate processes */
-	for (iter = cli_opts.privkeys->first; iter; iter = iter->next)
-	{
-		sign_key * key = (sign_key*)iter->item;
-		len += 3 + strlen(key->filename);
-	}
-	len += 20; // space for -W <size>, terminator.
-	ret = m_malloc(len);
-	total = 0;
-
-	if (opts.recv_window != DEFAULT_RECV_WINDOW)
-	{
-		int written = snprintf(ret+total, len-total, "-W %d", opts.recv_window);
-		total += written;
-	}
-
-	for (iter = cli_opts.privkeys->first; iter; iter = iter->next)
-	{
-		sign_key * key = (sign_key*)iter->item;
-		const size_t size = len - total;
-		int written = snprintf(ret+total, size, "-i %s", key->filename);
-		dropbear_assert((unsigned int)written < size);
-		total += written;
-	}
-
-	return ret;
-}
-
-/* Sets up 'onion-forwarding' connections. This will spawn
- * a separate dbclient process for each hop.
- * As an example, if the cmdline is
- *   dbclient wrt,madako,canyons
- * then we want to run:
- *   dbclient -J "dbclient -B canyons:22 wrt,madako" canyons
- * and then the inner dbclient will recursively run:
- *   dbclient -J "dbclient -B madako:22 wrt" madako
- * etc for as many hosts as we want.
- *
- * Ports for hosts can be specified as host/port.
- */
-static void parse_multihop_hostname(const char* orighostarg, const char* argv0) {
-	char *userhostarg = NULL;
-	char *hostbuf = NULL;
-	char *last_hop = NULL;
-	char *remainder = NULL;
-
-	/* both scp and rsync parse a user@host argument
-	 * and turn it into "-l user host". This breaks
-	 * for our multihop syntax, so we suture it back together.
-	 * This will break usernames that have both '@' and ',' in them,
-	 * though that should be fairly uncommon. */
-	if (cli_opts.username 
-			&& strchr(cli_opts.username, ',') 
-			&& strchr(cli_opts.username, '@')) {
-		unsigned int len = strlen(orighostarg) + strlen(cli_opts.username) + 2;
-		hostbuf = m_malloc(len);
-		snprintf(hostbuf, len, "%s@%s", cli_opts.username, orighostarg);
-	} else {
-		hostbuf = m_strdup(orighostarg);
-	}
-	userhostarg = hostbuf;
-
-	last_hop = strrchr(userhostarg, ',');
-	if (last_hop) {
-		if (last_hop == userhostarg) {
-			dropbear_exit("Bad multi-hop hostnames");
-		}
-		*last_hop = '\0';
-		last_hop++;
-		remainder = userhostarg;
-		userhostarg = last_hop;
-	}
-
-	parse_hostname(userhostarg);
-
-	if (last_hop) {
-		/* Set up the proxycmd */
-		unsigned int cmd_len = 0;
-		char *passthrough_args = multihop_passthrough_args();
-		if (cli_opts.proxycmd) {
-			dropbear_exit("-J can't be used with multihop mode");
-		}
-		if (cli_opts.remoteport == NULL) {
-			cli_opts.remoteport = "22";
-		}
-		cmd_len = strlen(argv0) + strlen(remainder) 
-			+ strlen(cli_opts.remotehost) + strlen(cli_opts.remoteport)
-			+ strlen(passthrough_args)
-			+ 30;
-		cli_opts.proxycmd = m_malloc(cmd_len);
-		snprintf(cli_opts.proxycmd, cmd_len, "%s -B %s:%s %s %s", 
-				argv0, cli_opts.remotehost, cli_opts.remoteport, 
-				passthrough_args, remainder);
-#ifndef DISABLE_ZLIB
-		/* The stream will be incompressible since it's encrypted. */
-		opts.enable_compress = 0;
-#endif
-		m_free(passthrough_args);
-	}
-	m_free(hostbuf);
-}
-#endif /* !ENABLE_CLI_MULTIHOP */
-
-/* Parses a [user@]hostname[/port] argument. */
-static void parse_hostname(const char* orighostarg) {
-	char *userhostarg = NULL;
-	char *port = NULL;
-
-	userhostarg = m_strdup(orighostarg);
-
-	cli_opts.remotehost = strchr(userhostarg, '@');
-	if (cli_opts.remotehost == NULL) {
-		/* no username portion, the cli-auth.c code can figure the
-		 * local user's name */
-		cli_opts.remotehost = userhostarg;
-	} else {
-		cli_opts.remotehost[0] = '\0'; /* Split the user/host */
-		cli_opts.remotehost++;
-		cli_opts.username = userhostarg;
-	}
-
-	if (cli_opts.username == NULL) {
-		cli_opts.username = m_strdup(cli_opts.own_user);
-	}
-
-	port = strchr(cli_opts.remotehost, '/');
-	if (port) {
-		*port = '\0';
-		cli_opts.remoteport = port+1;
-	}
-
-	if (cli_opts.remotehost[0] == '\0') {
-		dropbear_exit("Bad hostname");
-	}
-}
-
-#ifdef ENABLE_CLI_NETCAT
-static void add_netcat(const char* origstr) {
-	char *portstr = NULL;
-	
-	char * str = m_strdup(origstr);
-	
-	portstr = strchr(str, ':');
-	if (portstr == NULL) {
-		TRACE(("No netcat port"))
-		goto fail;
-	}
-	*portstr = '\0';
-	portstr++;
-	
-	if (strchr(portstr, ':')) {
-		TRACE(("Multiple netcat colons"))
-		goto fail;
-	}
-	
-	if (m_str_to_uint(portstr, &cli_opts.netcat_port) == DROPBEAR_FAILURE) {
-		TRACE(("bad netcat port"))
-		goto fail;
-	}
-	
-	if (cli_opts.netcat_port > 65535) {
-		TRACE(("too large netcat port"))
-		goto fail;
-	}
-	
-	cli_opts.netcat_host = str;
-	return;
-	
-fail:
-	dropbear_exit("Bad netcat endpoint '%s'", origstr);
-}
-#endif
-
-static void fill_own_user() {
-	uid_t uid;
-	struct passwd *pw = NULL; 
-
-	uid = getuid();
-
-	pw = getpwuid(uid);
-	if (pw == NULL || pw->pw_name == NULL) {
-		dropbear_exit("Unknown own user");
-	}
-
-	cli_opts.own_user = m_strdup(pw->pw_name);
-}
-
-#ifdef ENABLE_CLI_ANYTCPFWD
-/* Turn a "[listenaddr:]listenport:remoteaddr:remoteport" string into into a forwarding
- * set, and add it to the forwarding list */
-static void addforward(const char* origstr, m_list *fwdlist) {
-
-	char *part1 = NULL, *part2 = NULL, *part3 = NULL, *part4 = NULL;
-	char * listenaddr = NULL;
-	char * listenport = NULL;
-	char * connectaddr = NULL;
-	char * connectport = NULL;
-	struct TCPFwdEntry* newfwd = NULL;
-	char * str = NULL;
-
-	TRACE(("enter addforward"))
-
-	/* We need to split the original argument up. This var
-	   is never free()d. */ 
-	str = m_strdup(origstr);
-
-	part1 = str;
-
-	part2 = strchr(str, ':');
-	if (part2 == NULL) {
-		TRACE(("part2 == NULL"))
-		goto fail;
-	}
-	*part2 = '\0';
-	part2++;
-
-	part3 = strchr(part2, ':');
-	if (part3 == NULL) {
-		TRACE(("part3 == NULL"))
-		goto fail;
-	}
-	*part3 = '\0';
-	part3++;
-
-	part4 = strchr(part3, ':');
-	if (part4) {
-		*part4 = '\0';
-		part4++;
-	}
-
-	if (part4) {
-		listenaddr = part1;
-		listenport = part2;
-		connectaddr = part3;
-		connectport = part4;
-	} else {
-		listenaddr = NULL;
-		listenport = part1;
-		connectaddr = part2;
-		connectport = part3;
-	}
-
-	newfwd = m_malloc(sizeof(struct TCPFwdEntry));
-
-	/* Now we check the ports - note that the port ints are unsigned,
-	 * the check later only checks for >= MAX_PORT */
-	if (m_str_to_uint(listenport, &newfwd->listenport) == DROPBEAR_FAILURE) {
-		TRACE(("bad listenport strtoul"))
-		goto fail;
-	}
-
-	if (m_str_to_uint(connectport, &newfwd->connectport) == DROPBEAR_FAILURE) {
-		TRACE(("bad connectport strtoul"))
-		goto fail;
-	}
-
-	newfwd->listenaddr = listenaddr;
-	newfwd->connectaddr = connectaddr;
-
-	if (newfwd->listenport > 65535) {
-		TRACE(("listenport > 65535"))
-		goto badport;
-	}
-		
-	if (newfwd->connectport > 65535) {
-		TRACE(("connectport > 65535"))
-		goto badport;
-	}
-
-	newfwd->have_reply = 0;
-	list_append(fwdlist, newfwd);
-
-	TRACE(("leave addforward: done"))
-	return;
-
-fail:
-	dropbear_exit("Bad TCP forward '%s'", origstr);
-
-badport:
-	dropbear_exit("Bad TCP port in '%s'", origstr);
-}
-#endif

cli-service.c

@@ -1,85 +0,0 @@
-/*
- * Dropbear SSH
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * Copyright (c) 2004 by Mihnea Stoenescu
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#include "includes.h"
-#include "service.h"
-#include "dbutil.h"
-#include "packet.h"
-#include "buffer.h"
-#include "session.h"
-#include "ssh.h"
-
-void send_msg_service_request(char* servicename) {
-
-	TRACE(("enter send_msg_service_request: servicename='%s'", servicename))
-
-	CHECKCLEARTOWRITE();
-
-	buf_putbyte(ses.writepayload, SSH_MSG_SERVICE_REQUEST);
-	buf_putstring(ses.writepayload, servicename, strlen(servicename));
-
-	encrypt_packet();
-	TRACE(("leave send_msg_service_request"))
-}
-
-/* This just sets up the state variables right for the main client session loop
- * to deal with */
-void recv_msg_service_accept() {
-
-	unsigned char* servicename;
-	unsigned int len;
-
-	TRACE(("enter recv_msg_service_accept"))
-
-	servicename = buf_getstring(ses.payload, &len);
-
-	/* ssh-userauth */
-	if (cli_ses.state == SERVICE_AUTH_REQ_SENT
-			&& len == SSH_SERVICE_USERAUTH_LEN
-			&& strncmp(SSH_SERVICE_USERAUTH, servicename, len) == 0) {
-
-		cli_ses.state = SERVICE_AUTH_ACCEPT_RCVD;
-		m_free(servicename);
-		TRACE(("leave recv_msg_service_accept: done ssh-userauth"))
-		return;
-	}
-
-	/* ssh-connection */
-	if (cli_ses.state == SERVICE_CONN_REQ_SENT
-			&& len == SSH_SERVICE_CONNECTION_LEN 
-			&& strncmp(SSH_SERVICE_CONNECTION, servicename, len) == 0) {
-
-		if (ses.authstate.authdone != 1) {
-			dropbear_exit("Request for connection before auth");
-		}
-
-		cli_ses.state = SERVICE_CONN_ACCEPT_RCVD;
-		m_free(servicename);
-		TRACE(("leave recv_msg_service_accept: done ssh-connection"))
-		return;
-	}
-
-	dropbear_exit("Unrecognised service accept");
-}

common-algo.c

@@ -1,284 +0,0 @@
-/*
- * Dropbear SSH
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * Copyright (c) 2004 by Mihnea Stoenescu
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#include "algo.h"
-#include "dbutil.h"
-
-/* This file (algo.c) organises the ciphers which can be used, and is used to
- * decide which ciphers/hashes/compression/signing to use during key exchange*/
-
-static int void_cipher(const unsigned char* in, unsigned char* out,
-		unsigned long len, void *cipher_state) {
-	if (in != out) {
-		memmove(out, in, len);
-	}
-	return CRYPT_OK;
-}
-
-static int void_start(int cipher, const unsigned char *IV, 
-			const unsigned char *key, 
-			int keylen, int num_rounds, void *cipher_state) {
-	return CRYPT_OK;
-}
-
-/* Mappings for ciphers, parameters are
-   {&cipher_desc, keysize, blocksize} */
-/* NOTE: if keysize > 2*SHA1_HASH_SIZE, code such as hashkeys()
-   needs revisiting */
-
-#ifdef DROPBEAR_AES256
-static const struct dropbear_cipher dropbear_aes256 = 
-	{&aes_desc, 32, 16};
-#endif
-#ifdef DROPBEAR_AES128
-static const struct dropbear_cipher dropbear_aes128 = 
-	{&aes_desc, 16, 16};
-#endif
-#ifdef DROPBEAR_BLOWFISH
-static const struct dropbear_cipher dropbear_blowfish = 
-	{&blowfish_desc, 16, 8};
-#endif
-#ifdef DROPBEAR_TWOFISH256
-static const struct dropbear_cipher dropbear_twofish256 = 
-	{&twofish_desc, 32, 16};
-#endif
-#ifdef DROPBEAR_TWOFISH128
-static const struct dropbear_cipher dropbear_twofish128 = 
-	{&twofish_desc, 16, 16};
-#endif
-#ifdef DROPBEAR_3DES
-static const struct dropbear_cipher dropbear_3des = 
-	{&des3_desc, 24, 8};
-#endif
-
-/* used to indicate no encryption, as defined in rfc2410 */
-const struct dropbear_cipher dropbear_nocipher =
-	{NULL, 16, 8}; 
-
-/* A few void* s are required to silence warnings
- * about the symmetric_CBC vs symmetric_CTR cipher_state pointer */
-const struct dropbear_cipher_mode dropbear_mode_cbc =
-	{(void*)cbc_start, (void*)cbc_encrypt, (void*)cbc_decrypt};
-const struct dropbear_cipher_mode dropbear_mode_none =
-	{void_start, void_cipher, void_cipher};
-#ifdef DROPBEAR_ENABLE_CTR_MODE
-/* a wrapper to make ctr_start and cbc_start look the same */
-static int dropbear_big_endian_ctr_start(int cipher, 
-		const unsigned char *IV, 
-		const unsigned char *key, int keylen, 
-		int num_rounds, symmetric_CTR *ctr) {
-	return ctr_start(cipher, IV, key, keylen, num_rounds, CTR_COUNTER_BIG_ENDIAN, ctr);
-}
-const struct dropbear_cipher_mode dropbear_mode_ctr =
-	{(void*)dropbear_big_endian_ctr_start, (void*)ctr_encrypt, (void*)ctr_decrypt};
-#endif
-
-/* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc.
-   {&hash_desc, keysize, hashsize} */
-
-#ifdef DROPBEAR_SHA1_HMAC
-static const struct dropbear_hash dropbear_sha1 = 
-	{&sha1_desc, 20, 20};
-#endif
-#ifdef DROPBEAR_SHA1_96_HMAC
-static const struct dropbear_hash dropbear_sha1_96 = 
-	{&sha1_desc, 20, 12};
-#endif
-#ifdef DROPBEAR_MD5_HMAC
-static const struct dropbear_hash dropbear_md5 = 
-	{&md5_desc, 16, 16};
-#endif
-
-const struct dropbear_hash dropbear_nohash =
-	{NULL, 16, 0}; /* used initially */
-	
-
-/* The following map ssh names to internal values.
- * The ordering here is important for the client - the first mode
- * that is also supported by the server will get used. */
-
-algo_type sshciphers[] = {
-#ifdef DROPBEAR_ENABLE_CTR_MODE
-#ifdef DROPBEAR_AES128
-	{"aes128-ctr", 0, &dropbear_aes128, 1, &dropbear_mode_ctr},
-#endif
-#ifdef DROPBEAR_3DES
-	{"3des-ctr", 0, &dropbear_3des, 1, &dropbear_mode_ctr},
-#endif
-#ifdef DROPBEAR_AES256
-	{"aes256-ctr", 0, &dropbear_aes256, 1, &dropbear_mode_ctr},
-#endif
-#endif /* DROPBEAR_ENABLE_CTR_MODE */
-
-/* CBC modes are always enabled */
-#ifdef DROPBEAR_AES128
-	{"aes128-cbc", 0, &dropbear_aes128, 1, &dropbear_mode_cbc},
-#endif
-#ifdef DROPBEAR_3DES
-	{"3des-cbc", 0, &dropbear_3des, 1, &dropbear_mode_cbc},
-#endif
-#ifdef DROPBEAR_AES256
-	{"aes256-cbc", 0, &dropbear_aes256, 1, &dropbear_mode_cbc},
-#endif
-#ifdef DROPBEAR_TWOFISH256
-	{"twofish256-cbc", 0, &dropbear_twofish256, 1, &dropbear_mode_cbc},
-	{"twofish-cbc", 0, &dropbear_twofish256, 1, &dropbear_mode_cbc},
-#endif
-#ifdef DROPBEAR_TWOFISH128
-	{"twofish128-cbc", 0, &dropbear_twofish128, 1, &dropbear_mode_cbc},
-#endif
-#ifdef DROPBEAR_BLOWFISH
-	{"blowfish-cbc", 0, &dropbear_blowfish, 1, &dropbear_mode_cbc},
-#endif
-	{NULL, 0, NULL, 0, NULL}
-};
-
-algo_type sshhashes[] = {
-#ifdef DROPBEAR_SHA1_96_HMAC
-	{"hmac-sha1-96", 0, &dropbear_sha1_96, 1, NULL},
-#endif
-#ifdef DROPBEAR_SHA1_HMAC
-	{"hmac-sha1", 0, &dropbear_sha1, 1, NULL},
-#endif
-#ifdef DROPBEAR_MD5_HMAC
-	{"hmac-md5", 0, &dropbear_md5, 1, NULL},
-#endif
-	{NULL, 0, NULL, 0, NULL}
-};
-
-#ifndef DISABLE_ZLIB
-algo_type ssh_compress[] = {
-	{"zlib", DROPBEAR_COMP_ZLIB, NULL, 1, NULL},
-	{"zlib@openssh.com", DROPBEAR_COMP_ZLIB_DELAY, NULL, 1, NULL},
-	{"none", DROPBEAR_COMP_NONE, NULL, 1, NULL},
-	{NULL, 0, NULL, 0, NULL}
-};
-#endif
-
-algo_type ssh_nocompress[] = {
-	{"none", DROPBEAR_COMP_NONE, NULL, 1, NULL},
-	{NULL, 0, NULL, 0, NULL}
-};
-
-algo_type sshhostkey[] = {
-#ifdef DROPBEAR_RSA
-	{"ssh-rsa", DROPBEAR_SIGNKEY_RSA, NULL, 1, NULL},
-#endif
-#ifdef DROPBEAR_DSS
-	{"ssh-dss", DROPBEAR_SIGNKEY_DSS, NULL, 1, NULL},
-#endif
-	{NULL, 0, NULL, 0, NULL}
-};
-
-algo_type sshkex[] = {
-	{"diffie-hellman-group1-sha1", DROPBEAR_KEX_DH_GROUP1, NULL, 1, NULL},
-	{"diffie-hellman-group14-sha1", DROPBEAR_KEX_DH_GROUP14, NULL, 1, NULL},
-	{NULL, 0, NULL, 0, NULL}
-};
-
-
-/* Register the compiled in ciphers.
- * This should be run before using any of the ciphers/hashes */
-void crypto_init() {
-
-	const struct ltc_cipher_descriptor *regciphers[] = {
-#ifdef DROPBEAR_AES
-		&aes_desc,
-#endif
-#ifdef DROPBEAR_BLOWFISH
-		&blowfish_desc,
-#endif
-#ifdef DROPBEAR_TWOFISH
-		&twofish_desc,
-#endif
-#ifdef DROPBEAR_3DES
-		&des3_desc,
-#endif
-		NULL
-	};
-
-	const struct ltc_hash_descriptor *reghashes[] = {
-		/* we need sha1 for hostkey stuff regardless */
-		&sha1_desc,
-#ifdef DROPBEAR_MD5_HMAC
-		&md5_desc,
-#endif
-		NULL
-	};	
-	int i;
-	
-	for (i = 0; regciphers[i] != NULL; i++) {
-		if (register_cipher(regciphers[i]) == -1) {
-			dropbear_exit("Error registering crypto");
-		}
-	}
-
-	for (i = 0; reghashes[i] != NULL; i++) {
-		if (register_hash(reghashes[i]) == -1) {
-			dropbear_exit("Error registering crypto");
-		}
-	}
-}
-
-/* algolen specifies the length of algo, algos is our local list to match
- * against.
- * Returns DROPBEAR_SUCCESS if we have a match for algo, DROPBEAR_FAILURE
- * otherwise */
-int have_algo(char* algo, size_t algolen, algo_type algos[]) {
-
-	int i;
-
-	for (i = 0; algos[i].name != NULL; i++) {
-		if (strlen(algos[i].name) == algolen
-				&& (strncmp(algos[i].name, algo, algolen) == 0)) {
-			return DROPBEAR_SUCCESS;
-		}
-	}
-
-	return DROPBEAR_FAILURE;
-}
-
-
-
-/* Output a comma separated list of algorithms to a buffer */
-void buf_put_algolist(buffer * buf, algo_type localalgos[]) {
-
-	unsigned int i, len;
-	unsigned int donefirst = 0;
-	buffer *algolist = NULL;
-
-	algolist = buf_new(160);
-	for (i = 0; localalgos[i].name != NULL; i++) {
-		if (localalgos[i].usable) {
-			if (donefirst)
-				buf_putbyte(algolist, ',');
-			donefirst = 1;
-			len = strlen(localalgos[i].name);
-			buf_putbytes(algolist, localalgos[i].name, len);
-		}
-	}
-	buf_putstring(buf, algolist->data, algolist->len);
-	buf_free(algolist);
-}

common-kex.c

@@ -1,796 +0,0 @@
-/*
- * Dropbear SSH
- * 
- * Copyright (c) 2002-2004 Matt Johnston
- * Portions Copyright (c) 2004 by Mihnea Stoenescu
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#include "includes.h"
-#include "dbutil.h"
-#include "algo.h"
-#include "buffer.h"
-#include "session.h"
-#include "kex.h"
-#include "ssh.h"
-#include "packet.h"
-#include "bignum.h"
-#include "random.h"
-#include "runopts.h"
-
-/* diffie-hellman-group1-sha1 value for p */
-#define DH_P_1_LEN 128
-static const unsigned char dh_p_1[DH_P_1_LEN] = {
-	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
-    0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
-	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
-	0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
-	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
-	0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
-	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
-	0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
-	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
-	0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
-	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
-
-/* diffie-hellman-group14-sha1 value for p */
-#define DH_P_14_LEN 256
-static const unsigned char dh_p_14[DH_P_14_LEN] = {
-	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 
-    0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 
-	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
-	0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
-	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
-	0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
-	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
-	0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
-	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
-	0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
-	0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
-	0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
-	0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
-	0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
-	0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
-	0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
-	0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
-	0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
-	0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
-	0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
-	0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF,
-	0xFF, 0xFF, 0xFF, 0xFF};
-
-/* Same for group1 and group14 */
-static const int DH_G_VAL = 2;
-
-static void kexinitialise();
-void gen_new_keys();
-#ifndef DISABLE_ZLIB
-static void gen_new_zstreams();
-#endif
-static void read_kex_algos();
-/* helper function for gen_new_keys */
-static void hashkeys(unsigned char *out, int outlen, 
-		const hash_state * hs, unsigned const char X);
-
-
-/* Send our list of algorithms we can use */
-void send_msg_kexinit() {
-
-	CHECKCLEARTOWRITE();
-	buf_putbyte(ses.writepayload, SSH_MSG_KEXINIT);
-
-	/* cookie */
-	genrandom(buf_getwriteptr(ses.writepayload, 16), 16);
-	buf_incrwritepos(ses.writepayload, 16);
-
-	/* kex algos */
-	buf_put_algolist(ses.writepayload, sshkex);
-
-	/* server_host_key_algorithms */
-	buf_put_algolist(ses.writepayload, sshhostkey);
-
-	/* encryption_algorithms_client_to_server */
-	buf_put_algolist(ses.writepayload, sshciphers);
-
-	/* encryption_algorithms_server_to_client */
-	buf_put_algolist(ses.writepayload, sshciphers);
-
-	/* mac_algorithms_client_to_server */
-	buf_put_algolist(ses.writepayload, sshhashes);
-
-	/* mac_algorithms_server_to_client */
-	buf_put_algolist(ses.writepayload, sshhashes);
-
-	/* compression_algorithms_client_to_server */
-	buf_put_algolist(ses.writepayload, ses.compress_algos);
-
-	/* compression_algorithms_server_to_client */
-	buf_put_algolist(ses.writepayload, ses.compress_algos);
-
-	/* languages_client_to_server */
-	buf_putstring(ses.writepayload, "", 0);
-
-	/* languages_server_to_client */
-	buf_putstring(ses.writepayload, "", 0);
-
-	/* first_kex_packet_follows - unimplemented for now */
-	buf_putbyte(ses.writepayload, 0x00);
-
-	/* reserved unit32 */
-	buf_putint(ses.writepayload, 0);
-
-	/* set up transmitted kex packet buffer for hashing. 
-	 * This is freed after the end of the kex */
-	ses.transkexinit = buf_newcopy(ses.writepayload);
-
-	encrypt_packet();
-	ses.dataallowed = 0; /* don't send other packets during kex */
-
-	TRACE(("DATAALLOWED=0"))
-	TRACE(("-> KEXINIT"))
-	ses.kexstate.sentkexinit = 1;
-}
-
-/* *** NOTE regarding (send|recv)_msg_newkeys *** 
- * Changed by mihnea from the original kex.c to set dataallowed after a 
- * completed key exchange, no matter the order in which it was performed.
- * This enables client mode without affecting server functionality.
- */
-
-/* Bring new keys into use after a key exchange, and let the client know*/
-void send_msg_newkeys() {
-
-	TRACE(("enter send_msg_newkeys"))
-
-	/* generate the kexinit request */
-	CHECKCLEARTOWRITE();
-	buf_putbyte(ses.writepayload, SSH_MSG_NEWKEYS);
-	encrypt_packet();
-	
-
-	/* set up our state */
-	if (ses.kexstate.recvnewkeys) {
-		TRACE(("while RECVNEWKEYS=1"))
-		gen_new_keys();
-		kexinitialise(); /* we've finished with this kex */
-		TRACE((" -> DATAALLOWED=1"))
-		ses.dataallowed = 1; /* we can send other packets again now */
-		ses.kexstate.donefirstkex = 1;
-	} else {
-		ses.kexstate.sentnewkeys = 1;
-		TRACE(("SENTNEWKEYS=1"))
-	}
-
-	TRACE(("-> MSG_NEWKEYS"))
-	TRACE(("leave send_msg_newkeys"))
-}
-
-/* Bring the new keys into use after a key exchange */
-void recv_msg_newkeys() {
-
-	TRACE(("<- MSG_NEWKEYS"))
-	TRACE(("enter recv_msg_newkeys"))
-
-	/* simply check if we've sent SSH_MSG_NEWKEYS, and if so,
-	 * switch to the new keys */
-	if (ses.kexstate.sentnewkeys) {
-		TRACE(("while SENTNEWKEYS=1"))
-		gen_new_keys();
-		kexinitialise(); /* we've finished with this kex */
-	    TRACE((" -> DATAALLOWED=1"))
-	    ses.dataallowed = 1; /* we can send other packets again now */
-		ses.kexstate.donefirstkex = 1;
-	} else {
-		TRACE(("RECVNEWKEYS=1"))
-		ses.kexstate.recvnewkeys = 1;
-	}
-	
-	TRACE(("leave recv_msg_newkeys"))
-}
-
-
-/* Set up the kex for the first time */
-void kexfirstinitialise() {
-	ses.kexstate.donefirstkex = 0;
-
-#ifndef DISABLE_ZLIB
-	if (opts.enable_compress) {
-		ses.compress_algos = ssh_compress;
-	} else
-#endif
-	{
-		ses.compress_algos = ssh_nocompress;
-	}
-	kexinitialise();
-}
-
-/* Reset the kex state, ready for a new negotiation */
-static void kexinitialise() {
-
-	TRACE(("kexinitialise()"))
-
-	/* sent/recv'd MSG_KEXINIT */
-	ses.kexstate.sentkexinit = 0;
-	ses.kexstate.recvkexinit = 0;
-
-	/* sent/recv'd MSG_NEWKEYS */
-	ses.kexstate.recvnewkeys = 0;
-	ses.kexstate.sentnewkeys = 0;
-
-	/* first_packet_follows */
-	ses.kexstate.firstfollows = 0;
-
-	ses.kexstate.datatrans = 0;
-	ses.kexstate.datarecv = 0;
-
-	ses.kexstate.lastkextime = time(NULL);
-
-}
-
-/* Helper function for gen_new_keys, creates a hash. It makes a copy of the
- * already initialised hash_state hs, which should already have processed
- * the dh_K and hash, since these are common. X is the letter 'A', 'B' etc.
- * out must have at least min(SHA1_HASH_SIZE, outlen) bytes allocated.
- * The output will only be expanded once, as we are assured that
- * outlen <= 2*SHA1_HASH_SIZE for all known hashes.
- *
- * See Section 7.2 of rfc4253 (ssh transport) for details */
-static void hashkeys(unsigned char *out, int outlen, 
-		const hash_state * hs, const unsigned char X) {
-
-	hash_state hs2;
-	unsigned char k2[SHA1_HASH_SIZE]; /* used to extending */
-
-	memcpy(&hs2, hs, sizeof(hash_state));
-	sha1_process(&hs2, &X, 1);
-	sha1_process(&hs2, ses.session_id, SHA1_HASH_SIZE);
-	sha1_done(&hs2, out);
-	if (SHA1_HASH_SIZE < outlen) {
-		/* need to extend */
-		memcpy(&hs2, hs, sizeof(hash_state));
-		sha1_process(&hs2, out, SHA1_HASH_SIZE);
-		sha1_done(&hs2, k2);
-		memcpy(&out[SHA1_HASH_SIZE], k2, outlen - SHA1_HASH_SIZE);
-	}
-}
-
-/* Generate the actual encryption/integrity keys, using the results of the
- * key exchange, as specified in section 7.2 of the transport rfc 4253.
- * This occurs after the DH key-exchange.
- *
- * ses.newkeys is the new set of keys which are generated, these are only
- * taken into use after both sides have sent a newkeys message */
-
-/* Originally from kex.c, generalized for cli/svr mode --mihnea */
-void gen_new_keys() {
-
-	unsigned char C2S_IV[MAX_IV_LEN];
-	unsigned char C2S_key[MAX_KEY_LEN];
-	unsigned char S2C_IV[MAX_IV_LEN];
-	unsigned char S2C_key[MAX_KEY_LEN];
-	/* unsigned char key[MAX_KEY_LEN]; */
-	unsigned char *trans_IV, *trans_key, *recv_IV, *recv_key;
-
-	hash_state hs;
-	unsigned int C2S_keysize, S2C_keysize;
-	char mactransletter, macrecvletter; /* Client or server specific */
-	int recv_cipher = 0, trans_cipher = 0;
-
-	TRACE(("enter gen_new_keys"))
-	/* the dh_K and hash are the start of all hashes, we make use of that */
-
-	sha1_init(&hs);
-	sha1_process_mp(&hs, ses.dh_K);
-	mp_clear(ses.dh_K);
-	m_free(ses.dh_K);
-	sha1_process(&hs, ses.hash, SHA1_HASH_SIZE);
-	m_burn(ses.hash, SHA1_HASH_SIZE);
-
-	if (IS_DROPBEAR_CLIENT) {
-	    trans_IV	= C2S_IV;
-	    recv_IV		= S2C_IV;
-	    trans_key	= C2S_key;
-	    recv_key	= S2C_key;
-	    C2S_keysize = ses.newkeys->trans.algo_crypt->keysize;
-	    S2C_keysize = ses.newkeys->recv.algo_crypt->keysize;
-		mactransletter = 'E';
-		macrecvletter = 'F';
-	} else {
-	    trans_IV	= S2C_IV;
-	    recv_IV		= C2S_IV;
-	    trans_key	= S2C_key;
-	    recv_key	= C2S_key;
-	    C2S_keysize = ses.newkeys->recv.algo_crypt->keysize;
-	    S2C_keysize = ses.newkeys->trans.algo_crypt->keysize;
-		mactransletter = 'F';
-		macrecvletter = 'E';
-	}
-
-	hashkeys(C2S_IV, SHA1_HASH_SIZE, &hs, 'A');
-	hashkeys(S2C_IV, SHA1_HASH_SIZE, &hs, 'B');
-	hashkeys(C2S_key, C2S_keysize, &hs, 'C');
-	hashkeys(S2C_key, S2C_keysize, &hs, 'D');
-
-	recv_cipher = find_cipher(ses.newkeys->recv.algo_crypt->cipherdesc->name);
-	if (recv_cipher < 0)
-	    dropbear_exit("Crypto error");
-	if (ses.newkeys->recv.crypt_mode->start(recv_cipher, 
-			recv_IV, recv_key, 
-			ses.newkeys->recv.algo_crypt->keysize, 0, 
-			&ses.newkeys->recv.cipher_state) != CRYPT_OK) {
-		dropbear_exit("Crypto error");
-	}
-
-	trans_cipher = find_cipher(ses.newkeys->trans.algo_crypt->cipherdesc->name);
-	if (trans_cipher < 0)
-	    dropbear_exit("Crypto error");
-	if (ses.newkeys->trans.crypt_mode->start(trans_cipher, 
-			trans_IV, trans_key, 
-			ses.newkeys->trans.algo_crypt->keysize, 0, 
-			&ses.newkeys->trans.cipher_state) != CRYPT_OK) {
-		dropbear_exit("Crypto error");
-	}
-	
-	/* MAC keys */
-	hashkeys(ses.newkeys->trans.mackey, 
-			ses.newkeys->trans.algo_mac->keysize, &hs, mactransletter);
-	hashkeys(ses.newkeys->recv.mackey, 
-			ses.newkeys->recv.algo_mac->keysize, &hs, macrecvletter);
-	ses.newkeys->trans.hash_index = find_hash(ses.newkeys->trans.algo_mac->hashdesc->name),
-	ses.newkeys->recv.hash_index = find_hash(ses.newkeys->recv.algo_mac->hashdesc->name),
-
-#ifndef DISABLE_ZLIB
-	gen_new_zstreams();
-#endif
-	
-	/* Switch over to the new keys */
-	m_burn(ses.keys, sizeof(struct key_context));
-	m_free(ses.keys);
-	ses.keys = ses.newkeys;
-	ses.newkeys = NULL;
-
-	m_burn(C2S_IV, sizeof(C2S_IV));
-	m_burn(C2S_key, sizeof(C2S_key));
-	m_burn(S2C_IV, sizeof(S2C_IV));
-	m_burn(S2C_key, sizeof(S2C_key));
-
-	TRACE(("leave gen_new_keys"))
-}
-
-#ifndef DISABLE_ZLIB
-
-int is_compress_trans() {
-	return ses.keys->trans.algo_comp == DROPBEAR_COMP_ZLIB
-		|| (ses.authstate.authdone
-			&& ses.keys->trans.algo_comp == DROPBEAR_COMP_ZLIB_DELAY);
-}
-
-int is_compress_recv() {
-	return ses.keys->recv.algo_comp == DROPBEAR_COMP_ZLIB
-		|| (ses.authstate.authdone
-			&& ses.keys->recv.algo_comp == DROPBEAR_COMP_ZLIB_DELAY);
-}
-
-/* Set up new zlib compression streams, close the old ones. Only
- * called from gen_new_keys() */
-static void gen_new_zstreams() {
-
-	/* create new zstreams */
-	if (ses.newkeys->recv.algo_comp == DROPBEAR_COMP_ZLIB
-			|| ses.newkeys->recv.algo_comp == DROPBEAR_COMP_ZLIB_DELAY) {
-		ses.newkeys->recv.zstream = (z_streamp)m_malloc(sizeof(z_stream));
-		ses.newkeys->recv.zstream->zalloc = Z_NULL;
-		ses.newkeys->recv.zstream->zfree = Z_NULL;
-		
-		if (inflateInit(ses.newkeys->recv.zstream) != Z_OK) {
-			dropbear_exit("zlib error");
-		}
-	} else {
-		ses.newkeys->recv.zstream = NULL;
-	}
-
-	if (ses.newkeys->trans.algo_comp == DROPBEAR_COMP_ZLIB
-			|| ses.newkeys->trans.algo_comp == DROPBEAR_COMP_ZLIB_DELAY) {
-		ses.newkeys->trans.zstream = (z_streamp)m_malloc(sizeof(z_stream));
-		ses.newkeys->trans.zstream->zalloc = Z_NULL;
-		ses.newkeys->trans.zstream->zfree = Z_NULL;
-	
-		if (deflateInit2(ses.newkeys->trans.zstream, Z_DEFAULT_COMPRESSION,
-					Z_DEFLATED, DROPBEAR_ZLIB_WINDOW_BITS, 
-					DROPBEAR_ZLIB_MEM_LEVEL, Z_DEFAULT_STRATEGY)
-				!= Z_OK) {
-			dropbear_exit("zlib error");
-		}
-	} else {
-		ses.newkeys->trans.zstream = NULL;
-	}
-
-	/* clean up old keys */
-	if (ses.keys->recv.zstream != NULL) {
-		if (inflateEnd(ses.keys->recv.zstream) == Z_STREAM_ERROR) {
-			/* Z_DATA_ERROR is ok, just means that stream isn't ended */
-			dropbear_exit("Crypto error");
-		}
-		m_free(ses.keys->recv.zstream);
-	}
-	if (ses.keys->trans.zstream != NULL) {
-		if (deflateEnd(ses.keys->trans.zstream) == Z_STREAM_ERROR) {
-			/* Z_DATA_ERROR is ok, just means that stream isn't ended */
-			dropbear_exit("Crypto error");
-		}
-		m_free(ses.keys->trans.zstream);
-	}
-}
-#endif /* DISABLE_ZLIB */
-
-
-/* Executed upon receiving a kexinit message from the client to initiate
- * key exchange. If we haven't already done so, we send the list of our
- * preferred algorithms. The client's requested algorithms are processed,
- * and we calculate the first portion of the key-exchange-hash for used
- * later in the key exchange. No response is sent, as the client should
- * initiate the diffie-hellman key exchange */
-
-/* Originally from kex.c, generalized for cli/svr mode --mihnea  */
-/* Belongs in common_kex.c where it should be moved after review */
-void recv_msg_kexinit() {
-	
-	unsigned int kexhashbuf_len = 0;
-	unsigned int remote_ident_len = 0;
-	unsigned int local_ident_len = 0;
-
-	TRACE(("<- KEXINIT"))
-	TRACE(("enter recv_msg_kexinit"))
-	
-	if (!ses.kexstate.sentkexinit) {
-		/* we need to send a kex packet */
-		send_msg_kexinit();
-		TRACE(("continue recv_msg_kexinit: sent kexinit"))
-	}
-
-	/* start the kex hash */
-	local_ident_len = strlen(LOCAL_IDENT);
-	remote_ident_len = strlen((char*)ses.remoteident);
-
-	kexhashbuf_len = local_ident_len + remote_ident_len
-		+ ses.transkexinit->len + ses.payload->len
-		+ KEXHASHBUF_MAX_INTS;
-
-	ses.kexhashbuf = buf_new(kexhashbuf_len);
-
-	if (IS_DROPBEAR_CLIENT) {
-
-		/* read the peer's choice of algos */
-		read_kex_algos();
-
-		/* V_C, the client's version string (CR and NL excluded) */
-	    buf_putstring(ses.kexhashbuf,
-			(unsigned char*)LOCAL_IDENT, local_ident_len);
-		/* V_S, the server's version string (CR and NL excluded) */
-	    buf_putstring(ses.kexhashbuf, ses.remoteident, remote_ident_len);
-
-		/* I_C, the payload of the client's SSH_MSG_KEXINIT */
-	    buf_putstring(ses.kexhashbuf,
-			ses.transkexinit->data, ses.transkexinit->len);
-		/* I_S, the payload of the server's SSH_MSG_KEXINIT */
-	    buf_setpos(ses.payload, 0);
-	    buf_putstring(ses.kexhashbuf, ses.payload->data, ses.payload->len);
-
-	} else {
-		/* SERVER */
-
-		/* read the peer's choice of algos */
-		read_kex_algos();
-		/* V_C, the client's version string (CR and NL excluded) */
-	    buf_putstring(ses.kexhashbuf, ses.remoteident, remote_ident_len);
-		/* V_S, the server's version string (CR and NL excluded) */
-	    buf_putstring(ses.kexhashbuf, 
-				(unsigned char*)LOCAL_IDENT, local_ident_len);
-
-		/* I_C, the payload of the client's SSH_MSG_KEXINIT */
-	    buf_setpos(ses.payload, 0);
-	    buf_putstring(ses.kexhashbuf, ses.payload->data, ses.payload->len);
-
-		/* I_S, the payload of the server's SSH_MSG_KEXINIT */
-	    buf_putstring(ses.kexhashbuf,
-			ses.transkexinit->data, ses.transkexinit->len);
-
-		ses.requirenext = SSH_MSG_KEXDH_INIT;
-	}
-
-	buf_free(ses.transkexinit);
-	ses.transkexinit = NULL;
-	/* the rest of ses.kexhashbuf will be done after DH exchange */
-
-	ses.kexstate.recvkexinit = 1;
-
-	TRACE(("leave recv_msg_kexinit"))
-}
-
-static void load_dh_p(mp_int * dh_p)
-{
-	switch (ses.newkeys->algo_kex) {
-		case DROPBEAR_KEX_DH_GROUP1:
-			bytes_to_mp(dh_p, dh_p_1, DH_P_1_LEN);
-			break;
-		case DROPBEAR_KEX_DH_GROUP14:
-			bytes_to_mp(dh_p, dh_p_14, DH_P_14_LEN);
-			break;
-	}
-}
-
-/* Initialises and generate one side of the diffie-hellman key exchange values.
- * See the transport rfc 4253 section 8 for details */
-/* dh_pub and dh_priv MUST be already initialised */
-void gen_kexdh_vals(mp_int *dh_pub, mp_int *dh_priv) {
-
-	DEF_MP_INT(dh_p);
-	DEF_MP_INT(dh_q);
-	DEF_MP_INT(dh_g);
-
-	TRACE(("enter send_msg_kexdh_reply"))
-	
-	m_mp_init_multi(&dh_g, &dh_p, &dh_q, NULL);
-
-	/* read the prime and generator*/
-	load_dh_p(&dh_p);
-	
-	if (mp_set_int(&dh_g, DH_G_VAL) != MP_OKAY) {
-		dropbear_exit("Diffie-Hellman error");
-	}
-
-	/* calculate q = (p-1)/2 */
-	/* dh_priv is just a temp var here */
-	if (mp_sub_d(&dh_p, 1, dh_priv) != MP_OKAY) { 
-		dropbear_exit("Diffie-Hellman error");
-	}
-	if (mp_div_2(dh_priv, &dh_q) != MP_OKAY) {
-		dropbear_exit("Diffie-Hellman error");
-	}
-
-	/* Generate a private portion 0 < dh_priv < dh_q */
-	gen_random_mpint(&dh_q, dh_priv);
-
-	/* f = g^y mod p */
-	if (mp_exptmod(&dh_g, dh_priv, &dh_p, dh_pub) != MP_OKAY) {
-		dropbear_exit("Diffie-Hellman error");
-	}
-	mp_clear_multi(&dh_g, &dh_p, &dh_q, NULL);
-}
-
-/* This function is fairly common between client/server, with some substitution
- * of dh_e/dh_f etc. Hence these arguments:
- * dh_pub_us is 'e' for the client, 'f' for the server. dh_pub_them is 
- * vice-versa. dh_priv is the x/y value corresponding to dh_pub_us */
-void kexdh_comb_key(mp_int *dh_pub_us, mp_int *dh_priv, mp_int *dh_pub_them,
-		sign_key *hostkey) {
-
-	mp_int dh_p;
-	mp_int *dh_e = NULL, *dh_f = NULL;
-	hash_state hs;
-
-	/* read the prime and generator*/
-	m_mp_init(&dh_p);
-	load_dh_p(&dh_p);
-
-	/* Check that dh_pub_them (dh_e or dh_f) is in the range [1, p-1] */
-	if (mp_cmp(dh_pub_them, &dh_p) != MP_LT 
-			|| mp_cmp_d(dh_pub_them, 0) != MP_GT) {
-		dropbear_exit("Diffie-Hellman error");
-	}
-	
-	/* K = e^y mod p = f^x mod p */
-	ses.dh_K = (mp_int*)m_malloc(sizeof(mp_int));
-	m_mp_init(ses.dh_K);
-	if (mp_exptmod(dh_pub_them, dh_priv, &dh_p, ses.dh_K) != MP_OKAY) {
-		dropbear_exit("Diffie-Hellman error");
-	}
-
-	/* clear no longer needed vars */
-	mp_clear_multi(&dh_p, NULL);
-
-	/* From here on, the code needs to work with the _same_ vars on each side,
-	 * not vice-versaing for client/server */
-	if (IS_DROPBEAR_CLIENT) {
-		dh_e = dh_pub_us;
-		dh_f = dh_pub_them;
-	} else {
-		dh_e = dh_pub_them;
-		dh_f = dh_pub_us;
-	} 
-
-	/* Create the remainder of the hash buffer, to generate the exchange hash */
-	/* K_S, the host key */
-	buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey);
-	/* e, exchange value sent by the client */
-	buf_putmpint(ses.kexhashbuf, dh_e);
-	/* f, exchange value sent by the server */
-	buf_putmpint(ses.kexhashbuf, dh_f);
-	/* K, the shared secret */
-	buf_putmpint(ses.kexhashbuf, ses.dh_K);
-
-	/* calculate the hash H to sign */
-	sha1_init(&hs);
-	buf_setpos(ses.kexhashbuf, 0);
-	sha1_process(&hs, buf_getptr(ses.kexhashbuf, ses.kexhashbuf->len),
-			ses.kexhashbuf->len);
-	sha1_done(&hs, ses.hash);
-
-	buf_burn(ses.kexhashbuf);
-	buf_free(ses.kexhashbuf);
-	ses.kexhashbuf = NULL;
-	
-	/* first time around, we set the session_id to H */
-	if (ses.session_id == NULL) {
-		/* create the session_id, this never needs freeing */
-		ses.session_id = (unsigned char*)m_malloc(SHA1_HASH_SIZE);
-		memcpy(ses.session_id, ses.hash, SHA1_HASH_SIZE);
-	}
-}
-
-/* read the other side's algo list. buf_match_algo is a callback to match
- * algos for the client or server. */
-static void read_kex_algos() {
-
-	/* for asymmetry */
-	algo_type * c2s_hash_algo = NULL;
-	algo_type * s2c_hash_algo = NULL;
-	algo_type * c2s_cipher_algo = NULL;
-	algo_type * s2c_cipher_algo = NULL;
-	algo_type * c2s_comp_algo = NULL;
-	algo_type * s2c_comp_algo = NULL;
-	/* the generic one */
-	algo_type * algo = NULL;
-
-	/* which algo couldn't match */
-	char * erralgo = NULL;
-
-	int goodguess = 0;
-	int allgood = 1; /* we AND this with each goodguess and see if its still
-						true after */
-
-	buf_incrpos(ses.payload, 16); /* start after the cookie */
-
-	ses.newkeys = (struct key_context*)m_malloc(sizeof(struct key_context));
-
-	/* kex_algorithms */
-	algo = ses.buf_match_algo(ses.payload, sshkex, &goodguess);
-	allgood &= goodguess;
-	if (algo == NULL) {
-		erralgo = "kex";
-		goto error;
-	}
-	TRACE(("kex algo %s", algo->name))
-	ses.newkeys->algo_kex = algo->val;
-
-	/* server_host_key_algorithms */
-	algo = ses.buf_match_algo(ses.payload, sshhostkey, &goodguess);
-	allgood &= goodguess;
-	if (algo == NULL) {
-		erralgo = "hostkey";
-		goto error;
-	}
-	TRACE(("hostkey algo %s", algo->name))
-	ses.newkeys->algo_hostkey = algo->val;
-
-	/* encryption_algorithms_client_to_server */
-	c2s_cipher_algo = ses.buf_match_algo(ses.payload, sshciphers, &goodguess);
-	if (c2s_cipher_algo == NULL) {
-		erralgo = "enc c->s";
-		goto error;
-	}
-	TRACE(("enc c2s is  %s", c2s_cipher_algo->name))
-
-	/* encryption_algorithms_server_to_client */
-	s2c_cipher_algo = ses.buf_match_algo(ses.payload, sshciphers, &goodguess);
-	if (s2c_cipher_algo == NULL) {
-		erralgo = "enc s->c";
-		goto error;
-	}
-	TRACE(("enc s2c is  %s", s2c_cipher_algo->name))
-
-	/* mac_algorithms_client_to_server */
-	c2s_hash_algo = ses.buf_match_algo(ses.payload, sshhashes, &goodguess);
-	if (c2s_hash_algo == NULL) {
-		erralgo = "mac c->s";
-		goto error;
-	}
-	TRACE(("hash c2s is  %s", c2s_hash_algo->name))
-
-	/* mac_algorithms_server_to_client */
-	s2c_hash_algo = ses.buf_match_algo(ses.payload, sshhashes, &goodguess);
-	if (s2c_hash_algo == NULL) {
-		erralgo = "mac s->c";
-		goto error;
-	}
-	TRACE(("hash s2c is  %s", s2c_hash_algo->name))
-
-	/* compression_algorithms_client_to_server */
-	c2s_comp_algo = ses.buf_match_algo(ses.payload, ses.compress_algos, &goodguess);
-	if (c2s_comp_algo == NULL) {
-		erralgo = "comp c->s";
-		goto error;
-	}
-	TRACE(("hash c2s is  %s", c2s_comp_algo->name))
-
-	/* compression_algorithms_server_to_client */
-	s2c_comp_algo = ses.buf_match_algo(ses.payload, ses.compress_algos, &goodguess);
-	if (s2c_comp_algo == NULL) {
-		erralgo = "comp s->c";
-		goto error;
-	}
-	TRACE(("hash s2c is  %s", s2c_comp_algo->name))
-
-	/* languages_client_to_server */
-	buf_eatstring(ses.payload);
-
-	/* languages_server_to_client */
-	buf_eatstring(ses.payload);
-
-	/* first_kex_packet_follows */
-	if (buf_getbool(ses.payload)) {
-		ses.kexstate.firstfollows = 1;
-		/* if the guess wasn't good, we ignore the packet sent */
-		if (!allgood) {
-			ses.ignorenext = 1;
-		}
-	}
-
-	/* Handle the asymmetry */
-	if (IS_DROPBEAR_CLIENT) {
-		ses.newkeys->recv.algo_crypt = 
-			(struct dropbear_cipher*)s2c_cipher_algo->data;
-		ses.newkeys->trans.algo_crypt = 
-			(struct dropbear_cipher*)c2s_cipher_algo->data;
-		ses.newkeys->recv.crypt_mode = 
-			(struct dropbear_cipher_mode*)s2c_cipher_algo->mode;
-		ses.newkeys->trans.crypt_mode =
-			(struct dropbear_cipher_mode*)c2s_cipher_algo->mode;
-		ses.newkeys->recv.algo_mac = 
-			(struct dropbear_hash*)s2c_hash_algo->data;
-		ses.newkeys->trans.algo_mac = 
-			(struct dropbear_hash*)c2s_hash_algo->data;
-		ses.newkeys->recv.algo_comp = s2c_comp_algo->val;
-		ses.newkeys->trans.algo_comp = c2s_comp_algo->val;
-	} else {
-		/* SERVER */
-		ses.newkeys->recv.algo_crypt = 
-			(struct dropbear_cipher*)c2s_cipher_algo->data;
-		ses.newkeys->trans.algo_crypt = 
-			(struct dropbear_cipher*)s2c_cipher_algo->data;
-		ses.newkeys->recv.crypt_mode =
-			(struct dropbear_cipher_mode*)c2s_cipher_algo->mode;
-		ses.newkeys->trans.crypt_mode =
-			(struct dropbear_cipher_mode*)s2c_cipher_algo->mode;
-		ses.newkeys->recv.algo_mac = 
-			(struct dropbear_hash*)c2s_hash_algo->data;
-		ses.newkeys->trans.algo_mac = 
-			(struct dropbear_hash*)s2c_hash_algo->data;
-		ses.newkeys->recv.algo_comp = c2s_comp_algo->val;
-		ses.newkeys->trans.algo_comp = s2c_comp_algo->val;
-	}
-
-	/* reserved for future extensions */
-	buf_getint(ses.payload);
-	return;
-
-error:
-	dropbear_exit("No matching algo %s", erralgo);
-}

common-session.c

@@ -1,458 +0,0 @@
-/*
- * Dropbear - a SSH2 server
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#include "includes.h"
-#include "session.h"
-#include "dbutil.h"
-#include "packet.h"
-#include "algo.h"
-#include "buffer.h"
-#include "dss.h"
-#include "ssh.h"
-#include "random.h"
-#include "kex.h"
-#include "channel.h"
-#include "atomicio.h"
-#include "runopts.h"
-
-static void checktimeouts();
-static long select_timeout();
-static int ident_readln(int fd, char* buf, int count);
-
-struct sshsession ses; /* GLOBAL */
-
-/* need to know if the session struct has been initialised, this way isn't the
- * cleanest, but works OK */
-int sessinitdone = 0; /* GLOBAL */
-
-/* this is set when we get SIGINT or SIGTERM, the handler is in main.c */
-int exitflag = 0; /* GLOBAL */
-
-
-
-/* called only at the start of a session, set up initial state */
-void common_session_init(int sock_in, int sock_out) {
-
-	TRACE(("enter session_init"))
-
-	ses.sock_in = sock_in;
-	ses.sock_out = sock_out;
-	ses.maxfd = MAX(sock_in, sock_out);
-
-	ses.connect_time = 0;
-	ses.last_trx_packet_time = 0;
-	ses.last_packet_time = 0;
-	
-	if (pipe(ses.signal_pipe) < 0) {
-		dropbear_exit("Signal pipe failed");
-	}
-	setnonblocking(ses.signal_pipe[0]);
-	setnonblocking(ses.signal_pipe[1]);
-
-	ses.maxfd = MAX(ses.maxfd, ses.signal_pipe[0]);
-	ses.maxfd = MAX(ses.maxfd, ses.signal_pipe[1]);
-	
-	kexfirstinitialise(); /* initialise the kex state */
-
-	ses.writepayload = buf_new(TRANS_MAX_PAYLOAD_LEN);
-	ses.transseq = 0;
-
-	ses.readbuf = NULL;
-	ses.payload = NULL;
-	ses.recvseq = 0;
-
-	initqueue(&ses.writequeue);
-
-	ses.requirenext = SSH_MSG_KEXINIT;
-	ses.dataallowed = 1; /* we can send data until we actually 
-							send the SSH_MSG_KEXINIT */
-	ses.ignorenext = 0;
-	ses.lastpacket = 0;
-	ses.reply_queue_head = NULL;
-	ses.reply_queue_tail = NULL;
-
-	/* set all the algos to none */
-	ses.keys = (struct key_context*)m_malloc(sizeof(struct key_context));
-	ses.newkeys = NULL;
-	ses.keys->recv.algo_crypt = &dropbear_nocipher;
-	ses.keys->trans.algo_crypt = &dropbear_nocipher;
-	ses.keys->recv.crypt_mode = &dropbear_mode_none;
-	ses.keys->trans.crypt_mode = &dropbear_mode_none;
-	
-	ses.keys->recv.algo_mac = &dropbear_nohash;
-	ses.keys->trans.algo_mac = &dropbear_nohash;
-
-	ses.keys->algo_kex = -1;
-	ses.keys->algo_hostkey = -1;
-	ses.keys->recv.algo_comp = DROPBEAR_COMP_NONE;
-	ses.keys->trans.algo_comp = DROPBEAR_COMP_NONE;
-
-#ifndef DISABLE_ZLIB
-	ses.keys->recv.zstream = NULL;
-	ses.keys->trans.zstream = NULL;
-#endif
-
-	/* key exchange buffers */
-	ses.session_id = NULL;
-	ses.kexhashbuf = NULL;
-	ses.transkexinit = NULL;
-	ses.dh_K = NULL;
-	ses.remoteident = NULL;
-
-	ses.chantypes = NULL;
-
-	ses.allowprivport = 0;
-
-	TRACE(("leave session_init"))
-}
-
-void session_loop(void(*loophandler)()) {
-
-	fd_set readfd, writefd;
-	struct timeval timeout;
-	int val;
-
-	/* main loop, select()s for all sockets in use */
-	for(;;) {
-
-		timeout.tv_sec = select_timeout();
-		timeout.tv_usec = 0;
-		FD_ZERO(&writefd);
-		FD_ZERO(&readfd);
-		dropbear_assert(ses.payload == NULL);
-		if (ses.sock_in != -1) {
-			FD_SET(ses.sock_in, &readfd);
-		}
-		if (ses.sock_out != -1 && !isempty(&ses.writequeue)) {
-			FD_SET(ses.sock_out, &writefd);
-		}
-		
-		/* We get woken up when signal handlers write to this pipe.
-		   SIGCHLD in svr-chansession is the only one currently. */
-		FD_SET(ses.signal_pipe[0], &readfd);
-
-		/* set up for channels which require reading/writing */
-		if (ses.dataallowed) {
-			setchannelfds(&readfd, &writefd);
-		}
-		val = select(ses.maxfd+1, &readfd, &writefd, NULL, &timeout);
-
-		if (exitflag) {
-			dropbear_exit("Terminated by signal");
-		}
-		
-		if (val < 0 && errno != EINTR) {
-			dropbear_exit("Error in select");
-		}
-
-		if (val <= 0) {
-			/* If we were interrupted or the select timed out, we still
-			 * want to iterate over channels etc for reading, to handle
-			 * server processes exiting etc. 
-			 * We don't want to read/write FDs. */
-			FD_ZERO(&writefd);
-			FD_ZERO(&readfd);
-		}
-		
-		/* We'll just empty out the pipe if required. We don't do
-		any thing with the data, since the pipe's purpose is purely to
-		wake up the select() above. */
-		if (FD_ISSET(ses.signal_pipe[0], &readfd)) {
-			char x;
-			while (read(ses.signal_pipe[0], &x, 1) > 0) {}
-		}
-
-		/* check for auth timeout, rekeying required etc */
-		checktimeouts();
-
-		/* process session socket's incoming/outgoing data */
-		if (ses.sock_out != -1) {
-			if (FD_ISSET(ses.sock_out, &writefd) && !isempty(&ses.writequeue)) {
-				write_packet();
-			}
-		}
-
-		if (ses.sock_in != -1) {
-			if (FD_ISSET(ses.sock_in, &readfd)) {
-				read_packet();
-			}
-			
-			/* Process the decrypted packet. After this, the read buffer
-			 * will be ready for a new packet */
-			if (ses.payload != NULL) {
-				process_packet();
-			}
-		}
-		
-		/* if required, flush out any queued reply packets that
-		were being held up during a KEX */
-		maybe_flush_reply_queue();
-
-		/* process pipes etc for the channels, ses.dataallowed == 0
-		 * during rekeying ) */
-		if (ses.dataallowed) {
-			channelio(&readfd, &writefd);
-		}
-
-		if (loophandler) {
-			loophandler();
-		}
-
-	} /* for(;;) */
-	
-	/* Not reached */
-}
-
-/* clean up a session on exit */
-void common_session_cleanup() {
-	
-	TRACE(("enter session_cleanup"))
-	
-	/* we can't cleanup if we don't know the session state */
-	if (!sessinitdone) {
-		TRACE(("leave session_cleanup: !sessinitdone"))
-		return;
-	}
-	
-	m_free(ses.session_id);
-	m_burn(ses.keys, sizeof(struct key_context));
-	m_free(ses.keys);
-
-	chancleanup();
-
-	TRACE(("leave session_cleanup"))
-}
-
-
-void session_identification() {
-
-	/* max length of 255 chars */
-	char linebuf[256];
-	int len = 0;
-	char done = 0;
-	int i;
-
-	/* write our version string, this blocks */
-	if (atomicio(write, ses.sock_out, LOCAL_IDENT "\r\n",
-				strlen(LOCAL_IDENT "\r\n")) == DROPBEAR_FAILURE) {
-		ses.remoteclosed();
-	}
-
-	/* If they send more than 50 lines, something is wrong */
-	for (i = 0; i < 50; i++) {
-		len = ident_readln(ses.sock_in, linebuf, sizeof(linebuf));
-
-		if (len < 0 && errno != EINTR) {
-			/* It failed */
-			break;
-		}
-
-		if (len >= 4 && memcmp(linebuf, "SSH-", 4) == 0) {
-			/* start of line matches */
-			done = 1;
-			break;
-		}
-	}
-
-	if (!done) {
-		TRACE(("err: %s for '%s'\n", strerror(errno), linebuf))
-		ses.remoteclosed();
-	} else {
-		/* linebuf is already null terminated */
-		ses.remoteident = m_malloc(len);
-		memcpy(ses.remoteident, linebuf, len);
-	}
-
-	/* Shall assume that 2.x will be backwards compatible. */
-	if (strncmp(ses.remoteident, "SSH-2.", 6) != 0
-			&& strncmp(ses.remoteident, "SSH-1.99-", 9) != 0) {
-		dropbear_exit("Incompatible remote version '%s'", ses.remoteident);
-	}
-
-	TRACE(("remoteident: %s", ses.remoteident))
-
-}
-
-/* returns the length including null-terminating zero on success,
- * or -1 on failure */
-static int ident_readln(int fd, char* buf, int count) {
-	
-	char in;
-	int pos = 0;
-	int num = 0;
-	fd_set fds;
-	struct timeval timeout;
-
-	TRACE(("enter ident_readln"))
-
-	if (count < 1) {
-		return -1;
-	}
-
-	FD_ZERO(&fds);
-
-	/* select since it's a non-blocking fd */
-	
-	/* leave space to null-terminate */
-	while (pos < count-1) {
-
-		FD_SET(fd, &fds);
-
-		timeout.tv_sec = 1;
-		timeout.tv_usec = 0;
-		if (select(fd+1, &fds, NULL, NULL, &timeout) < 0) {
-			if (errno == EINTR) {
-				continue;
-			}
-			TRACE(("leave ident_readln: select error"))
-			return -1;
-		}
-
-		checktimeouts();
-		
-		/* Have to go one byte at a time, since we don't want to read past
-		 * the end, and have to somehow shove bytes back into the normal
-		 * packet reader */
-		if (FD_ISSET(fd, &fds)) {
-			num = read(fd, &in, 1);
-			/* a "\n" is a newline, "\r" we want to read in and keep going
-			 * so that it won't be read as part of the next line */
-			if (num < 0) {
-				/* error */
-				if (errno == EINTR) {
-					continue; /* not a real error */
-				}
-				TRACE(("leave ident_readln: read error"))
-				return -1;
-			}
-			if (num == 0) {
-				/* EOF */
-				TRACE(("leave ident_readln: EOF"))
-				return -1;
-			}
-			if (in == '\n') {
-				/* end of ident string */
-				break;
-			}
-			/* we don't want to include '\r's */
-			if (in != '\r') {
-				buf[pos] = in;
-				pos++;
-			}
-		}
-	}
-
-	buf[pos] = '\0';
-	TRACE(("leave ident_readln: return %d", pos+1))
-	return pos+1;
-}
-
-void send_msg_ignore() {
-	CHECKCLEARTOWRITE();
-	buf_putbyte(ses.writepayload, SSH_MSG_IGNORE);
-	buf_putstring(ses.writepayload, "", 0);
-	encrypt_packet();
-}
-
-/* Check all timeouts which are required. Currently these are the time for
- * user authentication, and the automatic rekeying. */
-static void checktimeouts() {
-
-	time_t now;
-
-	now = time(NULL);
-	
-	if (ses.connect_time != 0 && now - ses.connect_time >= AUTH_TIMEOUT) {
-			dropbear_close("Timeout before auth");
-	}
-
-	/* we can't rekey if we haven't done remote ident exchange yet */
-	if (ses.remoteident == NULL) {
-		return;
-	}
-
-	if (!ses.kexstate.sentkexinit
-			&& (now - ses.kexstate.lastkextime >= KEX_REKEY_TIMEOUT
-			|| ses.kexstate.datarecv+ses.kexstate.datatrans >= KEX_REKEY_DATA)) {
-		TRACE(("rekeying after timeout or max data reached"))
-		send_msg_kexinit();
-	}
-	
-	if (opts.keepalive_secs > 0 
-			&& now - ses.last_trx_packet_time >= opts.keepalive_secs) {
-		send_msg_ignore();
-	}
-
-	if (opts.idle_timeout_secs > 0 && ses.last_packet_time > 0
-			&& now - ses.last_packet_time >= opts.idle_timeout_secs) {
-		dropbear_close("Idle timeout");
-	}
-}
-
-static long select_timeout() {
-	/* determine the minimum timeout that might be required, so
-	as to avoid waking when unneccessary */
-	long ret = LONG_MAX;
-	if (KEX_REKEY_TIMEOUT > 0)
-		ret = MIN(KEX_REKEY_TIMEOUT, ret);
-	if (AUTH_TIMEOUT > 0)
-		ret = MIN(AUTH_TIMEOUT, ret);
-	if (opts.keepalive_secs > 0)
-		ret = MIN(opts.keepalive_secs, ret);
-    if (opts.idle_timeout_secs > 0)
-        ret = MIN(opts.idle_timeout_secs, ret);
-	return ret;
-}
-
-const char* get_user_shell() {
-	/* an empty shell should be interpreted as "/bin/sh" */
-	if (ses.authstate.pw_shell[0] == '\0') {
-		return "/bin/sh";
-	} else {
-		return ses.authstate.pw_shell;
-	}
-}
-void fill_passwd(const char* username) {
-	struct passwd *pw = NULL;
-	if (ses.authstate.pw_name)
-		m_free(ses.authstate.pw_name);
-	if (ses.authstate.pw_dir)
-		m_free(ses.authstate.pw_dir);
-	if (ses.authstate.pw_shell)
-		m_free(ses.authstate.pw_shell);
-	if (ses.authstate.pw_passwd)
-		m_free(ses.authstate.pw_passwd);
-
-	pw = getpwnam(username);
-	if (!pw) {
-		return;
-	}
-	ses.authstate.pw_uid = pw->pw_uid;
-	ses.authstate.pw_gid = pw->pw_gid;
-	ses.authstate.pw_name = m_strdup(pw->pw_name);
-	ses.authstate.pw_dir = m_strdup(pw->pw_dir);
-	ses.authstate.pw_shell = m_strdup(pw->pw_shell);
-	ses.authstate.pw_passwd = m_strdup(pw->pw_passwd);
-}
-

configure.ac

@@ -5,24 +5,152 @@
 # of the platform checks have been taken straight from OpenSSH's configure.ac
 # Huge thanks to them for dealing with the horrible platform-specifics :)
 
-AC_PREREQ(2.50)
-AC_INIT(buffer.c)
+AC_PREREQ([2.59])
+AC_INIT
 
-OLDCFLAGS=$CFLAGS
+# Record which revision is being built
+if test -s "`which hg`" && test -d "$srcdir/.hg"; then
+	hgrev=`hg id -i -R "$srcdir"`
+	AC_MSG_NOTICE([Source directory Mercurial base revision $hgrev])
+fi
+
+ORIGCFLAGS="$CFLAGS"
+LATE_CFLAGS=""
 # Checks for programs.
 AC_PROG_CC
-AC_PROG_MAKE_SET
 
 if test -z "$LD" ; then
 	LD=$CC
 fi
-AC_SUBST(LD)	
+AC_SUBST(LD)
 
-if test -z "$OLDCFLAGS" && test "$GCC" = "yes"; then
+AC_DEFUN(DB_TRYADDCFLAGS,
+[{
+		OLDFLAGS="$CFLAGS"
+		TESTFLAGS="$1"
+		CFLAGS="$TESTFLAGS $CFLAGS"
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])],
+			[AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDFLAGS" ]
+			)
+}])
+
+# set compile flags prior to other tests
+if test -z "$ORIGCFLAGS" && test "$GCC" = "yes"; then
 	AC_MSG_NOTICE(No \$CFLAGS set... using "-Os -W -Wall" for GCC)
 	CFLAGS="-Os -W -Wall"
 fi
 
+# LTM_CFLAGS is given to ./configure by the user, 
+# DROPBEAR_LTM_CFLAGS is substituted in the LTM Makefile.in
+DROPBEAR_LTM_CFLAGS="$LTM_CFLAGS"
+if test -z "$DROPBEAR_LTM_CFLAGS"; then
+	DROPBEAR_LTM_CFLAGS="-O3 -funroll-loops -fomit-frame-pointer"
+fi
+AC_MSG_NOTICE(Setting LTM_CFLAGS to $DROPBEAR_LTM_CFLAGS)
+AC_ARG_VAR(LTM_CFLAGS, CFLAGS for bundled libtommath. Default -O3 -funroll-loops -fomit-frame-pointer)
+AC_SUBST(DROPBEAR_LTM_CFLAGS)
+
+AC_MSG_NOTICE([Checking if compiler '$CC' supports -Wno-pointer-sign])
+DB_TRYADDCFLAGS([-Wno-pointer-sign])
+
+AC_MSG_NOTICE([Checking if compiler '$CC' supports -fno-strict-overflow])
+DB_TRYADDCFLAGS([-fno-strict-overflow])
+
+AC_MSG_NOTICE([Checking if compiler '$CC' supports -Wundef])
+DB_TRYADDCFLAGS([-Wundef])
+
+# needed for various extensions. define early before autoconf tests
+AC_DEFINE([_GNU_SOURCE], [], [Use GNU extensions if glibc])
+
+STATIC=0
+AC_ARG_ENABLE(static,
+	[  --enable-static         Build static binaries],
+	[
+		if test "x$enableval" = "xyes"; then
+			STATIC=1
+			AC_MSG_NOTICE(Static Build)
+		fi
+	], [])
+AC_SUBST(STATIC)
+
+hardenbuild=1
+AC_ARG_ENABLE(harden,
+	[  --disable-harden        Don't set hardened build flags],
+	[
+		if test "x$enableval" = "xno"; then
+			hardenbuild=0
+			AC_MSG_NOTICE(Disabling hardened build flags)
+		fi
+	], [])
+
+if test "$hardenbuild" -eq 1; then
+	AC_MSG_NOTICE(Checking for available hardened build flags:)
+	# relocation flags don't make sense for static builds
+	if test "$STATIC" -ne 1; then
+		# pie
+		DB_TRYADDCFLAGS([-fPIE])
+
+		OLDLDFLAGS="$LDFLAGS"
+		TESTFLAGS="-Wl,-pie"
+		LDFLAGS="$TESTFLAGS $LDFLAGS"
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])],
+			[
+				LDFLAGS="$OLDLDFLAGS"
+				TESTFLAGS="-pie"
+				LDFLAGS="$TESTFLAGS $LDFLAGS"
+				AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+					[AC_MSG_NOTICE([Setting $TESTFLAGS])],
+					[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
+					)
+			]
+			)
+		# readonly elf relocation sections (relro)
+		OLDLDFLAGS="$LDFLAGS"
+		TESTFLAGS="-Wl,-z,now -Wl,-z,relro"
+		LDFLAGS="$TESTFLAGS $LDFLAGS"
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])],
+			[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
+			)
+	fi # non-static
+	# stack protector. -strong is good but only in gcc 4.9 or later
+	OLDCFLAGS="$CFLAGS"
+	TESTFLAGS="-fstack-protector-strong"
+	CFLAGS="$TESTFLAGS $CFLAGS"
+	AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+	    [AC_MSG_NOTICE([Setting $TESTFLAGS])],
+	    [
+			CFLAGS="$OLDCFLAGS"
+			TESTFLAGS="-fstack-protector --param=ssp-buffer-size=4"
+			CFLAGS="$TESTFLAGS $CFLAGS"
+			AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+			    [AC_MSG_NOTICE([Setting $TESTFLAGS])],
+			    [AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
+			    )
+	    ]
+	    )
+	# FORTIFY_SOURCE
+	DB_TRYADDCFLAGS([-D_FORTIFY_SOURCE=2])
+
+	# Spectre v2 mitigations
+	DB_TRYADDCFLAGS([-mfunction-return=thunk])
+	DB_TRYADDCFLAGS([-mindirect-branch=thunk])
+
+fi
+
+AC_ARG_ENABLE(werror,
+	[  --enable-werror         Set -Werror when building],
+	[
+		if test "x$enableval" = "xyes"; then
+			# -Werror shouldn't be set when configure runs tests.
+			# We add it to the Makefile's CFLAGS
+			LATE_CFLAGS+="$LATE_CFLAGS -Werror"
+			AC_MSG_NOTICE(Enabling -Werror)
+		fi
+	], [])
+
 # large file support is useful for scp
 AC_SYS_LARGEFILE
 
@@ -44,8 +172,8 @@ case "$host" in
 	sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
 	if test "$sol2ver" -ge 8; then
 		AC_MSG_RESULT(yes)
-		AC_DEFINE(DISABLE_UTMP,,Disable utmp)
-		AC_DEFINE(DISABLE_WTMP,,Disable wtmp)
+		AC_DEFINE(DISABLE_UTMP,1,Disable utmp)
+		AC_DEFINE(DISABLE_WTMP,1,Disable wtmp)
 	else
 		AC_MSG_RESULT(no)
 	fi
@@ -54,36 +182,46 @@ case "$host" in
 	;;
 
 *-*-aix*)
-	AC_DEFINE(AIX,,Using AIX)
+	AC_DEFINE(AIX,1,Using AIX)
 	# OpenSSH thinks it's broken. If it isn't, let me know.
-	AC_DEFINE(BROKEN_GETADDRINFO,,Broken getaddrinfo)
+	AC_DEFINE(BROKEN_GETADDRINFO,1,Broken getaddrinfo)
 	;;
-	
+
 *-*-hpux*)
 	LIBS="$LIBS -lsec"
 	# It's probably broken.
-	AC_DEFINE(BROKEN_GETADDRINFO,,Broken getaddrinfo)
+	AC_DEFINE(BROKEN_GETADDRINFO,1,Broken getaddrinfo)
 	;;
 *-dec-osf*)
-	AC_DEFINE(BROKEN_GETADDRINFO,,Broken getaddrinfo)
+	AC_DEFINE(BROKEN_GETADDRINFO,1,Broken getaddrinfo)
 	;;
 esac
 
 AC_CHECK_TOOL(AR, ar, :)
 AC_CHECK_TOOL(RANLIB, ranlib, :)
 AC_CHECK_TOOL(STRIP, strip, :)
-AC_CHECK_TOOL(INSTALL, install, :)
+AC_PROG_INSTALL
 
 dnl Can't use login() or logout() with uclibc
-AC_CHECK_DECL(__UCLIBC__, 
+AC_CHECK_DECL(__UCLIBC__,
 	[
 	no_loginfunc_check=1
 	AC_MSG_NOTICE([Using uClibc - login() and logout() probably don't work, so we won't use them.])
-	],,,)
+	],,)
 
-# Checks for libraries.
-AC_CHECK_LIB(crypt, crypt, CRYPTLIB="-lcrypt")
-AC_SUBST(CRYPTLIB)	
+dnl We test for crypt() specially. On Linux (and others?) it resides in libcrypt
+dnl but we don't want link all binaries to -lcrypt, just dropbear server.
+dnl OS X doesn't need -lcrypt
+AC_CHECK_FUNC(crypt, found_crypt_func=here)
+AC_CHECK_LIB(crypt, crypt,
+	[
+	CRYPTLIB="-lcrypt"
+	found_crypt_func=here
+	])
+AC_SUBST(CRYPTLIB)
+if test "t$found_crypt_func" = there; then
+AC_DEFINE(HAVE_CRYPT, 1, [crypt() function])
+fi
 
 # Check if zlib is needed
 AC_ARG_WITH(zlib,
@@ -107,7 +245,7 @@ AC_ARG_ENABLE(zlib,
 	[  --disable-zlib          Don't include zlib support],
 	[
 		if test "x$enableval" = "xno"; then
-			AC_DEFINE(DISABLE_ZLIB,, Use zlib)
+			AC_DEFINE(DISABLE_ZLIB,1,Use zlib)
 			AC_MSG_NOTICE(Disabling zlib)
 		else
 			AC_CHECK_LIB(z, deflate, , AC_MSG_ERROR([*** zlib missing - install first or check config.log ***]))
@@ -141,20 +279,20 @@ AC_ARG_WITH(pam,
 
 
 AC_ARG_ENABLE(pam,
-	[  --enable-pam          Try to include PAM support],
+	[  --enable-pam            Try to include PAM support],
 	[
 		if test "x$enableval" = "xyes"; then
 			AC_CHECK_LIB(pam, pam_authenticate, , AC_MSG_ERROR([*** PAM missing - install first or check config.log ***]))
 			AC_MSG_NOTICE(Enabling PAM)
 			AC_CHECK_FUNCS(pam_fail_delay)
 		else
-			AC_DEFINE(DISABLE_PAM,, Use PAM)
+			AC_DEFINE(DISABLE_PAM,1,Use PAM)
 			AC_MSG_NOTICE(Disabling PAM)
 		fi
 	],
 	[
 		# disable it by default
-		AC_DEFINE(DISABLE_PAM,, Use PAM)
+		AC_DEFINE(DISABLE_PAM,1,Use PAM)
 		AC_MSG_NOTICE(Disabling PAM)
 	]
 )
@@ -166,21 +304,26 @@ AC_ARG_ENABLE(openpty,
 			AC_MSG_NOTICE(Not using openpty)
 		else
 			AC_MSG_NOTICE(Using openpty if available)
-			AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)])
+			AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
 		fi
 	],
 	[
 		AC_MSG_NOTICE(Using openpty if available)
-		AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)])
+		AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
 	]
 )
-		
+
+if test "x$dropbear_cv_func_have_openpty" = "xyes"; then
+	AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)
+	no_ptc_check=yes
+	no_ptmx_check=yes
+fi
 
 AC_ARG_ENABLE(syslog,
 	[  --disable-syslog        Don't include syslog support],
 	[
 		if test "x$enableval" = "xno"; then
-			AC_DEFINE(DISABLE_SYSLOG,, Using syslog)
+			AC_DEFINE(DISABLE_SYSLOG,1,Using syslog)
 			AC_MSG_NOTICE(Disabling syslog)
 		else
 			AC_MSG_NOTICE(Enabling syslog)
@@ -206,12 +349,56 @@ AC_ARG_ENABLE(shadow,
 		AC_MSG_NOTICE(Using shadow passwords if available)
 	]
 )
-			
+
+AC_ARG_ENABLE(plugin,
+	[  --enable-plugin         Enable support for External Public Key Authentication plug-in],
+	[
+		AC_DEFINE(DROPBEAR_PLUGIN, 1, External Public Key Authentication)
+		AC_MSG_NOTICE(Enabling support for External Public Key Authentication)
+		DROPBEAR_PLUGIN=1
+	],
+	[
+		AC_DEFINE(DROPBEAR_PLUGIN, 0, External Public Key Authentication)
+		DROPBEAR_PLUGIN=0
+	]
+
+)
+AC_SUBST(DROPBEAR_PLUGIN)
+
+AC_ARG_ENABLE(fuzz,
+	[  --enable-fuzz           Build fuzzing. Not recommended for deployment.],
+	[
+		if test "x$enableval" = "xyes"; then
+            AC_DEFINE(DROPBEAR_FUZZ, 1, Fuzzing)
+            AC_MSG_NOTICE(Enabling fuzzing)
+            DROPBEAR_FUZZ=1
+            # libfuzzer needs linking with c++ libraries
+            AC_PROG_CXX
+			mkdir -pv fuzz
+        else
+            AC_DEFINE(DROPBEAR_FUZZ, 0, Fuzzing)
+            AC_MSG_NOTICE(Disabling fuzzing)
+            DROPBEAR_FUZZ=0
+        fi
+	],
+	[
+		AC_DEFINE(DROPBEAR_FUZZ, 0, Fuzzing)
+		AC_MSG_NOTICE(Disabling fuzzing)
+		DROPBEAR_FUZZ=0
+	]
+
+)
+AC_SUBST(DROPBEAR_FUZZ)
+AC_SUBST(CXX)
 
 # Checks for header files.
-AC_HEADER_STDC
 AC_HEADER_SYS_WAIT
-AC_CHECK_HEADERS([fcntl.h limits.h netinet/in.h netinet/tcp.h stdlib.h string.h sys/socket.h sys/time.h termios.h unistd.h crypt.h pty.h ioctl.h libutil.h libgen.h inttypes.h stropts.h utmp.h utmpx.h lastlog.h paths.h util.h netdb.h security/pam_appl.h pam/pam_appl.h netinet/in_systm.h])
+AC_CHECK_HEADERS([netinet/in.h netinet/tcp.h \
+	crypt.h \
+	pty.h libutil.h libgen.h inttypes.h stropts.h utmp.h \
+	utmpx.h lastlog.h paths.h util.h netdb.h security/pam_appl.h \
+	pam/pam_appl.h netinet/in_systm.h sys/uio.h linux/pkt_sched.h \
+	sys/random.h sys/prctl.h])
 
 # Checks for typedefs, structures, and compiler characteristics.
 AC_C_CONST
@@ -219,9 +406,9 @@ AC_TYPE_UID_T
 AC_TYPE_MODE_T
 AC_TYPE_PID_T
 AC_TYPE_SIZE_T
-AC_HEADER_TIME
 
-AC_CHECK_TYPES([uint16_t, u_int16_t, struct sockaddr_storage])
+AC_CHECK_TYPES([uint8_t, u_int8_t, uint16_t, u_int16_t, uint32_t, u_int32_t])
+AC_CHECK_TYPES([struct sockaddr_storage])
 AC_CHECK_TYPE([socklen_t], ,[
 	AC_MSG_CHECKING([for socklen_t equivalent])
 	AC_CACHE_VAL([curl_cv_socklen_t_equiv],
@@ -231,15 +418,15 @@ AC_CHECK_TYPE([socklen_t], ,[
 	curl_cv_socklen_t_equiv=
 	for arg2 in "struct sockaddr" void; do
 		for t in int size_t unsigned long "unsigned long"; do
-		AC_TRY_COMPILE([
-			#include <sys/types.h>
-			#include <sys/socket.h>
+		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>
 
 			int getpeername (int, $arg2 *, $t *);
-		],[
+		]],[[
 			$t len;
 			getpeername(0,0,&len);
-		],[
+		]])],[
 			curl_cv_socklen_t_equiv="$t"
 			break
 		])
@@ -259,12 +446,11 @@ AC_CHECK_TYPE([socklen_t], ,[
 # for the fake-rfc2553 stuff - straight from OpenSSH
 
 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
-	AC_TRY_COMPILE(
-		[
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
 #include <sys/types.h>
 #include <sys/socket.h>
-		],
-		[ struct sockaddr_storage s; ],
+		]],
+		[[ if (sizeof(struct sockaddr_storage)) return 0 ]])],
 		[ ac_cv_have_struct_sockaddr_storage="yes" ],
 		[ ac_cv_have_struct_sockaddr_storage="no" ]
 	)
@@ -274,64 +460,61 @@ if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
 fi
 
 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
-	AC_TRY_COMPILE(
-		[
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
 #include <sys/types.h>
 #include <netinet/in.h>
-		],
-		[ struct sockaddr_in6 s; s.sin6_family = 0; ],
+		]],
+		[[ if (sizeof(struct sockaddr_in6)) return 0 ]])],
 		[ ac_cv_have_struct_sockaddr_in6="yes" ],
 		[ ac_cv_have_struct_sockaddr_in6="no" ]
 	)
 ])
 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
-	AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6,,Have struct sockaddr_in6)
+	AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6,1,Have struct sockaddr_in6)
 fi
 
 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
-	AC_TRY_COMPILE(
-		[
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
 #include <sys/types.h>
 #include <netinet/in.h>
-		],
-		[ struct in6_addr s; s.s6_addr[0] = 0; ],
+		]],
+		[[ if (sizeof(struct in6_addr)) return 0 ]])],
 		[ ac_cv_have_struct_in6_addr="yes" ],
 		[ ac_cv_have_struct_in6_addr="no" ]
 	)
 ])
 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
-	AC_DEFINE(HAVE_STRUCT_IN6_ADDR,,Have struct in6_addr)
+	AC_DEFINE(HAVE_STRUCT_IN6_ADDR,1,Have struct in6_addr)
 fi
 
 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
-	AC_TRY_COMPILE(
-		[
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netdb.h>
-		],
-		[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
+		]],
+		[[ if (sizeof(struct addrinfo)) return 0 ]])],
 		[ ac_cv_have_struct_addrinfo="yes" ],
 		[ ac_cv_have_struct_addrinfo="no" ]
 	)
 ])
 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
-	AC_DEFINE(HAVE_STRUCT_ADDRINFO,,Have struct addrinfo)
+	AC_DEFINE(HAVE_STRUCT_ADDRINFO,1,Have struct addrinfo)
 fi
 
 
 # IRIX has a const char return value for gai_strerror()
 AC_CHECK_FUNCS(gai_strerror,[
 	AC_DEFINE(HAVE_GAI_STRERROR)
-	AC_TRY_COMPILE([
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netdb.h>
 
-const char *gai_strerror(int);],[
+const char *gai_strerror(int);]],[[
 char *str;
 
-str = gai_strerror(0);],[
+str = gai_strerror(0);]])],[
 		AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
 		[Define if gai_strerror() returns const char *])])])
 
@@ -363,23 +546,44 @@ AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
 AC_CHECK_FUNCS(setutxent utmpxname)
 AC_CHECK_FUNCS(logout updwtmp logwtmp)
 
+# POSIX monotonic time
+AC_CHECK_FUNCS(clock_gettime)
+
+# OS X monotonic time
+AC_CHECK_HEADERS([mach/mach_time.h])
+AC_CHECK_FUNCS(mach_absolute_time)
+
+AC_CHECK_FUNCS(explicit_bzero memset_s getrandom)
+
 AC_ARG_ENABLE(bundled-libtom,
-	[  --enable-bundled-libtom       Use bundled libtomcrypt/libtommath even if a system version exists],
-	[ 
-		BUNDLED_LIBTOM=1
-		AC_MSG_NOTICE(Forcing bundled libtom*)
+[  --enable-bundled-libtom       Force using bundled libtomcrypt/libtommath even if a system version exists.
+  --disable-bundled-libtom      Force using system libtomcrypt/libtommath, fail if it does not exist.
+                                Default is to use system if available, otherwise bundled.
+                                Dropbear requires system libtommath >= 1.2.0 and libtomcrypt >= 1.18.0],
+	[
+		if test "x$enableval" = "xyes"; then
+			BUNDLED_LIBTOM=1
+			AC_MSG_NOTICE(Forcing bundled libtom*)
+		else
+			BUNDLED_LIBTOM=0
+			AC_CHECK_LIB(tommath, mp_to_ubin, LIBTOM_LIBS="-ltommath $LIBTOM_LIBS",
+				[AC_MSG_ERROR([Missing/old system libtommath and --disable-bundled-libtom was specified])] )
+			AC_CHECK_LIB(tomcrypt, poly1305_init, LIBTOM_LIBS="-ltomcrypt $LIBTOM_LIBS",
+				[AC_MSG_ERROR([Missing/old system libtomcrypt and --disable-bundled-libtom was specified])] )
+		fi
 	],
 	[
 		BUNDLED_LIBTOM=0
-		AC_CHECK_LIB(tomcrypt, register_cipher, , BUNDLED_LIBTOM=1)
-		AC_CHECK_LIB(tommath, mp_exptmod, , BUNDLED_LIBTOM=1)
+		AC_CHECK_LIB(tommath, mp_to_ubin, LIBTOM_LIBS="-ltommath $LIBTOM_LIBS", BUNDLED_LIBTOM=1)
+		AC_CHECK_LIB(tomcrypt, poly1305_init, LIBTOM_LIBS="-ltomcrypt $LIBTOM_LIBS", BUNDLED_LIBTOM=1)
 	]
 )
 
 if test $BUNDLED_LIBTOM = 1 ; then
-	AC_DEFINE(BUNDLED_LIBTOM,,Use bundled libtom) 
+	AC_DEFINE(BUNDLED_LIBTOM,1,Use bundled libtom)
 fi
 
+AC_SUBST(LIBTOM_LIBS)
 AC_SUBST(BUNDLED_LIBTOM)
 
 dnl Added from OpenSSH 3.6.1p2's configure.ac
@@ -387,41 +591,69 @@ dnl Added from OpenSSH 3.6.1p2's configure.ac
 dnl allow user to disable some login recording features
 AC_ARG_ENABLE(lastlog,
 	[  --disable-lastlog       Disable use of lastlog even if detected [no]],
-	[ AC_DEFINE(DISABLE_LASTLOG,,Disable use of lastlog()) ]
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_LASTLOG,1,Disable use of lastlog())
+		fi
+	]
 )
 AC_ARG_ENABLE(utmp,
 	[  --disable-utmp          Disable use of utmp even if detected [no]],
-	[ AC_DEFINE(DISABLE_UTMP,,Disable use of utmp) ]
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_UTMP,1,Disable use of utmp)
+		fi
+	]
 )
 AC_ARG_ENABLE(utmpx,
 	[  --disable-utmpx         Disable use of utmpx even if detected [no]],
-	[ AC_DEFINE(DISABLE_UTMPX,,Disable use of utmpx) ]
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_UTMPX,1,Disable use of utmpx)
+		fi
+	]
 )
 AC_ARG_ENABLE(wtmp,
 	[  --disable-wtmp          Disable use of wtmp even if detected [no]],
-	[ AC_DEFINE(DISABLE_WTMP,,Disable use of wtmp) ]
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_WTMP,1,Disable use of wtmp)
+		fi
+	]
 )
 AC_ARG_ENABLE(wtmpx,
 	[  --disable-wtmpx         Disable use of wtmpx even if detected [no]],
-	[ AC_DEFINE(DISABLE_WTMPX,,Disable use of wtmpx) ]
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_WTMPX,1,Disable use of wtmpx)
+		fi
+	]
 )
 AC_ARG_ENABLE(loginfunc,
 	[  --disable-loginfunc     Disable use of login() etc. [no]],
 	[ no_loginfunc_check=1
-	AC_MSG_NOTICE(Not using login() etc) ]
+	AC_MSG_NOTICE([Not using login() etc]) ]
 )
 AC_ARG_ENABLE(pututline,
 	[  --disable-pututline     Disable use of pututline() etc. ([uw]tmp) [no]],
-	[ AC_DEFINE(DISABLE_PUTUTLINE,,Disable use of pututline()) ]
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_PUTUTLINE,1,Disable use of pututline())
+		fi
+	]
 )
 AC_ARG_ENABLE(pututxline,
 	[  --disable-pututxline    Disable use of pututxline() etc. ([uw]tmpx) [no]],
-	[ AC_DEFINE(DISABLE_PUTUTXLINE,,Disable use of pututxline()) ]
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_PUTUTXLINE,1,Disable use of pututxline())
+		fi
+	]
 )
 AC_ARG_WITH(lastlog,
   [  --with-lastlog=FILE|DIR specify lastlog location [common locations]],
 	[
-		if test "x$withval" = "xno" ; then	
+		if test "x$withval" = "xno" ; then
 			AC_DEFINE(DISABLE_LASTLOG)
 		else
 			conf_lastlog_location=$withval
@@ -431,7 +663,7 @@ AC_ARG_WITH(lastlog,
 
 if test -z "$no_loginfunc_check"; then
 	dnl    Checks for libutil functions (login(), logout() etc, not openpty() )
-	AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN,,Have login() function)])
+	AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN,1,[Have login() function])])
 	AC_CHECK_FUNCS(logout updwtmp logwtmp)
 fi
 
@@ -443,7 +675,7 @@ dnl lastlog and [uw]tmp are subject to a file search if all else fails
 dnl lastlog detection
 dnl  NOTE: the code itself will detect if lastlog is a directory
 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
-AC_TRY_COMPILE([
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
 #include <sys/types.h>
 #include <utmp.h>
 #ifdef HAVE_LASTLOG_H
@@ -455,13 +687,13 @@ AC_TRY_COMPILE([
 #ifdef HAVE_LOGIN_H
 # include <login.h>
 #endif
-	],
-	[ char *lastlog = LASTLOG_FILE; ],
+	]],
+	[[ char *lastlog = LASTLOG_FILE; ]])],
 	[ AC_MSG_RESULT(yes) ],
 	[
 		AC_MSG_RESULT(no)
 		AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
-		AC_TRY_COMPILE([
+		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
 #include <sys/types.h>
 #include <utmp.h>
 #ifdef HAVE_LASTLOG_H
@@ -470,8 +702,8 @@ AC_TRY_COMPILE([
 #ifdef HAVE_PATHS_H
 #  include <paths.h>
 #endif
-		],
-		[ char *lastlog = _PATH_LASTLOG; ],
+		]],
+		[[ char *lastlog = _PATH_LASTLOG; ]])],
 		[ AC_MSG_RESULT(yes) ],
 		[
 			AC_MSG_RESULT(no)
@@ -496,18 +728,18 @@ fi
 
 if test -n "$conf_lastlog_location"; then
 	AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location", lastlog file location)
-fi	
+fi
 
 dnl utmp detection
 AC_MSG_CHECKING([if your system defines UTMP_FILE])
-AC_TRY_COMPILE([
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
 #include <sys/types.h>
 #include <utmp.h>
 #ifdef HAVE_PATHS_H
 #  include <paths.h>
 #endif
-	],
-	[ char *utmp = UTMP_FILE; ],
+	]],
+	[[ char *utmp = UTMP_FILE; ]])],
 	[ AC_MSG_RESULT(yes) ],
 	[ AC_MSG_RESULT(no)
 	  system_utmp_path=no ]
@@ -526,18 +758,20 @@ if test -z "$conf_utmp_location"; then
 fi
 if test -n "$conf_utmp_location"; then
 	AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location", utmp file location)
-fi	
+fi
 
 dnl wtmp detection
 AC_MSG_CHECKING([if your system defines WTMP_FILE])
-AC_TRY_COMPILE([
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
 #include <sys/types.h>
-#include <utmp.h>
+#ifdef HAVE_UTMP_H
+#  include <utmp.h>
+#endif
 #ifdef HAVE_PATHS_H
 #  include <paths.h>
 #endif
-	],
-	[ char *wtmp = WTMP_FILE; ],
+	]],
+	[[ char *wtmp = WTMP_FILE; ]])],
 	[ AC_MSG_RESULT(yes) ],
 	[ AC_MSG_RESULT(no)
 	  system_wtmp_path=no ]
@@ -556,14 +790,14 @@ if test -z "$conf_wtmp_location"; then
 fi
 if test -n "$conf_wtmp_location"; then
 	AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location", wtmp file location)
-fi	
+fi
 
 
 dnl utmpx detection - I don't know any system so perverse as to require
 dnl  utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
 dnl  there, though.
 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
-AC_TRY_COMPILE([
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
 #include <sys/types.h>
 #include <utmp.h>
 #ifdef HAVE_UTMPX_H
@@ -572,8 +806,8 @@ AC_TRY_COMPILE([
 #ifdef HAVE_PATHS_H
 #  include <paths.h>
 #endif
-	],
-	[ char *utmpx = UTMPX_FILE; ],
+	]],
+	[[ char *utmpx = UTMPX_FILE; ]])],
 	[ AC_MSG_RESULT(yes) ],
 	[ AC_MSG_RESULT(no)
 	  system_utmpx_path=no ]
@@ -584,21 +818,23 @@ if test -z "$conf_utmpx_location"; then
 	fi
 else
 	AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location", utmpx file location)
-fi	
+fi
 
 dnl wtmpx detection
 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
-AC_TRY_COMPILE([
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
 #include <sys/types.h>
-#include <utmp.h>
+#ifdef HAVE_UTMP_H
+#  include <utmp.h>
+#endif
 #ifdef HAVE_UTMPX_H
-#include <utmpx.h>
+#  include <utmpx.h>
 #endif
 #ifdef HAVE_PATHS_H
 #  include <paths.h>
 #endif
-	],
-	[ char *wtmpx = WTMPX_FILE; ],
+	]],
+	[[ char *wtmpx = WTMPX_FILE; ]])],
 	[ AC_MSG_RESULT(yes) ],
 	[ AC_MSG_RESULT(no)
 	  system_wtmpx_path=no ]
@@ -609,21 +845,24 @@ if test -z "$conf_wtmpx_location"; then
 	fi
 else
 	AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location", wtmpx file location)
-fi	
+fi
 
 # Checks for library functions.
 AC_PROG_GCC_TRADITIONAL
 AC_FUNC_MEMCMP
 AC_FUNC_SELECT_ARGTYPES
-AC_TYPE_SIGNAL
-AC_CHECK_FUNCS([dup2 getspnam getusershell memset putenv select socket strdup clearenv strlcpy strlcat daemon basename _getpty getaddrinfo freeaddrinfo getnameinfo])
+AC_CHECK_FUNCS([getpass getspnam getusershell putenv])
+AC_CHECK_FUNCS([clearenv strlcpy strlcat daemon basename _getpty getaddrinfo ])
+AC_CHECK_FUNCS([freeaddrinfo getnameinfo fork writev getgrouplist fexecve])
 
 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
 
 # Solaris needs ptmx
 if test -z "$no_ptmx_check" ; then
 	if test x"$cross_compiling" = x"no" ; then
-		AC_CHECK_FILE("/dev/ptmx", AC_DEFINE(USE_DEV_PTMX,,Use /dev/ptmx))
+		if test -e /dev/ptmx ; then
+			AC_DEFINE(USE_DEV_PTMX,1,Use /dev/ptmx)
+		fi
 	else
 		AC_MSG_NOTICE([Not checking for /dev/ptmx, we're cross-compiling])
 	fi
@@ -631,7 +870,9 @@ fi
 
 if test -z "$no_ptc_check" ; then
 	if test x"$cross_compiling" = x"no" ; then
-		AC_CHECK_FILE("/dev/ptc", AC_DEFINE(HAVE_DEV_PTS_AND_PTC,,Use /dev/ptc & /dev/pts))
+		if test -e /dev/ptc ; then
+			AC_DEFINE(HAVE_DEV_PTS_AND_PTC,1,Use /dev/ptc & /dev/pts)
+		fi
 	else
 		AC_MSG_NOTICE([Not checking for /dev/ptc & /dev/pts since we're cross-compiling])
 	fi
@@ -639,64 +880,37 @@ fi
 
 AC_EXEEXT
 
-# XXX there must be a nicer way to do this
-AS_MKDIR_P(libtomcrypt/src/ciphers/aes)
-AS_MKDIR_P(libtomcrypt/src/ciphers/safer)
-AS_MKDIR_P(libtomcrypt/src/ciphers/twofish)
-AS_MKDIR_P(libtomcrypt/src/encauth/ccm)
-AS_MKDIR_P(libtomcrypt/src/encauth/eax)
-AS_MKDIR_P(libtomcrypt/src/encauth/gcm)
-AS_MKDIR_P(libtomcrypt/src/encauth/ocb)
-AS_MKDIR_P(libtomcrypt/src/hashes)
-AS_MKDIR_P(libtomcrypt/src/hashes/chc)
-AS_MKDIR_P(libtomcrypt/src/hashes/helper)
-AS_MKDIR_P(libtomcrypt/src/hashes/sha2)
-AS_MKDIR_P(libtomcrypt/src/hashes/whirl)
-AS_MKDIR_P(libtomcrypt/src/mac/hmac)
-AS_MKDIR_P(libtomcrypt/src/mac/omac)
-AS_MKDIR_P(libtomcrypt/src/mac/pelican)
-AS_MKDIR_P(libtomcrypt/src/mac/pmac)
-AS_MKDIR_P(libtomcrypt/src/mac/f9)
-AS_MKDIR_P(libtomcrypt/src/mac/xcbc)
-AS_MKDIR_P(libtomcrypt/src/math/fp)
-AS_MKDIR_P(libtomcrypt/src/misc/base64)
-AS_MKDIR_P(libtomcrypt/src/misc/crypt)
-AS_MKDIR_P(libtomcrypt/src/misc/mpi)
-AS_MKDIR_P(libtomcrypt/src/misc/pkcs5)
-AS_MKDIR_P(libtomcrypt/src/modes/cbc)
-AS_MKDIR_P(libtomcrypt/src/modes/cfb)
-AS_MKDIR_P(libtomcrypt/src/modes/ctr)
-AS_MKDIR_P(libtomcrypt/src/modes/ecb)
-AS_MKDIR_P(libtomcrypt/src/modes/ofb)
-AS_MKDIR_P(libtomcrypt/src/modes/f8)
-AS_MKDIR_P(libtomcrypt/src/modes/lrw)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/bit)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/choice)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/ia5)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/integer)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/object_identifier)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/octet)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/printable_string)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/sequence)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/short_integer)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/utctime)
-AS_MKDIR_P(libtomcrypt/src/pk/dh)
-AS_MKDIR_P(libtomcrypt/src/pk/dsa)
-AS_MKDIR_P(libtomcrypt/src/pk/ecc)
-AS_MKDIR_P(libtomcrypt/src/pk/pkcs1)
-AS_MKDIR_P(libtomcrypt/src/pk/rsa)
-AS_MKDIR_P(libtomcrypt/src/prng)
-AC_CONFIG_HEADER(config.h)
-AC_OUTPUT(Makefile)
-AC_OUTPUT(libtomcrypt/Makefile)
-AC_OUTPUT(libtommath/Makefile)
+if test $BUNDLED_LIBTOM = 1 ; then
+(cd $srcdir; find libtomcrypt -type d) | xargs mkdir -pv
+LIBTOM_FILES="libtomcrypt/Makefile libtommath/Makefile"
+fi
+
+# flags that should be set in Makefile but not for configure tests
+CFLAGS="$CFLAGS $LATE_CFLAGS"
+
+AC_CONFIG_AUX_DIR([src])
+
+AC_CONFIG_HEADERS([config.h:src/config.h.in])
+AC_CONFIG_FILES(Makefile $LIBTOM_FILES test/Makefile)
+AC_OUTPUT
 
 AC_MSG_NOTICE()
 if test $BUNDLED_LIBTOM = 1 ; then
-AC_MSG_NOTICE(Using bundled libtomcrypt and libtommath)
+AC_MSG_NOTICE([Using bundled libtomcrypt and libtommath])
 else
-AC_MSG_NOTICE(Using system libtomcrypt and libtommath)
+AC_MSG_NOTICE([Using system libtomcrypt and libtommath])
+fi
+
+
+if test "x$ac_cv_func_getpass" != xyes; then
+AC_MSG_NOTICE()
+AC_MSG_NOTICE([getpass() not available, dbclient will only have public-key authentication])
+fi
+
+if test "t$found_crypt_func" != there; then
+AC_MSG_NOTICE()
+AC_MSG_NOTICE([crypt() not available, dropbear server will not have password authentication])
 fi
 
 AC_MSG_NOTICE()
-AC_MSG_NOTICE(Now edit options.h to choose features.)
+AC_MSG_NOTICE([Now edit localoptions.h to choose features.])

dbclient.1

@@ -1,151 +0,0 @@
-.TH dbclient 1
-.SH NAME
-dbclient \- lightweight SSH2 client
-.SH SYNOPSIS
-.B dbclient
-[\-Tt] [\-p
-.I port\fR] [\-i
-.I id\fR] [\-L
-.I l\fR:\fIh\fR:\fIr\fR] [\-R
-.I l\fR:\fIh\fR:\fIr\fR] [\-l
-.IR user ]
-.I host
-.RI [ command ]
-
-.B dbclient
-[
-.I args ]
-.I [user1]@host1[/port1],[user2]@host2[/port2],...
-
-.SH DESCRIPTION
-.B dbclient
-is a SSH 2 client designed to be small enough to be used in small memory
-environments, while still being functional and secure enough for general use.
-.SH OPTIONS
-.TP
-.B \-p \fIport
-Remote port.
-Connect to port
-.I port
-on the remote host.
-Default is 22.
-.TP
-.B \-i \fIidfile
-Identity file.
-Read the identity from file
-.I idfile
-(multiple allowed).
-.TP
-.B \-L [\fIlistenaddress\fR]:\fIlistenport\fR:\fIhost\fR:\fIport\fR
-Local port forwarding.
-Forward the port
-.I listenport
-on the local host through the SSH connection to port
-.I port
-on the host
-.IR host .
-.TP
-.B \-R [\fIlistenaddress\fR]:\fIlistenport\fR:\fIhost\fR:\fIport\fR
-Remote port forwarding.
-Forward the port
-.I listenport
-on the remote host through the SSH connection to port
-.I port
-on the host
-.IR host .
-.TP
-.B \-l \fIuser
-Username.
-Login as
-.I user
-on the remote host.
-.TP
-.B \-t
-Allocate a pty.
-.TP
-.B \-T
-Don't allocate a pty.
-.TP
-.B \-N
-Don't request a remote shell or run any commands. Any command arguments are ignored.
-.TP
-.B \-f
-Fork into the background after authentication. A command argument (or -N) is required.
-This is useful when using password authentication.
-.TP
-.B \-g
-Allow non-local hosts to connect to forwarded ports. Applies to -L and -R
-forwarded ports, though remote connections to -R forwarded ports may be limited
-by the ssh server.
-.TP
-.B \-y
-Always accept hostkeys if they are unknown. If a hostkey mismatch occurs the
-connection will abort as normal.
-.TP
-.B \-A
-Forward agent connections to the remote host. dbclient will use any
-OpenSSH-style agent program if available ($SSH_AUTH_SOCK will be set) for
-public key authentication.  Forwarding is only enabled if -A is specified.
-.TP
-.B \-W \fIwindowsize
-Specify the per-channel receive window buffer size. Increasing this 
-may improve network performance at the expense of memory use. Use -h to see the
-default buffer size.
-.TP
-.B \-K \fItimeout_seconds
-Ensure that traffic is transmitted at a certain interval in seconds. This is
-useful for working around firewalls or routers that drop connections after
-a certain period of inactivity. The trade-off is that a session may be
-closed if there is a temporary lapse of network connectivity. A setting
-if 0 disables keepalives.
-.TP
-.B \-I \fIidle_timeout
-Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds.
-.TP
-.B \-J \fIproxy_command
-Use the standard input/output of the program \fIproxy_command\fR rather than using
-a normal TCP connection. A hostname should be still be provided, as this is used for
-comparing saved hostkeys.
-.TP
-.B \-B \fIendhost:endport
-"Netcat-alike" mode, where Dropbear will connect to the given host, then create a
-forwarded connection to \fIendhost\fR. This will then be presented as dbclient's
-standard input/output.
-
-Dropbear will also allow multiple "hops" to be specified, separated by commas. In
-this case a connection will be made to the first host, then a TCP forwarded 
-connection will be made through that to the second host, and so on. Hosts other than
-the final destination will not see anything other than the encrypted SSH stream. 
-A port for a host can be specified with a slash (eg matt@martello/44 ).
-This syntax can also be used with scp or rsync (specifying dbclient as the 
-ssh/rsh command). A file can be "bounced" through multiple SSH hops, eg
-
-scp -S dbclient matt@martello,root@wrt,canyons:/tmp/dump .
-
-Note that hostnames are resolved by the prior hop (so "canyons" would be resolved by the host "wrt")
-in the example above, the same way as other -L TCP forwarded hosts are. Host keys are 
-checked locally based on the given hostname.
-
-.SH ENVIRONMENT
-.TP
-.B DROPBEAR_PASSWORD
-A password to use for remote authentication can be specified in the environment
-variable DROPBEAR_PASSWORD. Care should be taken that the password is not
-exposed to other users on a multi-user system, or stored in accessible files.
-.TP
-.B SSH_ASKPASS
-dbclient can use an external program to request a password from a user.
-SSH_ASKPASS should be set to the path of a program that will return a password
-on standard output. This program will only be used if either DISPLAY is set and
-standard input is not a TTY, or the environment variable SSH_ASKPASS_ALWAYS is
-set.
-.SH AUTHOR
-Matt Johnston (matt@ucc.asn.au).
-.br
-Mihnea Stoenescu wrote initial Dropbear client support
-.br
-Gerrit Pape (pape@smarden.org) wrote this manual page.
-.SH SEE ALSO
-dropbear(8), dropbearkey(8)
-.P
-http://matt.ucc.asn.au/dropbear/dropbear.html

debian/changelog

@@ -1,3 +1,172 @@
+dropbear (2024.85-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 25 Apr 2024 22:51:57 +0800
+
+dropbear (2024.84-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 4 Apr 2024 22:51:57 +0800
+
+dropbear (2022.83-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Mon, 14 Nov 2022 22:51:57 +0800
+
+dropbear (2022.82-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Fri, 1 Apr 2022 22:51:57 +0800
+
+dropbear (2020.81-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 29 Oct 2020 22:51:57 +0800
+
+dropbear (2020.80-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Fri, 26 Jun 2020 22:51:57 +0800
+
+dropbear (2020.79-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Mon, 15 Jun 2020 22:51:57 +0800
+
+dropbear (2019.78-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 27 Mar 2019 22:51:57 +0800
+
+dropbear (2019.77-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Sat, 23 Mar 2019 22:51:57 +0800
+
+dropbear (2018.76-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Tue, 27 Feb 2018 22:51:57 +0800
+
+dropbear (2017.75-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 18 May 2017 22:51:57 +0800
+
+dropbear (2016.74-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 21 Jul 2016 22:51:57 +0800
+
+dropbear (2016.73-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Fri, 18 Mar 2016 22:52:58 +0800
+
+dropbear (2016.72-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 10 Mar 2016 22:52:58 +0800
+
+dropbear (2015.70-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 26 Nov 2015 22:52:58 +0800
+
+dropbear (2015.69-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 25 Nov 2015 22:52:58 +0800
+
+dropbear (2015.68-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Sat, 8 Aug 2015 22:52:58 +0800
+
+dropbear (2015.67-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 28 Jan 2015 22:53:59 +0800
+
+dropbear (2014.66-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 23 Oct 2014 22:54:00 +0800
+
+dropbear (2014.65-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Fri, 8 Aug 2014 22:54:00 +0800
+
+dropbear (2014.64-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Sun, 27 Jul 2014 22:54:00 +0800
+
+dropbear (2014.63-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 19 Feb 2014 22:54:00 +0800
+
+dropbear (2013.62) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Tue, 7 Dec 2013 22:54:00 +0800
+
+dropbear (2013.60-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 16 Oct 2013 22:54:00 +0800
+
+dropbear (2013.59-0.1) unstable; urgency=low
+
+  * New upstream release.
+  * Build with DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+ -- Matt Johnston <matt@ucc.asn.au>  Fri, 4 Oct 2013 22:54:00 +0800
+
+dropbear (2013.58-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 18 Apr 2013 22:54:00 +0800
+
+dropbear (2013.57-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Mon, 15 Apr 2013 22:54:00 +0800
+
+dropbear (2013.56-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 21 Mar 2013 22:54:00 +0800
+
 dropbear (2012.55-0.1) unstable; urgency=low
 
   * New upstream release.

debian/dropbear.docs

@@ -1,4 +1,3 @@
-README
-TODO
+README.md
 debian/README.runit
 debian/README.Debian.diet

debian/dropbear.init

@@ -5,6 +5,7 @@
 # Required-Stop:     $remote_fs $syslog
 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
+# Short-Description: Dropbear SSH server
 ### END INIT INFO
 #
 # Do not configure this file. Edit /etc/default/dropbear instead!
@@ -24,7 +25,7 @@ set -e
 cancel() { echo "$1" >&2; exit 0; };
 test ! -r /etc/default/dropbear || . /etc/default/dropbear
 test -x "$DAEMON" || cancel "$DAEMON does not exist or is not executable."
-test ! -x /usr/sbin/update-service || ! update-service --check dropbear ||
+test ! -x /usr/sbin/update-service || ! update-service --check dropbear || \
   cancel 'The dropbear service is controlled through runit, use the sv(8) program'
 
 test -z "$DROPBEAR_BANNER" || \

debian/rules

@@ -1,5 +1,9 @@
 #!/usr/bin/make -f
 
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/buildflags.mk
+
 #export DH_OPTIONS
 DEB_HOST_GNU_TYPE ?=$(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
 DEB_BUILD_GNU_TYPE ?=$(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
@@ -9,13 +13,6 @@ ifneq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
   STRIP =: nostrip
 endif
 
-CFLAGS =-Wall -g
-ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
-  CFLAGS +=-O0
-else
-  CFLAGS +=-O2
-endif
-
 CONFFLAGS =
 CC =gcc
 ifneq (,$(findstring diet,$(DEB_BUILD_OPTIONS)))
@@ -79,12 +76,12 @@ install: deb-checkdir deb-checkuid build-stamp
 	ln -s /var/log/dropbear '$(DIR)'/etc/dropbear/log/main
 	# man pages
 	install -d -m0755 '$(DIR)'/usr/share/man/man8
-	for i in dropbear.8 dropbearkey.8; do \
-	  install -m644 $$i '$(DIR)'/usr/share/man/man8/ || exit 1; \
+	install -d -m0755 '$(DIR)'/usr/share/man/man1
+	install -m644 manpages/dropbear.8 '$(DIR)'/usr/share/man/man8/
+	for i in dbclient.1 dropbearkey.1 dropbearconvert.1; do \
+	  install -m644 manpages/$$i '$(DIR)'/usr/share/man/man1/ || exit 1; \
 	done
 	gzip -9 '$(DIR)'/usr/share/man/man8/*.8
-	install -d -m0755 '$(DIR)'/usr/share/man/man1
-	install -m644 dbclient.1 '$(DIR)'/usr/share/man/man1/
 	gzip -9 '$(DIR)'/usr/share/man/man1/*.1
 	# copyright, changelog
 	cat debian/copyright.in LICENSE >debian/copyright

dropbearkey.8

@@ -1,50 +0,0 @@
-.TH dropbearkey 8
-.SH NAME
-dropbearkey \- create private keys for the use with dropbear(8)
-.SH SYNOPSIS
-.B dropbearkey
-\-t
-.I type
-\-f
-.I file
-[\-s
-.IR bits ]
-.SH DESCRIPTION
-.B dropbearkey
-generates a
-.I RSA
-or
-.I DSS
-format SSH private key, and saves it to a file for the use with the
-.BR dropbear (8)
-SSH 2 server.
-Note that 
-some SSH implementations
-use the term "DSA" rather than "DSS", they mean the same thing.
-.SH OPTIONS
-.TP
-.B \-t \fItype
-Type of key to generate.
-Must be one of
-.I rsa
-or
-.IR dss .
-.TP
-.B \-f \fIfile
-Write the secret key to the file
-.IR file .
-.TP
-.B \-s \fIbits
-Set the key size to
-.I bits
-bits, should be multiple of 8 (optional).
-.SH EXAMPLE
- # dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
-.SH AUTHOR
-Matt Johnston (matt@ucc.asn.au).
-.br
-Gerrit Pape (pape@smarden.org) wrote this manual page.
-.SH SEE ALSO
-dropbear(8), dbclient(1)
-.P
-http://matt.ucc.asn.au/dropbear/dropbear.html

dropbearkey.c

@@ -1,374 +0,0 @@
-/*
- * Dropbear - a SSH2 server
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-/* The format of the keyfiles is basically a raw dump of the buffer. Data types
- * are specified in the transport rfc 4253 - string is a 32-bit len then the
- * non-null-terminated string, mp_int is a 32-bit len then the bignum data.
- * The actual functions are buf_put_rsa_priv_key() and buf_put_dss_priv_key()
-
- * RSA:
- * string	"ssh-rsa"
- * mp_int	e
- * mp_int	n
- * mp_int	d
- * mp_int	p (newer versions only)
- * mp_int	q (newer versions only) 
- *
- * DSS:
- * string	"ssh-dss"
- * mp_int	p
- * mp_int	q
- * mp_int	g
- * mp_int	y
- * mp_int	x
- *
- */
-#include "includes.h"
-#include "signkey.h"
-#include "buffer.h"
-#include "dbutil.h"
-
-#include "genrsa.h"
-#include "gendss.h"
-
-static void printhelp(char * progname);
-
-#define RSA_SIZE (1024/8) /* 1024 bit */
-#define DSS_SIZE (1024/8) /* 1024 bit */
-
-static void buf_writefile(buffer * buf, const char * filename);
-static void printpubkey(sign_key * key, int keytype);
-static void justprintpub(const char* filename);
-
-/* Print a help message */
-static void printhelp(char * progname) {
-
-	fprintf(stderr, "Usage: %s -t <type> -f <filename> [-s bits]\n"
-					"Options are:\n"
-					"-t type	Type of key to generate. One of:\n"
-#ifdef DROPBEAR_RSA
-					"		rsa\n"
-#endif
-#ifdef DROPBEAR_DSS
-					"		dss\n"
-#endif
-					"-f filename	Use filename for the secret key\n"
-					"-s bits	Key size in bits, should be a multiple of 8 (optional)\n"
-					"           (DSS has a fixed size of 1024 bits)\n"
-					"-y		Just print the publickey and fingerprint for the\n		private key in <filename>.\n"
-#ifdef DEBUG_TRACE
-					"-v		verbose\n"
-#endif
-					,progname);
-}
-
-#if defined(DBMULTI_dropbearkey) || !defined(DROPBEAR_MULTI)
-#if defined(DBMULTI_dropbearkey) && defined(DROPBEAR_MULTI)
-int dropbearkey_main(int argc, char ** argv) {
-#else
-int main(int argc, char ** argv) {
-#endif
-
-	int i;
-	char ** next = 0;
-	sign_key *key = NULL;
-	buffer *buf = NULL;
-	char * filename = NULL;
-	int keytype = -1;
-	char * typetext = NULL;
-	char * sizetext = NULL;
-	unsigned int bits;
-	unsigned int keysize;
-	int printpub = 0;
-
-	/* get the commandline options */
-	for (i = 1; i < argc; i++) {
-		if (argv[i] == NULL) {
-			continue; /* Whack */
-		} 
-		if (next) {
-			*next = argv[i];
-			next = NULL;
-			continue;
-		}
-
-		if (argv[i][0] == '-') {
-			switch (argv[i][1]) {
-				case 'f':
-					next = &filename;
-					break;
-				case 't':
-					next = &typetext;
-					break;
-				case 's':
-					next = &sizetext;
-					break;
-				case 'y':
-					printpub = 1;
-					break;
-				case 'h':
-					printhelp(argv[0]);
-					exit(EXIT_SUCCESS);
-					break;
-#ifdef DEBUG_TRACE
-				case 'v':
-					debug_trace = 1;
-					break;
-#endif
-				default:
-					fprintf(stderr, "Unknown argument %s\n", argv[i]);
-					printhelp(argv[0]);
-					exit(EXIT_FAILURE);
-					break;
-			}
-		}
-	}
-
-	if (!filename) {
-		fprintf(stderr, "Must specify a key filename\n");
-		printhelp(argv[0]);
-		exit(EXIT_FAILURE);
-	}
-
-	if (printpub) {
-		justprintpub(filename);
-		/* Not reached */
-	}
-
-	/* check/parse args */
-	if (!typetext) {
-		fprintf(stderr, "Must specify key type\n");
-		printhelp(argv[0]);
-		exit(EXIT_FAILURE);
-	}
-
-	if (strlen(typetext) == 3) {
-#ifdef DROPBEAR_RSA
-		if (strncmp(typetext, "rsa", 3) == 0) {
-			keytype = DROPBEAR_SIGNKEY_RSA;
-			TRACE(("type is rsa"))
-		}
-#endif
-#ifdef DROPBEAR_DSS
-		if (strncmp(typetext, "dss", 3) == 0) {
-			keytype = DROPBEAR_SIGNKEY_DSS;
-			TRACE(("type is dss"))
-		}
-#endif
-	}
-	if (keytype == -1) {
-		fprintf(stderr, "Unknown key type '%s'\n", typetext);
-		printhelp(argv[0]);
-		exit(EXIT_FAILURE);
-	}
-
-	if (sizetext) {
-		if (sscanf(sizetext, "%u", &bits) != 1) {
-			fprintf(stderr, "Bits must be an integer\n");
-			exit(EXIT_FAILURE);
-		}
-		
-		if (keytype == DROPBEAR_SIGNKEY_DSS && bits != 1024) {
-			fprintf(stderr, "DSS keys have a fixed size of 1024 bits\n");
-			exit(EXIT_FAILURE);			
-		} else if (bits < 512 || bits > 4096 || (bits % 8 != 0)) {
-			fprintf(stderr, "Bits must satisfy 512 <= bits <= 4096, and be a"
-					" multiple of 8\n");
-			exit(EXIT_FAILURE);
-		}
-
-		keysize = bits / 8;
-	} else {
-		if (keytype == DROPBEAR_SIGNKEY_DSS) {
-			keysize = DSS_SIZE;
-		} else if (keytype == DROPBEAR_SIGNKEY_RSA) {
-			keysize = RSA_SIZE;
-		} else {
-			exit(EXIT_FAILURE); /* not reached */
-		}
-	}
-
-
-	fprintf(stderr, "Will output %d bit %s secret key to '%s'\n", keysize*8,
-			typetext, filename);
-
-	/* don't want the file readable by others */
-	umask(077);
-
-	/* now we can generate the key */
-	key = new_sign_key();
-	
-	fprintf(stderr, "Generating key, this may take a while...\n");
-	switch(keytype) {
-#ifdef DROPBEAR_RSA
-		case DROPBEAR_SIGNKEY_RSA:
-			key->rsakey = gen_rsa_priv_key(keysize); /* 128 bytes = 1024 bit */
-			break;
-#endif
-#ifdef DROPBEAR_DSS
-		case DROPBEAR_SIGNKEY_DSS:
-			key->dsskey = gen_dss_priv_key(keysize); /* 128 bytes = 1024 bit */
-			break;
-#endif
-		default:
-			fprintf(stderr, "Internal error, bad key type\n");
-			exit(EXIT_FAILURE);
-	}
-
-	buf = buf_new(MAX_PRIVKEY_SIZE); 
-
-	buf_put_priv_key(buf, key, keytype);
-	buf_setpos(buf, 0);
-	buf_writefile(buf, filename);
-
-	buf_burn(buf);
-	buf_free(buf);
-
-	printpubkey(key, keytype);
-
-	sign_key_free(key);
-
-	return EXIT_SUCCESS;
-}
-#endif
-
-static void justprintpub(const char* filename) {
-
-	buffer *buf = NULL;
-	sign_key *key = NULL;
-	int keytype;
-	int ret;
-	int err = DROPBEAR_FAILURE;
-
-	buf = buf_new(MAX_PRIVKEY_SIZE);
-	ret = buf_readfile(buf, filename);
-
-	if (ret != DROPBEAR_SUCCESS) {
-		fprintf(stderr, "Failed reading '%s'\n", filename);
-		goto out;
-	}
-
-	key = new_sign_key();
-	keytype = DROPBEAR_SIGNKEY_ANY;
-
-	buf_setpos(buf, 0);
-	ret = buf_get_priv_key(buf, key, &keytype);
-	if (ret == DROPBEAR_FAILURE) {
-		fprintf(stderr, "Bad key in '%s'\n", filename);
-		goto out;
-	}
-
-	printpubkey(key, keytype);
-
-	err = DROPBEAR_SUCCESS;
-
-out:
-	buf_burn(buf);
-	buf_free(buf);
-	buf = NULL;
-	if (key) {
-		sign_key_free(key);
-		key = NULL;
-	}
-	exit(err);
-}
-
-static void printpubkey(sign_key * key, int keytype) {
-
-	buffer * buf = NULL;
-	unsigned char base64key[MAX_PUBKEY_SIZE*2];
-	unsigned long base64len;
-	int err;
-	const char * typestring = NULL;
-	char *fp = NULL;
-	int len;
-	struct passwd * pw = NULL;
-	char * username = NULL;
-	char hostname[100];
-
-	buf = buf_new(MAX_PUBKEY_SIZE);
-	buf_put_pub_key(buf, key, keytype);
-	buf_setpos(buf, 4);
-
-	len = buf->len - buf->pos;
-
-	base64len = sizeof(base64key);
-	err = base64_encode(buf_getptr(buf, len), len, base64key, &base64len);
-
-	if (err != CRYPT_OK) {
-		fprintf(stderr, "base64 failed");
-	}
-
-	typestring = signkey_name_from_type(keytype, &err);
-
-	fp = sign_key_fingerprint(buf_getptr(buf, len), len);
-
-	/* a user@host comment is informative */
-	username = "";
-	pw = getpwuid(getuid());
-	if (pw) {
-		username = pw->pw_name;
-	}
-
-	gethostname(hostname, sizeof(hostname));
-	hostname[sizeof(hostname)-1] = '\0';
-
-	printf("Public key portion is:\n%s %s %s@%s\nFingerprint: %s\n",
-			typestring, base64key, username, hostname, fp);
-
-	m_free(fp);
-	buf_free(buf);
-}
-
-/* Write a buffer to a file specified, failing if the file exists */
-static void buf_writefile(buffer * buf, const char * filename) {
-
-	int fd;
-	int len;
-
-	fd = open(filename, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR);
-	if (fd < 0) {
-		fprintf(stderr, "Couldn't create new file %s\n", filename);
-		perror("Reason");
-		buf_burn(buf);
-		exit(EXIT_FAILURE);
-	}
-
-	/* write the file now */
-	while (buf->pos != buf->len) {
-		len = write(fd, buf_getptr(buf, buf->len - buf->pos),
-				buf->len - buf->pos);
-		if (errno == EINTR) {
-			continue;
-		}
-		if (len <= 0) {
-			fprintf(stderr, "Failed writing file '%s'\n",filename);
-			perror("Reason");
-			exit(EXIT_FAILURE);
-		}
-		buf_incrpos(buf, len);
-	}
-
-	close(fd);
-}

fuzz/fuzz-common.c

@@ -0,0 +1,398 @@
+#define FUZZ_NO_REPLACE_STDERR
+#define FUZZ_NO_REPLACE_GETPW
+#include "includes.h"
+
+#include "includes.h"
+#include "dbutil.h"
+#include "runopts.h"
+#include "crypto_desc.h"
+#include "session.h"
+#include "dbrandom.h"
+#include "bignum.h"
+#include "atomicio.h"
+#include "fuzz-wrapfd.h"
+#include "fuzz.h"
+
+struct dropbear_fuzz_options fuzz;
+
+static void fuzz_dropbear_log(int UNUSED(priority), const char* format, va_list param);
+static void load_fixed_hostkeys(void);
+static void load_fixed_client_key(void);
+
+// This runs automatically before main, due to contructor attribute in fuzz.h
+void fuzz_early_setup(void) {
+    /* Set stderr to point to normal stderr by default */
+    fuzz.fake_stderr = stderr;
+}
+
+void fuzz_common_setup(void) {
+	disallow_core();
+    fuzz.fuzzing = 1;
+    fuzz.wrapfds = 1;
+    fuzz.do_jmp = 1;
+    fuzz.input = m_malloc(sizeof(buffer));
+    _dropbear_log = fuzz_dropbear_log;
+    crypto_init();
+    fuzz_seed("start", 5);
+    /* let any messages get flushed */
+    setlinebuf(stdout);
+#if DEBUG_TRACE
+    if (debug_trace)
+    {
+        fprintf(stderr, "Dropbear fuzzer: -v specified, not disabling stderr output\n");
+    }
+    else
+#endif
+    if (getenv("DROPBEAR_KEEP_STDERR")) {
+        fprintf(stderr, "Dropbear fuzzer: DROPBEAR_KEEP_STDERR, not disabling stderr output\n");
+    } 
+    else 
+    {
+        fprintf(stderr, "Dropbear fuzzer: Disabling stderr output\n");
+        fuzz.fake_stderr = fopen("/dev/null", "w");
+        assert(fuzz.fake_stderr);
+    }
+}
+
+int fuzz_set_input(const uint8_t *Data, size_t Size) {
+
+    fuzz.input->data = (unsigned char*)Data;
+    fuzz.input->size = Size;
+    fuzz.input->len = Size;
+    fuzz.input->pos = 0;
+
+    memset(&ses, 0x0, sizeof(ses));
+    memset(&svr_ses, 0x0, sizeof(svr_ses));
+    memset(&cli_ses, 0x0, sizeof(cli_ses));
+    wrapfd_setup(fuzz.input);
+    // printhex("input", fuzz.input->data, fuzz.input->len);
+
+    fuzz_seed(fuzz.input->data, MIN(fuzz.input->len, 16));
+
+    return DROPBEAR_SUCCESS;
+}
+
+#if DEBUG_TRACE
+static void fuzz_dropbear_log(int UNUSED(priority), const char* format, va_list param) {
+    if (debug_trace) {
+        char printbuf[1024];
+        vsnprintf(printbuf, sizeof(printbuf), format, param);
+        fprintf(stderr, "%s\n", printbuf);
+    }
+}
+#else
+static void fuzz_dropbear_log(int UNUSED(priority), const char* UNUSED(format), va_list UNUSED(param)) {
+    /* No print */
+}
+#endif /* DEBUG_TRACE */
+
+void fuzz_svr_setup(void) {
+    fuzz_common_setup();
+    
+    _dropbear_exit = svr_dropbear_exit;
+
+    char *argv[] = { 
+		"dropbear",
+        "-E", 
+    };
+
+    int argc = sizeof(argv) / sizeof(*argv);
+    svr_getopts(argc, argv);
+
+    load_fixed_hostkeys();
+}
+
+void fuzz_svr_hook_preloop() {
+    if (fuzz.svr_postauth) {
+        ses.authstate.authdone = 1;
+        fill_passwd("root");
+    }
+}
+
+void fuzz_cli_setup(void) {
+    fuzz_common_setup();
+    
+	_dropbear_exit = cli_dropbear_exit;
+	_dropbear_log = cli_dropbear_log;
+
+    char *argv[] = { 
+		"dbclient",
+		"-y",
+        "localhost",
+        "uptime"
+    };
+
+    int argc = sizeof(argv) / sizeof(*argv);
+    cli_getopts(argc, argv);
+
+    load_fixed_client_key();
+    /* Avoid password prompt */
+    setenv(DROPBEAR_PASSWORD_ENV, "password", 1);
+}
+
+#include "fuzz-hostkeys.c"   
+
+static void load_fixed_client_key(void) {
+
+    buffer *b = buf_new(3000);
+    sign_key *key;
+    enum signkey_type keytype;
+
+    key = new_sign_key();
+    keytype = DROPBEAR_SIGNKEY_ANY;
+    buf_putbytes(b, keyed25519, keyed25519_len);
+    buf_setpos(b, 0);
+    if (buf_get_priv_key(b, key, &keytype) == DROPBEAR_FAILURE) {
+        dropbear_exit("failed fixed ed25519 hostkey");
+    }
+    list_append(cli_opts.privkeys, key);
+
+    buf_free(b);
+}
+
+static void load_fixed_hostkeys(void) {
+
+    buffer *b = buf_new(3000);
+    enum signkey_type type;
+
+    TRACE(("load fixed hostkeys"))
+
+    svr_opts.hostkey = new_sign_key();
+
+    buf_setlen(b, 0);
+    buf_putbytes(b, keyr, keyr_len);
+    buf_setpos(b, 0);
+    type = DROPBEAR_SIGNKEY_RSA;
+    if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) {
+        dropbear_exit("failed fixed rsa hostkey");
+    }
+
+    buf_setlen(b, 0);
+    buf_putbytes(b, keyd, keyd_len);
+    buf_setpos(b, 0);
+    type = DROPBEAR_SIGNKEY_DSS;
+    if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) {
+        dropbear_exit("failed fixed dss hostkey");
+    }
+
+    buf_setlen(b, 0);
+    buf_putbytes(b, keye, keye_len);
+    buf_setpos(b, 0);
+    type = DROPBEAR_SIGNKEY_ECDSA_NISTP256;
+    if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) {
+        dropbear_exit("failed fixed ecdsa hostkey");
+    }
+
+    buf_setlen(b, 0);
+    buf_putbytes(b, keyed25519, keyed25519_len);
+    buf_setpos(b, 0);
+    type = DROPBEAR_SIGNKEY_ED25519;
+    if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) {
+        dropbear_exit("failed fixed ed25519 hostkey");
+    }
+
+    buf_free(b);
+}
+
+void fuzz_kex_fakealgos(void) {
+    ses.newkeys->recv.crypt_mode = &dropbear_mode_none;
+    ses.newkeys->recv.algo_mac = &dropbear_nohash;
+}
+
+void fuzz_get_socket_address(int UNUSED(fd), char **local_host, char **local_port,
+                        char **remote_host, char **remote_port, int UNUSED(host_lookup)) {
+    if (local_host) {
+        *local_host = m_strdup("fuzzlocalhost");
+    }
+    if (local_port) {
+        *local_port = m_strdup("1234");
+    }
+    if (remote_host) {
+        *remote_host = m_strdup("fuzzremotehost");
+    }
+    if (remote_port) {
+        *remote_port = m_strdup("9876");
+    }
+}
+
+/* cut down version of svr_send_msg_kexdh_reply() that skips slow maths. Still populates structures */
+void fuzz_fake_send_kexdh_reply(void) {
+    assert(!ses.dh_K);
+    m_mp_alloc_init_multi(&ses.dh_K, NULL);
+    mp_set_ul(ses.dh_K, 12345678uL);
+    finish_kexhashbuf();
+}
+
+/* fake version of spawn_command() */
+int fuzz_spawn_command(int *ret_writefd, int *ret_readfd, int *ret_errfd, pid_t *ret_pid) {
+    *ret_writefd = wrapfd_new_dummy();
+    *ret_readfd = wrapfd_new_dummy();
+    if (ret_errfd) {
+        *ret_errfd = wrapfd_new_dummy();
+    }
+    if (*ret_writefd == -1 || *ret_readfd == -1 || (ret_errfd && *ret_errfd == -1)) {
+        m_close(*ret_writefd);
+        m_close(*ret_readfd);
+        if (ret_errfd) {
+            m_close(*ret_errfd);
+        }
+        return DROPBEAR_FAILURE;
+    } else {
+        *ret_pid = 999;
+        return DROPBEAR_SUCCESS;
+
+    }
+}
+
+/* Fake dropbear_listen, always returns failure for now.
+TODO make it sometimes return success with wrapfd_new_dummy() sockets.
+Making the listeners fake a new incoming connection will be harder. */
+/* Listen on address:port. 
+ * Special cases are address of "" listening on everything,
+ * and address of NULL listening on localhost only.
+ * Returns the number of sockets bound on success, or -1 on failure. On
+ * failure, if errstring wasn't NULL, it'll be a newly malloced error
+ * string.*/
+int fuzz_dropbear_listen(const char* UNUSED(address), const char* UNUSED(port),
+        int *UNUSED(socks), unsigned int UNUSED(sockcount), char **errstring, int *UNUSED(maxfd)) {
+    if (errstring) {
+        *errstring = m_strdup("fuzzing can't listen (yet)");
+    }
+    return -1;
+}
+
+int fuzz_run_server(const uint8_t *Data, size_t Size, int skip_kexmaths, int postauth) {
+    static int once = 0;
+    if (!once) {
+        fuzz_svr_setup();
+        fuzz.skip_kexmaths = skip_kexmaths;
+        once = 1;
+    }
+
+    fuzz.svr_postauth = postauth;
+
+    if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
+        return 0;
+    }
+
+    uint32_t wrapseed;
+    genrandom((void*)&wrapseed, sizeof(wrapseed));
+    wrapfd_setseed(wrapseed);
+
+    int fakesock = wrapfd_new_fuzzinput();
+
+    m_malloc_set_epoch(1);
+    fuzz.do_jmp = 1;
+    if (setjmp(fuzz.jmp) == 0) {
+        svr_session(fakesock, fakesock);
+        m_malloc_free_epoch(1, 0);
+    } else {
+        fuzz.do_jmp = 0;
+        m_malloc_free_epoch(1, 1);
+        TRACE(("dropbear_exit longjmped"))
+        /* dropbear_exit jumped here */
+    }
+
+    return 0;
+}
+
+int fuzz_run_client(const uint8_t *Data, size_t Size, int skip_kexmaths) {
+    static int once = 0;
+    if (!once) {
+        fuzz_cli_setup();
+        fuzz.skip_kexmaths = skip_kexmaths;
+        once = 1;
+    }
+
+    if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
+        return 0;
+    }
+
+    // Allow to proceed sooner
+    ses.kexstate.donefirstkex = 1;
+
+    uint32_t wrapseed;
+    genrandom((void*)&wrapseed, sizeof(wrapseed));
+    wrapfd_setseed(wrapseed);
+
+    int fakesock = wrapfd_new_fuzzinput();
+
+    m_malloc_set_epoch(1);
+    fuzz.do_jmp = 1;
+    if (setjmp(fuzz.jmp) == 0) {
+        cli_session(fakesock, fakesock, NULL, 0);
+        m_malloc_free_epoch(1, 0);
+    } else {
+        fuzz.do_jmp = 0;
+        m_malloc_free_epoch(1, 1);
+        TRACE(("dropbear_exit longjmped"))
+        /* dropbear_exit jumped here */
+    }
+
+    return 0;
+}
+
+const void* fuzz_get_algo(const algo_type *algos, const char* name) {
+    const algo_type *t;
+    for (t = algos; t->name; t++) {
+        if (strcmp(t->name, name) == 0) {
+            return t->data;
+        }
+    }
+    assert(0);
+}
+
+void fuzz_dump(const unsigned char* data, size_t len) {
+    if (fuzz.dumping) {
+        TRACE(("dump %zu", len))
+        assert(atomicio(vwrite, fuzz.recv_dumpfd, (void*)data, len) == len);
+    }
+}
+
+static struct passwd pwd_root = {
+    .pw_name = "root",
+    .pw_passwd = "!",
+    .pw_uid = 0,
+    .pw_gid = 0,
+    .pw_dir = "/root",
+    .pw_shell = "/bin/sh",
+};
+
+static struct passwd pwd_other = {
+    .pw_name = "other",
+    .pw_passwd = "!",
+    .pw_uid = 100,
+    .pw_gid = 100,
+    .pw_dir = "/home/other",
+    .pw_shell = "/bin/sh",
+};
+
+
+/* oss-fuzz runs fuzzers under minijail, without /etc/passwd.
+We provide sufficient values for the fuzzers to run */
+struct passwd* fuzz_getpwnam(const char *login) {
+    if (!fuzz.fuzzing) {
+        return getpwnam(login);
+    }
+    if (strcmp(login, pwd_other.pw_name) == 0) {
+        return &pwd_other;
+    }
+    if (strcmp(login, pwd_root.pw_name) == 0) {
+        return &pwd_root;
+    }
+    return NULL;
+}
+
+struct passwd* fuzz_getpwuid(uid_t uid) {
+    if (!fuzz.fuzzing) {
+        return getpwuid(uid);
+    }
+    if (uid == pwd_other.pw_uid) {
+        return &pwd_other;
+    }
+    if (uid == pwd_root.pw_uid) {
+        return &pwd_root;
+    }
+    return NULL;
+}
+

fuzz/fuzz-harness.c

@@ -0,0 +1,66 @@
+#include "includes.h"
+#include "buffer.h"
+#include "dbutil.h"
+
+extern int LLVMFuzzerTestOneInput(const unsigned char *data, size_t size);
+
+int main(int argc, char ** argv) {
+    int i;
+    buffer *input = buf_new(100000);
+    int quiet = 0;
+
+    for (i = 1; i < argc; i++) {
+#if DEBUG_TRACE
+        if (strcmp(argv[i], "-v") == 0) {
+            debug_trace++;
+            fprintf(stderr, "debug level -> %d\n", debug_trace);
+        }
+#endif
+        if (strcmp(argv[i], "-q") == 0) {
+            printf("Running quiet\n");
+            quiet = 1;
+        }
+    }
+
+    int old_fuzz_wrapfds = 0;
+    for (i = 1; i < argc; i++) {
+        if (argv[i][0] == '-') {
+            /* ignore arguments */
+            continue;
+        }
+
+        char* fn = argv[i];
+        buf_setlen(input, 0);
+        buf_readfile(input, fn);
+        buf_setpos(input, 0);
+
+		/* Run twice to catch problems with statefulness */
+        fuzz.wrapfds = old_fuzz_wrapfds;
+        if (!quiet) {
+            printf("Running %s once \n", fn);
+        }
+        LLVMFuzzerTestOneInput(input->data, input->len);
+        if (!quiet) {
+            printf("Running %s twice \n", fn);
+        }
+        LLVMFuzzerTestOneInput(input->data, input->len);
+        if (!quiet) {
+            printf("Done %s\n", fn);
+        }
+
+        /* Disable wrapfd so it won't interfere with buf_readfile() above */
+        old_fuzz_wrapfds = fuzz.wrapfds;
+        fuzz.wrapfds = 0;
+    }
+
+    printf("Finished\n");
+
+    return 0;
+}
+
+// Just to let it link
+size_t LLVMFuzzerMutate(uint8_t *UNUSED(Data), size_t UNUSED(Size), size_t UNUSED(MaxSize)) {
+    printf("standalone fuzzer harness shouldn't call LLVMFuzzerMutate");
+    abort();
+    return 0;
+}

fuzz/fuzz-hostkeys.c

@@ -0,0 +1,140 @@
+/* To be included in fuzz-common.c */
+
+static unsigned char keyr[] = {
+  0x00, 0x00, 0x00, 0x07, 0x73, 0x73, 0x68, 0x2d, 0x72, 0x73, 0x61, 0x00,
+  0x00, 0x00, 0x03, 0x01, 0x00, 0x01, 0x00, 0x00, 0x01, 0x01, 0x00, 0xb1,
+  0x06, 0x95, 0xc9, 0xa8, 0x38, 0xb9, 0x99, 0x91, 0xb5, 0x17, 0x39, 0xb9,
+  0xfa, 0xa4, 0x49, 0xf8, 0x2a, 0x4c, 0x14, 0xbd, 0xb6, 0x85, 0xdb, 0x38,
+  0x99, 0x44, 0xfa, 0xd6, 0xaa, 0x67, 0xef, 0x00, 0x75, 0x2b, 0x6a, 0x5c,
+  0x1b, 0x50, 0xa8, 0x52, 0xf9, 0xa7, 0xee, 0xe2, 0xb3, 0x80, 0x38, 0x92,
+  0x20, 0x86, 0x7c, 0xe5, 0x89, 0xb3, 0x06, 0xe4, 0x3b, 0xd1, 0xe2, 0x45,
+  0xea, 0xc1, 0xd5, 0x8e, 0x05, 0xfb, 0x90, 0x29, 0xd9, 0x41, 0xb3, 0x05,
+  0x31, 0x1e, 0xcc, 0xeb, 0x89, 0xdc, 0xd2, 0x6a, 0x99, 0x23, 0xbd, 0x7a,
+  0xbe, 0x8c, 0xe3, 0x3f, 0xa1, 0xe8, 0xf5, 0xb4, 0x51, 0x40, 0xb4, 0xb1,
+  0xc1, 0x16, 0x9f, 0x07, 0xbb, 0x99, 0xaa, 0x4b, 0x8f, 0x11, 0x19, 0x3c,
+  0x18, 0xbd, 0x6e, 0xce, 0x14, 0x54, 0x2c, 0x16, 0x4a, 0x5f, 0x89, 0xe4,
+  0x6b, 0x9f, 0x55, 0x68, 0xcc, 0x09, 0x8e, 0x4b, 0x92, 0xc8, 0x87, 0xfe,
+  0x09, 0xed, 0x53, 0x6e, 0xff, 0x5f, 0x15, 0x0d, 0x19, 0x9d, 0xa6, 0x54,
+  0xd2, 0xea, 0x59, 0x4f, 0xa1, 0x7c, 0xf6, 0xf5, 0x7f, 0x32, 0x23, 0xed,
+  0x72, 0xa8, 0x96, 0x17, 0x87, 0x06, 0xf2, 0xc7, 0xcd, 0xda, 0x4a, 0x10,
+  0xd1, 0xfd, 0xb8, 0xf1, 0xaf, 0x25, 0x55, 0x32, 0x45, 0x39, 0x95, 0xec,
+  0x0c, 0xa9, 0xf0, 0x47, 0x8b, 0x66, 0xe0, 0xb7, 0xa2, 0xf6, 0x35, 0x50,
+  0x27, 0xe7, 0x2f, 0x90, 0x35, 0x5b, 0xd5, 0x62, 0x19, 0xb4, 0x41, 0xd4,
+  0x52, 0xe7, 0x7f, 0x97, 0xfc, 0x5b, 0x4a, 0x5b, 0x19, 0x06, 0x65, 0x2d,
+  0x23, 0x29, 0x15, 0x8b, 0x05, 0xaf, 0xbe, 0xd3, 0x4a, 0x27, 0x5b, 0xc9,
+  0xc0, 0xd0, 0xd2, 0xba, 0x8b, 0x00, 0x7a, 0x2f, 0x39, 0xa0, 0x13, 0xb9,
+  0xe6, 0xf5, 0x4b, 0x21, 0x54, 0x57, 0xb3, 0xf9, 0x6c, 0x6f, 0xd0, 0x17,
+  0xf4, 0x50, 0x9d, 0x00, 0x00, 0x01, 0x00, 0x01, 0xf2, 0xda, 0x5f, 0xfb,
+  0xe2, 0xda, 0xfc, 0xe0, 0xdf, 0x3a, 0x0e, 0x14, 0x18, 0xc1, 0xd9, 0x1f,
+  0x43, 0xe3, 0x65, 0x3e, 0x07, 0xe7, 0x8d, 0xdc, 0x1d, 0x11, 0xc1, 0xd6,
+  0xc0, 0xd8, 0xda, 0x53, 0xf5, 0x04, 0x73, 0x51, 0x1b, 0x26, 0xef, 0x4e,
+  0xf5, 0xce, 0x3d, 0x77, 0x21, 0x94, 0xd0, 0xc7, 0xc1, 0xda, 0x19, 0x7d,
+  0xf8, 0xc5, 0x4c, 0xc8, 0xee, 0x7d, 0xd1, 0xbb, 0x02, 0x90, 0x2b, 0xff,
+  0x4e, 0x4d, 0xd7, 0x9d, 0x72, 0x0c, 0x60, 0x0f, 0x4b, 0x83, 0xf5, 0xc2,
+  0x26, 0xd6, 0x22, 0xb8, 0x60, 0x3a, 0xf9, 0x2f, 0x92, 0x2a, 0x2e, 0x14,
+  0xa7, 0x56, 0x1c, 0x56, 0x05, 0x41, 0x92, 0xac, 0xb1, 0x4e, 0x44, 0x1e,
+  0x70, 0x42, 0xda, 0xc7, 0xc8, 0x9c, 0xae, 0x29, 0x2d, 0x0c, 0x3a, 0xff,
+  0x9b, 0xb6, 0xad, 0xb4, 0xfb, 0x49, 0x28, 0x96, 0x74, 0xf5, 0x94, 0x74,
+  0xb7, 0x40, 0x93, 0x2b, 0x34, 0x29, 0xd2, 0x8a, 0xf3, 0x99, 0xf9, 0xe9,
+  0xd8, 0xcc, 0x48, 0x1d, 0x3e, 0xc1, 0x82, 0x35, 0x4f, 0xef, 0xb1, 0x81,
+  0x3c, 0xe1, 0xa1, 0x03, 0x65, 0xac, 0x21, 0x21, 0x40, 0x61, 0xfb, 0xd3,
+  0x54, 0xac, 0xa1, 0xf2, 0xf0, 0x61, 0xd9, 0x01, 0x4e, 0xc2, 0x28, 0xb1,
+  0x7c, 0x27, 0x6e, 0x56, 0x68, 0x69, 0x8f, 0xc5, 0xfd, 0xca, 0x39, 0x6e,
+  0x22, 0x09, 0xf1, 0xb4, 0xd5, 0xac, 0xb8, 0xe0, 0x1b, 0x21, 0x86, 0xf4,
+  0xc8, 0x15, 0xc6, 0x1f, 0x21, 0xae, 0xcb, 0xab, 0x5a, 0x09, 0x30, 0x9e,
+  0xdd, 0x6c, 0x38, 0x59, 0xec, 0x59, 0x3a, 0x08, 0xee, 0x46, 0x7b, 0x78,
+  0x23, 0xbc, 0xfc, 0xe2, 0xda, 0xe8, 0x1a, 0x65, 0xe6, 0xe0, 0x78, 0xd3,
+  0xb0, 0x03, 0x2e, 0xf1, 0xb8, 0xca, 0x8e, 0x90, 0x75, 0xaf, 0xf7, 0xa8,
+  0x48, 0xed, 0x82, 0xc9, 0xcf, 0x44, 0x56, 0xfc, 0x05, 0xfd, 0x6b, 0x00,
+  0x00, 0x00, 0x81, 0x00, 0xfc, 0x94, 0xdf, 0x42, 0xc7, 0x9a, 0xa2, 0xff,
+  0x32, 0xdf, 0x06, 0xb6, 0x4d, 0x90, 0x31, 0x28, 0x28, 0xdb, 0x03, 0xf9,
+  0xa6, 0xb3, 0xa2, 0x91, 0x4c, 0xdf, 0x6e, 0xf6, 0xb9, 0x44, 0x3b, 0xdd,
+  0x17, 0xc1, 0xc8, 0x1d, 0xd1, 0xc0, 0xc0, 0x30, 0x22, 0xbe, 0x24, 0x2e,
+  0x0e, 0xdf, 0xe0, 0x18, 0x37, 0x3e, 0xb8, 0x7f, 0xb2, 0x50, 0x34, 0xc4,
+  0x08, 0x5e, 0x69, 0x1f, 0xd5, 0xc9, 0xce, 0x47, 0x7d, 0x75, 0x5e, 0x3b,
+  0x87, 0xdd, 0x46, 0x35, 0x01, 0x0f, 0x17, 0x8a, 0xf1, 0xf1, 0xc4, 0xa9,
+  0x94, 0xa7, 0x6e, 0xce, 0x80, 0xe3, 0x17, 0x2e, 0xb0, 0xef, 0x63, 0xa7,
+  0x11, 0x86, 0x96, 0x4a, 0x63, 0x2d, 0x9e, 0x92, 0x62, 0x43, 0x43, 0x72,
+  0xa5, 0xdc, 0xa0, 0xcd, 0x19, 0x93, 0xd7, 0xe0, 0x80, 0x41, 0x27, 0xea,
+  0xe4, 0xe8, 0xc1, 0x91, 0x9e, 0x13, 0xb3, 0x9c, 0xd1, 0xed, 0xcb, 0xbf,
+  0x00, 0x00, 0x00, 0x81, 0x00, 0xb3, 0x6b, 0xee, 0xa4, 0x70, 0x4e, 0xfb,
+  0xf9, 0x7e, 0x2e, 0x74, 0x5d, 0x3e, 0x8b, 0x3f, 0xff, 0x8c, 0xde, 0x68,
+  0x38, 0xda, 0xce, 0xc0, 0x66, 0x4b, 0xca, 0x35, 0xc3, 0x97, 0xa8, 0xf0,
+  0x00, 0x8e, 0xb3, 0x46, 0x60, 0xd0, 0x4d, 0x7e, 0x7b, 0xdf, 0x17, 0x7b,
+  0x2f, 0xc4, 0x16, 0xee, 0x45, 0xdb, 0xa5, 0x5d, 0xc0, 0x72, 0xe9, 0xc6,
+  0x91, 0x0f, 0xd9, 0x30, 0x74, 0x6c, 0xde, 0x93, 0xb5, 0xb6, 0xaf, 0x52,
+  0x53, 0x3c, 0x08, 0x55, 0xea, 0xb8, 0x66, 0x07, 0xbe, 0xce, 0xf9, 0x80,
+  0x8d, 0xe0, 0xca, 0xdc, 0x63, 0xe8, 0x58, 0x94, 0x22, 0x4f, 0x08, 0x66,
+  0x13, 0x9e, 0x63, 0x2e, 0x92, 0x7a, 0xb6, 0x66, 0x94, 0x9b, 0x71, 0x66,
+  0xd3, 0x08, 0xc9, 0x89, 0xea, 0x78, 0x35, 0x0d, 0xf2, 0x25, 0x55, 0xd4,
+  0xb0, 0x9b, 0xea, 0x18, 0x77, 0xf6, 0x25, 0x02, 0xb4, 0x5e, 0x71, 0xea,
+  0xa3
+};
+static unsigned int keyr_len = 805;
+static unsigned char keye[] = {
+  0x00, 0x00, 0x00, 0x13, 0x65, 0x63, 0x64, 0x73, 0x61, 0x2d, 0x73, 0x68,
+  0x61, 0x32, 0x2d, 0x6e, 0x69, 0x73, 0x74, 0x70, 0x32, 0x35, 0x36, 0x00,
+  0x00, 0x00, 0x08, 0x6e, 0x69, 0x73, 0x74, 0x70, 0x32, 0x35, 0x36, 0x00,
+  0x00, 0x00, 0x41, 0x04, 0x0a, 0x00, 0x6c, 0x7c, 0x1c, 0xc4, 0x03, 0x44,
+  0x46, 0x70, 0xba, 0x00, 0x7c, 0x79, 0x89, 0x7b, 0xc3, 0xd6, 0x32, 0x98,
+  0x34, 0xe7, 0x1c, 0x60, 0x04, 0x73, 0xd9, 0xb5, 0x7e, 0x94, 0x04, 0x04,
+  0xea, 0xc8, 0xb8, 0xfb, 0xd4, 0x70, 0x9f, 0x29, 0xa7, 0x8d, 0x9a, 0x64,
+  0x3a, 0x8c, 0x45, 0x23, 0x37, 0x5a, 0x2b, 0x4f, 0x54, 0x91, 0x80, 0xf1,
+  0xac, 0x3a, 0xf5, 0x6d, 0xfa, 0xe8, 0x76, 0x20, 0x00, 0x00, 0x00, 0x21,
+  0x00, 0xc2, 0xaf, 0xbe, 0xdc, 0x06, 0xff, 0x3d, 0x08, 0x9b, 0x73, 0xe0,
+  0x3c, 0x58, 0x28, 0x70, 0x9b, 0x23, 0x39, 0x51, 0xd7, 0xbc, 0xa7, 0x1a,
+  0xf5, 0xb4, 0x23, 0xd3, 0xf6, 0x17, 0xa6, 0x9c, 0x02
+};
+static unsigned int keye_len = 141;
+static unsigned char keyd[] = {
+  0x00, 0x00, 0x00, 0x07, 0x73, 0x73, 0x68, 0x2d, 0x64, 0x73, 0x73, 0x00,
+  0x00, 0x00, 0x81, 0x00, 0xb0, 0x02, 0x19, 0x8b, 0xf3, 0x46, 0xf9, 0xc5,
+  0x47, 0x78, 0x3d, 0x7f, 0x04, 0x10, 0x0a, 0x43, 0x8e, 0x00, 0x9e, 0xa4,
+  0x30, 0xfd, 0x47, 0xb9, 0x05, 0x9e, 0x95, 0xaa, 0x37, 0x9a, 0x91, 0xbf,
+  0xf8, 0xb9, 0xe0, 0x8d, 0x97, 0x49, 0x87, 0xe2, 0xe6, 0x90, 0xc1, 0xe4,
+  0x61, 0x57, 0x77, 0xfd, 0x91, 0x1d, 0xe1, 0x4b, 0xa0, 0xb2, 0xbc, 0xa1,
+  0x6a, 0x6a, 0xdd, 0x31, 0xda, 0xe7, 0x54, 0x03, 0xfd, 0x48, 0x62, 0x8a,
+  0x1d, 0x1d, 0xe2, 0x26, 0x76, 0x29, 0x08, 0xab, 0x65, 0x88, 0x74, 0x02,
+  0x1e, 0xa9, 0x29, 0x1b, 0x69, 0x3b, 0xb4, 0x5f, 0x62, 0x80, 0xa3, 0xa6,
+  0x4b, 0xc3, 0x0e, 0x89, 0x24, 0xe4, 0x8a, 0x31, 0xae, 0x89, 0x7a, 0x7a,
+  0x58, 0x44, 0x46, 0x77, 0x62, 0x33, 0xa2, 0x5d, 0x17, 0x0e, 0x0b, 0x64,
+  0xee, 0x1a, 0x02, 0xbd, 0xf8, 0x27, 0x86, 0xe1, 0x87, 0x92, 0x84, 0xc7,
+  0x00, 0x00, 0x00, 0x15, 0x00, 0xb3, 0x8b, 0x81, 0x39, 0x9c, 0xba, 0xe1,
+  0x1d, 0x9a, 0x8b, 0x89, 0xb3, 0x08, 0x9b, 0x12, 0xa8, 0x7b, 0xea, 0x25,
+  0x8d, 0x00, 0x00, 0x00, 0x80, 0x76, 0x3f, 0x72, 0xb2, 0xef, 0xc3, 0x16,
+  0xd8, 0x09, 0x36, 0x23, 0x03, 0xf9, 0x5c, 0xac, 0x8b, 0x51, 0x35, 0x2e,
+  0x36, 0xba, 0x39, 0xd0, 0x57, 0x19, 0x4f, 0x14, 0x8b, 0xea, 0x32, 0xfc,
+  0x86, 0x41, 0xea, 0x85, 0x71, 0x4d, 0x52, 0x0c, 0xff, 0xc1, 0xd3, 0xd5,
+  0xcd, 0x2e, 0x37, 0xcc, 0xe1, 0xcc, 0x22, 0x38, 0xa8, 0x47, 0x16, 0x34,
+  0x3b, 0x32, 0x9c, 0x2f, 0x0f, 0xcd, 0x5f, 0x7f, 0x06, 0x64, 0x89, 0xc5,
+  0x02, 0x4f, 0x9a, 0x70, 0x11, 0xf0, 0xaa, 0xe1, 0x7a, 0x75, 0x49, 0x8d,
+  0x0f, 0x8d, 0x5b, 0x54, 0xe2, 0xe7, 0x10, 0x6e, 0xe5, 0xbd, 0xb7, 0x62,
+  0xf7, 0x40, 0x59, 0x39, 0x31, 0xd9, 0x13, 0x7b, 0xa3, 0xdf, 0x0d, 0x31,
+  0x52, 0x43, 0xe0, 0xaf, 0x19, 0x12, 0x15, 0x12, 0x34, 0x01, 0x6f, 0xcf,
+  0x62, 0x21, 0xe4, 0xc8, 0x34, 0x69, 0xc9, 0x85, 0xe3, 0xde, 0xd7, 0x0c,
+  0xac, 0x00, 0x00, 0x00, 0x80, 0x41, 0xa3, 0xc5, 0xa4, 0x89, 0x86, 0xc8,
+  0x17, 0xf3, 0x8e, 0x68, 0x72, 0xbe, 0x13, 0x8b, 0x63, 0xe3, 0x07, 0xe3,
+  0xd5, 0xa4, 0xa2, 0xd3, 0x2c, 0x2f, 0xbe, 0x16, 0x71, 0xc9, 0x79, 0x64,
+  0x5a, 0x1e, 0x19, 0x82, 0x07, 0xe2, 0x93, 0xda, 0x22, 0xcf, 0x6d, 0xdd,
+  0x38, 0xcb, 0x6e, 0x6b, 0x0f, 0x95, 0x8d, 0xfa, 0x3f, 0xbb, 0xb8, 0x6a,
+  0x7d, 0xc3, 0x22, 0x1e, 0x49, 0xcf, 0x98, 0x73, 0x05, 0x5d, 0x97, 0xfa,
+  0x4c, 0xf2, 0x82, 0x3d, 0x98, 0x61, 0x4e, 0x96, 0x80, 0x26, 0x79, 0xda,
+  0x24, 0xf8, 0xa1, 0x9c, 0x71, 0x82, 0xe6, 0xc7, 0xdc, 0xc2, 0xa5, 0xd0,
+  0xf4, 0x36, 0xba, 0xaa, 0xee, 0xd3, 0x43, 0x46, 0x1d, 0xaa, 0x53, 0xea,
+  0x85, 0x2c, 0x1b, 0xc8, 0x7c, 0x3c, 0xe7, 0x06, 0x44, 0xab, 0x16, 0xad,
+  0xc6, 0x54, 0x91, 0x9a, 0xb9, 0xc0, 0xeb, 0x93, 0x8c, 0xca, 0x39, 0xcf,
+  0x6f, 0x00, 0x00, 0x00, 0x15, 0x00, 0x90, 0x26, 0x0a, 0xfc, 0x15, 0x99,
+  0x7b, 0xac, 0xaa, 0x0c, 0xa2, 0xca, 0x7b, 0xa8, 0xd4, 0xdf, 0x68, 0x56,
+  0xf9, 0x39
+};
+static unsigned int keyd_len = 458;
+static unsigned char keyed25519[] = {
+  0x00, 0x00, 0x00, 0x0b, 0x73, 0x73, 0x68, 0x2d, 0x65, 0x64, 0x32, 0x35,
+  0x35, 0x31, 0x39, 0x00, 0x00, 0x00, 0x40, 0x10, 0xb3, 0x79, 0x06, 0xe5,
+  0x9b, 0xe7, 0xe4, 0x6e, 0xec, 0xfe, 0xa5, 0x39, 0x21, 0x7c, 0xf6, 0x66,
+  0x8c, 0x0b, 0x6a, 0x01, 0x09, 0x05, 0xc7, 0x4f, 0x64, 0xa8, 0x24, 0xd2,
+  0x8d, 0xbd, 0xdd, 0xc6, 0x3c, 0x99, 0x1b, 0x2d, 0x3e, 0x33, 0x90, 0x19,
+  0xa4, 0xd5, 0xe9, 0x23, 0xfe, 0x8e, 0xd6, 0xd4, 0xf9, 0xb1, 0x11, 0x69,
+  0x7c, 0x57, 0x52, 0x0e, 0x41, 0xdb, 0x1b, 0x12, 0x87, 0xfa, 0xc9
+};
+static unsigned int keyed25519_len = 83;

fuzz/fuzz-sshpacketmutator.c

@@ -0,0 +1,306 @@
+/* A mutator/crossover for SSH protocol streams.
+   Attempts to mutate each SSH packet individually, keeping
+   lengths intact.
+   It will prepend a SSH-2.0-dbfuzz\r\n version string.
+
+   Linking this file to a binary will make libfuzzer pick up the custom mutator.
+
+   Care is taken to avoid memory allocation which would otherwise
+   slow exec/s substantially */
+
+#include "fuzz.h"
+#include "dbutil.h"
+
+size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize);
+
+static const char* FIXED_VERSION = "SSH-2.0-dbfuzz\r\n";
+static const char* FIXED_IGNORE_MSG = 
+        "\x00\x00\x00\x10\x06\x02\x00\x00\x00\x00\x11\x22\x33\x44\x55\x66";
+static const unsigned int FIXED_IGNORE_MSG_LEN = 16;
+#define MAX_FUZZ_PACKETS 500
+/* XXX This might need tuning */
+static const size_t MAX_OUT_SIZE = 50000;
+
+/* Splits packets from an input stream buffer "inp".
+The initial SSH version identifier is discarded.
+If packets are not recognised it will increment until an uint32 of valid
+packet length is found. */
+
+/* out_packets an array of num_out_packets*buffer, each of size RECV_MAX_PACKET_LEN */
+static void fuzz_get_packets(buffer *inp, buffer **out_packets, unsigned int *num_out_packets) {
+    /* Skip any existing banner. Format is
+          SSH-protoversion-softwareversion SP comments CR LF
+    so we look for SSH-2. then a subsequent LF */
+    unsigned char* version = memmem(inp->data, inp->len, "SSH-2.", strlen("SSH-2."));
+    if (version) {
+        buf_incrpos(inp, version - inp->data);
+        unsigned char* newline = memchr(&inp->data[inp->pos], '\n', inp->len - inp->pos);
+        if (newline) {
+            buf_incrpos(inp, newline - &inp->data[inp->pos]+1);
+        } else {
+            /* Give up on any version string */
+            buf_setpos(inp, 0);
+        }
+    }
+
+    const unsigned int max_out_packets = *num_out_packets;
+    *num_out_packets = 0;
+    while (1) {
+        if (inp->pos + 4 > inp->len) {
+            /* End of input */
+            break;
+        }
+
+        if (*num_out_packets >= max_out_packets) {
+            /* End of output */
+            break;
+        }
+
+        /* Read packet */
+        unsigned int packet_len = buf_getint(inp);
+        if (packet_len > RECV_MAX_PACKET_LEN-4) {
+            /* Bad length, try skipping a single byte */
+            buf_decrpos(inp, 3);
+            continue;
+        }
+        packet_len = MIN(packet_len, inp->len - inp->pos);
+
+        /* Check the packet length makes sense */
+        if (packet_len >= MIN_PACKET_LEN-4) {
+            /* Copy to output buffer. We're reusing buffers */
+            buffer* new_packet = out_packets[*num_out_packets];
+            (*num_out_packets)++;
+            buf_setlen(new_packet, 0);
+            // packet_len doesn't include itself
+            buf_putint(new_packet, packet_len);
+            buf_putbytes(new_packet, buf_getptr(inp, packet_len), packet_len);
+        }
+        buf_incrpos(inp, packet_len);
+    }
+}
+
+/* Mutate a packet buffer in-place.
+Returns DROPBEAR_FAILURE if it's too short */
+static int buf_llvm_mutate(buffer *buf) {
+    int ret;
+    /* Position it after packet_length and padding_length */
+    const unsigned int offset = 5;
+    buf_setpos(buf, 0);
+    buf_incrwritepos(buf, offset);
+    size_t max_size = buf->size - buf->pos;
+    size_t new_size = LLVMFuzzerMutate(buf_getwriteptr(buf, max_size),
+        buf->len - buf->pos, max_size);
+    size_t new_total = new_size + 1 + 4;
+    // Round down to a block size
+    new_total = new_total - (new_total % dropbear_nocipher.blocksize);
+
+    if (new_total >= 16) {
+        buf_setlen(buf, new_total);
+        // Fix up the length fields
+        buf_setpos(buf, 0);
+        // packet_length doesn't include itself, does include padding_length byte
+        buf_putint(buf, new_size+1);
+        // always just put minimum padding length = 4
+        buf_putbyte(buf, 4);
+        ret = DROPBEAR_SUCCESS;
+    } else {
+        // instead put a fake packet
+        buf_setlen(buf, 0);
+        buf_putbytes(buf, FIXED_IGNORE_MSG, FIXED_IGNORE_MSG_LEN);
+        ret = DROPBEAR_FAILURE;
+    }
+    return ret;
+}
+
+
+/* Persistent buffers to avoid constant allocations */
+static buffer *oup;
+static buffer *alloc_packetA;
+static buffer *alloc_packetB;
+static buffer* packets1[MAX_FUZZ_PACKETS];
+static buffer* packets2[MAX_FUZZ_PACKETS];
+
+/* Allocate buffers once at startup.
+   'constructor' here so it runs before dbmalloc's interceptor */
+static void alloc_static_buffers() __attribute__((constructor));
+static void alloc_static_buffers() {
+
+    int i;
+    oup = buf_new(MAX_OUT_SIZE);
+    alloc_packetA = buf_new(RECV_MAX_PACKET_LEN);
+    alloc_packetB = buf_new(RECV_MAX_PACKET_LEN);
+
+    for (i = 0; i < MAX_FUZZ_PACKETS; i++) {
+        packets1[i] = buf_new(RECV_MAX_PACKET_LEN);
+    }
+    for (i = 0; i < MAX_FUZZ_PACKETS; i++) {
+        packets2[i] = buf_new(RECV_MAX_PACKET_LEN);
+    }
+}
+
+size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size,
+              size_t MaxSize, unsigned int Seed) {
+
+    buf_setlen(alloc_packetA, 0);
+    buf_setlen(alloc_packetB, 0);
+    buf_setlen(oup, 0);
+
+    unsigned int i;
+    size_t ret_len;
+    unsigned short randstate[3] = {0,0,0};
+    memcpy(randstate, &Seed, sizeof(Seed));
+
+    // printhex("mutator input", Data, Size);
+
+    /* 0.1% chance straight llvm mutate */
+    // if (nrand48(randstate) % 1000 == 0) {
+    //     ret_len = LLVMFuzzerMutate(Data, Size, MaxSize);
+    //     // printhex("mutator straight llvm", Data, ret_len);
+    //     return ret_len;
+    // }
+
+    buffer inp_buf = {.data = Data, .size = Size, .len = Size, .pos = 0};
+    buffer *inp = &inp_buf;
+
+    /* Parse packets */
+    unsigned int num_packets = MAX_FUZZ_PACKETS;
+    buffer **packets = packets1;
+    fuzz_get_packets(inp, packets, &num_packets);
+
+    if (num_packets == 0) {
+        // Make up a packet, writing direct to the buffer
+        inp->size = MaxSize;
+        buf_setlen(inp, 0);
+        buf_putbytes(inp, FIXED_VERSION, strlen(FIXED_VERSION));
+        buf_putbytes(inp, FIXED_IGNORE_MSG, FIXED_IGNORE_MSG_LEN);
+        // printhex("mutator no input", Data, inp->len);
+        return inp->len;
+    }
+
+    /* Start output */
+    /* Put a new banner to output */
+    buf_putbytes(oup, FIXED_VERSION, strlen(FIXED_VERSION));
+
+    /* Iterate output */
+    for (i = 0; i < num_packets+1; i++) {
+        // These are pointers to output
+        buffer *out_packetA = NULL, *out_packetB = NULL;
+        buf_setlen(alloc_packetA, 0);
+        buf_setlen(alloc_packetB, 0);
+
+        /* 2% chance each */
+        const int optA = nrand48(randstate) % 50;
+        if (optA == 0) {
+            /* Copy another */
+            unsigned int other = nrand48(randstate) % num_packets;
+            out_packetA = packets[other];
+            // printf("copy another %d / %d len %u\n", other, num_packets, out_packetA->len);
+        }
+        if (optA == 1) {
+            /* Mutate another */
+            unsigned int other = nrand48(randstate) % num_packets;
+            out_packetA = alloc_packetA;
+            buffer *from = packets[other];
+            buf_putbytes(out_packetA, from->data, from->len);
+            if (buf_llvm_mutate(out_packetA) == DROPBEAR_FAILURE) {
+                out_packetA = NULL;
+            }
+            // printf("mutate another %d / %d len %u -> %u\n", other, num_packets, from->len, out_packetA->len);
+        }
+
+        if (i < num_packets) {
+            int optB = nrand48(randstate) % 100;
+            if (optB == 1) {
+                /* small chance of drop */
+                /* Drop it */
+                //printf("%d drop\n", i);
+            } else { 
+                /* Odds of modification are proportional to packet position.
+                First packet has 20% chance, last has 100% chance */
+                int optC = nrand48(randstate) % 1000;
+                int mutate_cutoff = MAX(200, (1000 * (i+1) / num_packets));
+                if (optC < mutate_cutoff) {
+                    // // printf("%d mutate\n", i);
+                    out_packetB = alloc_packetB;
+                    buffer *from = packets[i];
+                    buf_putbytes(out_packetB, from->data, from->len);
+                    if (buf_llvm_mutate(out_packetB) == DROPBEAR_FAILURE) {
+                        out_packetB = from;
+                    }
+                    // printf("mutate self %d / %d len %u -> %u\n", i, num_packets, from->len, out_packetB->len);
+                } else {
+                    /* Copy as-is */
+                    out_packetB = packets[i];
+                    // printf("%d as-is len %u\n", i, out_packetB->len);
+                } 
+            }
+        }
+
+        if (out_packetA && oup->len + out_packetA->len <= oup->size) {
+            buf_putbytes(oup, out_packetA->data, out_packetA->len);
+        }
+        if (out_packetB && oup->len + out_packetB->len <= oup->size) {
+            buf_putbytes(oup, out_packetB->data, out_packetB->len);
+        }
+    }
+
+    ret_len = MIN(MaxSize, oup->len);
+    memcpy(Data, oup->data, ret_len);
+    // printhex("mutator done", Data, ret_len);
+    return ret_len;
+}
+
+size_t LLVMFuzzerCustomCrossOver(const uint8_t *Data1, size_t Size1,
+                                            const uint8_t *Data2, size_t Size2,
+                                            uint8_t *Out, size_t MaxOutSize,
+                                            unsigned int Seed) {
+    unsigned short randstate[3] = {0,0,0};
+    memcpy(randstate, &Seed, sizeof(Seed));
+
+    unsigned int i;
+    buffer inp_buf1 = {.data = (void*)Data1, .size = Size1, .len = Size1, .pos = 0};
+    buffer *inp1 = &inp_buf1;
+    buffer inp_buf2 = {.data = (void*)Data2, .size = Size2, .len = Size2, .pos = 0};
+    buffer *inp2 = &inp_buf2;
+
+    unsigned int num_packets1 = MAX_FUZZ_PACKETS;
+    fuzz_get_packets(inp1, packets1, &num_packets1);
+    unsigned int num_packets2 = MAX_FUZZ_PACKETS;
+    fuzz_get_packets(inp2, packets2, &num_packets2);
+
+    // fprintf(stderr, "input 1 %u packets\n", num_packets1);
+    // printhex("crossover input1", Data1, Size1);
+    // fprintf(stderr, "input 2 %u packets\n", num_packets2);
+    // printhex("crossover input2", Data2, Size2);
+
+    buf_setlen(oup, 0);
+    /* Put a new banner to output */
+    buf_putbytes(oup, FIXED_VERSION, strlen(FIXED_VERSION));
+
+    if (num_packets1 == 0 && num_packets2 == 0) {
+        buf_putbytes(oup, FIXED_IGNORE_MSG, FIXED_IGNORE_MSG_LEN);
+    } else {
+        unsigned int min_out = MIN(num_packets1, num_packets2);
+        unsigned int max_out = num_packets1 + num_packets2;
+        unsigned int num_out = min_out + nrand48(randstate) % (max_out-min_out+1);
+
+        for (i = 0; i < num_out; i++) {
+            unsigned int choose = nrand48(randstate) % (num_packets1 + num_packets2);
+            buffer *p = NULL;
+            if (choose < num_packets1) {
+                p = packets1[choose];
+            } else {
+                p = packets2[choose-num_packets1];
+            }
+            if (oup->len + p->len <= oup->size) {
+                buf_putbytes(oup, p->data, p->len);
+            }
+        }
+    }
+
+    size_t ret_len = MIN(MaxOutSize, oup->len);
+    memcpy(Out, oup->data, ret_len);
+    // printhex("crossover output", Out, ret_len);
+    return ret_len;
+}
+

fuzz/fuzz-wrapfd.c

@@ -0,0 +1,279 @@
+#define FUZZ_SKIP_WRAP 1
+#include "includes.h"
+#include "fuzz-wrapfd.h"
+
+#include "dbutil.h"
+
+#include "fuzz.h"
+
+#define IOWRAP_MAXFD (FD_SETSIZE-1)
+static const int MAX_RANDOM_IN = 50000;
+static const double CHANCE_CLOSE = 1.0 / 600;
+static const double CHANCE_INTR = 1.0 / 900;
+static const double CHANCE_READ1 = 0.96;
+static const double CHANCE_READ2 = 0.5;
+static const double CHANCE_WRITE1 = 0.96;
+static const double CHANCE_WRITE2 = 0.5;
+
+struct fdwrap {
+	enum wrapfd_mode mode;
+	int closein;
+	int closeout;
+};
+
+static struct fdwrap wrap_fds[IOWRAP_MAXFD+1] = {{UNUSED, 0, 0}};
+static int wrapfd_maxfd = -1;
+static unsigned short rand_state[3];
+static buffer *input_buf;
+static int devnull_fd = -1;
+
+static void wrapfd_remove(int fd);
+
+void wrapfd_setup(buffer *buf) {
+	TRACE(("wrapfd_setup"))
+
+	// clean old ones
+	int i;
+	for (i = 0; i <= wrapfd_maxfd; i++) {
+		if (wrap_fds[i].mode != UNUSED) {
+			wrapfd_remove(i);
+		}
+	}
+	wrapfd_maxfd = -1;
+
+	memset(rand_state, 0x0, sizeof(rand_state));
+	wrapfd_setseed(50);
+	input_buf = buf;
+}
+
+void wrapfd_setseed(uint32_t seed) {
+	memcpy(rand_state, &seed, sizeof(seed));
+	nrand48(rand_state);
+}
+
+int wrapfd_new_fuzzinput() {
+	if (devnull_fd == -1) {
+		devnull_fd = open("/dev/null", O_RDONLY);
+		assert(devnull_fd != -1);
+	}
+
+	int fd = dup(devnull_fd);
+	assert(fd != -1);
+	assert(wrap_fds[fd].mode == UNUSED);
+	wrap_fds[fd].mode = COMMONBUF;
+	wrap_fds[fd].closein = 0;
+	wrap_fds[fd].closeout = 0;
+	wrapfd_maxfd = MAX(fd, wrapfd_maxfd);
+
+	return fd;
+}
+
+int wrapfd_new_dummy() {
+	if (devnull_fd == -1) {
+		devnull_fd = open("/dev/null", O_RDONLY);
+		assert(devnull_fd != -1);
+	}
+
+	int fd = dup(devnull_fd);
+	if (fd == -1) {
+		return -1;
+	}
+	if (fd > IOWRAP_MAXFD) {
+		close(fd);
+		errno = EMFILE;
+		return -1;
+	}
+	assert(wrap_fds[fd].mode == UNUSED);
+	wrap_fds[fd].mode = DUMMY;
+	wrap_fds[fd].closein = 0;
+	wrap_fds[fd].closeout = 0;
+	wrapfd_maxfd = MAX(fd, wrapfd_maxfd);
+
+	return fd;
+}
+
+
+static void wrapfd_remove(int fd) {
+	TRACE(("wrapfd_remove %d", fd))
+	assert(fd >= 0);
+	assert(fd <= IOWRAP_MAXFD);
+	assert(wrap_fds[fd].mode != UNUSED);
+	wrap_fds[fd].mode = UNUSED;
+	close(fd);
+}
+
+int wrapfd_close(int fd) {
+	if (fd >= 0 && fd <= IOWRAP_MAXFD && wrap_fds[fd].mode != UNUSED) {
+		wrapfd_remove(fd);
+		return 0;
+	} else {
+		return close(fd);
+	}
+}
+
+int wrapfd_read(int fd, void *out, size_t count) {
+	size_t maxread;
+
+	if (!fuzz.wrapfds) {
+		return read(fd, out, count);
+	}
+
+	if (fd < 0 || fd > IOWRAP_MAXFD || wrap_fds[fd].mode == UNUSED) {
+		/* XXX - assertion failure? */
+		TRACE(("Bad read descriptor %d\n", fd))
+		errno = EBADF;
+		return -1;
+	}
+
+	assert(count != 0);
+
+	if (wrap_fds[fd].closein || erand48(rand_state) < CHANCE_CLOSE) {
+		wrap_fds[fd].closein = 1;
+		errno = ECONNRESET;
+		return -1;
+	}
+
+	if (erand48(rand_state) < CHANCE_INTR) {
+		errno = EINTR;
+		return -1;
+	}
+
+	if (input_buf && wrap_fds[fd].mode == COMMONBUF) {
+		maxread = MIN(input_buf->len - input_buf->pos, count);
+		/* returns 0 if buf is EOF, as intended */
+		if (maxread > 0) {
+			maxread = nrand48(rand_state) % maxread + 1;
+		}
+		memcpy(out, buf_getptr(input_buf, maxread), maxread);
+		buf_incrpos(input_buf, maxread);
+		return maxread;
+	}
+
+	// return fixed output, of random length
+	maxread = MIN(MAX_RANDOM_IN, count);
+	maxread = nrand48(rand_state) % maxread + 1;
+	memset(out, 0xef, maxread);
+	return maxread;
+}
+
+int wrapfd_write(int fd, const void* in, size_t count) {
+	unsigned const volatile char* volin = in;
+	unsigned int i;
+
+	if (!fuzz.wrapfds) {
+		return write(fd, in, count);
+	}
+
+	if (fd < 0 || fd > IOWRAP_MAXFD || wrap_fds[fd].mode == UNUSED) {
+		/* XXX - assertion failure? */
+		TRACE(("Bad read descriptor %d\n", fd))
+		errno = EBADF;
+		return -1;
+	}
+
+	assert(count != 0);
+
+	/* force read to exercise sanitisers */
+	for (i = 0; i < count; i++) {
+		(void)volin[i];
+	}
+
+	if (wrap_fds[fd].closeout || erand48(rand_state) < CHANCE_CLOSE) {
+		wrap_fds[fd].closeout = 1;
+		errno = ECONNRESET;
+		return -1;
+	}
+
+	if (erand48(rand_state) < CHANCE_INTR) {
+		errno = EINTR;
+		return -1;
+	}
+
+	return nrand48(rand_state) % (count+1);
+}
+
+int wrapfd_select(int nfds, fd_set *readfds, fd_set *writefds, 
+	fd_set *exceptfds, struct timeval *timeout) {
+	int i, nset, sel;
+	int ret = 0;
+	int fdlist[IOWRAP_MAXFD+1];
+
+	if (!fuzz.wrapfds) {
+		return select(nfds, readfds, writefds, exceptfds, timeout);
+	}
+
+	assert(nfds <= IOWRAP_MAXFD+1);
+
+	if (erand48(rand_state) < CHANCE_INTR) {
+		errno = EINTR;
+		return -1;
+	}
+
+	/* read */
+	if (readfds != NULL && erand48(rand_state) < CHANCE_READ1) {
+		for (i = 0, nset = 0; i < nfds; i++) {
+			if (FD_ISSET(i, readfds)) {
+				assert(wrap_fds[i].mode != UNUSED);
+				fdlist[nset] = i;
+				nset++;
+			}
+		}
+		DROPBEAR_FD_ZERO(readfds);
+
+		if (nset > 0) {
+			/* set one */
+			sel = fdlist[nrand48(rand_state) % nset];
+			FD_SET(sel, readfds);
+			ret++;
+
+			if (erand48(rand_state) < CHANCE_READ2) {
+				sel = fdlist[nrand48(rand_state) % nset];
+				if (!FD_ISSET(sel, readfds)) {
+					FD_SET(sel, readfds);
+					ret++;
+				}
+			}
+		}
+	}
+
+	/* write */
+	if (writefds != NULL && erand48(rand_state) < CHANCE_WRITE1) {
+		for (i = 0, nset = 0; i < nfds; i++) {
+			if (FD_ISSET(i, writefds)) {
+				assert(wrap_fds[i].mode != UNUSED);
+				fdlist[nset] = i;
+				nset++;
+			}
+		}
+		DROPBEAR_FD_ZERO(writefds);
+
+		/* set one */
+		if (nset > 0) {
+			sel = fdlist[nrand48(rand_state) % nset];
+			FD_SET(sel, writefds);
+			ret++;
+
+			if (erand48(rand_state) < CHANCE_WRITE2) {
+				sel = fdlist[nrand48(rand_state) % nset];
+				if (!FD_ISSET(sel, writefds)) {
+					FD_SET(sel, writefds);
+					ret++;
+				}
+			}
+		}
+	}
+	return ret;
+}
+
+int fuzz_kill(pid_t pid, int sig) {
+	if (fuzz.fuzzing) {
+		TRACE(("fuzz_kill ignoring pid %d signal %d", (pid), sig))
+		if (sig >= 0) {
+			return 0;
+		} else {
+			errno = EINVAL;
+			return -1;
+		}
+	}
+	return kill(pid, sig);
+}

fuzz/fuzzer-cliconf.c

@@ -0,0 +1,79 @@
+/* fuzz target for cli-readconf.c */
+
+#include "fuzz.h"
+#include "fuzz-wrapfd.h"
+#include "debug.h"
+#include "runopts.h"
+
+static void setup_fuzzer(void) {
+	fuzz_common_setup();
+	/* Set up commandline args */
+	char* args[2] = { "dbclient", "far" };
+	cli_getopts(2, args);
+}
+
+// Needs to be outside so it doesn't get optimised away for the setjmp().
+// volatile doesn't seem to work, unsure why.
+static FILE *conf_file = NULL;
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+	static int once = 0;
+	if (!once) {
+		setup_fuzzer();
+		once = 1;
+	}
+
+	if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
+		return 0;
+	}
+
+	m_malloc_set_epoch(1);
+
+	if (setjmp(fuzz.jmp) == 0) {
+
+		/* remotehost most be set before config parsing */
+		m_free(cli_opts.remotehost);
+		cli_opts.remotehost = m_strdup("far");
+		/* optional arguments */
+		if (buf_getbool(fuzz.input)) {
+			m_free(cli_opts.username);
+			cli_opts.username = m_strdup("someone");
+		}
+		if (buf_getbool(fuzz.input)) {
+			m_free(cli_opts.remoteport);
+			cli_opts.remoteport = m_strdup("999");
+		}
+
+		buffer *conf_buf = buf_getstringbuf(fuzz.input);
+		if (conf_buf->len > 0)
+		{
+			conf_file = fmemopen(conf_buf->data, conf_buf->len, "r");
+			read_config_file("fuzz", conf_file, &cli_opts);
+			fclose(conf_file);
+			conf_file = NULL;
+		}
+		buf_free(conf_buf);
+
+		m_free(cli_opts.remotehost);
+		m_free(cli_opts.remoteport);
+		m_free(cli_opts.username);
+
+		m_malloc_free_epoch(1, 0);
+	} else {
+		// Cleanup
+		if (conf_file) {
+			fclose(conf_file);
+			conf_file = NULL;
+		}
+
+		m_free(cli_opts.remotehost);
+		m_free(cli_opts.remoteport);
+		m_free(cli_opts.username);
+
+		m_malloc_free_epoch(1, 1);
+		TRACE(("dropbear_exit longjmped"))
+		/* dropbear_exit jumped here */
+	}
+
+	return 0;
+}

fuzz/fuzzer-client.c

@@ -0,0 +1,6 @@
+#include "fuzz.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+	return fuzz_run_client(Data, Size, 0);
+}
+

fuzz/fuzzer-client_nomaths.c

@@ -0,0 +1,6 @@
+#include "fuzz.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+	return fuzz_run_client(Data, Size, 1);
+}
+

fuzz/fuzzer-kexcurve25519.c

@@ -0,0 +1,69 @@
+#include "fuzz.h"
+#include "session.h"
+#include "fuzz-wrapfd.h"
+#include "debug.h"
+#include "runopts.h"
+#include "algo.h"
+#include "bignum.h"
+
+static struct key_context* keep_newkeys = NULL;
+/* An arbitrary limit */
+#define NUM_PARAMS 80
+static struct kex_curve25519_param *curve25519_params[NUM_PARAMS];
+
+static void setup() __attribute__((constructor));
+// Perform initial setup here to avoid hitting timeouts on first run
+static void setup() {
+	fuzz_common_setup();
+	fuzz_svr_setup();
+
+	keep_newkeys = (struct key_context*)m_malloc(sizeof(struct key_context));
+	keep_newkeys->algo_kex = fuzz_get_algo(sshkex, "curve25519-sha256");
+	keep_newkeys->algo_hostkey = DROPBEAR_SIGNKEY_ED25519;
+	ses.newkeys = keep_newkeys;
+
+	/* Pre-generate parameters */
+	int i;
+	for (i = 0; i < NUM_PARAMS; i++) {
+		curve25519_params[i] = gen_kexcurve25519_param();
+	}
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+	if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
+		return 0;
+	}
+
+	m_malloc_set_epoch(1);
+
+	if (setjmp(fuzz.jmp) == 0) {
+		/* Based on recv_msg_kexdh_init()/send_msg_kexdh_reply() 
+		with DROPBEAR_KEX_CURVE25519 */
+		ses.newkeys = keep_newkeys;
+
+		/* Choose from the collection of curve25519 params */
+		unsigned int e = buf_getint(fuzz.input);
+		struct kex_curve25519_param *curve25519_param = curve25519_params[e % NUM_PARAMS];
+
+		buffer * ecdh_qs = buf_getstringbuf(fuzz.input);
+
+		ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS);
+		kexcurve25519_comb_key(curve25519_param, ecdh_qs, svr_opts.hostkey);
+
+		mp_clear(ses.dh_K);
+		m_free(ses.dh_K);
+		buf_free(ecdh_qs);
+
+		buf_free(ses.hash);
+		buf_free(ses.session_id);
+		/* kexhashbuf is freed in kexdh_comb_key */
+
+		m_malloc_free_epoch(1, 0);
+	} else {
+		m_malloc_free_epoch(1, 1);
+		TRACE(("dropbear_exit longjmped"))
+		/* dropbear_exit jumped here */
+	}
+
+	return 0;
+}

fuzz/fuzzer-kexdh.c

@@ -0,0 +1,72 @@
+#include "fuzz.h"
+#include "session.h"
+#include "fuzz-wrapfd.h"
+#include "debug.h"
+#include "runopts.h"
+#include "algo.h"
+#include "bignum.h"
+
+static struct key_context* keep_newkeys = NULL;
+#define NUM_PARAMS 80
+static struct kex_dh_param *dh_params[NUM_PARAMS];
+
+static void setup() __attribute__((constructor));
+// Perform initial setup here to avoid hitting timeouts on first run
+static void setup() {
+	fuzz_common_setup();
+	fuzz_svr_setup();
+
+	keep_newkeys = (struct key_context*)m_malloc(sizeof(struct key_context));
+	keep_newkeys->algo_kex = fuzz_get_algo(sshkex, "diffie-hellman-group14-sha256");
+	keep_newkeys->algo_hostkey = DROPBEAR_SIGNKEY_ECDSA_NISTP256;
+	ses.newkeys = keep_newkeys;
+
+	/* Pre-generate parameters */
+	int i;
+	for (i = 0; i < NUM_PARAMS; i++) {
+		dh_params[i] = gen_kexdh_param();
+	}
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+	if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
+		return 0;
+	}
+
+	m_malloc_set_epoch(1);
+
+	if (setjmp(fuzz.jmp) == 0) {
+		/* Based on recv_msg_kexdh_init()/send_msg_kexdh_reply() 
+		with DROPBEAR_KEX_NORMAL_DH */
+		ses.newkeys = keep_newkeys;
+
+		/* Choose from the collection of ecdh params */
+		unsigned int e = buf_getint(fuzz.input);
+		struct kex_dh_param * dh_param = dh_params[e % NUM_PARAMS];
+
+		DEF_MP_INT(dh_e);
+		m_mp_init(&dh_e);
+		if (buf_getmpint(fuzz.input, &dh_e) != DROPBEAR_SUCCESS) {
+			dropbear_exit("Bad kex value");
+		}
+
+		ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS);
+		kexdh_comb_key(dh_param, &dh_e, svr_opts.hostkey);
+
+		mp_clear(ses.dh_K);
+		m_free(ses.dh_K);
+		mp_clear(&dh_e);
+
+		buf_free(ses.hash);
+		buf_free(ses.session_id);
+		/* kexhashbuf is freed in kexdh_comb_key */
+
+		m_malloc_free_epoch(1, 0);
+	} else {
+		m_malloc_free_epoch(1, 1);
+		TRACE(("dropbear_exit longjmped"))
+		/* dropbear_exit jumped here */
+	}
+
+	return 0;
+}

fuzz/fuzzer-kexecdh.c

@@ -0,0 +1,82 @@
+#include "fuzz.h"
+#include "session.h"
+#include "fuzz-wrapfd.h"
+#include "debug.h"
+#include "runopts.h"
+#include "algo.h"
+#include "bignum.h"
+
+static const struct dropbear_kex *ecdh[3]; /* 256, 384, 521 */
+static struct key_context* keep_newkeys = NULL;
+/* number of generated parameters. An arbitrary limit, but will delay startup */
+#define NUM_PARAMS 80
+static struct kex_ecdh_param *ecdh_params[NUM_PARAMS];
+
+static void setup() __attribute__((constructor));
+// Perform initial setup here to avoid hitting timeouts on first run
+static void setup() {
+	fuzz_common_setup();
+	fuzz_svr_setup();
+
+	/* ses gets zeroed by fuzz_set_input */
+	keep_newkeys = (struct key_context*)m_malloc(sizeof(struct key_context));
+	ecdh[0] = fuzz_get_algo(sshkex, "ecdh-sha2-nistp256");
+	ecdh[1] = fuzz_get_algo(sshkex, "ecdh-sha2-nistp384");
+	ecdh[2] = fuzz_get_algo(sshkex, "ecdh-sha2-nistp521");
+	assert(ecdh[0]);
+	assert(ecdh[1]);
+	assert(ecdh[2]);
+	keep_newkeys->algo_hostkey = DROPBEAR_SIGNKEY_ECDSA_NISTP256;
+	ses.newkeys = keep_newkeys;
+
+	/* Pre-generate parameters */
+	int i;
+	for (i = 0; i < NUM_PARAMS; i++) {
+		ses.newkeys->algo_kex = ecdh[i % 3];
+		ecdh_params[i] = gen_kexecdh_param();
+	}
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+
+	if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
+		return 0;
+	}
+
+	m_malloc_set_epoch(1);
+
+	if (setjmp(fuzz.jmp) == 0) {
+		/* Based on recv_msg_kexdh_init()/send_msg_kexdh_reply() 
+		with DROPBEAR_KEX_ECDH */
+		ses.newkeys = keep_newkeys;
+
+		/* random choice of ecdh 256, 384, 521 */
+		unsigned char b = buf_getbyte(fuzz.input);
+		ses.newkeys->algo_kex = ecdh[b % 3];
+
+		/* Choose from the collection of ecdh params */
+		unsigned int e = buf_getint(fuzz.input);
+		struct kex_ecdh_param *ecdh_param = ecdh_params[e % NUM_PARAMS];
+
+		buffer * ecdh_qs = buf_getstringbuf(fuzz.input);
+
+		ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS);
+		kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey);
+
+		mp_clear(ses.dh_K);
+		m_free(ses.dh_K);
+		buf_free(ecdh_qs);
+
+		buf_free(ses.hash);
+		buf_free(ses.session_id);
+		/* kexhashbuf is freed in kexdh_comb_key */
+
+		m_malloc_free_epoch(1, 0);
+	} else {
+		m_malloc_free_epoch(1, 1);
+		TRACE(("dropbear_exit longjmped"))
+		/* dropbear_exit jumped here */
+	}
+
+	return 0;
+}

fuzz/fuzzer-postauth_nomaths.c

@@ -0,0 +1,6 @@
+#include "fuzz.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+	return fuzz_run_server(Data, Size, 1, 1);
+}
+

fuzz/fuzzer-preauth.c

@@ -0,0 +1,6 @@
+#include "fuzz.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+	return fuzz_run_server(Data, Size, 0, 0);
+}
+

fuzz/fuzzer-preauth_nomaths.c

@@ -0,0 +1,6 @@
+#include "fuzz.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+	return fuzz_run_server(Data, Size, 1, 0);
+}
+

fuzz/fuzzer-pubkey.c

@@ -0,0 +1,54 @@
+#include "fuzz.h"
+#include "session.h"
+#include "fuzz-wrapfd.h"
+#include "debug.h"
+
+static void setup_fuzzer(void) {
+	fuzz_common_setup();
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+	static int once = 0;
+	if (!once) {
+		setup_fuzzer();
+		once = 1;
+	}
+
+	if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
+		return 0;
+	}
+
+	m_malloc_set_epoch(1);
+
+	if (setjmp(fuzz.jmp) == 0) {
+		buffer *line = buf_getstringbuf(fuzz.input);
+		buffer *keyblob = buf_getstringbuf(fuzz.input);
+
+		unsigned int algolen;
+		char* algoname = buf_getstring(keyblob, &algolen);
+
+		if (signature_type_from_name(algoname, algolen) == DROPBEAR_SIGNATURE_NONE) {
+			dropbear_exit("fuzzer imagined a bogus algorithm");
+		}
+
+		int ret = fuzz_checkpubkey_line(line, 5, "/home/me/authorized_keys",
+			algoname, algolen,
+			keyblob->data, keyblob->len);
+
+		if (ret == DROPBEAR_SUCCESS) {
+			/* fuzz_checkpubkey_line() should have cleaned up for failure */
+			svr_pubkey_options_cleanup();
+		}
+
+		buf_free(line);
+		buf_free(keyblob);
+		m_free(algoname);
+		m_malloc_free_epoch(1, 0);
+	} else {
+		m_malloc_free_epoch(1, 1);
+		TRACE(("dropbear_exit longjmped"))
+		/* dropbear_exit jumped here */
+	}
+
+	return 0;
+}

fuzz/fuzzer-verify.c

@@ -0,0 +1,95 @@
+#include "fuzz.h"
+#include "session.h"
+#include "fuzz-wrapfd.h"
+#include "debug.h"
+#include "dss.h"
+#include "ed25519.h"
+
+static void setup_fuzzer(void) {
+	fuzz_common_setup();
+}
+
+static buffer *verifydata;
+
+/* Tests reading a public key and verifying a signature */
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+	static int once = 0;
+	if (!once) {
+		setup_fuzzer();
+		verifydata = buf_new(30);
+		buf_putstring(verifydata, "x", 1);
+		once = 1;
+	}
+
+	if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
+		return 0;
+	}
+
+	m_malloc_set_epoch(1);
+
+	if (setjmp(fuzz.jmp) == 0) {
+		sign_key *key = new_sign_key();
+		enum signkey_type keytype = DROPBEAR_SIGNKEY_ANY;
+		if (buf_get_pub_key(fuzz.input, key, &keytype) == DROPBEAR_SUCCESS) {
+			enum signature_type sigtype;
+			if (keytype == DROPBEAR_SIGNKEY_RSA) {
+				/* Flip a coin to decide rsa signature type */
+				int flag = buf_getbyte(fuzz.input);
+				if (flag & 0x01) {
+					sigtype = DROPBEAR_SIGNATURE_RSA_SHA256;
+				} else {
+					sigtype = DROPBEAR_SIGNATURE_RSA_SHA1;
+				}
+			} else {
+				sigtype = signature_type_from_signkey(keytype);
+			}
+			if (buf_verify(fuzz.input, key, sigtype, verifydata) == DROPBEAR_SUCCESS) {
+				/* The fuzzer is capable of generating keys with a signature to match.
+				We don't want false positives if the key is bogus, since a client/server 
+				wouldn't be trusting a bogus key anyway */
+				int boguskey = 0;
+
+				if (keytype == DROPBEAR_SIGNKEY_DSS) {
+					/* So far have seen dss keys with bad p/q/g domain parameters */
+					int pprime, qprime, trials;
+					trials = mp_prime_rabin_miller_trials(mp_count_bits(key->dsskey->p));
+					assert(mp_prime_is_prime(key->dsskey->p, trials, &pprime) == MP_OKAY);
+					trials = mp_prime_rabin_miller_trials(mp_count_bits(key->dsskey->q));
+					assert(mp_prime_is_prime(key->dsskey->q, trials, &qprime) == MP_OKAY);
+					boguskey = !(pprime && qprime);
+					/* Could also check g**q mod p == 1 */
+				}
+
+				if (keytype == DROPBEAR_SIGNKEY_SK_ED25519 || keytype == DROPBEAR_SIGNKEY_ED25519) {
+					dropbear_ed25519_key **eck = (dropbear_ed25519_key**)signkey_key_ptr(key, keytype);
+					if (eck && *eck) {
+						int i;
+						/* we've seen all-zero keys validate */
+						boguskey = 1;
+						for (i = 0; i < CURVE25519_LEN; i++) {
+							if ((*eck)->priv[i] != 0x00 || (*eck)->pub[i] != 0x00) {
+								boguskey = 0;
+							}
+						}
+
+					}
+				}
+
+				if (!boguskey) {
+					printf("Random key/signature managed to verify!\n");
+					abort();
+				}
+
+
+			}
+		}
+		sign_key_free(key);
+		m_malloc_free_epoch(1, 0);
+	} else {
+		m_malloc_free_epoch(1, 1);
+		TRACE(("dropbear_exit longjmped"))
+		/* dropbear_exit jumped here */
+	}
+
+	return 0;
+}

fuzzers_test.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# runs fuzz corpus with standalone fuzzers
+
+result=0
+
+test -d fuzzcorpus && hg --repository fuzzcorpus/ pull || hg clone https://hg.ucc.asn.au/dropbear-fuzzcorpus fuzzcorpus || exit 1
+for f in `make list-fuzz-targets`; do
+    # use xargs to split the too-long argument list
+    # -q quiet because travis has a logfile limit
+    echo fuzzcorpus/$f/* | xargs -n 1000 ./$f -q || result=1
+done
+
+exit $result

kex.h

@@ -1,69 +0,0 @@
-/*
- * Dropbear - a SSH2 server
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#ifndef _KEX_H_
-#define _KEX_H_
-
-#include "includes.h"
-#include "algo.h"
-
-void send_msg_kexinit();
-void recv_msg_kexinit();
-void send_msg_newkeys();
-void recv_msg_newkeys();
-void kexfirstinitialise();
-void gen_kexdh_vals(mp_int *dh_pub, mp_int *dh_priv);
-void kexdh_comb_key(mp_int *dh_pub_us, mp_int *dh_priv, mp_int *dh_pub_them,
-		sign_key *hostkey);
-
-#ifndef DISABLE_ZLIB
-int is_compress_trans();
-int is_compress_recv();
-#endif
-
-void recv_msg_kexdh_init(); /* server */
-
-void send_msg_kexdh_init(); /* client */
-void recv_msg_kexdh_reply(); /* client */
-
-struct KEXState {
-
-	unsigned sentkexinit : 1; /*set when we've sent/recv kexinit packet */
-	unsigned recvkexinit : 1;
-	unsigned firstfollows : 1; /* true when first_kex_packet_follows is set */
-	unsigned sentnewkeys : 1; /* set once we've send MSG_NEWKEYS (will be cleared once we have also received */
-	unsigned recvnewkeys : 1; /* set once we've received MSG_NEWKEYS (cleared once we have also sent */
-
-	unsigned donefirstkex : 1; /* Set to 1 after the first kex has completed,
-								  ie the transport layer has been set up */
-
-	time_t lastkextime; /* time of the last kex */
-	unsigned int datatrans; /* data transmitted since last kex */
-	unsigned int datarecv; /* data received since last kex */
-
-};
-
-#define MAX_KEXHASHBUF 2000
-
-#endif /* _KEX_H_ */

libtomcrypt/.travis.yml

@@ -0,0 +1,135 @@
+dist: trusty
+sudo: required
+
+language: c
+
+addons:
+  apt:
+    sources:
+    - ubuntu-toolchain-r-test
+    - llvm-toolchain-precise-3.8
+    packages:
+    - clang-3.8
+
+install:
+    - sudo apt-get update -qq
+    - sudo apt-get install libtommath-dev
+
+before_script:
+  - gem install coveralls-lcov
+  - curl http://ftp.de.debian.org/debian/pool/main/l/lcov/lcov_1.11.orig.tar.gz | tar xz
+  - export PATH=$PATH:`pwd`/lcov-1.11/bin
+  - curl -s https://packagecloud.io/install/repositories/libtom/packages/script.deb.sh | sudo bash
+  - sudo apt-get install libtfm-dev=0.13-5
+
+matrix:
+  fast_finish: true
+branches:
+  only:
+    - master
+    - develop
+    - /^release\/.*$/
+
+compiler:
+  - gcc
+  - clang
+script:
+  - bash "${BUILDSCRIPT}" "${BUILDNAME}" "${BUILDOPTIONS}" "makefile V=1"        "-DUSE_LTM -DLTM_DESC" "-ltommath"
+  - bash "${BUILDSCRIPT}" "${BUILDNAME}" "${BUILDOPTIONS}" "makefile.shared V=1" "-DUSE_TFM -DTFM_DESC" "-ltfm"
+env:
+  - |
+    BUILDSCRIPT="check_source.sh"
+    BUILDNAME="CHECK_SOURCES"
+    BUILDOPTIONS=" "
+  - |
+    BUILDSCRIPT="scan_build.sh"
+    BUILDNAME="SCAN_BUILD"
+    BUILDOPTIONS=" "
+  - |
+    BUILDSCRIPT="coverage.sh"
+    BUILDNAME="COVERAGE"
+    BUILDOPTIONS=" "
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="STOCK"
+    BUILDOPTIONS=" "
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="EASY"
+    BUILDOPTIONS="-DLTC_EASY"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="SMALL"
+    BUILDOPTIONS="-DLTC_SMALL_CODE"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="NOTABLES"
+    BUILDOPTIONS="-DLTC_NO_TABLES"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="SMALL+NOTABLES"
+    BUILDOPTIONS="-DLTC_SMALL_CODE -DLTC_NO_TABLES"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="CLEANSTACK"
+    BUILDOPTIONS="-DLTC_CLEAN_STACK"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="CLEANSTACK+SMALL"
+    BUILDOPTIONS="-DLTC_SMALL_CODE -DLTC_CLEAN_STACK"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="CLEANSTACK+NOTABLES"
+    BUILDOPTIONS="-DLTC_NO_TABLES -DLTC_CLEAN_STACK"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="CLEANSTACK+NOTABLES+SMALL"
+    BUILDOPTIONS="-DLTC_NO_TABLES -DLTC_CLEAN_STACK -DLTC_SMALL_CODE"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="NO_FAST"
+    BUILDOPTIONS="-DLTC_NO_FAST"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="NO_FAST+NOTABLES"
+    BUILDOPTIONS="-DLTC_NO_FAST -DLTC_NO_TABLES"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="NO_ASM"
+    BUILDOPTIONS="-DLTC_NO_ASM"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="NO_TIMING_RESISTANCE"
+    BUILDOPTIONS="-DLTC_NO_ECC_TIMING_RESISTANT -DLTC_NO_RSA_BLINDING"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="CLEANSTACK+NOTABLES+SMALL+NO_ASM+NO_TIMING_RESISTANCE"
+    BUILDOPTIONS="-DLTC_CLEAN_STACK -DLTC_NO_TABLES -DLTC_SMALL_CODE -DLTC_NO_ECC_TIMING_RESISTANT -DLTC_NO_RSA_BLINDING"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="PTHREAD"
+    BUILDOPTIONS="-DLTC_PTHREAD"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="CLEANSTACK+NOTABLES+SMALL+NO_ASM+NO_TIMING_RESISTANCE+PTHREAD"
+    BUILDOPTIONS="-DLTC_CLEAN_STACK -DLTC_NO_TABLES -DLTC_SMALL_CODE -DLTC_NO_ECC_TIMING_RESISTANT -DLTC_NO_RSA_BLINDING -DLTC_PTHREAD"
+  - |
+    BUILDSCRIPT="testbuild.sh"
+    BUILDNAME="NOTEST"
+    BUILDOPTIONS="-DLTC_NO_TEST"
+  - |
+    BUILDSCRIPT="testbuild.sh"
+    BUILDNAME="NOFILE"
+    BUILDOPTIONS="-DLTC_NO_FILE"
+
+after_failure:
+  - cat test_std.txt
+  - cat test_err.txt
+  - cat tv.txt
+
+after_script:
+  - cat gcc_1.txt
+  - cat gcc_2.txt
+
+notifications:
+  irc: "chat.freenode.net#libtom-notifications"

libtomcrypt/Doxyfile

@@ -23,7 +23,7 @@ PROJECT_NAME           = LibTomCrypt
 # This could be handy for archiving the generated documentation or 
 # if some version control system is used.
 
-PROJECT_NUMBER         = 1.16
+PROJECT_NUMBER         = 1.17
 
 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) 
 # base path where the generated documentation will be put. 

libtomcrypt/LICENSE

@@ -1,5 +1,29 @@
+LibTomCrypt is licensed under DUAL licensing terms.
+
+Choose and use the license of your needs.
+
+[LICENSE #1]
+
 LibTomCrypt is public domain.  As should all quality software be.
 
 Tom St Denis
 
+[/LICENSE #1]
 
+[LICENSE #2]
+
+            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+                    Version 2, December 2004
+
+ Copyright (C) 2004 Sam Hocevar <sam@hocevar.net>
+
+ Everyone is permitted to copy and distribute verbatim or modified
+ copies of this license document, and changing it is allowed as long
+ as the name is changed.
+
+            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. You just DO WHAT THE FUCK YOU WANT TO. 
+
+[/LICENSE #2]

libtomcrypt/Makefile.in

@@ -1,155 +1,134 @@
-# MAKEFILE for linux GCC
+# MAKEFILE that is intended to be compatible with any kind of make (GNU make, BSD make, ...)
+# works on: Linux, *BSD, Cygwin, AIX, HP-UX and hopefully other UNIX systems
 #
-# Tom St Denis
-# Modified by Clay Culver
+# Please do not use here neither any special make syntax nor any unusual tools/utilities!
+#
+# BEWARE: variables OBJECTS, TOBJECTS, HEADERS, VERSION are updated via ./updatemakes.sh
 
-# The version
-VERSION=1.16
+### USAGE:
+#
+# make -f makefile.unix all
+# ./test
+# make -f makefile.unix install
+#
+#Or:
+#
+# make -f makefile.unix CFLAGS="-O3 -DUSE_LTM -DLTM_DESC -I/path/to/libtommath" EXTRALIBS=/path/to/libtommath/libtommath.a all
+# ./test
+# make -f makefile.unix PREFIX=/opt/libtom install
+#
+#Or if you are using Intel C compiler you might need something like:
+#
+# make -f makefile.unix CC=icc AR=xiar CFLAGS="-fast -DUSE_LTM -DLTM_DESC -I/path/to/libtommath" EXTRALIBS=/path/to/libtommath/libtommath.a all
+#
 
+# Dropbear can build out of tree
 VPATH=@srcdir@
 srcdir=@srcdir@
 
-# Compiler and Linker Names
-#CC=gcc
-#LD=ld
+#The following can be overridden from command line e.g. "make -f makefile.unix CC=gcc ARFLAGS=rcs"
+DESTDIR   =
+PREFIX    = /usr/local
+LIBPATH   = $(PREFIX)/lib
+INCPATH   = $(PREFIX)/include
+DATAPATH  = $(PREFIX)/share/doc/libtomcrypt/pdf
+BINPATH   = $(PREFIX)/bin
+# Dropbear passes paths from parent makefile
+#CC        = cc
+#AR        = ar
+ARFLAGS   = r
+#RANLIB    = ranlib
+#CFLAGS    = -O2 -DUSE_LTM -DLTM_DESC -I../libtommath
+EXTRALIBS = ../libtommath/libtommath.a
 
-# Archiver [makes .a files]
-#AR=ar
-#ARFLAGS=r
+#Compilation flags
+LTC_CFLAGS  = -Isrc/headers/ -I$(srcdir)/src/headers/ -I../ -I$(srcdir)/../src -DLTC_SOURCE -I../libtommath/ -I$(srcdir)/../libtommath/ $(CFLAGS) $(CPPFLAGS)
+LTC_LDFLAGS = $(LDFLAGS) $(EXTRALIBS)
+VERSION=1.18.1
 
-# Compilation flags. Note the += does not write over the user's CFLAGS!
-# The rest of the flags come from the parent Dropbear makefile
-CFLAGS += -c -I$(srcdir)/src/headers/ -I$(srcdir)/../
+#Libraries to be created (this makefile builds only static libraries)
+LIBMAIN_S =libtomcrypt.a
 
-# additional warnings (newer GCC 3.4 and higher)
-ifdef GCC_34
-CFLAGS += -Wsystem-headers -Wdeclaration-after-statement -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wmissing-prototypes \
-		  -Wmissing-declarations -Wpointer-arith 
-endif
-
-ifndef IGNORE_SPEED
-
-# optimize for SPEED
-#CFLAGS += -O3 -funroll-loops
-
-# add -fomit-frame-pointer.  hinders debugging!
-#CFLAGS += -fomit-frame-pointer
-
-# optimize for SIZE
-#CFLAGS += -Os -DLTC_SMALL_CODE
-
-endif
-
-# older GCCs can't handle the "rotate with immediate" ROLc/RORc/etc macros
-# define this to help
-#CFLAGS += -DLTC_NO_ROLC
-
-# compile for DEBUGING (required for ccmalloc checking!!!)
-#CFLAGS += -g3 -DLTC_NO_ASM
-
-#Output filenames for various targets.
-ifndef LIBNAME
-   LIBNAME=libtomcrypt.a
-endif
-ifndef LIBTEST
-   LIBTEST=libtomcrypt_prof.a
-endif
-LIBTEST_S=$(LIBTEST)
-
-HASH=hashsum
-CRYPT=encrypt
-SMALL=small
-PROF=x86_prof
-TV=tv_gen
-MULTI=multi
-TIMING=timing
-TEST=test
-
-#LIBPATH-The directory for libtomcrypt to be installed to.
-#INCPATH-The directory to install the header files for libtomcrypt.
-#DATAPATH-The directory to install the pdf docs.
-ifndef DESTDIR
-   DESTDIR=
-endif
-
-ifndef LIBPATH
-   LIBPATH=/usr/lib
-endif
-ifndef INCPATH
-   INCPATH=/usr/include
-endif
-ifndef DATAPATH
-   DATAPATH=/usr/share/doc/libtomcrypt/pdf
-endif
-
-#Who do we install as?
-ifdef INSTALL_USER
-USER=$(INSTALL_USER)
-else
-USER=root
-endif
-
-ifdef INSTALL_GROUP
-GROUP=$(INSTALL_GROUP)
-else
-GROUP=wheel
-endif
-
-#List of objects to compile.
-#START_INS
-OBJECTS=src/ciphers/aes/aes_enc.o src/ciphers/aes/aes.o src/ciphers/anubis.o src/ciphers/blowfish.o \
-src/ciphers/cast5.o src/ciphers/des.o src/ciphers/kasumi.o src/ciphers/khazad.o src/ciphers/kseed.o \
-src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o src/ciphers/rc6.o src/ciphers/safer/safer.o \
-src/ciphers/safer/safer_tab.o src/ciphers/safer/saferp.o src/ciphers/skipjack.o \
-src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_memory.o \
-src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
-src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o src/encauth/eax/eax_encrypt.o \
-src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_init.o \
-src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o src/encauth/gcm/gcm_add_iv.o \
-src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o src/encauth/gcm/gcm_init.o \
-src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o src/encauth/gcm/gcm_process.o \
-src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o \
-src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \
-src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
+#List of objects to compile (all goes to libtomcrypt.a)
+OBJECTS=src/ciphers/aes/aes.o src/ciphers/aes/aes_enc.o src/ciphers/anubis.o src/ciphers/blowfish.o \
+src/ciphers/camellia.o src/ciphers/cast5.o src/ciphers/des.o src/ciphers/kasumi.o src/ciphers/khazad.o \
+src/ciphers/kseed.o src/ciphers/multi2.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \
+src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/saferp.o src/ciphers/skipjack.o \
+src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_add_aad.o \
+src/encauth/ccm/ccm_add_nonce.o src/encauth/ccm/ccm_done.o src/encauth/ccm/ccm_init.o \
+src/encauth/ccm/ccm_memory.o src/encauth/ccm/ccm_process.o src/encauth/ccm/ccm_reset.o \
+src/encauth/ccm/ccm_test.o src/encauth/chachapoly/chacha20poly1305_add_aad.o \
+src/encauth/chachapoly/chacha20poly1305_decrypt.o src/encauth/chachapoly/chacha20poly1305_done.o \
+src/encauth/chachapoly/chacha20poly1305_encrypt.o src/encauth/chachapoly/chacha20poly1305_init.o \
+src/encauth/chachapoly/chacha20poly1305_memory.o src/encauth/chachapoly/chacha20poly1305_setiv.o \
+src/encauth/chachapoly/chacha20poly1305_setiv_rfc7905.o \
+src/encauth/chachapoly/chacha20poly1305_test.o src/encauth/eax/eax_addheader.o \
+src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
+src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
+src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \
+src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
+src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
+src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
+src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
+src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
 src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
 src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
-src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \
-src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
-src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o \
-src/hashes/sha1.o src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \
-src/hashes/whirl/whirl.o src/mac/f9/f9_done.o src/mac/f9/f9_file.o src/mac/f9/f9_init.o \
-src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o src/mac/f9/f9_process.o src/mac/f9/f9_test.o \
-src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
-src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \
-src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
-src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \
-src/mac/pelican/pelican.o src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o \
-src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
+src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \
+src/encauth/ocb3/ocb3_decrypt_verify_memory.o src/encauth/ocb3/ocb3_done.o \
+src/encauth/ocb3/ocb3_encrypt.o src/encauth/ocb3/ocb3_encrypt_authenticate_memory.o \
+src/encauth/ocb3/ocb3_encrypt_last.o src/encauth/ocb3/ocb3_init.o src/encauth/ocb3/ocb3_int_ntz.o \
+src/encauth/ocb3/ocb3_int_xor_blocks.o src/encauth/ocb3/ocb3_test.o src/hashes/blake2b.o \
+src/hashes/blake2s.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \
+src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
+src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o src/hashes/md5.o \
+src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o src/hashes/sha1.o \
+src/hashes/sha2/sha224.o src/hashes/sha2/sha256.o src/hashes/sha2/sha384.o src/hashes/sha2/sha512.o \
+src/hashes/sha2/sha512_224.o src/hashes/sha2/sha512_256.o src/hashes/sha3.o src/hashes/sha3_test.o \
+src/hashes/tiger.o src/hashes/whirl/whirl.o src/mac/blake2/blake2bmac.o \
+src/mac/blake2/blake2bmac_file.o src/mac/blake2/blake2bmac_memory.o \
+src/mac/blake2/blake2bmac_memory_multi.o src/mac/blake2/blake2bmac_test.o src/mac/blake2/blake2smac.o \
+src/mac/blake2/blake2smac_file.o src/mac/blake2/blake2smac_memory.o \
+src/mac/blake2/blake2smac_memory_multi.o src/mac/blake2/blake2smac_test.o src/mac/f9/f9_done.o \
+src/mac/f9/f9_file.o src/mac/f9/f9_init.o src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o \
+src/mac/f9/f9_process.o src/mac/f9/f9_test.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \
+src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o src/mac/hmac/hmac_memory_multi.o \
+src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \
+src/mac/omac/omac_init.o src/mac/omac/omac_memory.o src/mac/omac/omac_memory_multi.o \
+src/mac/omac/omac_process.o src/mac/omac/omac_test.o src/mac/pelican/pelican.o \
+src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o src/mac/pmac/pmac_done.o \
+src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
 src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
-src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/xcbc/xcbc_done.o \
+src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/poly1305/poly1305.o \
+src/mac/poly1305/poly1305_file.o src/mac/poly1305/poly1305_memory.o \
+src/mac/poly1305/poly1305_memory_multi.o src/mac/poly1305/poly1305_test.o src/mac/xcbc/xcbc_done.o \
 src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \
 src/mac/xcbc/xcbc_memory_multi.o src/mac/xcbc/xcbc_process.o src/mac/xcbc/xcbc_test.o \
 src/math/fp/ltc_ecc_fp_mulmod.o src/math/gmp_desc.o src/math/ltm_desc.o src/math/multi.o \
-src/math/rand_prime.o src/math/tfm_desc.o src/misc/base64/base64_decode.o \
-src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt.o \
-src/misc/crypt/crypt_argchk.o src/misc/crypt/crypt_cipher_descriptor.o \
-src/misc/crypt/crypt_cipher_is_valid.o src/misc/crypt/crypt_find_cipher.o \
+src/math/radix_to_bin.o src/math/rand_bn.o src/math/rand_prime.o src/math/tfm_desc.o src/misc/adler32.o \
+src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o src/misc/burn_stack.o \
+src/misc/compare_testvector.o src/misc/crc32.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \
+src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
+src/misc/crypt/crypt_constants.o src/misc/crypt/crypt_find_cipher.o \
 src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher_id.o \
 src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_any.o \
 src/misc/crypt/crypt_find_hash_id.o src/misc/crypt/crypt_find_hash_oid.o \
 src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_fsa.o src/misc/crypt/crypt_hash_descriptor.o \
-src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_ltc_mp_descriptor.o \
-src/misc/crypt/crypt_prng_descriptor.o src/misc/crypt/crypt_prng_is_valid.o \
-src/misc/crypt/crypt_register_cipher.o src/misc/crypt/crypt_register_hash.o \
-src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_unregister_cipher.o \
-src/misc/crypt/crypt_unregister_hash.o src/misc/crypt/crypt_unregister_prng.o \
-src/misc/error_to_string.o src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
-src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o \
-src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o \
-src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o \
-src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \
-src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \
-src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \
+src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_inits.o \
+src/misc/crypt/crypt_ltc_mp_descriptor.o src/misc/crypt/crypt_prng_descriptor.o \
+src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_prng_rng_descriptor.o \
+src/misc/crypt/crypt_register_all_ciphers.o src/misc/crypt/crypt_register_all_hashes.o \
+src/misc/crypt/crypt_register_all_prngs.o src/misc/crypt/crypt_register_cipher.o \
+src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_sizes.o \
+src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
+src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o src/misc/hkdf/hkdf.o \
+src/misc/hkdf/hkdf_test.o src/misc/mem_neq.o src/misc/pk_get_oid.o src/misc/pkcs5/pkcs_5_1.o \
+src/misc/pkcs5/pkcs_5_2.o src/misc/pkcs5/pkcs_5_test.o src/misc/zeromem.o src/modes/cbc/cbc_decrypt.o \
+src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
+src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
+src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o \
+src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o \
+src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o src/modes/ctr/ctr_getiv.o \
+src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \
 src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
 src/modes/ecb/ecb_start.o src/modes/f8/f8_decrypt.o src/modes/f8/f8_done.o src/modes/f8/f8_encrypt.o \
 src/modes/f8/f8_getiv.o src/modes/f8/f8_setiv.o src/modes/f8/f8_start.o src/modes/f8/f8_test_mode.o \
@@ -157,161 +136,164 @@ src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o src/modes/lrw/lrw_encrypt.o
 src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o src/modes/lrw/lrw_setiv.o \
 src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
 src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
-src/modes/ofb/ofb_start.o 
+src/modes/ofb/ofb_start.o src/modes/xts/xts_decrypt.o src/modes/xts/xts_done.o \
+src/modes/xts/xts_encrypt.o src/modes/xts/xts_init.o src/modes/xts/xts_mult_x.o \
+src/modes/xts/xts_test.o src/pk/asn1/der/bit/der_decode_bit_string.o \
+src/pk/asn1/der/bit/der_decode_raw_bit_string.o src/pk/asn1/der/bit/der_encode_bit_string.o \
+src/pk/asn1/der/bit/der_encode_raw_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \
+src/pk/asn1/der/boolean/der_decode_boolean.o src/pk/asn1/der/boolean/der_encode_boolean.o \
+src/pk/asn1/der/boolean/der_length_boolean.o src/pk/asn1/der/choice/der_decode_choice.o \
+src/pk/asn1/der/generalizedtime/der_decode_generalizedtime.o \
+src/pk/asn1/der/generalizedtime/der_encode_generalizedtime.o \
+src/pk/asn1/der/generalizedtime/der_length_generalizedtime.o \
+src/pk/asn1/der/ia5/der_decode_ia5_string.o src/pk/asn1/der/ia5/der_encode_ia5_string.o \
+src/pk/asn1/der/ia5/der_length_ia5_string.o src/pk/asn1/der/integer/der_decode_integer.o \
+src/pk/asn1/der/integer/der_encode_integer.o src/pk/asn1/der/integer/der_length_integer.o \
+src/pk/asn1/der/object_identifier/der_decode_object_identifier.o \
+src/pk/asn1/der/object_identifier/der_encode_object_identifier.o \
+src/pk/asn1/der/object_identifier/der_length_object_identifier.o \
+src/pk/asn1/der/octet/der_decode_octet_string.o src/pk/asn1/der/octet/der_encode_octet_string.o \
+src/pk/asn1/der/octet/der_length_octet_string.o \
+src/pk/asn1/der/printable_string/der_decode_printable_string.o \
+src/pk/asn1/der/printable_string/der_encode_printable_string.o \
+src/pk/asn1/der/printable_string/der_length_printable_string.o \
+src/pk/asn1/der/sequence/der_decode_sequence_ex.o \
+src/pk/asn1/der/sequence/der_decode_sequence_flexi.o \
+src/pk/asn1/der/sequence/der_decode_sequence_multi.o \
+src/pk/asn1/der/sequence/der_decode_subject_public_key_info.o \
+src/pk/asn1/der/sequence/der_encode_sequence_ex.o \
+src/pk/asn1/der/sequence/der_encode_sequence_multi.o \
+src/pk/asn1/der/sequence/der_encode_subject_public_key_info.o \
+src/pk/asn1/der/sequence/der_length_sequence.o src/pk/asn1/der/sequence/der_sequence_free.o \
+src/pk/asn1/der/sequence/der_sequence_shrink.o src/pk/asn1/der/set/der_encode_set.o \
+src/pk/asn1/der/set/der_encode_setof.o src/pk/asn1/der/short_integer/der_decode_short_integer.o \
+src/pk/asn1/der/short_integer/der_encode_short_integer.o \
+src/pk/asn1/der/short_integer/der_length_short_integer.o \
+src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
+src/pk/asn1/der/teletex_string/der_length_teletex_string.o \
+src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_utctime.o \
+src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \
+src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \
+src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o src/pk/dh/dh_export.o src/pk/dh/dh_export_key.o \
+src/pk/dh/dh_free.o src/pk/dh/dh_generate_key.o src/pk/dh/dh_import.o src/pk/dh/dh_set.o \
+src/pk/dh/dh_set_pg_dhparam.o src/pk/dh/dh_shared_secret.o src/pk/dsa/dsa_decrypt_key.o \
+src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o \
+src/pk/dsa/dsa_generate_key.o src/pk/dsa/dsa_generate_pqg.o src/pk/dsa/dsa_import.o \
+src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_set.o src/pk/dsa/dsa_set_pqg_dsaparam.o \
+src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \
+src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/ecc/ecc_ansi_x963_export.o \
+src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o src/pk/ecc/ecc_encrypt_key.o \
+src/pk/ecc/ecc_export.o src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_size.o src/pk/ecc/ecc_import.o \
+src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_shared_secret.o src/pk/ecc/ecc_sign_hash.o \
+src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o src/pk/ecc/ecc_verify_hash.o \
+src/pk/ecc/ltc_ecc_is_valid_idx.o src/pk/ecc/ltc_ecc_map.o src/pk/ecc/ltc_ecc_mul2add.o \
+src/pk/ecc/ltc_ecc_mulmod.o src/pk/ecc/ltc_ecc_mulmod_timing.o src/pk/ecc/ltc_ecc_points.o \
+src/pk/ecc/ltc_ecc_projective_add_point.o src/pk/ecc/ltc_ecc_projective_dbl_point.o \
+src/pk/katja/katja_decrypt_key.o src/pk/katja/katja_encrypt_key.o src/pk/katja/katja_export.o \
+src/pk/katja/katja_exptmod.o src/pk/katja/katja_free.o src/pk/katja/katja_import.o \
+src/pk/katja/katja_make_key.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \
+src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
+src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \
+src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
+src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \
+src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_pkcs8.o src/pk/rsa/rsa_import_x509.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_set.o src/pk/rsa/rsa_sign_hash.o \
+src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o src/prngs/chacha20.o src/prngs/fortuna.o \
+src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
+src/prngs/sprng.o src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \
+src/stream/chacha/chacha_ivctr32.o src/stream/chacha/chacha_ivctr64.o \
+src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o \
+src/stream/rc4/rc4_stream.o src/stream/rc4/rc4_test.o src/stream/sober128/sober128_stream.o \
+src/stream/sober128/sober128_test.o
 
-HEADERS=src/headers/tomcrypt_cfg.h src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h \
-src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cipher.h \
-src/headers/tomcrypt_pk.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_math.h \
-src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
-src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
+#List of test objects to compile (all goes to libtomcrypt_prof.a)
+TOBJECTS=tests/base64_test.o tests/cipher_hash_test.o tests/common.o tests/der_test.o tests/dh_test.o \
+tests/dsa_test.o tests/ecc_test.o tests/file_test.o tests/katja_test.o tests/mac_test.o tests/misc_test.o \
+tests/modes_test.o tests/mpi_test.o tests/multi_test.o tests/no_prng.o tests/pkcs_1_eme_test.o \
+tests/pkcs_1_emsa_test.o tests/pkcs_1_oaep_test.o tests/pkcs_1_pss_test.o tests/pkcs_1_test.o \
+tests/prng_test.o tests/rotate_test.o tests/rsa_test.o tests/store_test.o tests/test.o
 
-#END_INS
+#The following headers will be installed by "make install"
+HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
+src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
+src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h src/headers/tomcrypt_math.h \
+src/headers/tomcrypt_misc.h src/headers/tomcrypt_pk.h src/headers/tomcrypt_pkcs.h \
+src/headers/tomcrypt_prng.h
 
-TESTOBJECTS=demos/test.o
-HASHOBJECTS=demos/hashsum.o
-CRYPTOBJECTS=demos/encrypt.o
-SMALLOBJECTS=demos/small.o
-TVS=demos/tv_gen.o
-MULTIS=demos/multi.o
-TIMINGS=demos/timing.o
-TESTS=demos/test.o
+#The default rule for make builds the libtomcrypt.a library (static)
+default: $(LIBMAIN_S)
 
-#Files left over from making the crypt.pdf.
-LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind *.out
+#SPECIAL: AES comes in two flavours - enc+dec and enc-only
+src/ciphers/aes/aes_enc.o: $(srcdir)/src/ciphers/aes/aes.c $(srcdir)/src/ciphers/aes/aes_tab.c
+	$(CC) $(LTC_CFLAGS) -DENCRYPT_ONLY -c $(srcdir)/src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
 
-#Compressed filenames
-COMPRESSED=crypt-$(VERSION).tar.bz2 crypt-$(VERSION).zip
+#SPECIAL: these are the rules to make certain object files
+src/ciphers/aes/aes.o: $(srcdir)/src/ciphers/aes/aes.c $(srcdir)/src/ciphers/aes/aes_tab.c
+src/ciphers/twofish/twofish.o: $(srcdir)/src/ciphers/twofish/twofish.c $(srcdir)/src/ciphers/twofish/twofish_tab.c
+src/hashes/whirl/whirl.o: $(srcdir)/src/hashes/whirl/whirl.c $(srcdir)/src/hashes/whirl/whirltab.c
+src/hashes/sha2/sha512.o: $(srcdir)/src/hashes/sha2/sha512.c $(srcdir)/src/hashes/sha2/sha384.c
+src/hashes/sha2/sha512_224.o: $(srcdir)/src/hashes/sha2/sha512.c $(srcdir)/src/hashes/sha2/sha512_224.c
+src/hashes/sha2/sha512_256.o: $(srcdir)/src/hashes/sha2/sha512.c $(srcdir)/src/hashes/sha2/sha512_256.c
+src/hashes/sha2/sha256.o: $(srcdir)/src/hashes/sha2/sha256.c $(srcdir)/src/hashes/sha2/sha224.c
 
-#The default rule for make builds the libtomcrypt library.
-default:library
+#Dependencies on *.h
+$(OBJECTS): $(HEADERS)
+$(TOBJECTS): $(HEADERS) tests/tomcrypt_test.h
 
-#ciphers come in two flavours... enc+dec and enc 
-src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
-	$(CC) $(CFLAGS) -DENCRYPT_ONLY -c $< -o src/ciphers/aes/aes_enc.o
+#This is necessary for compatibility with BSD make (namely on OpenBSD)
+.SUFFIXES: .o .c
+.c.o:
+	$(CC) $(LTC_CFLAGS) -c $< -o $@
 
-#These are the rules to make certain object files.
-src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
-src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c
-src/hashes/whirl/whirl.o: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c
-src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
-src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
-
-#This rule makes the libtomcrypt library.
-library: $(LIBNAME)
-
-testprof/$(LIBTEST): 
-	cd testprof ; CFLAGS="$(CFLAGS)" LIBTEST_S=$(LIBTEST_S) $(MAKE) 
-
-$(LIBNAME): $(OBJECTS)
-	$(AR) $(ARFLAGS) $@ $(OBJECTS) 
+#Create libtomcrypt.a
+$(LIBMAIN_S): $(OBJECTS)
+	$(AR) $(ARFLAGS) $@ $(OBJECTS)
 	$(RANLIB) $@
 
-#This rule makes the hash program included with libtomcrypt
-hashsum: library $(HASHOBJECTS)
-	$(CC) $(HASHOBJECTS) $(LIBNAME) $(EXTRALIBS) -o $(HASH) $(WARN)
+#Demo tools/utilities
+hashsum: demos/hashsum.o $(LIBMAIN_S)
+	$(CC) demos/hashsum.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+ltcrypt: demos/ltcrypt.o $(LIBMAIN_S)
+	$(CC) demos/ltcrypt.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+small: demos/small.o $(LIBMAIN_S)
+	$(CC) demos/small.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+tv_gen: demos/tv_gen.o $(LIBMAIN_S)
+	$(CC) demos/tv_gen.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+sizes: demos/sizes.o $(LIBMAIN_S)
+	$(CC) demos/sizes.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+constants: demos/constants.o $(LIBMAIN_S)
+	$(CC) demos/constants.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+timing: demos/timing.o $(LIBMAIN_S)
+	$(CC) demos/timing.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
 
-#makes the crypt program
-crypt: library $(CRYPTOBJECTS)
-	$(CC) $(CRYPTOBJECTS) $(LIBNAME) $(EXTRALIBS) -o $(CRYPT) $(WARN)
+#Tests
+test: $(TOBJECTS) $(LIBMAIN_S)
+	$(CC) $(TOBJECTS) $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+	@echo "NOTICE: start the tests by: ./test"
 
-#makes the small program
-small: library $(SMALLOBJECTS)
-	$(CC) $(SMALLOBJECTS) $(LIBNAME) $(EXTRALIBS) -o $(SMALL) $(WARN)
-	
-tv_gen: library $(TVS)
-	$(CC) $(LDFLAGS) $(TVS) $(LIBNAME) $(EXTRALIBS) -o $(TV)
+all: $(LIBMAIN_S) hashsum ltcrypt small tv_gen sizes constants timing test
 
-multi: library $(MULTIS)
-	$(CC) $(MULTIS) $(LIBNAME) $(EXTRALIBS) -o $(MULTI)
-
-timing: library testprof/$(LIBTEST) $(TIMINGS)
-	$(CC) $(LDFLAGS) $(TIMINGS) testprof/$(LIBTEST) $(LIBNAME) $(EXTRALIBS) -o $(TIMING)
-
-test: library testprof/$(LIBTEST) $(TESTS)
-	$(CC) $(LDFLAGS) $(TESTS) testprof/$(LIBTEST) $(LIBNAME) $(EXTRALIBS) -o $(TEST)
-
-#This rule installs the library and the header files. This must be run
-#as root in order to have a high enough permission to write to the correct
-#directories and to set the owner and group to root.
-ifndef NODOCS
-install: library docs
-else
-install: library
-endif
-	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(LIBPATH)
-	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH)
-	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(DATAPATH)
-	install -g $(GROUP) -o $(USER) $(LIBNAME) $(DESTDIR)$(LIBPATH)
-	install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH)
-ifndef NODOCS
-	install -g $(GROUP) -o $(USER) doc/crypt.pdf $(DESTDIR)$(DATAPATH)
-endif
-
-install_test: testprof/$(LIBTEST)
-	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(LIBPATH)
-	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH)
-	install -g $(GROUP) -o $(USER) testprof/$(LIBTEST) $(DESTDIR)$(LIBPATH)
-
-profile:
-	CFLAGS="$(CFLAGS) -fprofile-generate" $(MAKE) timing EXTRALIBS="$(EXTRALIBS) -lgcov"
-	./timing
-	rm -f timing `find . -type f | grep [.][ao] | xargs`
-	CFLAGS="$(CFLAGS) -fprofile-use" $(MAKE) timing EXTRALIBS="$(EXTRALIBS) -lgcov"
-
-
-#This rule cleans the source tree of all compiled code, not including the pdf
-#documentation.
+#NOTE: this makefile works also on cygwin, thus we need to delete *.exe
 clean:
-	-rm -f $(OBJECTS)
-	-rm -f libtomcrypt.a
+	-@rm -f $(OBJECTS) $(TOBJECTS)
+	-@rm -f $(LIBMAIN_S)
+	-@rm -f demos/*.o *_tv.txt
+	-@rm -f test constants sizes tv_gen hashsum ltcrypt small timing
+	-@rm -f test.exe constants.exe sizes.exe tv_gen.exe hashsum.exe ltcrypt.exe small.exe timing.exe
 
-#build the doxy files (requires Doxygen, tetex and patience)
-doxy:
-	doxygen
-	cd doc/doxygen/latex ; ${MAKE} ; mv -f refman.pdf ../../.
-	echo The huge doxygen PDF should be available as doc/refman.pdf
-	
-#This builds the crypt.pdf file. Note that the rm -f *.pdf has been removed
-#from the clean command! This is because most people would like to keep the
-#nice pre-compiled crypt.pdf that comes with libtomcrypt! We only need to
-#delete it if we are rebuilding it.
-docs: crypt.tex
-	rm -f doc/crypt.pdf $(LEFTOVERS)
-	echo "hello" > crypt.ind
-	latex crypt > /dev/null
-	latex crypt > /dev/null
-	makeindex crypt.idx > /dev/null
-	perl fixupind.pl
-	latex crypt > /dev/null
-	dvipdf crypt
-	mv -ivf crypt.pdf doc/crypt.pdf
-	rm -f $(LEFTOVERS)
+#Install the library + headers
+install: $(LIBMAIN_S) $(HEADERS)
+	@mkdir -p $(DESTDIR)$(INCPATH) $(DESTDIR)$(LIBPATH)/pkgconfig
+	@cp $(LIBMAIN_S) $(DESTDIR)$(LIBPATH)/
+	@cp $(HEADERS) $(DESTDIR)$(INCPATH)/
+	@sed -e 's,^prefix=.*,prefix=$(PREFIX),' -e 's,^Version:.*,Version: $(VERSION),' libtomcrypt.pc.in > $(DESTDIR)$(LIBPATH)/pkgconfig/libtomcrypt.pc
 
-docdvi: crypt.tex
-	echo hello > crypt.ind
-	latex crypt > /dev/null
-	latex crypt > /dev/null
-	makeindex crypt.idx
-	perl fixupind.pl
-	latex crypt > /dev/null
-	latex crypt > /dev/null
+#Install useful tools
+install_bins: hashsum
+	@mkdir -p $(DESTDIR)$(BINPATH)
+	@cp hashsum $(DESTDIR)$(BINPATH)/
 
-#zipup the project (take that!)
-no_oops: clean
-	cd .. ; cvs commit 
-	echo Scanning for scratch/dirty files
-	find . -type f | grep -v CVS | xargs -n 1 bash mess.sh
-
-zipup: no_oops docs
-	cd .. ; rm -rf crypt* libtomcrypt-$(VERSION) ; mkdir libtomcrypt-$(VERSION) ; \
-	cp -R ./libtomcrypt/* ./libtomcrypt-$(VERSION)/ ; \
-	cd libtomcrypt-$(VERSION) ; rm -rf `find . -type d | grep CVS | xargs` ; cd .. ; \
-	tar -cjvf crypt-$(VERSION).tar.bz2 libtomcrypt-$(VERSION) ; \
-	zip -9r crypt-$(VERSION).zip libtomcrypt-$(VERSION) ; \
-	gpg -b -a crypt-$(VERSION).tar.bz2 ; gpg -b -a crypt-$(VERSION).zip ; \
-	mv -fv crypt* ~ ; rm -rf libtomcrypt-$(VERSION)
-
-
-# $Source: /cvs/libtom/libtomcrypt/makefile,v $ 
-# $Revision: 1.145 $ 
-# $Date: 2006/12/02 19:23:21 $ 
+#Install documentation
+install_docs: doc/crypt.pdf
+	@mkdir -p $(DESTDIR)$(DATAPATH)
+	@cp doc/crypt.pdf $(DESTDIR)$(DATAPATH)/

libtomcrypt/TODO

@@ -1,11 +1,3 @@
-stopped at ch12
--- needs examples for ecc/dsa!!! (and for asn.1)
-
-must have for v1.16
-- document PK build flags
-- document makefile flags [INSTALL_* for instance]
-- prepare manual for printing (both soft and hard cover)
-
-Nice to have [in order of precedence]
-- add X9.63 IES
-- add CPP macros like OpenSSL has for ASN1 (e.g. encode/decode functions, etc) shameless ripoff :-)
+for 1.18
+- document new ECC functions
+- add test for new functions

libtomcrypt/build.sh

@@ -1,20 +1,59 @@
 #!/bin/bash
 echo "$1 ($2, $3)..."
+
 make clean 1>/dev/null 2>/dev/null
+
 echo -n "building..."
-CFLAGS="$2 $CFLAGS $4" EXTRALIBS="$5" make -j4 -f $3 test tv_gen 1>gcc_1.txt 2>gcc_2.txt || (echo "build $1 failed see gcc_2.txt for more information" && cat gcc_2.txt && exit 1)
+
+if [ -f /proc/cpuinfo ]
+then
+  MAKE_JOBS=$(( ($(cat /proc/cpuinfo | grep -E '^processor[[:space:]]*:' | tail -n -1 | cut -d':' -f2) + 1) * 2 + 1 ))
+else
+  MAKE_JOBS=8
+fi
+
+CFLAGS="$2 $CFLAGS $4" EXTRALIBS="$5" make -j$MAKE_JOBS -f $3 all_test 1>gcc_1.txt 2>gcc_2.txt
+mret=$?
+cnt=$(wc -l < gcc_2.txt)
+# ignore 1 line since ar prints to stderr instead of stdout and ar is called for
+# $(LIBNAME)
+if [[ $mret -ne 0 ]] || [[ $cnt -gt 1 ]]; then
+   echo "build $1 failed! printing gcc_2.txt now for convenience"
+   cat gcc_2.txt
+   exit 1
+fi
+
 echo -n "testing..."
+
 if [ -a test ] && [ -f test ] && [ -x test ]; then
-   ((./test >test_std.txt 2>test_err.txt && ./tv_gen > tv.txt) && echo "$1 test passed." && echo "y" > testok.txt) || (echo "$1 test failed" && cat test_err.txt && exit 1)
+   ((./test >test_std.txt 2>test_err.txt && ./tv_gen > tv.txt) && echo "$1 test passed." && echo "y" > testok.txt) || (echo "$1 test failed, look at test_err.txt or tv.txt" && exit 1)
    if find *_tv.txt -type f 1>/dev/null 2>/dev/null ; then
-      for f in *_tv.txt; do if (diff --ignore-case $f notes/$f) then true; else (echo "tv_gen $f failed" && rm -f testok.txt && exit 1); fi; done
+      for f in *_tv.txt; do
+         # check for lines starting with '<' ($f might be a subset of notes/$f)
+         difftroubles=$(diff -i -w -B $f notes/$f | grep '^<')
+         if [ -n "$difftroubles" ]; then
+            echo "FAILURE: $f"
+            diff -i -w -B $f notes/$f
+            echo "tv_gen $f failed" && rm -f testok.txt && exit 1
+         else
+            true
+         fi
+      done
    fi
 fi
+
+
 if [ -a testok.txt ] && [ -f testok.txt ]; then
+   if [ "$LTC_COVERAGE" != "" ]; then
+      ./coverage_more.sh > test_coverage_more.txt || exit 1
+      lcov_opts="--capture --no-external --directory src -q"
+      lcov_out=$(echo coverage_$1_$2_$3 | tr ' -=+' '_')".info"
+      lcov $lcov_opts --output-file $lcov_out
+   fi
    exit 0
 fi
 exit 1
 
-# $Source: /cvs/libtom/libtomcrypt/build.sh,v $   
-# $Revision: 1.9 $   
-# $Date: 2006/03/18 14:10:55 $ 
+# ref:         $Format:%D$
+# git commit:  $Format:%H$
+# commit time: $Format:%ai$

libtomcrypt/changes

@@ -1,3 +1,95 @@
+July 1st, 2018
+v1.18.2
+      -- Fix Side Channel Based ECDSA Key Extraction (CVE-2018-12437) (PR #408)
+      -- Fix potential stack overflow when DER flexi-decoding (CVE-2018-0739) (PR #373)
+      -- Fix two-key 3DES (PR #390)
+      -- Fix accelerated CTR mode (PR #359)
+      -- Fix Fortuna PRNG (PR #363)
+      -- Fix compilation on platforms where cc doesn't point to gcc (PR #382)
+      -- Fix using the wrong environment variable LT instead of LIBTOOL (PR #392)
+      -- Fix build on platforms where the compiler provides __WCHAR_MAX__ but wchar.h is not available (PR #390)
+      -- Fix & re-factor crypt_list_all_sizes() and crypt_list_all_constants() (PR #414)
+      -- Minor fixes (PR's #350 #351 #375 #377 #378 #379)
+
+January 22nd, 2018
+v1.18.1
+      -- Fix wrong SHA3 blocksizes, thanks to Claus Fischer for reporting this via Mail (PR #329)
+      -- Fix NULL-pointer dereference in `ccm_memory()` with LTC_CLEAN_STACK enabled (PR #327)
+      -- Fix `ccm_process()` being unable to process input buffers longer than 256 bytes (PR #326)
+      -- Fix the `register_all_{ciphers,hashes,prngs}()` return values (PR #316)
+      -- Fix some typos, warnings and duplicate prototypes in code & doc (PR's #310 #320 #321 #335)
+      -- Fix possible undefined behavior with LTC_PTHREAD (PR #337)
+      -- Fix some DER bugs (PR #339)
+      -- Fix CTR-mode when accelerator is used (OP-TEE/optee_os #2086)
+      -- Fix installation procedure (Issue #340)
+
+October 10th, 2017
+v1.18.0
+      -- Bugfix multi2
+      -- Bugfix Noekeon
+      -- Bugfix XTEA
+      -- Bugfix rng_get_bytes() on windows where we could read from c:\dev\random
+      -- Fixed the Bleichbacher Signature attack in PKCS#1 v1.5 EMSA, thanks to Alex Dent
+      -- Fixed a potential cache-based timing attack in CCM, thanks to Sebastian Verschoor
+      -- Fix GCM counter reuse and potential timing attacks in EAX, OCB and OCBv3,
+         thanks to Raphaël Jamet
+      -- Implement hardened RSA operations when CRT is used
+      -- Enabled timing resistant calculations of ECC and RSA operations per default
+      -- Applied some patches from the OLPC project regarding PKCS#1 and preventing
+         the hash algorithms from overflowing
+      -- Larry Bugbee contributed the necessary stuff to more easily call libtomcrypt
+         from a dynamic language like Python, as shown in his pyTomCrypt
+      -- Nikos Mavrogiannopoulos contributed RSA blinding and export of RSA and DSA keys
+         in OpenSSL/GnuTLS compatible format
+      -- Patrick Pelletier contributed a smart volley of patches
+      -- Christopher Brown contributed some patches and additions to ASN.1/DER
+      -- Pascal Brand of STMicroelectronics contributed patches regarding CCM, the
+         XTS mode and RSA private key operations with keys without CRT parameters
+      -- RC2 now also works with smaller key-sizes
+      -- Improved/extended several tests & demos
+      -- Hardened DSA and RSA by testing (through Karel's perl-CryptX)
+         against Google's "Wycheproof" and Kudelski Security's "CDF"
+      -- Fixed all compiler warnings
+      -- Fixed several build issues on FreeBSD, NetBSD, Linux x32 ABI, HP-UX/IA64,
+         Mac OS X, Windows (32&64bit, Cygwin, MingW & MSVC) ...
+      -- Re-worked all makefiles
+      -- Re-worked most PRNG's
+      -- The code is now verified by a linter, thanks to Francois Perrad
+      -- Documentation (crypt.pdf) is now built deterministically, thanks to Michael Stapelberg
+      -- Add Adler32 and CRC32 checksum algorithms
+      -- Add Base64-URL de-/encoding and some strict variants
+      -- Add Blake2b & Blake2s (hash & mac), thanks to Kelvin Sherlock
+      -- Add Camellia block cipher
+      -- Add ChaCha (stream cipher), Poly1305 (mac), ChaCha20Poly1305 (encauth)
+      -- Add constant-time mem-compare mem_neq()
+      -- Add DER GeneralizedTime de-/encoding
+      -- Add DSA and ECC key generation FIPS-186-4 compliance
+      -- Add HKDF, thanks to RyanC (especially for also providing documentation :-) )
+      -- Add OCBv3
+      -- Add PKCS#1 v1.5 mode of SSL3.0
+      -- Add PKCS#1 testvectors from RSA
+      -- Add PKCS#8 & X.509 import for RSA keys
+      -- Add stream cipher API
+      -- Add SHA3 & SHAKE
+      -- Add SHA512/256 and SHA512/224
+      -- Add Triple-DES 2-key mode, thanks to Paul Howarth
+      -- Brought back Diffie-Hellman
+
+May 12th, 2007
+v1.17 -- Cryptography Research Inc. contributed another small volley of patches, one to fix __WCHAR_DEFINED__ for BSD platforms, 
+         another to silence MSVC warnings.
+      -- Added LTC_XCBC_PURE to XCBC mode which lets you use it in three-key mode. 
+      -- [CRI] Added libtomcrypt.dsp for Visual C++ users.
+      -- [CRI] Added more functions for manipulating the ECC fixed point cache (including saving and loading)
+      -- [CRI] Modified ecc_make_key() to always produce keys smaller than base point order, for standards-compliance
+      -- Elliptic Semiconductor contributed XTS chaining mode to the cipher suite (subsequently optimized it)
+      -- Fixed xcbc_init() keylen when using single key mode.
+      -- Bruce Fortune pointed out a typo in the hmac_process() description in the manual.  Fixed.
+      -- Added variable width counter support to CTR mode
+      -- Fixed CMAC (aka OMAC) when using 64-bit block ciphers and LTC_FAST ... my bad.
+      -- Fixed bug in ecc_is_valid() that would basically always return true
+      -- renamed a lot of macros to add the LTC_ prefix [e.g. RIJNDAEL => LTC_RIJNDAEL]
+
 December 16th, 2006
 v1.16 -- Brian Gladman pointed out that a recent change to GCM broke how the IV was handled.  Currently the code complies against his test vectors
          so the code should be considered frozen now.
@@ -1551,6 +1643,6 @@ v0.02  -- Changed RC5 to only allow 12 to 24 rounds
 v0.01  -- We will call this the first version.
 
 /* $Source: /cvs/libtom/libtomcrypt/changes,v $ */
-/* $Revision: 1.274 $ */
-/* $Date: 2006/12/16 19:08:17 $ */
+/* $Revision: 1.288 $ */
+/* $Date: 2007/05/12 14:37:41 $ */
 

libtomcrypt/check_source.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# output version
+bash printinfo.sh
+
+make clean > /dev/null
+
+echo "checking..."
+./helper.pl --check-source --check-makefiles --check-defines|| exit 1
+
+exit 0
+
+# ref:         $Format:%D$
+# git commit:  $Format:%H$
+# commit time: $Format:%ai$

libtomcrypt/coverage.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+set -e
+
+if [ "$TRAVIS_CI" == "private" ]; then
+    exit 0
+fi
+
+if [ "$#" != "5" ]; then
+    echo "Usage is: ${0} \"coverage\" \"<prepend CFLAGS>\" \"<makefile>\" \"<append CFLAGS>\" <math library to link to>"
+    echo "CC=gcc ${0} \"coverage\" \" \" \"makefile\" \"-DUSE_LTM -DLTM_DESC -I../libtommath\" ../libtommath/libtommath.a"
+    exit -1
+fi
+
+if [ -z "$(echo $CC | grep "gcc")" ]; then
+    echo "no gcc detected, early exit success"
+    exit 0
+fi
+
+if [ "$(echo $3 | grep -v 'makefile[.]')" == "" ]; then
+    echo "only run $0 for the regular makefile, early exit success"
+    exit 0
+fi
+
+# output version
+bash printinfo.sh
+
+bash build.sh " $1" " $2" " $3 COVERAGE=1" "$4" "$5"
+if [ -a testok.txt ] && [ -f testok.txt ]; then
+   echo
+else
+   echo
+   echo "Test failed"
+   exit 1
+fi
+
+./coverage_more.sh > test_coverage_more.txt || { rm -f testok.txt && exit 1 ; }
+
+make lcov-single
+# if this was executed as './coverage.sh ...' create coverage locally
+if [[ "${0%% *}" == "./${0##*/}" ]]; then
+   make lcov-html
+else
+   coveralls-lcov coverage.info
+fi
+
+exit 0
+
+# ref:         $Format:%D$
+# git commit:  $Format:%H$
+# commit time: $Format:%ai$

libtomcrypt/coverage_more.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+set -e
+
+./sizes
+./constants
+
+for i in $(for j in $(echo $(./hashsum -h | awk '/Algorithms/,EOF' | tail -n +2)); do echo $j; done | sort); do echo -n "$i: " && ./hashsum -a $i tests/test.key ; done > hashsum_tv.txt
+difftroubles=$(diff -i -w -B hashsum_tv.txt notes/hashsum_tv.txt | grep '^<') || true
+if [ -n "$difftroubles" ]; then
+  echo "FAILURE: hashsum_tv.tx"
+  diff -i -w -B hashsum_tv.txt notes/hashsum_tv.txt
+  echo "hashsum failed"
+  exit 1
+else
+  echo "hashsum okay"
+fi
+
+
+exit 0
+
+# ref:         $Format:%D$
+# git commit:  $Format:%H$
+# commit time: $Format:%ai$

libtomcrypt/coverity.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+
+if [ $# -lt 2 ]
+then
+  echo "usage is: ${0##*/} <path to coverity scan> <extra compiler options>"
+  echo "e.g. \"${0##*/} \"/usr/local/bin/coverity\" \"-DLTM_DESC -I/path/to/libtommath/\"\""
+  exit -1
+fi
+
+PATH=$PATH:$1/bin
+
+make clean
+rm -r cov-int/
+
+myCflags=""
+myCflags="$myCflags -O2 ${2}"
+myCflags="$myCflags -pipe -Werror -Wpointer-arith -Winit-self -Wextra -Wall -Wformat -Wformat-security"
+
+CFLAGS="$myCflags" cov-build --dir cov-int  make -f makefile.unix $MAKE_OPTS IGNORE_SPEED=1 1>gcc_1.txt
+
+if [ $? -ne 0 ]
+then
+  echo "make failed"
+  exit -1
+fi
+
+# zipup everything
+tar caf libtomcrypt.lzma cov-int
+
+mytoken=$(cat .coverity_token)
+mymail=$(cat .coverity_mail)
+myversion=$(git describe --dirty)
+
+curl -k --form project=libtomcrypt \
+  --form token=${mytoken} \
+  --form email=${mymail} \
+  --form file=@libtomcrypt.lzma \
+  --form version=\"${myversion}\" \
+  --form description="\"libtomcrypt version ${myversion}\"" \
+  https://scan.coverity.com/builds?project=libtom%2Flibtomcrypt

libtomcrypt/crypt.lof

@@ -6,19 +6,19 @@
 \contentsline {figure}{\numberline {3.1}{\ignorespaces Built--In Software Ciphers}}{19}{figure.3.1}
 \contentsline {figure}{\numberline {3.2}{\ignorespaces Twofish Build Options}}{21}{figure.3.2}
 \addvspace {10\p@ }
-\contentsline {figure}{\numberline {4.1}{\ignorespaces Built--In Software Hashes}}{57}{figure.4.1}
+\contentsline {figure}{\numberline {4.1}{\ignorespaces Built--In Software Hashes}}{59}{figure.4.1}
 \addvspace {10\p@ }
 \addvspace {10\p@ }
-\contentsline {figure}{\numberline {6.1}{\ignorespaces List of Provided PRNGs}}{82}{figure.6.1}
+\contentsline {figure}{\numberline {6.1}{\ignorespaces List of Provided PRNGs}}{84}{figure.6.1}
 \addvspace {10\p@ }
 \addvspace {10\p@ }
 \addvspace {10\p@ }
-\contentsline {figure}{\numberline {9.1}{\ignorespaces DSA Key Sizes}}{119}{figure.9.1}
+\contentsline {figure}{\numberline {9.1}{\ignorespaces DSA Key Sizes}}{121}{figure.9.1}
 \addvspace {10\p@ }
-\contentsline {figure}{\numberline {10.1}{\ignorespaces List of ASN.1 Supported Types}}{127}{figure.10.1}
+\contentsline {figure}{\numberline {10.1}{\ignorespaces List of ASN.1 Supported Types}}{129}{figure.10.1}
 \addvspace {10\p@ }
 \addvspace {10\p@ }
-\contentsline {figure}{\numberline {12.1}{\ignorespaces RSA/DH Key Strength}}{149}{figure.12.1}
-\contentsline {figure}{\numberline {12.2}{\ignorespaces ECC Key Strength}}{149}{figure.12.2}
+\contentsline {figure}{\numberline {12.1}{\ignorespaces RSA/DH Key Strength}}{151}{figure.12.1}
+\contentsline {figure}{\numberline {12.2}{\ignorespaces ECC Key Strength}}{151}{figure.12.2}
 \addvspace {10\p@ }
 \addvspace {10\p@ }

libtomcrypt/demos/constants.c

@@ -0,0 +1,87 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+#include "tomcrypt.h"
+
+#if defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L
+#include <libgen.h>
+#else
+#define basename(x) x
+#endif
+
+/**
+  @file demo_crypt_constants.c
+
+  Demo how to get various constants to dynamic languages
+  like Python
+
+  Larry Bugbee, February 2013
+*/
+
+static void _print_line(const char* cmd, const char* desc)
+{
+   printf("  %-16s - %s\n", cmd, desc);
+}
+
+int main(int argc, char **argv)
+{
+   if (argc == 1) {
+      /* given a specific constant name, get and print its value */
+      char name[] = "CTR_COUNTER_BIG_ENDIAN";
+      int value;
+      char *names_list;
+      unsigned int names_list_len;
+
+      if (crypt_get_constant(name, &value) != 0) exit(EXIT_FAILURE);
+      printf("\n  %s is %d \n\n", name, value);
+
+      /* get and print the length of the names (and values) list */
+
+      if (crypt_list_all_constants(NULL, &names_list_len) != 0) exit(EXIT_FAILURE);
+      printf("  need to allocate %u bytes \n\n", names_list_len);
+
+      /* get and print the names (and values) list */
+      if ((names_list = malloc(names_list_len)) == NULL) exit(EXIT_FAILURE);
+      if (crypt_list_all_constants(names_list, &names_list_len) != 0) exit(EXIT_FAILURE);
+      printf("  supported constants:\n\n%s\n\n", names_list);
+      free(names_list);
+   } else if (argc == 2) {
+      if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0) {
+         char* base = strdup(basename(argv[0]));
+         printf("Usage: %s [-a] [-s name]\n\n", base);
+         _print_line("<no argument>", "The old behavior of the demo");
+         _print_line("-a", "Only lists all constants");
+         _print_line("-s name", "List a single constant given as argument");
+         _print_line("-h", "The help you're looking at");
+         free(base);
+      } else if (strcmp(argv[1], "-a") == 0) {
+         char *names_list;
+         unsigned int names_list_len;
+         /* get and print the length of the names (and values) list */
+         if (crypt_list_all_constants(NULL, &names_list_len) != 0) exit(EXIT_FAILURE);
+         /* get and print the names (and values) list */
+         if ((names_list = malloc(names_list_len)) == NULL) exit(EXIT_FAILURE);
+         if (crypt_list_all_constants(names_list, &names_list_len) != 0) exit(EXIT_FAILURE);
+         printf("%s\n", names_list);
+         free(names_list);
+      }
+   } else if (argc == 3) {
+      if (strcmp(argv[1], "-s") == 0) {
+         int value;
+         if (crypt_get_constant(argv[2], &value) != 0) exit(EXIT_FAILURE);
+         printf("%s,%u\n", argv[2], value);
+      }
+   }
+
+   return 0;
+}
+
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */

libtomcrypt/demos/demo_dynamic.py

@@ -0,0 +1,309 @@
+
+
+"""
+    demo_dynamic.py                                    v2b
+
+    This program demonstrates Python's use of the dynamic
+    language support additions to LTC, namely access to LTC
+    constants, struct and union sizes, and the binding of a
+    math package to LTC.  Also provided are simple code
+    fragments to illustrate how one might write a Python
+    wrapper for LTC and how an app might call the wrapper.
+    This or a similar model should work for Ruby and other
+    dynamic languages.
+
+    This instance uses Python's ctypes and requires a single
+    .dylib linking together LTC and a math library.  Building
+    a single .dylib is needed because LTC wants a fairly tight
+    relationship between itself and the mathlib.  (ctypes can
+    load multiple .dylibs, but it does not support this level
+    of tight coupling between otherwise independent libraries.)
+
+    My .dylib was created on OSX/macOS with the following:
+        sudo make -j5 -f makefile.shared                        \
+            CFLAGS="-DUSE_TFM -DTFM_DESC -I/usr/local/include"  \
+            EXTRALIBS=/usr/local/lib/libtfm.a  install
+
+    For python 2.7.12 on Ubuntu Xenial the following worked for
+    me (without MPI support):
+        sudo make -f makefile.shared install PREFIX="/usr"
+
+    Reminder: you don't need to bind in a math library unless
+              you are going to use LTC functions that need a
+              mathlib.  For example, public key crypto requires
+              a mathlib; hashing and symmetric encryption do not.
+
+    ------
+
+    This code was originally written for Python 2.7 with the
+    ctypes standard library.  This version is modified to run
+    under both Python 2.7 and 3.6.
+
+    Arguably the biggest change for Python3 has to do with
+    strings.  Under Python2, native strings are ASCII bytes and
+    passing them to LTC is natural and requires no conversion.
+    Under Python3 all native strings are Unicode which requires
+    they be converted to bytes before use by LTC.
+
+    Note the following for Python3.
+        - ASCII keys, IVs and other string arguments must be
+          'bytes'.  Define them with a 'b' prefix or convert
+          via the 'bytes()' function.
+        - "strings" returned from LTC are bytes and conversion
+          to Unicode might be necessary for proper printing.
+          If so, use <string>.decode('utf-8').
+        - The Python2 'print' statement becomes a function in
+          Python3 which requires parenthesis, eg. 'print()'.
+
+    NB: Unicode is achieved under Python2 by either defining
+        a Unicode string with a 'u' prefix or passing ASCII
+        strings thru the 'unicode()' function.
+
+    Larry Bugbee
+    March 2014      v1
+    August 2017     v2b
+
+"""
+
+
+import sys
+from ctypes import *
+from ctypes.util import find_library
+
+# switches to enable/disable selected output
+SHOW_ALL_CONSTANTS      = True
+SHOW_ALL_SIZES          = True
+SHOW_SELECTED_CONSTANTS = True
+SHOW_SELECTED_SIZES     = True
+SHOW_BUILD_OPTIONS_ALGS = True
+SHOW_SHA256_EXAMPLE     = True
+SHOW_CHACHA_EXAMPLE     = True
+
+print(' ')
+print('  demo_dynamic.py')
+
+def inprint(s, indent=0):
+    "prints strings indented, including multline strings"
+    for line in s.split('\n'):
+        print(' '*indent + line)
+
+#-------------------------------------------------------------------------------
+# load the .dylib
+
+libname = 'tomcrypt'
+libpath = find_library(libname)
+print(' ')
+print('  path to library %s: %s' % (libname, libpath))
+
+LTC = cdll.LoadLibrary(libpath)
+print('  loaded: %s' % LTC)
+print(' ')
+
+
+#-------------------------------------------------------------------------------
+# get list of all supported constants followed by a list of all
+# supported sizes.  One alternative: these lists may be parsed
+# and used as needed.
+
+if SHOW_ALL_CONSTANTS:
+    print('-'*60)
+    print('  all supported constants and their values:')
+
+    # get size to allocate for constants output list
+    str_len = c_int(0)
+    ret = LTC.crypt_list_all_constants(None, byref(str_len))
+    print('    need to allocate %d bytes to build list \n' % str_len.value)
+
+    # allocate that size and get (name, size) pairs, each pair
+    # separated by a newline char.
+    names_sizes = c_buffer(str_len.value)
+    ret = LTC.crypt_list_all_constants(names_sizes, byref(str_len))
+    print(names_sizes.value.decode("utf-8"))
+    print(' ')
+
+
+if SHOW_ALL_SIZES:
+    print('-'*60)
+    print('  all supported sizes:')
+
+    # get size to allocate for sizes output list
+    str_len = c_int(0)
+    ret = LTC.crypt_list_all_sizes(None, byref(str_len))
+    print('    need to allocate %d bytes to build list \n' % str_len.value)
+
+    # allocate that size and get (name, size) pairs, each pair
+    # separated by a newline char.
+    names_sizes = c_buffer(str_len.value)
+    ret = LTC.crypt_list_all_sizes(names_sizes, byref(str_len))
+    print(names_sizes.value.decode("utf-8"))
+    print(' ')
+
+
+#-------------------------------------------------------------------------------
+# get individually named constants and sizes
+
+if SHOW_SELECTED_CONSTANTS:
+    print('-'*60)
+    print('\n  selected constants:')
+
+    names = [
+        b'ENDIAN_LITTLE',
+        b'ENDIAN_64BITWORD',
+        b'PK_PUBLIC',
+        b'LTC_MILLER_RABIN_REPS',
+        b'CTR_COUNTER_BIG_ENDIAN',
+    ]
+    for name in names:
+        const_value = c_int(0)
+        rc = LTC.crypt_get_constant(name, byref(const_value))
+        value = const_value.value
+        print('    %-25s  %d' % (name.decode("utf-8"), value))
+    print(' ')
+
+if SHOW_SELECTED_SIZES:
+    print('-'*60)
+    print('\n  selected sizes:')
+
+    names = [
+        b'rijndael_key',
+        b'rsa_key',
+        b'symmetric_CTR',
+        b'twofish_key',
+        b'ecc_point',
+        b'gcm_state',
+        b'sha512_state',
+    ]
+    for name in names:
+        size_value = c_int(0)
+        rc = LTC.crypt_get_size(name, byref(size_value))
+        value = size_value.value
+        print('    %-25s  %d' % (name.decode("utf-8"), value))
+    print(' ')
+
+
+#-------------------------------------------------------------------------------
+#-------------------------------------------------------------------------------
+# LibTomCrypt exposes one interesting string that can be accessed
+# via Python's ctypes module, "crypt_build_settings", which
+# provides a list of this build's compiler switches and supported
+# algorithms.  If someday LTC exposes other interesting strings,
+# they can be found with:
+#   nm /usr/local/lib/libtomcrypt.dylib | grep " D "
+
+def get_named_string(lib, name):
+    return c_char_p.in_dll(lib, name).value.decode("utf-8")
+
+if SHOW_BUILD_OPTIONS_ALGS:
+    print('-'*60)
+    print('This is a string compiled into LTC showing compile')
+    print('options and algorithms supported by this build \n')
+#    print(get_named_string(LTC, 'crypt_build_settings'))
+    inprint(get_named_string(LTC, 'crypt_build_settings'), 4)
+
+
+#-------------------------------------------------------------------------------
+#-------------------------------------------------------------------------------
+# here is an example of how Python code can be written to access
+# LTC's implementation of SHA256 and ChaCha,
+
+# - - - - - - - - - - - - -
+# definitions
+
+from binascii import hexlify, unhexlify
+
+def _err2str(err):
+    # define return type
+    errstr = LTC.error_to_string
+    errstr.restype = c_char_p
+    # get and return err string
+    return errstr(err)
+
+def _get_size(name):
+    size = c_int(0)
+    rc = LTC.crypt_get_size(bytes(name), byref(size))
+    if rc != 0:
+        raise Exception('LTC.crypt_get_size(%s) rc = %d' % (name, rc))
+    return size.value
+
+def _get_constant(name):
+    constant = c_int(0)
+    rc = LTC.crypt_get_constant(bytes(name), byref(constant))
+    if rc != 0:
+        raise Exception('LTC.crypt_get_constant(%s) rc = %d' % (name, rc))
+    return constant.value
+
+CRYPT_OK = _get_constant(b'CRYPT_OK')
+
+class SHA256(object):
+    def __init__(self):
+        self.state = c_buffer(_get_size(b'sha256_state'))
+        LTC.sha256_init(byref(self.state))
+    def update(self, data):
+        LTC.sha256_process(byref(self.state), data, len(data))
+    def digest(self):
+        md = c_buffer(32)
+        LTC.sha256_done(byref(self.state), byref(md))
+        return md.raw
+
+class ChaCha(object):
+    def __init__(self, key, rounds):
+        self.state   = c_buffer(_get_size(b'chacha_state'))
+        self.counter = c_int(1)
+        err = LTC.chacha_setup(byref(self.state), key, len(key), rounds)
+        if err != CRYPT_OK:
+            raise Exception('LTC.chacha_setup(), err = %d, "%s"' % (err, _err2str(err)))
+    def set_iv32(self, iv):
+        err = LTC.chacha_ivctr32(byref(self.state), iv, len(iv), byref(self.counter))
+        if err != CRYPT_OK:
+            raise Exception('LTC.chacha_ivctr32(), err = %d, "%s"' % (err, _err2str(err)))
+    def crypt(self, datain):
+        dataout = c_buffer(len(datain))
+        err = LTC.chacha_crypt(byref(self.state), datain, len(datain), byref(dataout))
+        if err != CRYPT_OK:
+            raise Exception('LTC.chacha_crypt(), err = %d, "%s"' % (err, _err2str(err)))
+        return dataout.raw
+
+# - - - - - - - - - - - - -
+# a SHA256 app fragment
+
+if SHOW_SHA256_EXAMPLE:
+    print('-'*60)
+    data = b'hello world'               # we want bytes, not Unicode
+
+    sha256 = SHA256()
+    sha256.update(data)
+    md = sha256.digest()
+
+    template = '\n  the SHA256 digest for "%s" is %s \n'
+    print(template % (data, hexlify(md)))
+
+# - - - - - - - - - - - - -
+# a ChaCha app fragment
+
+if SHOW_CHACHA_EXAMPLE:
+    print('-'*60)
+    key     = b'hownowbrowncow\x00\x00' # exactly 16 or 32 bytes
+    rounds  = 12                        # common values: 8, 12, 20
+    iv      = b'123456789012'           # exactly 12 bytes
+    plain   = b'Kilroy was here, there, and everywhere!'
+
+    cha = ChaCha(key, rounds)
+    cha.set_iv32(iv)
+    cipher = cha.crypt(plain)
+
+    template = '\n  ChaCha%d ciphertext   for "%s" is "%s"'
+    print(template % (rounds, plain, hexlify(cipher)))
+
+    cha.set_iv32(iv)                    # reset to decrypt
+    decrypted = cha.crypt(cipher)
+
+    template = '  ChaCha%d decoded text for "%s" is "%s" \n'
+    print(template % (rounds, plain, decrypted.decode("utf-8")))
+
+# Footnote: Keys should be erased fm memory as soon as possible after use,
+# and that includes Python.  For a tip on how to do that in Python, see
+# http://buggywhip.blogspot.com/2010/12/erase-keys-and-credit-card-numbers-in.html
+
+#-------------------------------------------------------------------------------
+#-------------------------------------------------------------------------------
+#-------------------------------------------------------------------------------

libtomcrypt/demos/encrypt.c

@@ -26,58 +26,58 @@ void register_algs(void)
 {
    int x;
    
-#ifdef RIJNDAEL
+#ifdef LTC_RIJNDAEL
   register_cipher (&aes_desc);
 #endif
-#ifdef BLOWFISH
+#ifdef LTC_BLOWFISH
   register_cipher (&blowfish_desc);
 #endif
-#ifdef XTEA
+#ifdef LTC_XTEA
   register_cipher (&xtea_desc);
 #endif
-#ifdef RC5
+#ifdef LTC_RC5
   register_cipher (&rc5_desc);
 #endif
-#ifdef RC6
+#ifdef LTC_RC6
   register_cipher (&rc6_desc);
 #endif
-#ifdef SAFERP
+#ifdef LTC_SAFERP
   register_cipher (&saferp_desc);
 #endif
-#ifdef TWOFISH
+#ifdef LTC_TWOFISH
   register_cipher (&twofish_desc);
 #endif
-#ifdef SAFER
+#ifdef LTC_SAFER
   register_cipher (&safer_k64_desc);
   register_cipher (&safer_sk64_desc);
   register_cipher (&safer_k128_desc);
   register_cipher (&safer_sk128_desc);
 #endif
-#ifdef RC2
+#ifdef LTC_RC2
   register_cipher (&rc2_desc);
 #endif
-#ifdef DES
+#ifdef LTC_DES
   register_cipher (&des_desc);
   register_cipher (&des3_desc);
 #endif
-#ifdef CAST5
+#ifdef LTC_CAST5
   register_cipher (&cast5_desc);
 #endif
-#ifdef NOEKEON
+#ifdef LTC_NOEKEON
   register_cipher (&noekeon_desc);
 #endif
-#ifdef SKIPJACK
+#ifdef LTC_SKIPJACK
   register_cipher (&skipjack_desc);
 #endif
-#ifdef KHAZAD
+#ifdef LTC_KHAZAD
   register_cipher (&khazad_desc);
 #endif
-#ifdef ANUBIS
+#ifdef LTC_ANUBIS
   register_cipher (&anubis_desc);
 #endif
 
    if (register_hash(&sha256_desc) == -1) {
-      printf("Error registering SHA256\n");
+      printf("Error registering LTC_SHA256\n");
       exit(-1);
    } 
 
@@ -144,7 +144,7 @@ int main(int argc, char *argv[])
 
    hash_idx = find_hash("sha256");
    if (hash_idx == -1) {
-      printf("SHA256 not found...?\n");
+      printf("LTC_SHA256 not found...?\n");
       exit(-1);
    }
 
@@ -236,6 +236,6 @@ int main(int argc, char *argv[])
    return 0;
 }
 
-/* $Source: /cvs/libtom/libtomcrypt/demos/encrypt.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/08/04 20:43:50 $ */
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */

libtomcrypt/demos/hashsum.c

@@ -1,3 +1,12 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
 /*
  * Written by Daniel Richards <kyhwana@world-net.co.nz> 6/7/2002
  * hash.c: This app uses libtomcrypt to hash either stdin or a file
@@ -9,111 +18,283 @@
 
 #include <tomcrypt.h>
 
-int errno;
+#if defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L
+#include <libgen.h>
+#else
+#define basename(x) x
+#endif
 
-void register_algs();
+#if !defined(PATH_MAX) && defined(_MSC_VER)
+#include <windows.h>
+#define PATH_MAX MAX_PATH
+#endif
+
+/* thanks http://stackoverflow.com/a/8198009 */
+#define _base(x) ((x >= '0' && x <= '9') ? '0' : \
+         (x >= 'a' && x <= 'f') ? 'a' - 10 : \
+         (x >= 'A' && x <= 'F') ? 'A' - 10 : \
+            '\255')
+#define HEXOF(x) (x - _base(x))
+
+static char* hashsum;
+
+static void cleanup(void)
+{
+   free(hashsum);
+}
+
+static void die(int status)
+{
+   unsigned long w, x;
+   FILE* o = status == EXIT_SUCCESS ? stdout : stderr;
+   fprintf(o, "usage: %s -a algorithm [-c] [file...]\n\n", hashsum);
+   fprintf(o, "\t-c\tCheck the hash(es) of the file(s) written in [file].\n");
+   fprintf(o, "\t\t(-a not required)\n");
+   fprintf(o, "\nAlgorithms:\n\t");
+   w = 0;
+   for (x = 0; hash_descriptor[x].name != NULL; x++) {
+      w += fprintf(o, "%-14s", hash_descriptor[x].name);
+      if (w >= 70) {
+         fprintf(o, "\n\t");
+         w = 0;
+      }
+   }
+   if (w != 0) fprintf(o, "\n");
+   exit(status);
+}
+
+static void printf_hex(unsigned char* hash_buffer, unsigned long w)
+{
+   unsigned long x;
+   for (x = 0; x < w; x++) {
+       printf("%02x",hash_buffer[x]);
+   }
+}
+
+static void check_file(int argn, int argc, char **argv)
+{
+   int err, failed, invalid;
+   unsigned char is_buffer[MAXBLOCKSIZE], should_buffer[MAXBLOCKSIZE];
+   char buf[PATH_MAX + (MAXBLOCKSIZE * 3)];
+   /* iterate through all files */
+   while(argn < argc) {
+      char* s;
+      FILE* f = fopen(argv[argn], "rb");
+      if(f == NULL) {
+         int n = snprintf(buf, sizeof(buf), "%s: %s", hashsum, argv[argn]);
+         if (n > 0 && n < (int)sizeof(buf))
+            perror(buf);
+         else
+            perror(argv[argn]);
+         exit(EXIT_FAILURE);
+      }
+      failed = 0;
+      invalid = 0;
+      /* read the file line by line */
+      while((s = fgets(buf, sizeof(buf), f)) != NULL)
+      {
+         int tries, n;
+         unsigned long hash_len, w, x;
+         char* space = strstr(s, " ");
+
+         /* skip lines with comments */
+         if (buf[0] == '#') continue;
+
+         if (space == NULL) {
+            fprintf(stderr, "%s: no properly formatted checksum lines found\n", hashsum);
+            goto ERR;
+         }
+
+         hash_len = space - s;
+         hash_len /= 2;
+
+         if (hash_len > sizeof(should_buffer)) {
+            fprintf(stderr, "%s: hash too long\n", hashsum);
+            goto ERR;
+         }
+
+         /* convert the hex-string back to binary */
+         for (x = 0; x < hash_len; ++x) {
+            should_buffer[x] = HEXOF(s[x*2]) << 4 | HEXOF(s[x*2 + 1]);
+         }
+
+         space++;
+         if (*space != '*') {
+            fprintf(stderr, "%s: unsupported input mode '%c'\n", hashsum, *space);
+            goto ERR;
+         }
+         space++;
+
+         for (n = 0; n < (buf + sizeof(buf)) - space; ++n) {
+            if(iscntrl((int)space[n])) {
+               space[n] = '\0';
+               break;
+            }
+         }
+
+         /* try all hash algorithms that have the appropriate hash size */
+         tries = 0;
+         for (x = 0; hash_descriptor[x].name != NULL; ++x) {
+            if (hash_descriptor[x].hashsize == hash_len) {
+               tries++;
+               w = sizeof(is_buffer);
+               if ((err = hash_file(x, space, is_buffer, &w)) != CRYPT_OK) {
+                  fprintf(stderr, "%s: File hash error: %s: %s\n", hashsum, space, error_to_string(err));
+ERR:
+                  fclose(f);
+                  exit(EXIT_FAILURE);
+               }
+               if(XMEMCMP(should_buffer, is_buffer, w) == 0) {
+                  printf("%s: OK\n", space);
+                  break;
+               }
+            }
+         } /* for */
+         if (hash_descriptor[x].name == NULL) {
+            if(tries > 0) {
+               printf("%s: FAILED\n", space);
+               failed++;
+            }
+            else {
+               invalid++;
+            }
+         }
+      } /* while */
+      fclose(f);
+      if(invalid) {
+         fprintf(stderr, "%s: WARNING: %d %s is improperly formatted\n", hashsum, invalid, invalid > 1?"lines":"line");
+      }
+      if(failed) {
+         fprintf(stderr, "%s: WARNING: %d computed %s did NOT match\n", hashsum, failed, failed > 1?"checksums":"checksum");
+      }
+      argn++;
+   }
+   exit(EXIT_SUCCESS);
+}
 
 int main(int argc, char **argv)
 {
-   int idx, x, z;
-   unsigned long w;
+   int idxs[TAB_SIZE], idx, check, y, z, err, argn;
+   unsigned long w, x;
    unsigned char hash_buffer[MAXBLOCKSIZE];
-   hash_state md;
+
+   hashsum = strdup(basename(argv[0]));
+   atexit(cleanup);
 
    /* You need to register algorithms before using them */
-   register_algs();
-   if (argc < 2) {
-      printf("usage: ./hash algorithm file [file ...]\n");
-      printf("Algorithms:\n");
-      for (x = 0; hash_descriptor[x].name != NULL; x++) {
-         printf(" %s (%d)\n", hash_descriptor[x].name, hash_descriptor[x].ID);
-      }
-      exit(EXIT_SUCCESS);
+   register_all_ciphers();
+   register_all_hashes();
+   if (argc > 1 && (strcmp("-h", argv[1]) == 0 || strcmp("--help", argv[1]) == 0)) {
+      die(EXIT_SUCCESS);
+   }
+   if (argc < 3) {
+      die(EXIT_FAILURE);
    }
 
-   idx = find_hash(argv[1]);
-   if (idx == -1) {
-      fprintf(stderr, "\nInvalid hash specified on command line.\n");
-      return -1;
+   for (x = 0; x < sizeof(idxs)/sizeof(idxs[0]); ++x) {
+      idxs[x] = -2;
+   }
+   argn = 1;
+   check = 0;
+   idx = 0;
+
+   while(argn < argc){
+      if(strcmp("-a", argv[argn]) == 0) {
+         argn++;
+         if(argn < argc) {
+            idxs[idx] = find_hash(argv[argn]);
+            if (idxs[idx] == -1) {
+               struct {
+                  const char* is;
+                  const char* should;
+               } shasum_compat[] =
+                     {
+#ifdef LTC_SHA1
+                           { "1",        sha1_desc.name },
+#endif
+#ifdef LTC_SHA224
+                           { "224",      sha224_desc.name  },
+#endif
+#ifdef LTC_SHA256
+                           { "256",      sha256_desc.name  },
+#endif
+#ifdef LTC_SHA384
+                           { "384",      sha384_desc.name  },
+#endif
+#ifdef LTC_SHA512
+                           { "512",      sha512_desc.name  },
+#endif
+#ifdef LTC_SHA512_224
+                           { "512224",   sha512_224_desc.name  },
+#endif
+#ifdef LTC_SHA512_256
+                           { "512256",   sha512_256_desc.name  },
+#endif
+                           { NULL, NULL }
+                     };
+               for (x = 0; shasum_compat[x].is != NULL; ++x) {
+                  if(XSTRCMP(shasum_compat[x].is, argv[argn]) == 0) {
+                     idxs[idx] = find_hash(shasum_compat[x].should);
+                     break;
+                  }
+               }
+            }
+            if (idxs[idx] == -1) {
+               fprintf(stderr, "%s: Unrecognized algorithm\n", hashsum);
+               die(EXIT_FAILURE);
+            }
+            idx++;
+            if ((size_t)idx >= sizeof(idxs)/sizeof(idxs[0])) {
+               fprintf(stderr, "%s: Too many '-a' options chosen\n", hashsum);
+               die(EXIT_FAILURE);
+            }
+            argn++;
+            continue;
+         }
+         else {
+            die(EXIT_FAILURE);
+         }
+      }
+      if(strcmp("-c", argv[argn]) == 0) {
+         check = 1;
+         argn++;
+         continue;
+      }
+      break;
    }
 
-   if (argc == 2) {
-      hash_descriptor[idx].init(&md);
-      do {
-         x = fread(hash_buffer, 1, sizeof(hash_buffer), stdin);
-         hash_descriptor[idx].process(&md, hash_buffer, x);
-      } while (x == sizeof(hash_buffer));
-      hash_descriptor[idx].done(&md, hash_buffer);
-      for (x = 0; x < (int)hash_descriptor[idx].hashsize; x++) {
-          printf("%02x",hash_buffer[x]);
+   if (check == 1) {
+      check_file(argn, argc, argv);
+   }
+
+   if (argc == argn) {
+      w = sizeof(hash_buffer);
+      if ((err = hash_filehandle(idxs[0], stdin, hash_buffer, &w)) != CRYPT_OK) {
+         fprintf(stderr, "%s: File hash error: %s\n", hashsum, error_to_string(err));
+         return EXIT_FAILURE;
+      } else {
+          for (x = 0; x < w; x++) {
+              printf("%02x",hash_buffer[x]);
+          }
+          printf(" *-\n");
       }
-      printf("  (stdin)\n");
    } else {
-      for (z = 2; z < argc; z++) {
-         w = sizeof(hash_buffer);
-         if ((errno = hash_file(idx,argv[z],hash_buffer,&w)) != CRYPT_OK) {
-            printf("File hash error: %s\n", error_to_string(errno));
-         } else {
-             for (x = 0; x < (int)hash_descriptor[idx].hashsize; x++) {
-                 printf("%02x",hash_buffer[x]);
-             }
-             printf("  %s\n", argv[z]);
+      for (z = argn; z < argc; z++) {
+         for (y = 0; y < idx; ++y) {
+            w = sizeof(hash_buffer);
+            if ((err = hash_file(idxs[y],argv[z],hash_buffer,&w)) != CRYPT_OK) {
+               fprintf(stderr, "%s: File hash error: %s\n", hashsum, error_to_string(err));
+               return EXIT_FAILURE;
+            } else {
+                printf_hex(hash_buffer, w);
+                printf(" *%s\n", argv[z]);
+            }
          }
       }
    }
    return EXIT_SUCCESS;
 }
 
-void register_algs(void)
-{
-  int err;
-
-#ifdef TIGER
-  register_hash (&tiger_desc);
-#endif
-#ifdef MD2
-  register_hash (&md2_desc);
-#endif
-#ifdef MD4
-  register_hash (&md4_desc);
-#endif
-#ifdef MD5
-  register_hash (&md5_desc);
-#endif
-#ifdef SHA1
-  register_hash (&sha1_desc);
-#endif
-#ifdef SHA224
-  register_hash (&sha224_desc);
-#endif
-#ifdef SHA256
-  register_hash (&sha256_desc);
-#endif
-#ifdef SHA384
-  register_hash (&sha384_desc);
-#endif
-#ifdef SHA512
-  register_hash (&sha512_desc);
-#endif
-#ifdef RIPEMD128
-  register_hash (&rmd128_desc);
-#endif
-#ifdef RIPEMD160
-  register_hash (&rmd160_desc);
-#endif
-#ifdef WHIRLPOOL
-  register_hash (&whirlpool_desc);
-#endif
-#ifdef CHC_HASH
-  register_hash(&chc_desc);
-  if ((err = chc_register(register_cipher(&aes_enc_desc))) != CRYPT_OK) {
-     printf("chc_register error: %s\n", error_to_string(err));
-     exit(EXIT_FAILURE);
-  }
-#endif
-
-}
-
-/* $Source: /cvs/libtom/libtomcrypt/demos/hashsum.c,v $ */
-/* $Revision: 1.2 $ */
-/* $Date: 2005/05/05 14:35:56 $ */
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */

libtomcrypt/demos/ltcrypt.c

@@ -0,0 +1,205 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+/* encrypt V1.1 Fri Oct 18 04:28:03 NZDT 2002 */
+/* File de/encryption, using libtomcrypt */
+/* Written by Daniel Richards <kyhwana@world-net.co.nz> */
+/* Help from Tom St Denis with various bits */
+/* This code is public domain, no rights reserved. */
+/* Encrypts by default, -d flag enables decryption */
+/* ie: ./encrypt blowfish story.txt story.ct */
+/* ./encrypt -d blowfish story.ct story.pt */
+
+#include <tomcrypt.h>
+
+int usage(char *name)
+{
+   int x;
+
+   printf("Usage encrypt: %s cipher infile outfile\n", name);
+   printf("Usage decrypt: %s -d cipher infile outfile\n", name);
+   printf("Usage test:    %s -t cipher\nCiphers:\n", name);
+   for (x = 0; cipher_descriptor[x].name != NULL; x++) {
+      printf("%s\n",cipher_descriptor[x].name);
+   }
+   exit(1);
+}
+
+int main(int argc, char *argv[])
+{
+   unsigned char plaintext[512],ciphertext[512];
+   unsigned char tmpkey[512], key[MAXBLOCKSIZE], IV[MAXBLOCKSIZE];
+   unsigned char inbuf[512]; /* i/o block size */
+   unsigned long outlen, y, ivsize, x, decrypt;
+   symmetric_CTR ctr;
+   int cipher_idx, hash_idx, ks;
+   char *infile, *outfile, *cipher;
+   prng_state prng;
+   FILE *fdin, *fdout;
+   int err;
+
+   /* register algs, so they can be printed */
+   register_all_ciphers();
+   register_all_hashes();
+   register_all_prngs();
+
+   if (argc < 4) {
+      if ((argc > 2) && (!strcmp(argv[1], "-t"))) {
+        cipher  = argv[2];
+        cipher_idx = find_cipher(cipher);
+        if (cipher_idx == -1) {
+          printf("Invalid cipher %s entered on command line.\n", cipher);
+          exit(-1);
+        } /* if */
+        if (cipher_descriptor[cipher_idx].test)
+        {
+          if (cipher_descriptor[cipher_idx].test() != CRYPT_OK)
+          {
+            printf("Error when testing cipher %s.\n", cipher);
+            exit(-1);
+          }
+          else
+          {
+            printf("Testing cipher %s succeeded.\n", cipher);
+            exit(0);
+          } /* if ... else */
+        } /* if */
+      }
+      return usage(argv[0]);
+   }
+
+   if (!strcmp(argv[1], "-d")) {
+      decrypt = 1;
+      cipher  = argv[2];
+      infile  = argv[3];
+      outfile = argv[4];
+   } else {
+      decrypt = 0;
+      cipher  = argv[1];
+      infile  = argv[2];
+      outfile = argv[3];
+   }
+
+   /* file handles setup */
+   fdin = fopen(infile,"rb");
+   if (fdin == NULL) {
+      perror("Can't open input for reading");
+      exit(-1);
+   }
+
+   fdout = fopen(outfile,"wb");
+   if (fdout == NULL) {
+      perror("Can't open output for writing");
+      exit(-1);
+   }
+
+   cipher_idx = find_cipher(cipher);
+   if (cipher_idx == -1) {
+      printf("Invalid cipher entered on command line.\n");
+      exit(-1);
+   }
+
+   hash_idx = find_hash("sha256");
+   if (hash_idx == -1) {
+      printf("LTC_SHA256 not found...?\n");
+      exit(-1);
+   }
+
+   ivsize = cipher_descriptor[cipher_idx].block_length;
+   ks = hash_descriptor[hash_idx].hashsize;
+   if (cipher_descriptor[cipher_idx].keysize(&ks) != CRYPT_OK) {
+      printf("Invalid keysize???\n");
+      exit(-1);
+   }
+
+   printf("\nEnter key: ");
+   if(fgets((char *)tmpkey,sizeof(tmpkey), stdin) == NULL)
+      exit(-1);
+   outlen = sizeof(key);
+   if ((err = hash_memory(hash_idx,tmpkey,strlen((char *)tmpkey),key,&outlen)) != CRYPT_OK) {
+      printf("Error hashing key: %s\n", error_to_string(err));
+      exit(-1);
+   }
+
+   if (decrypt) {
+      /* Need to read in IV */
+      if (fread(IV,1,ivsize,fdin) != ivsize) {
+         printf("Error reading IV from input.\n");
+         exit(-1);
+      }
+
+      if ((err = ctr_start(cipher_idx,IV,key,ks,0,CTR_COUNTER_LITTLE_ENDIAN,&ctr)) != CRYPT_OK) {
+         printf("ctr_start error: %s\n",error_to_string(err));
+         exit(-1);
+      }
+
+      /* IV done */
+      do {
+         y = fread(inbuf,1,sizeof(inbuf),fdin);
+
+         if ((err = ctr_decrypt(inbuf,plaintext,y,&ctr)) != CRYPT_OK) {
+            printf("ctr_decrypt error: %s\n", error_to_string(err));
+            exit(-1);
+         }
+
+         if (fwrite(plaintext,1,y,fdout) != y) {
+            printf("Error writing to file.\n");
+            exit(-1);
+         }
+      } while (y == sizeof(inbuf));
+      fclose(fdin);
+      fclose(fdout);
+
+   } else {  /* encrypt */
+      /* Setup yarrow for random bytes for IV */
+
+      if ((err = rng_make_prng(128, find_prng("yarrow"), &prng, NULL)) != CRYPT_OK) {
+         printf("Error setting up PRNG, %s\n", error_to_string(err));
+      }
+
+      /* You can use rng_get_bytes on platforms that support it */
+      /* x = rng_get_bytes(IV,ivsize,NULL);*/
+      x = yarrow_read(IV,ivsize,&prng);
+      if (x != ivsize) {
+         printf("Error reading PRNG for IV required.\n");
+         exit(-1);
+      }
+
+      if (fwrite(IV,1,ivsize,fdout) != ivsize) {
+         printf("Error writing IV to output.\n");
+         exit(-1);
+      }
+
+      if ((err = ctr_start(cipher_idx,IV,key,ks,0,CTR_COUNTER_LITTLE_ENDIAN,&ctr)) != CRYPT_OK) {
+         printf("ctr_start error: %s\n",error_to_string(err));
+         exit(-1);
+      }
+
+      do {
+         y = fread(inbuf,1,sizeof(inbuf),fdin);
+
+         if ((err = ctr_encrypt(inbuf,ciphertext,y,&ctr)) != CRYPT_OK) {
+            printf("ctr_encrypt error: %s\n", error_to_string(err));
+            exit(-1);
+         }
+
+         if (fwrite(ciphertext,1,y,fdout) != y) {
+            printf("Error writing to output.\n");
+            exit(-1);
+         }
+      } while (y == sizeof(inbuf));
+      fclose(fdout);
+      fclose(fdin);
+   }
+   return 0;
+}
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */

libtomcrypt/demos/multi.c

@@ -33,7 +33,7 @@ int main(void)
       return EXIT_FAILURE;
    }
 
-/* HMAC */
+/* LTC_HMAC */
    len = sizeof(buf[0]);
    hmac_memory(find_hash("sha256"), key, 16, (unsigned char*)"hello", 5, buf[0], &len);
    len2 = sizeof(buf[0]);
@@ -55,7 +55,7 @@ int main(void)
       return EXIT_FAILURE;
    }
 
-/* OMAC */
+/* LTC_OMAC */
    len = sizeof(buf[0]);
    omac_memory(find_cipher("aes"), key, 16, (unsigned char*)"hello", 5, buf[0], &len);
    len2 = sizeof(buf[0]);
@@ -105,6 +105,6 @@ int main(void)
 }
 
 
-/* $Source: /cvs/libtom/libtomcrypt/demos/multi.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2006/06/07 22:25:09 $ */
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */

libtomcrypt/demos/openssl-enc.c

@@ -0,0 +1,397 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+/*
+ * Demo to do the rough equivalent of:
+ *
+ *    openssl enc -aes-256-cbc -pass pass:foobar -in infile -out outfile -p
+ *
+ * Compilation:
+ *
+ *    $(CC) -I /path/to/headers -L .../libs \
+ *          -o openssl-enc \
+ *          openssl-enc.c -ltomcrypt
+ *
+ * Usage:
+ *
+ *    ./openssl-enc <enc|dec> infile outfile "passphrase" [salt]
+ *
+ * If provided, the salt must be EXACTLY a 16-char hex string.
+ *
+ * Demo is an example of:
+ *
+ * - (When decrypting) yanking salt out of the OpenSSL "Salted__..." header
+ * - OpenSSL-compatible key derivation (in OpenSSL's modified PKCS#5v1 approach)
+ * - Grabbing an Initialization Vector from the key generator
+ * - Performing simple block encryption using AES
+ * - PKCS#7-type padding (which hopefully can get ripped out of this demo and
+ *   made a libtomcrypt thing someday).
+ *
+ * This program is free for all purposes without any express guarantee it
+ * works. If you really want to see a license here, assume the WTFPL :-)
+ *
+ * BJ Black, bblack@barracuda.com, https://wjblack.com
+ *
+ * BUGS:
+ *       Passing a password on a command line is a HORRIBLE idea.  Don't use
+ *       this program for serious work!
+ */
+
+#include <tomcrypt.h>
+
+#ifndef LTC_RIJNDAEL
+#error Cannot compile this demo; Rijndael (AES) required
+#endif
+#ifndef LTC_CBC_MODE
+#error Cannot compile this demo; CBC mode required
+#endif
+#ifndef LTC_PKCS_5
+#error Cannot compile this demo; PKCS5 required
+#endif
+#ifndef LTC_RNG_GET_BYTES
+#error Cannot compile this demo; random generator required
+#endif
+#ifndef LTC_MD5
+#error Cannot compile this demo; MD5 required
+#endif
+
+/* OpenSSL by default only runs one hash round */
+#define OPENSSL_ITERATIONS 1
+/* Use aes-256-cbc, so 256 bits of key, 128 of IV */
+#define KEY_LENGTH (256>>3)
+#define IV_LENGTH (128>>3)
+/* PKCS#5v1 requires exactly an 8-byte salt */
+#define SALT_LENGTH 8
+/* The header OpenSSL puts on an encrypted file */
+static char salt_header[] = { 'S', 'a', 'l', 't', 'e', 'd', '_', '_' };
+
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+
+/* A simple way to handle the possibility that a block may increase in size
+   after padding. */
+union paddable {
+   unsigned char unpad[1024];
+   unsigned char pad[1024+MAXBLOCKSIZE];
+};
+
+/*
+ * Print usage and exit with a bad status (and perror() if any errno).
+ *
+ * Input:        argv[0] and the error string
+ * Output:       <no return>
+ * Side Effects: print messages and barf (does exit(3))
+ */
+void barf(const char *pname, const char *err)
+{
+   printf("Usage: %s <enc|dec> infile outfile passphrase [salt]\n", pname);
+   printf("\n");
+   printf("       # encrypts infile->outfile, random salt\n");
+   printf("       %s enc infile outfile \"passphrase\"\n", pname);
+   printf("\n");
+   printf("       # encrypts infile->outfile, salt from cmdline\n");
+   printf("       %s enc infile outfile pass 0123456789abcdef\n", pname);
+   printf("\n");
+   printf("       # decrypts infile->outfile, pulls salt from infile\n");
+   printf("       %s dec infile outfile pass\n", pname);
+   printf("\n");
+   printf("       # decrypts infile->outfile, salt specified\n");
+   printf("       # (don't try to read the salt from infile)\n");
+   printf("       %s dec infile outfile pass 0123456789abcdef"
+          "\n", pname);
+   printf("\n");
+   printf("Application Error: %s\n", err);
+   if(errno)
+      perror("     System Error");
+   exit(-1);
+}
+
+/*
+ * Parse a salt value passed in on the cmdline.
+ *
+ * Input:        string passed in and a buf to put it in (exactly 8 bytes!)
+ * Output:       CRYPT_OK if parsed OK, CRYPT_ERROR if not
+ * Side Effects: none
+ */
+int parse_hex_salt(unsigned char *in, unsigned char *out)
+{
+   int idx;
+   for(idx=0; idx<SALT_LENGTH; idx++)
+      if(sscanf((char*)in+idx*2, "%02hhx", out+idx) != 1)
+         return CRYPT_ERROR;
+   return CRYPT_OK;
+}
+
+/*
+ * Parse the Salted__[+8 bytes] from an OpenSSL-compatible file header.
+ *
+ * Input:        file to read from and a to put the salt in (exactly 8 bytes!)
+ * Output:       CRYPT_OK if parsed OK, CRYPT_ERROR if not
+ * Side Effects: infile's read pointer += 16
+ */
+int parse_openssl_header(FILE *in, unsigned char *out)
+{
+   unsigned char tmp[SALT_LENGTH];
+   if(fread(tmp, 1, sizeof(tmp), in) != sizeof(tmp))
+      return CRYPT_ERROR;
+   if(memcmp(tmp, salt_header, sizeof(tmp)))
+      return CRYPT_ERROR;
+   if(fread(tmp, 1, sizeof(tmp), in) != sizeof(tmp))
+      return CRYPT_ERROR;
+   memcpy(out, tmp, sizeof(tmp));
+   return CRYPT_OK;
+}
+
+/*
+ * Dump a hexed stream of bytes (convenience func).
+ *
+ * Input:        buf to read from, length
+ * Output:       none
+ * Side Effects: bytes printed as a hex blob, no lf at the end
+ */
+void dump_bytes(unsigned char *in, unsigned long len)
+{
+   unsigned long idx;
+   for(idx=0; idx<len; idx++)
+      printf("%02hhX", *(in+idx));
+}
+
+/*
+ * Pad or unpad a message using PKCS#7 padding.
+ * Padding will add 1-(blocksize) bytes and unpadding will remove that amount.
+ * Set is_padding to 1 to pad, 0 to unpad.
+ *
+ * Input:        paddable buffer, size read, block length of cipher, mode
+ * Output:       number of bytes after padding resp. after unpadding
+ * Side Effects: none
+ */
+size_t pkcs7_pad(union paddable *buf, size_t nb, int block_length,
+                 int is_padding)
+{
+   unsigned char padval;
+   off_t idx;
+
+   if(is_padding) {
+      /* We are PADDING this block (and therefore adding bytes) */
+      /* The pad value in PKCS#7 is the number of bytes remaining in
+         the block, so for a 16-byte block and 3 bytes left, it's
+         0x030303.  In the oddball case where nb is an exact multiple
+         multiple of block_length, set the padval to blocksize (i.e.
+         add one full block) */
+      padval = (unsigned char) (block_length - (nb % block_length));
+      padval = padval ? padval : block_length;
+
+      memset(buf->pad+nb, padval, padval);
+      return nb+padval;
+   } else {
+      /* We are UNPADDING this block (and removing bytes)
+         We really just need to verify that the pad bytes are correct,
+         so start at the end of the string and work backwards. */
+
+      /* Figure out what the padlength should be by looking at the
+         last byte */
+      idx = nb-1;
+      padval = buf->pad[idx];
+
+      /* padval must be nonzero and <= block length */
+      if(padval <= 0 || padval > block_length)
+         return 0;
+
+      /* First byte's accounted for; do the rest */
+      idx--;
+
+      while(idx >= (off_t)(nb-padval))
+         if(buf->pad[idx] != padval)
+            return 0;
+         else
+            idx--;
+
+      /* If we got here, the pad checked out, so return a smaller
+         number of bytes than nb (basically where we left off+1) */
+      return idx+1;
+   }
+}
+
+/*
+ * Perform an encrypt/decrypt operation to/from files using AES+CBC+PKCS7 pad.
+ * Set encrypt to 1 to encrypt, 0 to decrypt.
+ *
+ * Input:        in/out files, key, iv, and mode
+ * Output:       CRYPT_OK if no error
+ * Side Effects: bytes slurped from infile, pushed to outfile, fds updated.
+ */
+int do_crypt(FILE *infd, FILE *outfd, unsigned char *key, unsigned char *iv,
+             int encrypt)
+{
+   union paddable inbuf, outbuf;
+   int cipher, ret;
+   symmetric_CBC cbc;
+   size_t nb;
+
+   /* Register your cipher! */
+   cipher = register_cipher(&aes_desc);
+   if(cipher == -1)
+      return CRYPT_INVALID_CIPHER;
+
+   /* Start a CBC session with cipher/key/val params */
+   ret = cbc_start(cipher, iv, key, KEY_LENGTH, 0, &cbc);
+   if( ret != CRYPT_OK )
+      return -1;
+
+   do {
+      /* Get bytes from the source */
+      nb = fread(inbuf.unpad, 1, sizeof(inbuf.unpad), infd);
+      if(!nb)
+         return encrypt ? CRYPT_OK : CRYPT_ERROR;
+
+      /* Barf if we got a read error */
+      if(ferror(infd))
+         return CRYPT_ERROR;
+
+      if(encrypt) {
+         /* We're encrypting, so pad first (if at EOF) and then
+            crypt */
+         if(feof(infd))
+            nb = pkcs7_pad(&inbuf, nb,
+                           aes_desc.block_length, 1);
+
+         ret = cbc_encrypt(inbuf.pad, outbuf.pad, nb, &cbc);
+         if(ret != CRYPT_OK)
+            return ret;
+
+      } else {
+         /* We're decrypting, so decrypt and then unpad if at
+            EOF */
+         ret = cbc_decrypt(inbuf.unpad, outbuf.unpad, nb, &cbc);
+         if( ret != CRYPT_OK )
+            return ret;
+
+         if( feof(infd) )
+            nb = pkcs7_pad(&outbuf, nb,
+                           aes_desc.block_length, 0);
+         if(nb == 0)
+            /* The file didn't decrypt correctly */
+            return CRYPT_ERROR;
+
+      }
+
+      /* Push bytes to outfile */
+      if(fwrite(outbuf.unpad, 1, nb, outfd) != nb)
+         return CRYPT_ERROR;
+
+   } while(!feof(infd));
+
+   /* Close up */
+   cbc_done(&cbc);
+
+   return CRYPT_OK;
+}
+
+/* Convenience macro for the various barfable places below */
+#define BARF(a) { \
+   if(infd) fclose(infd); \
+   if(outfd) { fclose(outfd); remove(argv[3]); } \
+   barf(argv[0], a); \
+}
+/*
+ * The main routine.  Mostly validate cmdline params, open files, run the KDF,
+ * and do the crypt.
+ */
+int main(int argc, char *argv[]) {
+   unsigned char salt[SALT_LENGTH];
+   FILE *infd = NULL, *outfd = NULL;
+   int encrypt = -1;
+   int hash = -1;
+   int ret;
+   unsigned char keyiv[KEY_LENGTH + IV_LENGTH];
+   unsigned long keyivlen = (KEY_LENGTH + IV_LENGTH);
+   unsigned char *key, *iv;
+
+   /* Check proper number of cmdline args */
+   if(argc < 5 || argc > 6)
+      BARF("Invalid number of arguments");
+
+   /* Check proper mode of operation */
+   if     (!strncmp(argv[1], "enc", 3))
+      encrypt = 1;
+   else if(!strncmp(argv[1], "dec", 3))
+      encrypt = 0;
+   else
+      BARF("Bad command name");
+
+   /* Check we can open infile/outfile */
+   infd = fopen(argv[2], "rb");
+   if(infd == NULL)
+      BARF("Could not open infile");
+   outfd = fopen(argv[3], "wb");
+   if(outfd == NULL)
+      BARF("Could not open outfile");
+
+   /* Get the salt from wherever */
+   if(argc == 6) {
+      /* User-provided */
+      if(parse_hex_salt((unsigned char*) argv[5], salt) != CRYPT_OK)
+         BARF("Bad user-specified salt");
+   } else if(!strncmp(argv[1], "enc", 3)) {
+      /* Encrypting; get from RNG */
+      if(rng_get_bytes(salt, sizeof(salt), NULL) != sizeof(salt))
+         BARF("Not enough random data");
+   } else {
+      /* Parse from infile (decrypt only) */
+      if(parse_openssl_header(infd, salt) != CRYPT_OK)
+         BARF("Invalid OpenSSL header in infile");
+   }
+
+   /* Fetch the MD5 hasher for PKCS#5 */
+   hash = register_hash(&md5_desc);
+   if(hash == -1)
+      BARF("Could not register MD5 hash");
+
+   /* Set things to a sane initial state */
+   zeromem(keyiv, sizeof(keyiv));
+   key = keyiv + 0;      /* key comes first */
+   iv = keyiv + KEY_LENGTH;   /* iv comes next */
+
+   /* Run the key derivation from the provided passphrase.  This gets us
+      the key and iv. */
+   ret = pkcs_5_alg1_openssl((unsigned char*)argv[4], strlen(argv[4]), salt,
+                             OPENSSL_ITERATIONS, hash, keyiv, &keyivlen );
+   if(ret != CRYPT_OK)
+      BARF("Could not derive key/iv from passphrase");
+
+   /* Display the salt/key/iv like OpenSSL cmdline does when -p */
+   printf("salt="); dump_bytes(salt, sizeof(salt)); printf("\n");
+   printf("key=");  dump_bytes(key, KEY_LENGTH);    printf("\n");
+   printf("iv =");  dump_bytes(iv,  IV_LENGTH );    printf("\n");
+
+   /* If we're encrypting, write the salt header as OpenSSL does */
+   if(!strncmp(argv[1], "enc", 3)) {
+      if(fwrite(salt_header, 1, sizeof(salt_header), outfd) !=
+         sizeof(salt_header) )
+         BARF("Error writing salt header to outfile");
+      if(fwrite(salt, 1, sizeof(salt), outfd) != sizeof(salt))
+         BARF("Error writing salt to outfile");
+   }
+
+   /* At this point, the files are open, the salt has been figured out,
+      and we're ready to pump data through crypt. */
+
+   /* Do the crypt operation */
+   if(do_crypt(infd, outfd, key, iv, encrypt) != CRYPT_OK)
+      BARF("Error during crypt operation");
+
+   /* Clean up */
+   fclose(infd); fclose(outfd);
+   return 0;
+}
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */

libtomcrypt/demos/sizes.c

@@ -0,0 +1,81 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+#include "tomcrypt.h"
+
+#if defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L
+#include <libgen.h>
+#else
+#define basename(x) x
+#endif
+/**
+  @file demo_crypt_sizes.c
+
+  Demo how to get various sizes to dynamic languages
+  like Python - Larry Bugbee, February 2013
+*/
+
+static void _print_line(const char* cmd, const char* desc)
+{
+   printf("  %-16s - %s\n", cmd, desc);
+}
+
+int main(int argc, char **argv)
+{
+   if (argc == 1) {
+      /* given a specific size name, get and print its size */
+      char name[] = "ltc_hash_descriptor";
+      unsigned int size;
+      char *sizes_list;
+      unsigned int sizes_list_len;
+      if (crypt_get_size(name, &size) != 0) exit(EXIT_FAILURE);
+      printf("\n  size of '%s' is %u \n\n", name, size);
+
+      /* get and print the length of the names (and sizes) list */
+      if (crypt_list_all_sizes(NULL, &sizes_list_len) != 0) exit(EXIT_FAILURE);
+      printf("  need to allocate %u bytes \n\n", sizes_list_len);
+
+      /* get and print the names (and sizes) list */
+      if ((sizes_list = malloc(sizes_list_len)) == NULL) exit(EXIT_FAILURE);
+      if (crypt_list_all_sizes(sizes_list, &sizes_list_len) != 0) exit(EXIT_FAILURE);
+      printf("  supported sizes:\n\n%s\n\n", sizes_list);
+      free(sizes_list);
+   } else if (argc == 2) {
+      if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0) {
+         char* base = strdup(basename(argv[0]));
+         printf("Usage: %s [-a] [-s name]\n\n", base);
+         _print_line("<no argument>", "The old behavior of the demo");
+         _print_line("-a", "Only lists all sizes");
+         _print_line("-s name", "List a single size given as argument");
+         _print_line("-h", "The help you're looking at");
+         free(base);
+      } else if (strcmp(argv[1], "-a") == 0) {
+         char *sizes_list;
+         unsigned int sizes_list_len;
+         /* get and print the length of the names (and sizes) list */
+         if (crypt_list_all_sizes(NULL, &sizes_list_len) != 0) exit(EXIT_FAILURE);
+         /* get and print the names (and sizes) list */
+         if ((sizes_list = malloc(sizes_list_len)) == NULL) exit(EXIT_FAILURE);
+         if (crypt_list_all_sizes(sizes_list, &sizes_list_len) != 0) exit(EXIT_FAILURE);
+         printf("%s\n", sizes_list);
+         free(sizes_list);
+      }
+   } else if (argc == 3) {
+      if (strcmp(argv[1], "-s") == 0) {
+         unsigned int size;
+         if (crypt_get_size(argv[2], &size) != 0) exit(EXIT_FAILURE);
+         printf("%s,%u\n", argv[2], size);
+      }
+   }
+   return 0;
+}
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */

libtomcrypt/demos/small.c

@@ -1,3 +1,11 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
 /* small demo app that just includes a cipher/hash/prng */
 #include <tomcrypt.h>
 
@@ -9,6 +17,6 @@ int main(void)
    return 0;
 }
 
-/* $Source: /cvs/libtom/libtomcrypt/demos/small.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2006/06/07 22:25:09 $ */
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */

libtomcrypt/demos/test.c

@@ -31,6 +31,6 @@ int main(void)
    return EXIT_SUCCESS;
 }
 
-/* $Source: /cvs/libtom/libtomcrypt/demos/test.c,v $ */
-/* $Revision: 1.28 $ */
-/* $Date: 2006/05/25 10:50:08 $ */
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */

libtomcrypt/demos/tv_gen.c

@@ -1,129 +1,25 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
 #include <tomcrypt.h>
 
-void reg_algs(void)
-{
-  int err;
-
-#ifdef RIJNDAEL
-  register_cipher (&aes_desc);
-#endif
-#ifdef BLOWFISH
-  register_cipher (&blowfish_desc);
-#endif
-#ifdef XTEA
-  register_cipher (&xtea_desc);
-#endif
-#ifdef RC5
-  register_cipher (&rc5_desc);
-#endif
-#ifdef RC6
-  register_cipher (&rc6_desc);
-#endif
-#ifdef SAFERP
-  register_cipher (&saferp_desc);
-#endif
-#ifdef TWOFISH
-  register_cipher (&twofish_desc);
-#endif
-#ifdef SAFER
-  register_cipher (&safer_k64_desc);
-  register_cipher (&safer_sk64_desc);
-  register_cipher (&safer_k128_desc);
-  register_cipher (&safer_sk128_desc);
-#endif
-#ifdef RC2
-  register_cipher (&rc2_desc);
-#endif
-#ifdef DES
-  register_cipher (&des_desc);
-  register_cipher (&des3_desc);
-#endif
-#ifdef CAST5
-  register_cipher (&cast5_desc);
-#endif
-#ifdef NOEKEON
-  register_cipher (&noekeon_desc);
-#endif
-#ifdef SKIPJACK
-  register_cipher (&skipjack_desc);
-#endif
-#ifdef ANUBIS
-  register_cipher (&anubis_desc);
-#endif
-#ifdef KHAZAD
-  register_cipher (&khazad_desc);
-#endif
-
-#ifdef TIGER
-  register_hash (&tiger_desc);
-#endif
-#ifdef MD2
-  register_hash (&md2_desc);
-#endif
-#ifdef MD4
-  register_hash (&md4_desc);
-#endif
-#ifdef MD5
-  register_hash (&md5_desc);
-#endif
-#ifdef SHA1
-  register_hash (&sha1_desc);
-#endif
-#ifdef SHA224
-  register_hash (&sha224_desc);
-#endif
-#ifdef SHA256
-  register_hash (&sha256_desc);
-#endif
-#ifdef SHA384
-  register_hash (&sha384_desc);
-#endif
-#ifdef SHA512
-  register_hash (&sha512_desc);
-#endif
-#ifdef RIPEMD128
-  register_hash (&rmd128_desc);
-#endif
-#ifdef RIPEMD160
-  register_hash (&rmd160_desc);
-#endif
-#ifdef WHIRLPOOL
-  register_hash (&whirlpool_desc);
-#endif
-#ifdef CHC_HASH
-  register_hash(&chc_desc);
-  if ((err = chc_register(register_cipher(&aes_desc))) != CRYPT_OK) {
-     printf("chc_register error: %s\n", error_to_string(err));
-     exit(EXIT_FAILURE);
-  }
-#endif
-
-#ifdef USE_LTM
-   ltc_mp = ltm_desc;
-#elif defined(USE_TFM)
-   ltc_mp = tfm_desc;
-#elif defined(USE_GMP)
-   ltc_mp = gmp_desc;
-#else
-   extern ltc_math_descriptor EXT_MATH_LIB;
-   ltc_mp = EXT_MATH_LIB;
-#endif
-
-
-}
-
 void hash_gen(void)
 {
    unsigned char md[MAXBLOCKSIZE], *buf;
    unsigned long outlen, x, y, z;
    FILE *out;
    int   err;
-   
+
    out = fopen("hash_tv.txt", "w");
    if (out == NULL) {
       perror("can't open hash_tv");
    }
-   
+
    fprintf(out, "Hash Test Vectors:\n\nThese are the hashes of nn bytes '00 01 02 03 .. (nn-1)'\n\n");
    for (x = 0; hash_descriptor[x].name != NULL; x++) {
       buf = XMALLOC(2 * hash_descriptor[x].blocksize + 1);
@@ -160,16 +56,16 @@ void cipher_gen(void)
    int err, kl, lastkl;
    FILE *out;
    symmetric_key skey;
-   
+
    out = fopen("cipher_tv.txt", "w");
-   
-   fprintf(out, 
+
+   fprintf(out,
 "Cipher Test Vectors\n\nThese are test encryptions with key of nn bytes '00 01 02 03 .. (nn-1)' and original PT of the same style.\n"
 "The output of step N is used as the key and plaintext for step N+1 (key bytes repeated as required to fill the key)\n\n");
-                   
+
    for (x = 0; cipher_descriptor[x].name != NULL; x++) {
       fprintf(out, "Cipher: %s\n", cipher_descriptor[x].name);
-      
+
       /* three modes, smallest, medium, large keys */
       lastkl = 10000;
       for (y = 0; y < 3; y++) {
@@ -182,7 +78,7 @@ void cipher_gen(void)
             printf("keysize error: %s\n", error_to_string(err));
             exit(EXIT_FAILURE);
          }
-         if (kl == lastkl) break;
+         if (kl == lastkl) continue;
          lastkl = kl;
          fprintf(out, "Key Size: %d bytes\n", kl);
 
@@ -199,7 +95,7 @@ void cipher_gen(void)
             printf("setup error: %s\n", error_to_string(err));
             exit(EXIT_FAILURE);
          }
-         
+
          for (z = 0; (int)z < cipher_descriptor[x].block_length; z++) {
             pt[z] = (unsigned char)z;
          }
@@ -226,7 +122,7 @@ void cipher_gen(void)
      fprintf(out, "\n");
   }
   fclose(out);
-}  
+}
 
 void hmac_gen(void)
 {
@@ -234,17 +130,17 @@ void hmac_gen(void)
    int x, y, z, err;
    FILE *out;
    unsigned long len;
-  
+
    out = fopen("hmac_tv.txt", "w");
 
-   fprintf(out, 
+   fprintf(out,
 "HMAC Tests.  In these tests messages of N bytes long (00,01,02,...,NN-1) are HMACed.  The initial key is\n"
 "of the same format (the same length as the HASH output size).  The HMAC key in step N+1 is the HMAC output of\n"
 "step N.\n\n");
 
    for (x = 0; hash_descriptor[x].name != NULL; x++) {
       fprintf(out, "HMAC-%s\n", hash_descriptor[x].name);
-      
+
       /* initial key */
       for (y = 0; y < (int)hash_descriptor[x].hashsize; y++) {
           key[y] = (y&255);
@@ -255,7 +151,7 @@ void hmac_gen(void)
          perror("Can't malloc memory");
          exit(EXIT_FAILURE);
       }
-      
+
       for (y = 0; y <= (int)(hash_descriptor[x].blocksize * 2); y++) {
          for (z = 0; z < y; z++) {
             input[z] = (unsigned char)(z & 255);
@@ -279,17 +175,18 @@ void hmac_gen(void)
    }
    fclose(out);
 }
-   
+
 void omac_gen(void)
 {
+#ifdef LTC_OMAC
    unsigned char key[MAXBLOCKSIZE], output[MAXBLOCKSIZE], input[MAXBLOCKSIZE*2+2];
    int err, x, y, z, kl;
    FILE *out;
    unsigned long len;
-  
+
    out = fopen("omac_tv.txt", "w");
 
-   fprintf(out, 
+   fprintf(out,
 "OMAC Tests.  In these tests messages of N bytes long (00,01,02,...,NN-1) are OMAC'ed.  The initial key is\n"
 "of the same format (length specified per cipher).  The OMAC key in step N+1 is the OMAC output of\n"
 "step N (repeated as required to fill the array).\n\n");
@@ -304,12 +201,12 @@ void omac_gen(void)
          kl = cipher_descriptor[x].max_key_length;
       }
       fprintf(out, "OMAC-%s (%d byte key)\n", cipher_descriptor[x].name, kl);
-      
+
       /* initial key/block */
       for (y = 0; y < kl; y++) {
           key[y] = (y & 255);
       }
-      
+
       for (y = 0; y <= (int)(cipher_descriptor[x].block_length*2); y++) {
          for (z = 0; z < y; z++) {
             input[z] = (unsigned char)(z & 255);
@@ -333,20 +230,22 @@ void omac_gen(void)
       fprintf(out, "\n");
    }
    fclose(out);
+#endif
 }
 
 void pmac_gen(void)
 {
+#ifdef LTC_PMAC
    unsigned char key[MAXBLOCKSIZE], output[MAXBLOCKSIZE], input[MAXBLOCKSIZE*2+2];
    int err, x, y, z, kl;
    FILE *out;
    unsigned long len;
-  
+
    out = fopen("pmac_tv.txt", "w");
 
-   fprintf(out, 
-"PMAC Tests.  In these tests messages of N bytes long (00,01,02,...,NN-1) are OMAC'ed.  The initial key is\n"
-"of the same format (length specified per cipher).  The OMAC key in step N+1 is the OMAC output of\n"
+   fprintf(out,
+"PMAC Tests.  In these tests messages of N bytes long (00,01,02,...,NN-1) are PMAC'ed.  The initial key is\n"
+"of the same format (length specified per cipher).  The PMAC key in step N+1 is the PMAC output of\n"
 "step N (repeated as required to fill the array).\n\n");
 
    for (x = 0; cipher_descriptor[x].name != NULL; x++) {
@@ -359,12 +258,12 @@ void pmac_gen(void)
          kl = cipher_descriptor[x].max_key_length;
       }
       fprintf(out, "PMAC-%s (%d byte key)\n", cipher_descriptor[x].name, kl);
-      
+
       /* initial key/block */
       for (y = 0; y < kl; y++) {
           key[y] = (y & 255);
       }
-      
+
       for (y = 0; y <= (int)(cipher_descriptor[x].block_length*2); y++) {
          for (z = 0; z < y; z++) {
             input[z] = (unsigned char)(z & 255);
@@ -388,13 +287,15 @@ void pmac_gen(void)
       fprintf(out, "\n");
    }
    fclose(out);
+#endif
 }
 
 void eax_gen(void)
 {
+#ifdef LTC_EAX_MODE
    int err, kl, x, y1, z;
    FILE *out;
-   unsigned char key[MAXBLOCKSIZE], nonce[MAXBLOCKSIZE*2], header[MAXBLOCKSIZE*2], 
+   unsigned char key[MAXBLOCKSIZE], nonce[MAXBLOCKSIZE*2], header[MAXBLOCKSIZE*2],
                  plaintext[MAXBLOCKSIZE*2], tag[MAXBLOCKSIZE];
    unsigned long len;
 
@@ -418,7 +319,7 @@ void eax_gen(void)
       for (z = 0; z < kl; z++) {
           key[z] = (z & 255);
       }
-      
+
       for (y1 = 0; y1 <= (int)(cipher_descriptor[x].block_length*2); y1++){
          for (z = 0; z < y1; z++) {
             plaintext[z] = (unsigned char)(z & 255);
@@ -448,13 +349,15 @@ void eax_gen(void)
       fprintf(out, "\n");
    }
    fclose(out);
+#endif
 }
 
 void ocb_gen(void)
 {
+#ifdef LTC_OCB_MODE
    int err, kl, x, y1, z;
    FILE *out;
-   unsigned char key[MAXBLOCKSIZE], nonce[MAXBLOCKSIZE*2], 
+   unsigned char key[MAXBLOCKSIZE], nonce[MAXBLOCKSIZE*2],
                  plaintext[MAXBLOCKSIZE*2], tag[MAXBLOCKSIZE];
    unsigned long len;
 
@@ -483,7 +386,7 @@ void ocb_gen(void)
       for (z = 0; z < cipher_descriptor[x].block_length; z++) {
           nonce[z] = z;
       }
-      
+
       for (y1 = 0; y1 <= (int)(cipher_descriptor[x].block_length*2); y1++){
          for (z = 0; z < y1; z++) {
             plaintext[z] = (unsigned char)(z & 255);
@@ -511,14 +414,81 @@ void ocb_gen(void)
       fprintf(out, "\n");
    }
    fclose(out);
+#endif
 }
 
+void ocb3_gen(void)
+{
+#ifdef LTC_OCB3_MODE
+   int err, kl, x, y1, z, noncelen;
+   FILE *out;
+   unsigned char key[MAXBLOCKSIZE], nonce[MAXBLOCKSIZE*2],
+                 plaintext[MAXBLOCKSIZE*2], tag[MAXBLOCKSIZE];
+   unsigned long len;
+
+   out = fopen("ocb3_tv.txt", "w");
+   fprintf(out, "OCB3 Test Vectors.  Uses the 00010203...NN-1 pattern for nonce/plaintext/key.  The outputs\n"
+                "are of the form ciphertext,tag for a given NN.  The key for step N>1 is the tag of the previous\n"
+                "step repeated sufficiently.  The nonce is fixed throughout. AAD is fixed to 3 bytes (ASCII) 'AAD'.\n\n");
+
+   for (x = 0; cipher_descriptor[x].name != NULL; x++) {
+      kl = cipher_descriptor[x].block_length;
+
+      /* skip ciphers which do not have 64 or 128 bit block sizes */
+      if (kl != 16) continue;
+
+      if (cipher_descriptor[x].keysize(&kl) != CRYPT_OK) {
+         kl = cipher_descriptor[x].max_key_length;
+      }
+      fprintf(out, "OCB3-%s (%d byte key)\n", cipher_descriptor[x].name, kl);
+
+      /* the key */
+      for (z = 0; z < kl; z++) {
+          key[z] = (z & 255);
+      }
+
+      /* fixed nonce */
+      noncelen = MIN(15, cipher_descriptor[x].block_length);
+      for (z = 0; z < noncelen; z++) {
+          nonce[z] = z;
+      }
+
+      for (y1 = 0; y1 <= (int)(cipher_descriptor[x].block_length*2); y1++){
+         for (z = 0; z < y1; z++) {
+            plaintext[z] = (unsigned char)(z & 255);
+         }
+         len = 16;
+         if ((err = ocb3_encrypt_authenticate_memory(x, key, kl, nonce, noncelen, (unsigned char*)"AAD", 3, plaintext, y1, plaintext, tag, &len)) != CRYPT_OK) {
+            printf("Error OCB3'ing: %s\n", error_to_string(err));
+            exit(EXIT_FAILURE);
+         }
+         fprintf(out, "%3d: ", y1);
+         for (z = 0; z < y1; z++) {
+            fprintf(out, "%02X", plaintext[z]);
+         }
+         fprintf(out, ", ");
+         for (z = 0; z <(int)len; z++) {
+            fprintf(out, "%02X", tag[z]);
+         }
+         fprintf(out, "\n");
+
+         /* forward the key */
+         for (z = 0; z < kl; z++) {
+             key[z] = tag[z % len];
+         }
+      }
+      fprintf(out, "\n");
+   }
+   fclose(out);
+#endif
+}
 
 void ccm_gen(void)
 {
+#ifdef LTC_CCM_MODE
    int err, kl, x, y1, z;
    FILE *out;
-   unsigned char key[MAXBLOCKSIZE], nonce[MAXBLOCKSIZE*2], 
+   unsigned char key[MAXBLOCKSIZE], nonce[MAXBLOCKSIZE*2],
                  plaintext[MAXBLOCKSIZE*2], tag[MAXBLOCKSIZE];
    unsigned long len;
 
@@ -547,7 +517,7 @@ void ccm_gen(void)
       for (z = 0; z < cipher_descriptor[x].block_length; z++) {
           nonce[z] = z;
       }
-      
+
       for (y1 = 0; y1 <= (int)(cipher_descriptor[x].block_length*2); y1++){
          for (z = 0; z < y1; z++) {
             plaintext[z] = (unsigned char)(z & 255);
@@ -557,6 +527,10 @@ void ccm_gen(void)
             printf("Error CCM'ing: %s\n", error_to_string(err));
             exit(EXIT_FAILURE);
          }
+         if (len == 0) {
+            printf("Error CCM'ing: zero length\n");
+            exit(EXIT_FAILURE);
+         }
          fprintf(out, "%3d: ", y1);
          for (z = 0; z < y1; z++) {
             fprintf(out, "%02X", plaintext[z]);
@@ -575,10 +549,12 @@ void ccm_gen(void)
       fprintf(out, "\n");
    }
    fclose(out);
+#endif
 }
 
 void gcm_gen(void)
 {
+#ifdef LTC_GCM_MODE
    int err, kl, x, y1, z;
    FILE *out;
    unsigned char key[MAXBLOCKSIZE], plaintext[MAXBLOCKSIZE*2], tag[MAXBLOCKSIZE];
@@ -604,8 +580,8 @@ void gcm_gen(void)
       for (z = 0; z < kl; z++) {
           key[z] = (z & 255);
       }
-     
-      for (y1 = 0; y1 <= (int)(cipher_descriptor[x].block_length*2); y1++){
+
+      for (y1 = 1; y1 <= (int)(cipher_descriptor[x].block_length*2); y1++){
          for (z = 0; z < y1; z++) {
             plaintext[z] = (unsigned char)(z & 255);
          }
@@ -614,6 +590,10 @@ void gcm_gen(void)
             printf("Error GCM'ing: %s\n", error_to_string(err));
             exit(EXIT_FAILURE);
          }
+         if (len == 0) {
+            printf("Error GCM'ing: zero length\n");
+            exit(EXIT_FAILURE);
+         }
          fprintf(out, "%3d: ", y1);
          for (z = 0; z < y1; z++) {
             fprintf(out, "%02X", plaintext[z]);
@@ -632,19 +612,20 @@ void gcm_gen(void)
       fprintf(out, "\n");
    }
    fclose(out);
+#endif
 }
 
 void base64_gen(void)
 {
    FILE *out;
-   unsigned char dst[256], src[32];
-   unsigned long x, y, len;
-   
+   unsigned char dst[256], src[32], ch;
+   unsigned long x, len;
+
    out = fopen("base64_tv.txt", "w");
    fprintf(out, "Base64 vectors.  These are the base64 encodings of the strings 00,01,02...NN-1\n\n");
    for (x = 0; x <= 32; x++) {
-       for (y = 0; y < x; y++) {
-           src[y] = y;
+       for (ch = 0; ch < x; ch++) {
+           src[ch] = ch;
        }
        len = sizeof(dst);
        base64_encode(src, x, dst, &len);
@@ -681,7 +662,7 @@ void ecc_gen(void)
         mp_read_radix(modulus, (char *)ltc_ecc_sets[x].prime, 16);
         mp_read_radix(G->x,    (char *)ltc_ecc_sets[x].Gx,    16);
         mp_read_radix(G->y,    (char *)ltc_ecc_sets[x].Gy,    16);
-        mp_set(G->z, 1);  
+        mp_set(G->z, 1);
 
         while (mp_cmp(k, order) == LTC_MP_LT) {
             ltc_mp.ecc_ptmul(k, G, R, modulus, 1);
@@ -699,11 +680,12 @@ void ecc_gen(void)
 
 void lrw_gen(void)
 {
+#ifdef LTC_LRW_MODE
    FILE *out;
    unsigned char tweak[16], key[16], iv[16], buf[1024];
    int x, y, err;
    symmetric_LRW lrw;
-   
+
    /* initialize default key and tweak */
    for (x = 0; x < 16; x++) {
       tweak[x] = key[x] = iv[x] = x;
@@ -760,27 +742,61 @@ void lrw_gen(void)
        lrw_done(&lrw);
    }
    fclose(out);
-}      
+#endif
+}
 
 int main(void)
 {
-   reg_algs();
+   register_all_ciphers();
+   register_all_hashes();
+   register_all_prngs();
+#ifdef USE_LTM
+   ltc_mp = ltm_desc;
+#elif defined(USE_TFM)
+   ltc_mp = tfm_desc;
+#elif defined(USE_GMP)
+   ltc_mp = gmp_desc;
+#elif defined(EXT_MATH_LIB)
+   extern ltc_math_descriptor EXT_MATH_LIB;
+   ltc_mp = EXT_MATH_LIB;
+#else
+   fprintf(stderr, "No MPI provider available\n");
+   exit(EXIT_FAILURE);
+#endif
+
    printf("Generating hash   vectors..."); fflush(stdout); hash_gen();   printf("done\n");
    printf("Generating cipher vectors..."); fflush(stdout); cipher_gen(); printf("done\n");
    printf("Generating HMAC   vectors..."); fflush(stdout); hmac_gen();   printf("done\n");
+#ifdef LTC_OMAC
    printf("Generating OMAC   vectors..."); fflush(stdout); omac_gen();   printf("done\n");
+#endif
+#ifdef LTC_PMAC
    printf("Generating PMAC   vectors..."); fflush(stdout); pmac_gen();   printf("done\n");
+#endif
+#ifdef LTC_EAX_MODE
    printf("Generating EAX    vectors..."); fflush(stdout); eax_gen();    printf("done\n");
+#endif
+#ifdef LTC_OCB_MODE
    printf("Generating OCB    vectors..."); fflush(stdout); ocb_gen();    printf("done\n");
+#endif
+#ifdef LTC_OCB3_MODE
+   printf("Generating OCB3   vectors..."); fflush(stdout); ocb3_gen();   printf("done\n");
+#endif
+#ifdef LTC_CCM_MODE
    printf("Generating CCM    vectors..."); fflush(stdout); ccm_gen();    printf("done\n");
+#endif
+#ifdef LTC_GCM_MODE
    printf("Generating GCM    vectors..."); fflush(stdout); gcm_gen();    printf("done\n");
+#endif
    printf("Generating BASE64 vectors..."); fflush(stdout); base64_gen(); printf("done\n");
    printf("Generating MATH   vectors..."); fflush(stdout); math_gen();   printf("done\n");
    printf("Generating ECC    vectors..."); fflush(stdout); ecc_gen();    printf("done\n");
+#ifdef LTC_LRW_MODE
    printf("Generating LRW    vectors..."); fflush(stdout); lrw_gen();    printf("done\n");
+#endif
    return 0;
 }
 
-/* $Source: /cvs/libtom/libtomcrypt/demos/tv_gen.c,v $ */
-/* $Revision: 1.15 $ */
-/* $Date: 2006/06/09 22:10:27 $ */
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */

libtomcrypt/doc/makefile

@@ -0,0 +1,63 @@
+ifeq ($V,1)
+silent=
+silent_stdout=
+else
+silent=@
+silent_stdout= > /dev/null
+endif
+
+#Files left over from making the crypt.pdf.
+LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind *.out *.lof
+
+#build the doxy files (requires Doxygen, tetex and patience)
+.PHONY: doxygen
+doxygen:
+	doxygen $(silent_stdout)
+
+patched_doxygen:
+	(cat Doxyfile && echo "HAVE_DOT=no") | doxygen - $(silent_stdout)
+
+doxy: patched_doxygen
+	${MAKE} -C doxygen/latex $(silent_stdout) && mv -f doxygen/latex/refman.pdf .
+	@echo The huge doxygen PDF should be available as doc/refman.pdf
+
+#This builds the crypt.pdf file. Note that the rm -f *.pdf has been removed
+#from the clean command! This is because most people would like to keep the
+#nice pre-compiled crypt.pdf that comes with libtomcrypt! We only need to
+#delete it if we are rebuilding it.
+docs crypt.pdf: crypt.tex
+	rm -f crypt.pdf $(LEFTOVERS)
+	cp crypt.tex crypt.bak
+	touch -r crypt.tex crypt.bak
+	(printf "%s" "\def\fixedpdfdate{"; date +'D:%Y%m%d%H%M%S%:z' -d @$$(stat --format=%Y crypt.tex) | sed "s/:\([0-9][0-9]\)$$/'\1'}/g") > crypt-deterministic.tex
+	printf "%s\n" "\pdfinfo{" >> crypt-deterministic.tex
+	printf "%s\n" "  /CreationDate (\fixedpdfdate)" >> crypt-deterministic.tex
+	printf "%s\n}\n" "  /ModDate (\fixedpdfdate)" >> crypt-deterministic.tex
+	cat crypt.tex >> crypt-deterministic.tex
+	mv crypt-deterministic.tex crypt.tex
+	touch -r crypt.bak crypt.tex
+	echo "hello" > crypt.ind
+	latex crypt $(silent_stdout)
+	latex crypt $(silent_stdout)
+	makeindex crypt.idx $(silent_stdout)
+	perl ../helper.pl --fixupind crypt.ind
+	pdflatex crypt $(silent_stdout)
+	sed -b -i 's,^/ID \[.*\]$$,/ID [<0> <0>],g' crypt.pdf
+	mv crypt.bak crypt.tex
+	rm -f $(LEFTOVERS)
+
+docdvi: crypt.tex
+	echo hello > crypt.ind
+	latex crypt $(silent_stdout)
+	latex crypt $(silent_stdout)
+	makeindex crypt.idx
+	perl ../helper.pl --fixupind crypt.ind
+	latex crypt $(silent_stdout)
+	latex crypt $(silent_stdout)
+
+termdoc: docdvi
+	dvi2tty crypt.dvi -w120
+
+clean:
+	rm -f $(LEFTOVERS)
+	rm -rf doxygen/

libtomcrypt/helper.pl

@@ -0,0 +1,384 @@
+#!/usr/bin/env perl
+
+use strict;
+use warnings;
+
+use Getopt::Long;
+use File::Find 'find';
+use File::Basename 'basename';
+use File::Glob 'bsd_glob';
+
+sub read_file {
+  my $f = shift;
+  open my $fh, "<", $f or die "FATAL: read_rawfile() cannot open file '$f': $!";
+  binmode $fh;
+  return do { local $/; <$fh> };
+}
+
+sub write_file {
+  my ($f, $data) = @_;
+  die "FATAL: write_file() no data" unless defined $data;
+  open my $fh, ">", $f or die "FATAL: write_file() cannot open file '$f': $!";
+  binmode $fh;
+  print $fh $data or die "FATAL: write_file() cannot write to '$f': $!";
+  close $fh or die "FATAL: write_file() cannot close '$f': $!";
+  return;
+}
+
+sub check_source {
+  my @all_files = (bsd_glob("makefile*"), bsd_glob("*.sh"), bsd_glob("*.pl"));
+  find({ wanted=>sub { push @all_files, $_ if -f $_ }, no_chdir=>1 }, qw/src tests demos/);
+
+  my $fails = 0;
+  for my $file (sort @all_files) {
+    next unless $file =~ /\.(c|h|pl|py|sh)$/ || basename($file) =~ /^makefile/i;
+    my $troubles = {};
+    my $lineno = 1;
+    my $content = read_file($file);
+    push @{$troubles->{crlf_line_end}}, '?' if $content =~ /\r/;
+    for my $l (split /\n/, $content) {
+      push @{$troubles->{merge_conflict}},   $lineno if $l =~ /^(<<<<<<<|=======|>>>>>>>)([^<=>]|$)/;
+      push @{$troubles->{trailing_space}},   $lineno if $l =~ / $/;
+      push @{$troubles->{tab}},              $lineno if $l =~ /\t/ && basename($file) !~ /^makefile/i;
+      push @{$troubles->{non_ascii_char}},   $lineno if $l =~ /[^[:ascii:]]/;
+      push @{$troubles->{cpp_comment}},      $lineno if $file =~ /\.(c|h)$/ && ($l =~ /\s\/\// || $l =~ /\/\/\s/);
+      # in ./src we prefer using XMEMCPY, XMALLOC, XFREE ...
+      push @{$troubles->{unwanted_memcpy}},  $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bmemcpy\s*\(/;
+      push @{$troubles->{unwanted_malloc}},  $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bmalloc\s*\(/;
+      push @{$troubles->{unwanted_realloc}}, $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\brealloc\s*\(/;
+      push @{$troubles->{unwanted_calloc}},  $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bcalloc\s*\(/;
+      push @{$troubles->{unwanted_free}},    $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bfree\s*\(/;
+      push @{$troubles->{unwanted_memset}},  $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bmemset\s*\(/;
+      push @{$troubles->{unwanted_memcpy}},  $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bmemcpy\s*\(/;
+      push @{$troubles->{unwanted_memmove}}, $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bmemmove\s*\(/;
+      push @{$troubles->{unwanted_memcmp}},  $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bmemcmp\s*\(/;
+      push @{$troubles->{unwanted_strcmp}},  $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bstrcmp\s*\(/;
+      push @{$troubles->{unwanted_clock}},   $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bclock\s*\(/;
+      push @{$troubles->{unwanted_qsort}},   $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bqsort\s*\(/;
+      push @{$troubles->{sizeof_no_brackets}}, $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bsizeof\s*[^\(]/;
+      if ($file =~ m|src/.*\.c$| &&
+          $file !~ m|src/ciphers/.*\.c$| &&
+          $file !~ m|src/hashes/.*\.c$| &&
+          $file !~ m|src/math/.+_desc.c$| &&
+          $file !~ m|src/stream/sober128/sober128_stream.c$| &&
+          $l =~ /^static(\s+[a-zA-Z0-9_]+)+\s+([^_][a-zA-Z0-9_]+)\s*\(/) {
+        push @{$troubles->{staticfunc_name}}, "$lineno($2)";
+      }
+      $lineno++;
+    }
+    for my $k (sort keys %$troubles) {
+      warn "[$k] $file line:" . join(",", @{$troubles->{$k}}) . "\n";
+      $fails++;
+    }
+  }
+
+  warn( $fails > 0 ? "check-source:    FAIL $fails\n" : "check-source:    PASS\n" );
+  return $fails;
+}
+
+sub check_defines {
+  my $fails = 0;
+  my $cust_h = read_file("src/headers/tomcrypt_custom.h");
+  my $cryp_c = read_file("src/misc/crypt/crypt.c");
+  $cust_h =~ s|/\*.*?\*/||sg; # remove comments
+  $cryp_c =~ s|/\*.*?\*/||sg; # remove comments
+  my %def = map { $_ => 1 } map { my $x = $_; $x =~ s/^\s*#define\s+(LTC_\S+).*$/$1/; $x } grep { /^\s*#define\s+LTC_\S+/ } split /\n/, $cust_h;
+  for my $d (sort keys %def) {
+    next if $d =~ /^LTC_(DH\d+|ECC\d+|ECC_\S+|MPI|MUTEX_\S+\(x\)|NO_\S+)$/;
+    warn "$d missing in src/misc/crypt/crypt.c\n" and $fails++ if $cryp_c !~ /\Q$d\E/;
+  }
+  warn( $fails > 0 ? "check-defines:   FAIL $fails\n" : "check-defines:   PASS\n" );
+  return $fails;
+}
+
+sub check_descriptor {
+  my $which = shift;
+  my $what = shift;
+  my @src;
+  my @descriptors;
+  find({ wanted => sub { push @src, $_ if $_ =~ /\.c$/ }, no_chdir=>1 }, "./src/${which}/");
+  for my $f (@src) {
+    my @n = map { my $x = $_; $x =~ s/^.*?ltc_${what}_descriptor\s+(\S+).*$/$1/; $x } grep { $_ =~ /ltc_${what}_descriptor/ } split /\n/, read_file($f);
+    push @descriptors, @n if @n;
+  }
+  my $fails = 0;
+  for my $d (@descriptors) {
+    for my $f ("./src/misc/crypt/crypt_register_all_${which}.c") {
+      my $txt = read_file($f);
+      warn "$d missing in $f\n" and $fails++ if $txt !~ /\Q$d\E/;
+    }
+  }
+  for my $d (@descriptors) {
+    for my $f ("./tests/test.c") {
+      my $txt = read_file($f);
+      warn "$d missing in $f\n" and $fails++ if $txt !~ /\Q$d\E/;
+    }
+  }
+  my $name = sprintf("%-17s", "check-${which}:");
+  warn( $fails > 0 ? "${name}FAIL $fails\n" : "${name}PASS\n" );
+  return $fails;
+}
+
+sub check_descriptors {
+  my $fails = 0;
+  $fails = $fails + check_descriptor("ciphers", "cipher");
+  $fails = $fails + check_descriptor("hashes", "hash");
+  $fails = $fails + check_descriptor("prngs", "prng");
+  return $fails;
+}
+
+sub check_comments {
+  my $fails = 0;
+  my $first_comment = <<'MARKER';
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+MARKER
+  my $last_comment = <<'MARKER';
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */
+MARKER
+  my @all_files;
+  find({ wanted=> sub { push @all_files, $_ if $_ =~ /\.(c|h)$/ }, no_chdir=>1 }, 'demos', 'src', 'tests');
+  for my $f (@all_files) {
+    my $txt = read_file($f);
+    if ($txt !~ /^\Q$first_comment\E/s) {
+      warn "[first_comment] $f\n";
+      $fails++;
+    }
+    if ($txt !~ /\Q$last_comment\E\s*$/s) {
+      warn "[last_comment] $f\n";
+      $fails++;
+    }
+  }
+  warn( $fails > 0 ? "check-comments:  FAIL $fails\n" : "check-comments:  PASS\n" );
+  return $fails;
+}
+
+sub prepare_variable {
+  my ($varname, @list) = @_;
+  my $output = "$varname=";
+  my $len = length($output);
+  foreach my $obj (sort @list) {
+    $len = $len + length $obj;
+    $obj =~ s/\*/\$/;
+    if ($len > 100) {
+      $output .= "\\\n";
+      $len = length $obj;
+    }
+    $output .= $obj . ' ';
+  }
+  $output =~ s/ $//;
+  return $output;
+}
+
+sub prepare_msvc_files_xml {
+  my ($all, $exclude_re, $targets) = @_;
+  my $last = [];
+  my $depth = 2;
+
+  # sort files in the same order as visual studio (ugly, I know)
+  my @parts = ();
+  for my $orig (@$all) {
+    my $p = $orig;
+    $p =~ s|/|/~|g;
+    $p =~ s|/~([^/]+)$|/$1|g;
+    # now we have: 'src/pk/rsa/rsa_verify_hash.c' > 'src/~pk/~rsa/rsa_verify_hash.c'
+    my @l = map { sprintf "% -99s", $_ } split /\//, $p;
+    push @parts, [ $orig, join(':', @l) ];
+  }
+  my @sorted = map { $_->[0] } sort { $a->[1] cmp $b->[1] } @parts;
+
+  my $files = "<Files>\r\n";
+  for my $full (@sorted) {
+    my @items = split /\//, $full; # split by '/'
+    $full =~ s|/|\\|g;             # replace '/' bt '\'
+    shift @items; # drop first one (src)
+    pop @items;   # drop last one (filename.ext)
+    my $current = \@items;
+    if (join(':', @$current) ne join(':', @$last)) {
+      my $common = 0;
+      $common++ while ($last->[$common] && $current->[$common] && $last->[$common] eq $current->[$common]);
+      my $back = @$last - $common;
+      if ($back > 0) {
+        $files .= ("\t" x --$depth) . "</Filter>\r\n" for (1..$back);
+      }
+      my $fwd = [ @$current ]; splice(@$fwd, 0, $common);
+      for my $i (0..scalar(@$fwd) - 1) {
+        $files .= ("\t" x $depth) . "<Filter\r\n";
+        $files .= ("\t" x $depth) . "\tName=\"$fwd->[$i]\"\r\n";
+        $files .= ("\t" x $depth) . "\t>\r\n";
+        $depth++;
+      }
+      $last = $current;
+    }
+    $files .= ("\t" x $depth) . "<File\r\n";
+    $files .= ("\t" x $depth) . "\tRelativePath=\"$full\"\r\n";
+    $files .= ("\t" x $depth) . "\t>\r\n";
+    if ($full =~ $exclude_re) {
+      for (@$targets) {
+        $files .= ("\t" x $depth) . "\t<FileConfiguration\r\n";
+        $files .= ("\t" x $depth) . "\t\tName=\"$_\"\r\n";
+        $files .= ("\t" x $depth) . "\t\tExcludedFromBuild=\"true\"\r\n";
+        $files .= ("\t" x $depth) . "\t\t>\r\n";
+        $files .= ("\t" x $depth) . "\t\t<Tool\r\n";
+        $files .= ("\t" x $depth) . "\t\t\tName=\"VCCLCompilerTool\"\r\n";
+        $files .= ("\t" x $depth) . "\t\t\tAdditionalIncludeDirectories=\"\"\r\n";
+        $files .= ("\t" x $depth) . "\t\t\tPreprocessorDefinitions=\"\"\r\n";
+        $files .= ("\t" x $depth) . "\t\t/>\r\n";
+        $files .= ("\t" x $depth) . "\t</FileConfiguration>\r\n";
+      }
+    }
+########### aes_enc "hack" disabled - discussion: https://github.com/libtom/libtomcrypt/pull/158
+#    if ($full eq 'src\ciphers\aes\aes.c') { #hack
+#      my %cmd = (
+#        'Debug|Win32'   => [ 'Debug/aes.obj;Debug/aes_enc.obj', 'cl /nologo /MLd /W3 /Gm /GX /ZI /Od /I &quot;src\headers&quot; /I &quot;..\libtommath&quot; /D &quot;_DEBUG&quot; /D &quot;LTM_DESC&quot; /D &quot;WIN32&quot; /D &quot;_MBCS&quot; /D &quot;_LIB&quot; /D &quot;LTC_SOURCE&quot; /D &quot;USE_LTM&quot; /Fp&quot;Debug/libtomcrypt.pch&quot; /YX /Fo&quot;Debug/&quot; /Fd&quot;Debug/&quot; /FD /GZ /c $(InputPath)&#x0D;&#x0A;cl /nologo /DENCRYPT_ONLY /MLd /W3 /Gm /GX /ZI /Od /I &quot;src\headers&quot; /I &quot;..\libtommath&quot; /D &quot;_DEBUG&quot; /D &quot;LTM_DESC&quot; /D &quot;WIN32&quot; /D &quot;_MBCS&quot; /D &quot;_LIB&quot; /D &quot;LTC_SOURCE&quot; /D &quot;USE_LTM&quot; /Fp&quot;Debug/libtomcrypt.pch&quot; /YX /Fo&quot;Debug/aes_enc.obj&quot; /Fd&quot;Debug/&quot; /FD /GZ /c $(InputPath)&#x0D;&#x0A;' ],
+#        'Release|Win32' => [ 'Release/aes.obj;Release/aes_enc.obj', 'cl /nologo /MLd /W3 /Gm /GX /ZI /Od /I &quot;src\headers&quot; /I &quot;..\libtommath&quot; /D &quot;_DEBUG&quot; /D &quot;LTM_DESC&quot; /D &quot;WIN32&quot; /D &quot;_MBCS&quot; /D &quot;_LIB&quot; /D &quot;LTC_SOURCE&quot; /D &quot;USE_LTM&quot; /Fp&quot;Release/libtomcrypt.pch&quot; /YX /Fo&quot;Release/&quot; /Fd&quot;Release/&quot; /FD /GZ /c $(InputPath)&#x0D;&#x0A;cl /nologo /DENCRYPT_ONLY /MLd /W3 /Gm /GX /ZI /Od /I &quot;src\headers&quot; /I &quot;..\libtommath&quot; /D &quot;_DEBUG&quot; /D &quot;LTM_DESC&quot; /D &quot;WIN32&quot; /D &quot;_MBCS&quot; /D &quot;_LIB&quot; /D &quot;LTC_SOURCE&quot; /D &quot;USE_LTM&quot; /Fp&quot;Release/libtomcrypt.pch&quot; /YX /Fo&quot;Release/aes_enc.obj&quot; /Fd&quot;Release/&quot; /FD /GZ /c $(InputPath)&#x0D;&#x0A;' ],
+#      );
+#      for (@$targets) {
+#        next unless $cmd{$_};
+#        $files .= ("\t" x $depth) . "\t<FileConfiguration\r\n";
+#        $files .= ("\t" x $depth) . "\t\tName=\"$_\"\r\n";
+#        $files .= ("\t" x $depth) . "\t\t>\r\n";
+#        $files .= ("\t" x $depth) . "\t\t<Tool\r\n";
+#        $files .= ("\t" x $depth) . "\t\t\tName=\"VCCustomBuildTool\"\r\n";
+#        $files .= ("\t" x $depth) . "\t\t\tCommandLine=\"$cmd{$_}[1]\"\r\n";
+#        $files .= ("\t" x $depth) . "\t\t\tOutputs=\"$cmd{$_}[0]\"\r\n";
+#        $files .= ("\t" x $depth) . "\t\t/>\r\n";
+#        $files .= ("\t" x $depth) . "\t</FileConfiguration>\r\n";
+#      }
+#    }
+    $files .= ("\t" x $depth) . "</File>\r\n";
+  }
+  $files .= ("\t" x --$depth) . "</Filter>\r\n" for (@$last);
+  $files .= "\t</Files>";
+  return $files;
+}
+
+sub patch_file {
+  my ($content, @variables) = @_;
+  for my $v (@variables) {
+    if ($v =~ /^([A-Z0-9_]+)\s*=.*$/si) {
+      my $name = $1;
+      $content =~ s/\n\Q$name\E\b.*?[^\\]\n/\n$v\n/s;
+    }
+    else {
+      die "patch_file failed: " . substr($v, 0, 30) . "..";
+    }
+  }
+  return $content;
+}
+
+sub version_from_tomcrypt_h {
+  my $h = read_file(shift);
+  if ($h =~ /\n#define\s*SCRYPT\s*"([0-9]+)\.([0-9]+)\.([0-9]+)(.*)"/s) {
+    return "VERSION_PC=$1.$2.$3", "VERSION_LT=1:1", "VERSION=$1.$2.$3$4", "PROJECT_NUMBER=$1.$2.$3$4";
+  }
+  else {
+    die "#define SCRYPT not found in tomcrypt.h";
+  }
+}
+
+sub process_makefiles {
+  my $write = shift;
+  my $changed_count = 0;
+  my @c = ();
+  find({ no_chdir => 1, wanted => sub { push @c, $_ if -f $_ && $_ =~ /\.c$/ && $_ !~ /tab.c$/ } }, 'src');
+  my @h = ();
+  find({ no_chdir => 1, wanted => sub { push @h, $_ if -f $_ && $_ =~ /\.h$/ && $_ !~ /dh_static.h$/ } }, 'src');
+  my @all = ();
+  find({ no_chdir => 1, wanted => sub { push @all, $_ if -f $_ && $_ =~ /\.(c|h)$/  } }, 'src');
+  my @t = qw();
+  find({ no_chdir => 1, wanted => sub { push @t, $_ if $_ =~ /(common|no_prng|_tests?|test).c$/ } }, 'tests');
+
+  my @o = sort ('src/ciphers/aes/aes_enc.o', map { my $x = $_; $x =~ s/\.c$/.o/; $x } @c);
+  my $var_o = prepare_variable("OBJECTS", @o);
+  my $var_h = prepare_variable("HEADERS", (sort @h));
+  (my $var_obj = $var_o) =~ s/\.o\b/.obj/sg;
+
+  my $var_to = prepare_variable("TOBJECTS", sort map { my $x = $_; $x =~ s/\.c$/.o/; $x } @t);
+  (my $var_tobj = $var_to) =~ s/\.o\b/.obj/sg;
+
+  my @ver_version = version_from_tomcrypt_h("src/headers/tomcrypt.h");
+
+  # update MSVC project files
+  my $msvc_files = prepare_msvc_files_xml(\@all, qr/tab\.c$/, ['Debug|Win32', 'Release|Win32', 'Debug|x64', 'Release|x64']);
+  for my $m (qw/libtomcrypt_VS2008.vcproj/) {
+    my $old = read_file($m);
+    my $new = $old;
+    $new =~ s|<Files>.*</Files>|$msvc_files|s;
+    if ($old ne $new) {
+      write_file($m, $new) if $write;
+      warn "changed: $m\n";
+      $changed_count++;
+    }
+  }
+
+  # update OBJECTS + HEADERS in makefile*
+  for my $m (qw/ makefile makefile.shared makefile.unix makefile.mingw makefile.msvc makefile_include.mk doc\/Doxyfile /) {
+    my $old = read_file($m);
+    my $new = $m eq 'makefile.msvc' ? patch_file($old, $var_obj, $var_h, $var_tobj, @ver_version)
+                                    : patch_file($old, $var_o, $var_h, $var_to, @ver_version);
+    if ($old ne $new) {
+      write_file($m, $new) if $write;
+      warn "changed: $m\n";
+      $changed_count++;
+    }
+  }
+
+  if ($write) {
+    return 0; # no failures
+  }
+  else {
+    warn( $changed_count > 0 ? "check-makefiles: FAIL $changed_count\n" : "check-makefiles: PASS\n" );
+    return $changed_count;
+  }
+}
+
+sub die_usage {
+  die <<"MARKER";
+usage: $0 -s   OR   $0 --check-source
+       $0 -c   OR   $0 --check-descriptors
+       $0 -d   OR   $0 --check-defines
+       $0 -o   OR   $0 --check-comments
+       $0 -m   OR   $0 --check-makefiles
+       $0 -a   OR   $0 --check-all
+       $0 -u   OR   $0 --update-makefiles
+       $0 --fixupind crypt.ind
+MARKER
+}
+
+GetOptions( "s|check-source"        => \my $check_source,
+            "c|check-descriptors"   => \my $check_descriptors,
+            "d|check-defines"       => \my $check_defines,
+            "o|check-comments"      => \my $check_comments,
+            "m|check-makefiles"     => \my $check_makefiles,
+            "a|check-all"           => \my $check_all,
+            "u|update-makefiles"    => \my $update_makefiles,
+            "f|fixupind=s"          => \my $fixupind,
+            "h|help"                => \my $help
+          ) or die_usage;
+
+if ($fixupind) {
+  my $txt = read_file($fixupind);
+  $txt =~ s/^([^\n]*\n)/$1\n\\addcontentsline{toc}{chapter}{Index}\n/s;
+  write_file($fixupind, $txt);
+  exit 0;
+}
+
+my $failure;
+$failure ||= check_source()       if $check_all || $check_source;
+$failure ||= check_defines()      if $check_all || $check_defines;
+$failure ||= check_descriptors()  if $check_all || $check_descriptors;
+$failure ||= check_comments()     if $check_all || $check_comments;
+$failure ||= process_makefiles(0) if $check_all || $check_makefiles;
+$failure ||= process_makefiles(1) if $update_makefiles;
+
+die_usage unless defined $failure;
+exit $failure ? 1 : 0;

libtomcrypt/makefile.icc

@@ -96,27 +96,28 @@ endif
 #START_INS
 OBJECTS=src/ciphers/aes/aes_enc.o src/ciphers/aes/aes.o src/ciphers/anubis.o src/ciphers/blowfish.o \
 src/ciphers/cast5.o src/ciphers/des.o src/ciphers/kasumi.o src/ciphers/khazad.o src/ciphers/kseed.o \
-src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o src/ciphers/rc6.o src/ciphers/safer/safer.o \
-src/ciphers/safer/safer_tab.o src/ciphers/safer/saferp.o src/ciphers/skipjack.o \
-src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_memory.o \
+src/ciphers/multi2.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o src/ciphers/rc6.o \
+src/ciphers/safer/safer.o src/ciphers/safer/saferp.o src/ciphers/safer/safer_tab.o \
+src/ciphers/skipjack.o src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_memory.o \
 src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
-src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o src/encauth/eax/eax_encrypt.o \
-src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_init.o \
-src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o src/encauth/gcm/gcm_add_iv.o \
-src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o src/encauth/gcm/gcm_init.o \
-src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o src/encauth/gcm/gcm_process.o \
-src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o \
-src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \
-src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
-src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
-src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
-src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \
-src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
-src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o \
-src/hashes/sha1.o src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \
-src/hashes/whirl/whirl.o src/mac/f9/f9_done.o src/mac/f9/f9_file.o src/mac/f9/f9_init.o \
-src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o src/mac/f9/f9_process.o src/mac/f9/f9_test.o \
-src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
+src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
+src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_encrypt.o \
+src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \
+src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
+src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
+src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
+src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
+src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o \
+src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_encrypt.o \
+src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o src/encauth/ocb/ocb_shift_xor.o \
+src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o src/hashes/chc/chc.o \
+src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
+src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o src/hashes/md5.o \
+src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o src/hashes/sha1.o \
+src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o src/hashes/whirl/whirl.o \
+src/mac/f9/f9_done.o src/mac/f9/f9_file.o src/mac/f9/f9_init.o src/mac/f9/f9_memory.o \
+src/mac/f9/f9_memory_multi.o src/mac/f9/f9_process.o src/mac/f9/f9_test.o src/mac/hmac/hmac_done.o \
+src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
 src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \
 src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
 src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \
@@ -128,39 +129,41 @@ src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \
 src/mac/xcbc/xcbc_memory_multi.o src/mac/xcbc/xcbc_process.o src/mac/xcbc/xcbc_test.o \
 src/math/fp/ltc_ecc_fp_mulmod.o src/math/gmp_desc.o src/math/ltm_desc.o src/math/multi.o \
 src/math/rand_prime.o src/math/tfm_desc.o src/misc/base64/base64_decode.o \
-src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt.o \
-src/misc/crypt/crypt_argchk.o src/misc/crypt/crypt_cipher_descriptor.o \
-src/misc/crypt/crypt_cipher_is_valid.o src/misc/crypt/crypt_find_cipher.o \
-src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher_id.o \
-src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_any.o \
-src/misc/crypt/crypt_find_hash_id.o src/misc/crypt/crypt_find_hash_oid.o \
-src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_fsa.o src/misc/crypt/crypt_hash_descriptor.o \
-src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_ltc_mp_descriptor.o \
-src/misc/crypt/crypt_prng_descriptor.o src/misc/crypt/crypt_prng_is_valid.o \
-src/misc/crypt/crypt_register_cipher.o src/misc/crypt/crypt_register_hash.o \
-src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_unregister_cipher.o \
-src/misc/crypt/crypt_unregister_hash.o src/misc/crypt/crypt_unregister_prng.o \
-src/misc/error_to_string.o src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
-src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o \
-src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o \
-src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o \
-src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \
-src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \
-src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \
-src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
-src/modes/ecb/ecb_start.o src/modes/f8/f8_decrypt.o src/modes/f8/f8_done.o src/modes/f8/f8_encrypt.o \
-src/modes/f8/f8_getiv.o src/modes/f8/f8_setiv.o src/modes/f8/f8_start.o src/modes/f8/f8_test_mode.o \
-src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o src/modes/lrw/lrw_encrypt.o \
-src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o src/modes/lrw/lrw_setiv.o \
-src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
-src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
-src/modes/ofb/ofb_start.o src/pk/asn1/der/bit/der_decode_bit_string.o \
-src/pk/asn1/der/bit/der_encode_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \
-src/pk/asn1/der/boolean/der_decode_boolean.o src/pk/asn1/der/boolean/der_encode_boolean.o \
-src/pk/asn1/der/boolean/der_length_boolean.o src/pk/asn1/der/choice/der_decode_choice.o \
-src/pk/asn1/der/ia5/der_decode_ia5_string.o src/pk/asn1/der/ia5/der_encode_ia5_string.o \
-src/pk/asn1/der/ia5/der_length_ia5_string.o src/pk/asn1/der/integer/der_decode_integer.o \
-src/pk/asn1/der/integer/der_encode_integer.o src/pk/asn1/der/integer/der_length_integer.o \
+src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt_argchk.o \
+src/misc/crypt/crypt.o src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
+src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher.o \
+src/misc/crypt/crypt_find_cipher_id.o src/misc/crypt/crypt_find_hash_any.o \
+src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_id.o \
+src/misc/crypt/crypt_find_hash_oid.o src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_fsa.o \
+src/misc/crypt/crypt_hash_descriptor.o src/misc/crypt/crypt_hash_is_valid.o \
+src/misc/crypt/crypt_ltc_mp_descriptor.o src/misc/crypt/crypt_prng_descriptor.o \
+src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_register_cipher.o \
+src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o \
+src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
+src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o src/misc/pkcs5/pkcs_5_1.o \
+src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o \
+src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o \
+src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o \
+src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o \
+src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o \
+src/modes/ctr/ctr_encrypt.o src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o \
+src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o \
+src/modes/ecb/ecb_encrypt.o src/modes/ecb/ecb_start.o src/modes/f8/f8_decrypt.o src/modes/f8/f8_done.o \
+src/modes/f8/f8_encrypt.o src/modes/f8/f8_getiv.o src/modes/f8/f8_setiv.o src/modes/f8/f8_start.o \
+src/modes/f8/f8_test_mode.o src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o \
+src/modes/lrw/lrw_encrypt.o src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o \
+src/modes/lrw/lrw_setiv.o src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o \
+src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o src/modes/ofb/ofb_encrypt.o \
+src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \
+src/modes/xts/xts_decrypt.o src/modes/xts/xts_done.o src/modes/xts/xts_encrypt.o \
+src/modes/xts/xts_init.o src/modes/xts/xts_mult_x.o src/modes/xts/xts_test.o \
+src/pk/asn1/der/bit/der_decode_bit_string.o src/pk/asn1/der/bit/der_encode_bit_string.o \
+src/pk/asn1/der/bit/der_length_bit_string.o src/pk/asn1/der/boolean/der_decode_boolean.o \
+src/pk/asn1/der/boolean/der_encode_boolean.o src/pk/asn1/der/boolean/der_length_boolean.o \
+src/pk/asn1/der/choice/der_decode_choice.o src/pk/asn1/der/ia5/der_decode_ia5_string.o \
+src/pk/asn1/der/ia5/der_encode_ia5_string.o src/pk/asn1/der/ia5/der_length_ia5_string.o \
+src/pk/asn1/der/integer/der_decode_integer.o src/pk/asn1/der/integer/der_encode_integer.o \
+src/pk/asn1/der/integer/der_length_integer.o \
 src/pk/asn1/der/object_identifier/der_decode_object_identifier.o \
 src/pk/asn1/der/object_identifier/der_encode_object_identifier.o \
 src/pk/asn1/der/object_identifier/der_length_object_identifier.o \
@@ -183,8 +186,8 @@ src/pk/asn1/der/utf8/der_decode_utf8_string.o src/pk/asn1/der/utf8/der_encode_ut
 src/pk/asn1/der/utf8/der_length_utf8_string.o src/pk/dsa/dsa_decrypt_key.o \
 src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o \
 src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o \
-src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o \
-src/pk/ecc/ecc_ansi_x963_export.o src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o \
+src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc_ansi_x963_export.o \
+src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc.o src/pk/ecc/ecc_decrypt_key.o \
 src/pk/ecc/ecc_encrypt_key.o src/pk/ecc/ecc_export.o src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_size.o \
 src/pk/ecc/ecc_import.o src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_shared_secret.o \
 src/pk/ecc/ecc_sign_hash.o src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o src/pk/ecc/ecc_verify_hash.o \
@@ -287,6 +290,6 @@ install: library
 	install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH)
 
 # $Source: /cvs/libtom/libtomcrypt/makefile.icc,v $   
-# $Revision: 1.73 $   
-# $Date: 2006/12/02 19:23:21 $ 
+# $Revision: 1.76 $   
+# $Date: 2007/02/16 16:36:25 $ 
 

libtomcrypt/makefile.mingw

@@ -0,0 +1,288 @@
+# MAKEFILE for MS Windows (mingw + gcc + gmake)
+#
+# BEWARE: variables OBJECTS, TOBJECTS, HEADERS, VERSION are updated via ./updatemakes.sh
+
+### USAGE:
+# Open a command prompt with gcc + gmake in PATH and start:
+#
+# gmake -f makefile.mingw all
+# test.exe
+# gmake -f makefile.mingw PREFIX=c:\devel\libtom install
+#
+#Or:
+#
+# gmake -f makefile.mingw CFLAGS="-O3 -DUSE_LTM -DLTM_DESC -Ic:/path/to/libtommath" EXTRALIBS="-Lc:/path/to/libtommath -ltommath" all
+#
+
+#The following can be overridden from command line e.g. make -f makefile.mingw CC=gcc ARFLAGS=rcs
+PREFIX    = c:\mingw
+CC        = gcc
+AR        = ar
+ARFLAGS   = r
+RANLIB    = ranlib
+STRIP     = strip
+CFLAGS    = -O2 -DUSE_LTM -DLTM_DESC -I../libtommath
+EXTRALIBS = -L../libtommath -ltommath
+
+#Compilation flags
+LTC_CFLAGS  = -Isrc/headers -Itests -DLTC_SOURCE $(CFLAGS)
+LTC_LDFLAGS = $(LDFLAGS) $(EXTRALIBS)
+VERSION=1.18.2
+
+#Libraries to be created
+LIBMAIN_S =libtomcrypt.a
+LIBMAIN_I =libtomcrypt.dll.a
+LIBMAIN_D =libtomcrypt.dll
+
+#List of objects to compile (all goes to libtomcrypt.a)
+OBJECTS=src/ciphers/aes/aes.o src/ciphers/aes/aes_enc.o src/ciphers/anubis.o src/ciphers/blowfish.o \
+src/ciphers/camellia.o src/ciphers/cast5.o src/ciphers/des.o src/ciphers/kasumi.o src/ciphers/khazad.o \
+src/ciphers/kseed.o src/ciphers/multi2.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \
+src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/saferp.o src/ciphers/skipjack.o \
+src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_add_aad.o \
+src/encauth/ccm/ccm_add_nonce.o src/encauth/ccm/ccm_done.o src/encauth/ccm/ccm_init.o \
+src/encauth/ccm/ccm_memory.o src/encauth/ccm/ccm_process.o src/encauth/ccm/ccm_reset.o \
+src/encauth/ccm/ccm_test.o src/encauth/chachapoly/chacha20poly1305_add_aad.o \
+src/encauth/chachapoly/chacha20poly1305_decrypt.o src/encauth/chachapoly/chacha20poly1305_done.o \
+src/encauth/chachapoly/chacha20poly1305_encrypt.o src/encauth/chachapoly/chacha20poly1305_init.o \
+src/encauth/chachapoly/chacha20poly1305_memory.o src/encauth/chachapoly/chacha20poly1305_setiv.o \
+src/encauth/chachapoly/chacha20poly1305_setiv_rfc7905.o \
+src/encauth/chachapoly/chacha20poly1305_test.o src/encauth/eax/eax_addheader.o \
+src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
+src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
+src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \
+src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
+src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
+src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
+src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
+src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
+src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
+src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
+src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \
+src/encauth/ocb3/ocb3_decrypt_verify_memory.o src/encauth/ocb3/ocb3_done.o \
+src/encauth/ocb3/ocb3_encrypt.o src/encauth/ocb3/ocb3_encrypt_authenticate_memory.o \
+src/encauth/ocb3/ocb3_encrypt_last.o src/encauth/ocb3/ocb3_init.o src/encauth/ocb3/ocb3_int_ntz.o \
+src/encauth/ocb3/ocb3_int_xor_blocks.o src/encauth/ocb3/ocb3_test.o src/hashes/blake2b.o \
+src/hashes/blake2s.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \
+src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
+src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o src/hashes/md5.o \
+src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o src/hashes/sha1.o \
+src/hashes/sha2/sha224.o src/hashes/sha2/sha256.o src/hashes/sha2/sha384.o src/hashes/sha2/sha512.o \
+src/hashes/sha2/sha512_224.o src/hashes/sha2/sha512_256.o src/hashes/sha3.o src/hashes/sha3_test.o \
+src/hashes/tiger.o src/hashes/whirl/whirl.o src/mac/blake2/blake2bmac.o \
+src/mac/blake2/blake2bmac_file.o src/mac/blake2/blake2bmac_memory.o \
+src/mac/blake2/blake2bmac_memory_multi.o src/mac/blake2/blake2bmac_test.o src/mac/blake2/blake2smac.o \
+src/mac/blake2/blake2smac_file.o src/mac/blake2/blake2smac_memory.o \
+src/mac/blake2/blake2smac_memory_multi.o src/mac/blake2/blake2smac_test.o src/mac/f9/f9_done.o \
+src/mac/f9/f9_file.o src/mac/f9/f9_init.o src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o \
+src/mac/f9/f9_process.o src/mac/f9/f9_test.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \
+src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o src/mac/hmac/hmac_memory_multi.o \
+src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \
+src/mac/omac/omac_init.o src/mac/omac/omac_memory.o src/mac/omac/omac_memory_multi.o \
+src/mac/omac/omac_process.o src/mac/omac/omac_test.o src/mac/pelican/pelican.o \
+src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o src/mac/pmac/pmac_done.o \
+src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
+src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
+src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/poly1305/poly1305.o \
+src/mac/poly1305/poly1305_file.o src/mac/poly1305/poly1305_memory.o \
+src/mac/poly1305/poly1305_memory_multi.o src/mac/poly1305/poly1305_test.o src/mac/xcbc/xcbc_done.o \
+src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \
+src/mac/xcbc/xcbc_memory_multi.o src/mac/xcbc/xcbc_process.o src/mac/xcbc/xcbc_test.o \
+src/math/fp/ltc_ecc_fp_mulmod.o src/math/gmp_desc.o src/math/ltm_desc.o src/math/multi.o \
+src/math/radix_to_bin.o src/math/rand_bn.o src/math/rand_prime.o src/math/tfm_desc.o src/misc/adler32.o \
+src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o src/misc/burn_stack.o \
+src/misc/compare_testvector.o src/misc/crc32.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \
+src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
+src/misc/crypt/crypt_constants.o src/misc/crypt/crypt_find_cipher.o \
+src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher_id.o \
+src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_any.o \
+src/misc/crypt/crypt_find_hash_id.o src/misc/crypt/crypt_find_hash_oid.o \
+src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_fsa.o src/misc/crypt/crypt_hash_descriptor.o \
+src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_inits.o \
+src/misc/crypt/crypt_ltc_mp_descriptor.o src/misc/crypt/crypt_prng_descriptor.o \
+src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_prng_rng_descriptor.o \
+src/misc/crypt/crypt_register_all_ciphers.o src/misc/crypt/crypt_register_all_hashes.o \
+src/misc/crypt/crypt_register_all_prngs.o src/misc/crypt/crypt_register_cipher.o \
+src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_sizes.o \
+src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
+src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o src/misc/hkdf/hkdf.o \
+src/misc/hkdf/hkdf_test.o src/misc/mem_neq.o src/misc/pk_get_oid.o src/misc/pkcs5/pkcs_5_1.o \
+src/misc/pkcs5/pkcs_5_2.o src/misc/pkcs5/pkcs_5_test.o src/misc/zeromem.o src/modes/cbc/cbc_decrypt.o \
+src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
+src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
+src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o \
+src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o \
+src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o src/modes/ctr/ctr_getiv.o \
+src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \
+src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
+src/modes/ecb/ecb_start.o src/modes/f8/f8_decrypt.o src/modes/f8/f8_done.o src/modes/f8/f8_encrypt.o \
+src/modes/f8/f8_getiv.o src/modes/f8/f8_setiv.o src/modes/f8/f8_start.o src/modes/f8/f8_test_mode.o \
+src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o src/modes/lrw/lrw_encrypt.o \
+src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o src/modes/lrw/lrw_setiv.o \
+src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
+src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
+src/modes/ofb/ofb_start.o src/modes/xts/xts_decrypt.o src/modes/xts/xts_done.o \
+src/modes/xts/xts_encrypt.o src/modes/xts/xts_init.o src/modes/xts/xts_mult_x.o \
+src/modes/xts/xts_test.o src/pk/asn1/der/bit/der_decode_bit_string.o \
+src/pk/asn1/der/bit/der_decode_raw_bit_string.o src/pk/asn1/der/bit/der_encode_bit_string.o \
+src/pk/asn1/der/bit/der_encode_raw_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \
+src/pk/asn1/der/boolean/der_decode_boolean.o src/pk/asn1/der/boolean/der_encode_boolean.o \
+src/pk/asn1/der/boolean/der_length_boolean.o src/pk/asn1/der/choice/der_decode_choice.o \
+src/pk/asn1/der/generalizedtime/der_decode_generalizedtime.o \
+src/pk/asn1/der/generalizedtime/der_encode_generalizedtime.o \
+src/pk/asn1/der/generalizedtime/der_length_generalizedtime.o \
+src/pk/asn1/der/ia5/der_decode_ia5_string.o src/pk/asn1/der/ia5/der_encode_ia5_string.o \
+src/pk/asn1/der/ia5/der_length_ia5_string.o src/pk/asn1/der/integer/der_decode_integer.o \
+src/pk/asn1/der/integer/der_encode_integer.o src/pk/asn1/der/integer/der_length_integer.o \
+src/pk/asn1/der/object_identifier/der_decode_object_identifier.o \
+src/pk/asn1/der/object_identifier/der_encode_object_identifier.o \
+src/pk/asn1/der/object_identifier/der_length_object_identifier.o \
+src/pk/asn1/der/octet/der_decode_octet_string.o src/pk/asn1/der/octet/der_encode_octet_string.o \
+src/pk/asn1/der/octet/der_length_octet_string.o \
+src/pk/asn1/der/printable_string/der_decode_printable_string.o \
+src/pk/asn1/der/printable_string/der_encode_printable_string.o \
+src/pk/asn1/der/printable_string/der_length_printable_string.o \
+src/pk/asn1/der/sequence/der_decode_sequence_ex.o \
+src/pk/asn1/der/sequence/der_decode_sequence_flexi.o \
+src/pk/asn1/der/sequence/der_decode_sequence_multi.o \
+src/pk/asn1/der/sequence/der_decode_subject_public_key_info.o \
+src/pk/asn1/der/sequence/der_encode_sequence_ex.o \
+src/pk/asn1/der/sequence/der_encode_sequence_multi.o \
+src/pk/asn1/der/sequence/der_encode_subject_public_key_info.o \
+src/pk/asn1/der/sequence/der_length_sequence.o src/pk/asn1/der/sequence/der_sequence_free.o \
+src/pk/asn1/der/sequence/der_sequence_shrink.o src/pk/asn1/der/set/der_encode_set.o \
+src/pk/asn1/der/set/der_encode_setof.o src/pk/asn1/der/short_integer/der_decode_short_integer.o \
+src/pk/asn1/der/short_integer/der_encode_short_integer.o \
+src/pk/asn1/der/short_integer/der_length_short_integer.o \
+src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
+src/pk/asn1/der/teletex_string/der_length_teletex_string.o \
+src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_utctime.o \
+src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \
+src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \
+src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o src/pk/dh/dh_export.o src/pk/dh/dh_export_key.o \
+src/pk/dh/dh_free.o src/pk/dh/dh_generate_key.o src/pk/dh/dh_import.o src/pk/dh/dh_set.o \
+src/pk/dh/dh_set_pg_dhparam.o src/pk/dh/dh_shared_secret.o src/pk/dsa/dsa_decrypt_key.o \
+src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o \
+src/pk/dsa/dsa_generate_key.o src/pk/dsa/dsa_generate_pqg.o src/pk/dsa/dsa_import.o \
+src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_set.o src/pk/dsa/dsa_set_pqg_dsaparam.o \
+src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \
+src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/ecc/ecc_ansi_x963_export.o \
+src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o src/pk/ecc/ecc_encrypt_key.o \
+src/pk/ecc/ecc_export.o src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_size.o src/pk/ecc/ecc_import.o \
+src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_shared_secret.o src/pk/ecc/ecc_sign_hash.o \
+src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o src/pk/ecc/ecc_verify_hash.o \
+src/pk/ecc/ltc_ecc_is_valid_idx.o src/pk/ecc/ltc_ecc_map.o src/pk/ecc/ltc_ecc_mul2add.o \
+src/pk/ecc/ltc_ecc_mulmod.o src/pk/ecc/ltc_ecc_mulmod_timing.o src/pk/ecc/ltc_ecc_points.o \
+src/pk/ecc/ltc_ecc_projective_add_point.o src/pk/ecc/ltc_ecc_projective_dbl_point.o \
+src/pk/katja/katja_decrypt_key.o src/pk/katja/katja_encrypt_key.o src/pk/katja/katja_export.o \
+src/pk/katja/katja_exptmod.o src/pk/katja/katja_free.o src/pk/katja/katja_import.o \
+src/pk/katja/katja_make_key.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \
+src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
+src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \
+src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
+src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \
+src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_pkcs8.o src/pk/rsa/rsa_import_x509.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_set.o src/pk/rsa/rsa_sign_hash.o \
+src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o src/prngs/chacha20.o src/prngs/fortuna.o \
+src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
+src/prngs/sprng.o src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \
+src/stream/chacha/chacha_ivctr32.o src/stream/chacha/chacha_ivctr64.o \
+src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o \
+src/stream/rc4/rc4_stream.o src/stream/rc4/rc4_test.o src/stream/sober128/sober128_stream.o \
+src/stream/sober128/sober128_test.o
+
+#List of test objects to compile
+TOBJECTS=tests/base64_test.o tests/cipher_hash_test.o tests/common.o tests/der_test.o tests/dh_test.o \
+tests/dsa_test.o tests/ecc_test.o tests/file_test.o tests/katja_test.o tests/mac_test.o tests/misc_test.o \
+tests/modes_test.o tests/mpi_test.o tests/multi_test.o tests/no_prng.o tests/pkcs_1_eme_test.o \
+tests/pkcs_1_emsa_test.o tests/pkcs_1_oaep_test.o tests/pkcs_1_pss_test.o tests/pkcs_1_test.o \
+tests/prng_test.o tests/rotate_test.o tests/rsa_test.o tests/store_test.o tests/test.o
+
+#The following headers will be installed by "make install"
+HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
+src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
+src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h src/headers/tomcrypt_math.h \
+src/headers/tomcrypt_misc.h src/headers/tomcrypt_pk.h src/headers/tomcrypt_pkcs.h \
+src/headers/tomcrypt_prng.h
+
+#The default rule for make builds the libtomcrypt.a library (static)
+default: $(LIBMAIN_S)
+
+#SPECIAL: AES comes in two flavours - enc+dec and enc-only
+src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
+	$(CC) $(LTC_CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
+
+#SPECIAL: these are the rules to make certain object files
+src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
+src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c
+src/hashes/whirl/whirl.o: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c
+src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
+src/hashes/sha2/sha512_224.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha512_224.c
+src/hashes/sha2/sha512_256.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha512_256.c
+src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
+
+#Dependencies on *.h
+$(OBJECTS): $(HEADERS)
+$(TOBJECTS): $(HEADERS) tests/tomcrypt_test.h
+
+.c.o:
+	$(CC) $(LTC_CFLAGS) -c $< -o $@
+
+#Create libtomcrypt.a
+$(LIBMAIN_S): $(OBJECTS)
+	$(AR) $(ARFLAGS) $@ $(OBJECTS)
+	$(RANLIB) $@
+
+#Create DLL + import library libtomcrypt.dll.a
+$(LIBMAIN_D) $(LIBMAIN_I): $(OBJECTS)
+	$(CC) -s -shared -o $(LIBMAIN_D) $^ -Wl,--enable-auto-import,--export-all -Wl,--out-implib=$(LIBMAIN_I) $(LTC_LDFLAGS)
+	$(STRIP) -S $(LIBMAIN_D)
+
+#Demo tools/utilities
+hashsum.exe: demos/hashsum.o $(LIBMAIN_S)
+	$(CC) demos/hashsum.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+ltcrypt.exe: demos/ltcrypt.o $(LIBMAIN_S)
+	$(CC) demos/ltcrypt.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+small.exe: demos/small.o $(LIBMAIN_S)
+	$(CC) demos/small.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+tv_gen.exe: demos/tv_gen.o $(LIBMAIN_S)
+	$(CC) demos/tv_gen.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+sizes.exe: demos/sizes.o $(LIBMAIN_S)
+	$(CC) demos/sizes.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+constants.exe: demos/constants.o $(LIBMAIN_S)
+	$(CC) demos/constants.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+timing.exe: demos/timing.o $(LIBMAIN_S)
+	$(CC) demos/timing.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+
+#Tests
+test.exe: $(TOBJECTS) $(LIBMAIN_S)
+	$(CC) $(TOBJECTS) $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+	@echo NOTICE: start the tests by launching test.exe
+
+all: $(LIBMAIN_S) $(LIBMAIN_I) $(LIBMAIN_D) hashsum.exe ltcrypt.exe small.exe tv_gen.exe sizes.exe constants.exe timing.exe test.exe
+
+test: test.exe
+
+clean:
+	@-cmd /c del /Q *_tv.txt 2>nul
+	@-cmd /c del /Q /S *.o *.a *.exe *.dll 2>nul
+
+#Install the library + headers
+install: $(LIBMAIN_S) $(LIBMAIN_I) $(LIBMAIN_D)
+	cmd /c if not exist "$(PREFIX)\bin" mkdir "$(PREFIX)\bin"
+	cmd /c if not exist "$(PREFIX)\lib" mkdir "$(PREFIX)\lib"
+	cmd /c if not exist "$(PREFIX)\include" mkdir "$(PREFIX)\include"
+	copy /Y $(LIBMAIN_S) "$(PREFIX)\lib"
+	copy /Y $(LIBMAIN_I) "$(PREFIX)\lib"
+	copy /Y $(LIBMAIN_D) "$(PREFIX)\bin"
+	copy /Y src\headers\tomcrypt*.h "$(PREFIX)\include"
+
+#Install useful tools
+install_bins: hashsum
+	cmd /c if not exist "$(PREFIX)\bin" mkdir "$(PREFIX)\bin"
+	copy /Y hashsum.exe "$(PREFIX)\bin"
+
+#Install documentation
+install_docs: doc/crypt.pdf
+	cmd /c if not exist "$(PREFIX)\doc" mkdir "$(PREFIX)\doc"
+	copy /Y doc\crypt.pdf "$(PREFIX)\doc"

libtomcrypt/makefile.msvc

@@ -1,62 +1,112 @@
-#MSVC Makefile [tested with MSVC 6.00 with SP5]
+# MAKEFILE for MS Windows (nmake + Windows SDK)
 #
-#Tom St Denis
-CFLAGS = /Isrc/headers/ /Itestprof/ /Ox /DWIN32 /DLTC_SOURCE /W3 /Fo$@ $(CF)
+# BEWARE: variables OBJECTS, TOBJECTS, HEADERS, VERSION are updated via ./updatemakes.sh
 
-#START_INS
-OBJECTS=src/ciphers/aes/aes_enc.obj src/ciphers/aes/aes.obj src/ciphers/anubis.obj src/ciphers/blowfish.obj \
-src/ciphers/cast5.obj src/ciphers/des.obj src/ciphers/kasumi.obj src/ciphers/khazad.obj src/ciphers/kseed.obj \
-src/ciphers/noekeon.obj src/ciphers/rc2.obj src/ciphers/rc5.obj src/ciphers/rc6.obj src/ciphers/safer/safer.obj \
-src/ciphers/safer/safer_tab.obj src/ciphers/safer/saferp.obj src/ciphers/skipjack.obj \
-src/ciphers/twofish/twofish.obj src/ciphers/xtea.obj src/encauth/ccm/ccm_memory.obj \
-src/encauth/ccm/ccm_test.obj src/encauth/eax/eax_addheader.obj src/encauth/eax/eax_decrypt.obj \
-src/encauth/eax/eax_decrypt_verify_memory.obj src/encauth/eax/eax_done.obj src/encauth/eax/eax_encrypt.obj \
-src/encauth/eax/eax_encrypt_authenticate_memory.obj src/encauth/eax/eax_init.obj \
-src/encauth/eax/eax_test.obj src/encauth/gcm/gcm_add_aad.obj src/encauth/gcm/gcm_add_iv.obj \
-src/encauth/gcm/gcm_done.obj src/encauth/gcm/gcm_gf_mult.obj src/encauth/gcm/gcm_init.obj \
-src/encauth/gcm/gcm_memory.obj src/encauth/gcm/gcm_mult_h.obj src/encauth/gcm/gcm_process.obj \
-src/encauth/gcm/gcm_reset.obj src/encauth/gcm/gcm_test.obj src/encauth/ocb/ocb_decrypt.obj \
-src/encauth/ocb/ocb_decrypt_verify_memory.obj src/encauth/ocb/ocb_done_decrypt.obj \
-src/encauth/ocb/ocb_done_encrypt.obj src/encauth/ocb/ocb_encrypt.obj \
+### USAGE:
+# Open a command prompt with WinSDK variables set and start:
+#
+# nmake -f makefile.msvc all
+# test.exe
+# nmake -f makefile.msvc PREFIX=c:\devel\libtom install
+#
+#Or:
+#
+# nmake -f makefile.msvc CFLAGS="/DUSE_LTM /DLTM_DESC /Ic:\path\to\libtommath" EXTRALIBS=c:\path\to\libtommath\tommath.lib all
+#
+
+#The following can be overridden from command line e.g. make -f makefile.msvc CC=gcc ARFLAGS=rcs
+PREFIX    = c:\devel
+CFLAGS    = /Ox /DUSE_LTM /DLTM_DESC /I../libtommath
+EXTRALIBS = ../libtommath/tommath.lib
+
+#Compilation flags
+LTC_CFLAGS  = /nologo /Isrc/headers/ /Itests/ /D_CRT_SECURE_NO_WARNINGS /D_CRT_NONSTDC_NO_DEPRECATE /DLTC_SOURCE /W3 $(CFLAGS)
+LTC_LDFLAGS = advapi32.lib $(EXTRALIBS)
+VERSION=1.18.2
+
+#Libraries to be created (this makefile builds only static libraries)
+LIBMAIN_S =tomcrypt.lib
+
+#List of objects to compile (all goes to tomcrypt.lib)
+OBJECTS=src/ciphers/aes/aes.obj src/ciphers/aes/aes_enc.obj src/ciphers/anubis.obj src/ciphers/blowfish.obj \
+src/ciphers/camellia.obj src/ciphers/cast5.obj src/ciphers/des.obj src/ciphers/kasumi.obj src/ciphers/khazad.obj \
+src/ciphers/kseed.obj src/ciphers/multi2.obj src/ciphers/noekeon.obj src/ciphers/rc2.obj src/ciphers/rc5.obj \
+src/ciphers/rc6.obj src/ciphers/safer/safer.obj src/ciphers/safer/saferp.obj src/ciphers/skipjack.obj \
+src/ciphers/twofish/twofish.obj src/ciphers/xtea.obj src/encauth/ccm/ccm_add_aad.obj \
+src/encauth/ccm/ccm_add_nonce.obj src/encauth/ccm/ccm_done.obj src/encauth/ccm/ccm_init.obj \
+src/encauth/ccm/ccm_memory.obj src/encauth/ccm/ccm_process.obj src/encauth/ccm/ccm_reset.obj \
+src/encauth/ccm/ccm_test.obj src/encauth/chachapoly/chacha20poly1305_add_aad.obj \
+src/encauth/chachapoly/chacha20poly1305_decrypt.obj src/encauth/chachapoly/chacha20poly1305_done.obj \
+src/encauth/chachapoly/chacha20poly1305_encrypt.obj src/encauth/chachapoly/chacha20poly1305_init.obj \
+src/encauth/chachapoly/chacha20poly1305_memory.obj src/encauth/chachapoly/chacha20poly1305_setiv.obj \
+src/encauth/chachapoly/chacha20poly1305_setiv_rfc7905.obj \
+src/encauth/chachapoly/chacha20poly1305_test.obj src/encauth/eax/eax_addheader.obj \
+src/encauth/eax/eax_decrypt.obj src/encauth/eax/eax_decrypt_verify_memory.obj src/encauth/eax/eax_done.obj \
+src/encauth/eax/eax_encrypt.obj src/encauth/eax/eax_encrypt_authenticate_memory.obj \
+src/encauth/eax/eax_init.obj src/encauth/eax/eax_test.obj src/encauth/gcm/gcm_add_aad.obj \
+src/encauth/gcm/gcm_add_iv.obj src/encauth/gcm/gcm_done.obj src/encauth/gcm/gcm_gf_mult.obj \
+src/encauth/gcm/gcm_init.obj src/encauth/gcm/gcm_memory.obj src/encauth/gcm/gcm_mult_h.obj \
+src/encauth/gcm/gcm_process.obj src/encauth/gcm/gcm_reset.obj src/encauth/gcm/gcm_test.obj \
+src/encauth/ocb/ocb_decrypt.obj src/encauth/ocb/ocb_decrypt_verify_memory.obj \
+src/encauth/ocb/ocb_done_decrypt.obj src/encauth/ocb/ocb_done_encrypt.obj src/encauth/ocb/ocb_encrypt.obj \
 src/encauth/ocb/ocb_encrypt_authenticate_memory.obj src/encauth/ocb/ocb_init.obj src/encauth/ocb/ocb_ntz.obj \
 src/encauth/ocb/ocb_shift_xor.obj src/encauth/ocb/ocb_test.obj src/encauth/ocb/s_ocb_done.obj \
-src/hashes/chc/chc.obj src/hashes/helper/hash_file.obj src/hashes/helper/hash_filehandle.obj \
-src/hashes/helper/hash_memory.obj src/hashes/helper/hash_memory_multi.obj src/hashes/md2.obj src/hashes/md4.obj \
-src/hashes/md5.obj src/hashes/rmd128.obj src/hashes/rmd160.obj src/hashes/rmd256.obj src/hashes/rmd320.obj \
-src/hashes/sha1.obj src/hashes/sha2/sha256.obj src/hashes/sha2/sha512.obj src/hashes/tiger.obj \
-src/hashes/whirl/whirl.obj src/mac/f9/f9_done.obj src/mac/f9/f9_file.obj src/mac/f9/f9_init.obj \
-src/mac/f9/f9_memory.obj src/mac/f9/f9_memory_multi.obj src/mac/f9/f9_process.obj src/mac/f9/f9_test.obj \
-src/mac/hmac/hmac_done.obj src/mac/hmac/hmac_file.obj src/mac/hmac/hmac_init.obj src/mac/hmac/hmac_memory.obj \
-src/mac/hmac/hmac_memory_multi.obj src/mac/hmac/hmac_process.obj src/mac/hmac/hmac_test.obj \
-src/mac/omac/omac_done.obj src/mac/omac/omac_file.obj src/mac/omac/omac_init.obj src/mac/omac/omac_memory.obj \
-src/mac/omac/omac_memory_multi.obj src/mac/omac/omac_process.obj src/mac/omac/omac_test.obj \
-src/mac/pelican/pelican.obj src/mac/pelican/pelican_memory.obj src/mac/pelican/pelican_test.obj \
-src/mac/pmac/pmac_done.obj src/mac/pmac/pmac_file.obj src/mac/pmac/pmac_init.obj src/mac/pmac/pmac_memory.obj \
+src/encauth/ocb3/ocb3_add_aad.obj src/encauth/ocb3/ocb3_decrypt.obj src/encauth/ocb3/ocb3_decrypt_last.obj \
+src/encauth/ocb3/ocb3_decrypt_verify_memory.obj src/encauth/ocb3/ocb3_done.obj \
+src/encauth/ocb3/ocb3_encrypt.obj src/encauth/ocb3/ocb3_encrypt_authenticate_memory.obj \
+src/encauth/ocb3/ocb3_encrypt_last.obj src/encauth/ocb3/ocb3_init.obj src/encauth/ocb3/ocb3_int_ntz.obj \
+src/encauth/ocb3/ocb3_int_xor_blocks.obj src/encauth/ocb3/ocb3_test.obj src/hashes/blake2b.obj \
+src/hashes/blake2s.obj src/hashes/chc/chc.obj src/hashes/helper/hash_file.obj \
+src/hashes/helper/hash_filehandle.obj src/hashes/helper/hash_memory.obj \
+src/hashes/helper/hash_memory_multi.obj src/hashes/md2.obj src/hashes/md4.obj src/hashes/md5.obj \
+src/hashes/rmd128.obj src/hashes/rmd160.obj src/hashes/rmd256.obj src/hashes/rmd320.obj src/hashes/sha1.obj \
+src/hashes/sha2/sha224.obj src/hashes/sha2/sha256.obj src/hashes/sha2/sha384.obj src/hashes/sha2/sha512.obj \
+src/hashes/sha2/sha512_224.obj src/hashes/sha2/sha512_256.obj src/hashes/sha3.obj src/hashes/sha3_test.obj \
+src/hashes/tiger.obj src/hashes/whirl/whirl.obj src/mac/blake2/blake2bmac.obj \
+src/mac/blake2/blake2bmac_file.obj src/mac/blake2/blake2bmac_memory.obj \
+src/mac/blake2/blake2bmac_memory_multi.obj src/mac/blake2/blake2bmac_test.obj src/mac/blake2/blake2smac.obj \
+src/mac/blake2/blake2smac_file.obj src/mac/blake2/blake2smac_memory.obj \
+src/mac/blake2/blake2smac_memory_multi.obj src/mac/blake2/blake2smac_test.obj src/mac/f9/f9_done.obj \
+src/mac/f9/f9_file.obj src/mac/f9/f9_init.obj src/mac/f9/f9_memory.obj src/mac/f9/f9_memory_multi.obj \
+src/mac/f9/f9_process.obj src/mac/f9/f9_test.obj src/mac/hmac/hmac_done.obj src/mac/hmac/hmac_file.obj \
+src/mac/hmac/hmac_init.obj src/mac/hmac/hmac_memory.obj src/mac/hmac/hmac_memory_multi.obj \
+src/mac/hmac/hmac_process.obj src/mac/hmac/hmac_test.obj src/mac/omac/omac_done.obj src/mac/omac/omac_file.obj \
+src/mac/omac/omac_init.obj src/mac/omac/omac_memory.obj src/mac/omac/omac_memory_multi.obj \
+src/mac/omac/omac_process.obj src/mac/omac/omac_test.obj src/mac/pelican/pelican.obj \
+src/mac/pelican/pelican_memory.obj src/mac/pelican/pelican_test.obj src/mac/pmac/pmac_done.obj \
+src/mac/pmac/pmac_file.obj src/mac/pmac/pmac_init.obj src/mac/pmac/pmac_memory.obj \
 src/mac/pmac/pmac_memory_multi.obj src/mac/pmac/pmac_ntz.obj src/mac/pmac/pmac_process.obj \
-src/mac/pmac/pmac_shift_xor.obj src/mac/pmac/pmac_test.obj src/mac/xcbc/xcbc_done.obj \
+src/mac/pmac/pmac_shift_xor.obj src/mac/pmac/pmac_test.obj src/mac/poly1305/poly1305.obj \
+src/mac/poly1305/poly1305_file.obj src/mac/poly1305/poly1305_memory.obj \
+src/mac/poly1305/poly1305_memory_multi.obj src/mac/poly1305/poly1305_test.obj src/mac/xcbc/xcbc_done.obj \
 src/mac/xcbc/xcbc_file.obj src/mac/xcbc/xcbc_init.obj src/mac/xcbc/xcbc_memory.obj \
 src/mac/xcbc/xcbc_memory_multi.obj src/mac/xcbc/xcbc_process.obj src/mac/xcbc/xcbc_test.obj \
 src/math/fp/ltc_ecc_fp_mulmod.obj src/math/gmp_desc.obj src/math/ltm_desc.obj src/math/multi.obj \
-src/math/rand_prime.obj src/math/tfm_desc.obj src/misc/base64/base64_decode.obj \
-src/misc/base64/base64_encode.obj src/misc/burn_stack.obj src/misc/crypt/crypt.obj \
-src/misc/crypt/crypt_argchk.obj src/misc/crypt/crypt_cipher_descriptor.obj \
-src/misc/crypt/crypt_cipher_is_valid.obj src/misc/crypt/crypt_find_cipher.obj \
+src/math/radix_to_bin.obj src/math/rand_bn.obj src/math/rand_prime.obj src/math/tfm_desc.obj src/misc/adler32.obj \
+src/misc/base64/base64_decode.obj src/misc/base64/base64_encode.obj src/misc/burn_stack.obj \
+src/misc/compare_testvector.obj src/misc/crc32.obj src/misc/crypt/crypt.obj src/misc/crypt/crypt_argchk.obj \
+src/misc/crypt/crypt_cipher_descriptor.obj src/misc/crypt/crypt_cipher_is_valid.obj \
+src/misc/crypt/crypt_constants.obj src/misc/crypt/crypt_find_cipher.obj \
 src/misc/crypt/crypt_find_cipher_any.obj src/misc/crypt/crypt_find_cipher_id.obj \
 src/misc/crypt/crypt_find_hash.obj src/misc/crypt/crypt_find_hash_any.obj \
 src/misc/crypt/crypt_find_hash_id.obj src/misc/crypt/crypt_find_hash_oid.obj \
 src/misc/crypt/crypt_find_prng.obj src/misc/crypt/crypt_fsa.obj src/misc/crypt/crypt_hash_descriptor.obj \
-src/misc/crypt/crypt_hash_is_valid.obj src/misc/crypt/crypt_ltc_mp_descriptor.obj \
-src/misc/crypt/crypt_prng_descriptor.obj src/misc/crypt/crypt_prng_is_valid.obj \
-src/misc/crypt/crypt_register_cipher.obj src/misc/crypt/crypt_register_hash.obj \
-src/misc/crypt/crypt_register_prng.obj src/misc/crypt/crypt_unregister_cipher.obj \
-src/misc/crypt/crypt_unregister_hash.obj src/misc/crypt/crypt_unregister_prng.obj \
-src/misc/error_to_string.obj src/misc/pkcs5/pkcs_5_1.obj src/misc/pkcs5/pkcs_5_2.obj src/misc/zeromem.obj \
-src/modes/cbc/cbc_decrypt.obj src/modes/cbc/cbc_done.obj src/modes/cbc/cbc_encrypt.obj \
-src/modes/cbc/cbc_getiv.obj src/modes/cbc/cbc_setiv.obj src/modes/cbc/cbc_start.obj \
-src/modes/cfb/cfb_decrypt.obj src/modes/cfb/cfb_done.obj src/modes/cfb/cfb_encrypt.obj \
-src/modes/cfb/cfb_getiv.obj src/modes/cfb/cfb_setiv.obj src/modes/cfb/cfb_start.obj \
-src/modes/ctr/ctr_decrypt.obj src/modes/ctr/ctr_done.obj src/modes/ctr/ctr_encrypt.obj \
-src/modes/ctr/ctr_getiv.obj src/modes/ctr/ctr_setiv.obj src/modes/ctr/ctr_start.obj src/modes/ctr/ctr_test.obj \
+src/misc/crypt/crypt_hash_is_valid.obj src/misc/crypt/crypt_inits.obj \
+src/misc/crypt/crypt_ltc_mp_descriptor.obj src/misc/crypt/crypt_prng_descriptor.obj \
+src/misc/crypt/crypt_prng_is_valid.obj src/misc/crypt/crypt_prng_rng_descriptor.obj \
+src/misc/crypt/crypt_register_all_ciphers.obj src/misc/crypt/crypt_register_all_hashes.obj \
+src/misc/crypt/crypt_register_all_prngs.obj src/misc/crypt/crypt_register_cipher.obj \
+src/misc/crypt/crypt_register_hash.obj src/misc/crypt/crypt_register_prng.obj src/misc/crypt/crypt_sizes.obj \
+src/misc/crypt/crypt_unregister_cipher.obj src/misc/crypt/crypt_unregister_hash.obj \
+src/misc/crypt/crypt_unregister_prng.obj src/misc/error_to_string.obj src/misc/hkdf/hkdf.obj \
+src/misc/hkdf/hkdf_test.obj src/misc/mem_neq.obj src/misc/pk_get_oid.obj src/misc/pkcs5/pkcs_5_1.obj \
+src/misc/pkcs5/pkcs_5_2.obj src/misc/pkcs5/pkcs_5_test.obj src/misc/zeromem.obj src/modes/cbc/cbc_decrypt.obj \
+src/modes/cbc/cbc_done.obj src/modes/cbc/cbc_encrypt.obj src/modes/cbc/cbc_getiv.obj \
+src/modes/cbc/cbc_setiv.obj src/modes/cbc/cbc_start.obj src/modes/cfb/cfb_decrypt.obj \
+src/modes/cfb/cfb_done.obj src/modes/cfb/cfb_encrypt.obj src/modes/cfb/cfb_getiv.obj \
+src/modes/cfb/cfb_setiv.obj src/modes/cfb/cfb_start.obj src/modes/ctr/ctr_decrypt.obj \
+src/modes/ctr/ctr_done.obj src/modes/ctr/ctr_encrypt.obj src/modes/ctr/ctr_getiv.obj \
+src/modes/ctr/ctr_setiv.obj src/modes/ctr/ctr_start.obj src/modes/ctr/ctr_test.obj \
 src/modes/ecb/ecb_decrypt.obj src/modes/ecb/ecb_done.obj src/modes/ecb/ecb_encrypt.obj \
 src/modes/ecb/ecb_start.obj src/modes/f8/f8_decrypt.obj src/modes/f8/f8_done.obj src/modes/f8/f8_encrypt.obj \
 src/modes/f8/f8_getiv.obj src/modes/f8/f8_setiv.obj src/modes/f8/f8_start.obj src/modes/f8/f8_test_mode.obj \
@@ -64,10 +114,16 @@ src/modes/lrw/lrw_decrypt.obj src/modes/lrw/lrw_done.obj src/modes/lrw/lrw_encry
 src/modes/lrw/lrw_getiv.obj src/modes/lrw/lrw_process.obj src/modes/lrw/lrw_setiv.obj \
 src/modes/lrw/lrw_start.obj src/modes/lrw/lrw_test.obj src/modes/ofb/ofb_decrypt.obj src/modes/ofb/ofb_done.obj \
 src/modes/ofb/ofb_encrypt.obj src/modes/ofb/ofb_getiv.obj src/modes/ofb/ofb_setiv.obj \
-src/modes/ofb/ofb_start.obj src/pk/asn1/der/bit/der_decode_bit_string.obj \
-src/pk/asn1/der/bit/der_encode_bit_string.obj src/pk/asn1/der/bit/der_length_bit_string.obj \
+src/modes/ofb/ofb_start.obj src/modes/xts/xts_decrypt.obj src/modes/xts/xts_done.obj \
+src/modes/xts/xts_encrypt.obj src/modes/xts/xts_init.obj src/modes/xts/xts_mult_x.obj \
+src/modes/xts/xts_test.obj src/pk/asn1/der/bit/der_decode_bit_string.obj \
+src/pk/asn1/der/bit/der_decode_raw_bit_string.obj src/pk/asn1/der/bit/der_encode_bit_string.obj \
+src/pk/asn1/der/bit/der_encode_raw_bit_string.obj src/pk/asn1/der/bit/der_length_bit_string.obj \
 src/pk/asn1/der/boolean/der_decode_boolean.obj src/pk/asn1/der/boolean/der_encode_boolean.obj \
 src/pk/asn1/der/boolean/der_length_boolean.obj src/pk/asn1/der/choice/der_decode_choice.obj \
+src/pk/asn1/der/generalizedtime/der_decode_generalizedtime.obj \
+src/pk/asn1/der/generalizedtime/der_encode_generalizedtime.obj \
+src/pk/asn1/der/generalizedtime/der_length_generalizedtime.obj \
 src/pk/asn1/der/ia5/der_decode_ia5_string.obj src/pk/asn1/der/ia5/der_encode_ia5_string.obj \
 src/pk/asn1/der/ia5/der_length_ia5_string.obj src/pk/asn1/der/integer/der_decode_integer.obj \
 src/pk/asn1/der/integer/der_encode_integer.obj src/pk/asn1/der/integer/der_length_integer.obj \
@@ -82,22 +138,32 @@ src/pk/asn1/der/printable_string/der_length_printable_string.obj \
 src/pk/asn1/der/sequence/der_decode_sequence_ex.obj \
 src/pk/asn1/der/sequence/der_decode_sequence_flexi.obj \
 src/pk/asn1/der/sequence/der_decode_sequence_multi.obj \
+src/pk/asn1/der/sequence/der_decode_subject_public_key_info.obj \
 src/pk/asn1/der/sequence/der_encode_sequence_ex.obj \
-src/pk/asn1/der/sequence/der_encode_sequence_multi.obj src/pk/asn1/der/sequence/der_length_sequence.obj \
-src/pk/asn1/der/sequence/der_sequence_free.obj src/pk/asn1/der/set/der_encode_set.obj \
+src/pk/asn1/der/sequence/der_encode_sequence_multi.obj \
+src/pk/asn1/der/sequence/der_encode_subject_public_key_info.obj \
+src/pk/asn1/der/sequence/der_length_sequence.obj src/pk/asn1/der/sequence/der_sequence_free.obj \
+src/pk/asn1/der/sequence/der_sequence_shrink.obj src/pk/asn1/der/set/der_encode_set.obj \
 src/pk/asn1/der/set/der_encode_setof.obj src/pk/asn1/der/short_integer/der_decode_short_integer.obj \
 src/pk/asn1/der/short_integer/der_encode_short_integer.obj \
-src/pk/asn1/der/short_integer/der_length_short_integer.obj src/pk/asn1/der/utctime/der_decode_utctime.obj \
-src/pk/asn1/der/utctime/der_encode_utctime.obj src/pk/asn1/der/utctime/der_length_utctime.obj \
-src/pk/asn1/der/utf8/der_decode_utf8_string.obj src/pk/asn1/der/utf8/der_encode_utf8_string.obj \
-src/pk/asn1/der/utf8/der_length_utf8_string.obj src/pk/dsa/dsa_decrypt_key.obj \
-src/pk/dsa/dsa_encrypt_key.obj src/pk/dsa/dsa_export.obj src/pk/dsa/dsa_free.obj src/pk/dsa/dsa_import.obj \
-src/pk/dsa/dsa_make_key.obj src/pk/dsa/dsa_shared_secret.obj src/pk/dsa/dsa_sign_hash.obj \
-src/pk/dsa/dsa_verify_hash.obj src/pk/dsa/dsa_verify_key.obj src/pk/ecc/ecc.obj \
-src/pk/ecc/ecc_ansi_x963_export.obj src/pk/ecc/ecc_ansi_x963_import.obj src/pk/ecc/ecc_decrypt_key.obj \
-src/pk/ecc/ecc_encrypt_key.obj src/pk/ecc/ecc_export.obj src/pk/ecc/ecc_free.obj src/pk/ecc/ecc_get_size.obj \
-src/pk/ecc/ecc_import.obj src/pk/ecc/ecc_make_key.obj src/pk/ecc/ecc_shared_secret.obj \
-src/pk/ecc/ecc_sign_hash.obj src/pk/ecc/ecc_sizes.obj src/pk/ecc/ecc_test.obj src/pk/ecc/ecc_verify_hash.obj \
+src/pk/asn1/der/short_integer/der_length_short_integer.obj \
+src/pk/asn1/der/teletex_string/der_decode_teletex_string.obj \
+src/pk/asn1/der/teletex_string/der_length_teletex_string.obj \
+src/pk/asn1/der/utctime/der_decode_utctime.obj src/pk/asn1/der/utctime/der_encode_utctime.obj \
+src/pk/asn1/der/utctime/der_length_utctime.obj src/pk/asn1/der/utf8/der_decode_utf8_string.obj \
+src/pk/asn1/der/utf8/der_encode_utf8_string.obj src/pk/asn1/der/utf8/der_length_utf8_string.obj \
+src/pk/dh/dh.obj src/pk/dh/dh_check_pubkey.obj src/pk/dh/dh_export.obj src/pk/dh/dh_export_key.obj \
+src/pk/dh/dh_free.obj src/pk/dh/dh_generate_key.obj src/pk/dh/dh_import.obj src/pk/dh/dh_set.obj \
+src/pk/dh/dh_set_pg_dhparam.obj src/pk/dh/dh_shared_secret.obj src/pk/dsa/dsa_decrypt_key.obj \
+src/pk/dsa/dsa_encrypt_key.obj src/pk/dsa/dsa_export.obj src/pk/dsa/dsa_free.obj \
+src/pk/dsa/dsa_generate_key.obj src/pk/dsa/dsa_generate_pqg.obj src/pk/dsa/dsa_import.obj \
+src/pk/dsa/dsa_make_key.obj src/pk/dsa/dsa_set.obj src/pk/dsa/dsa_set_pqg_dsaparam.obj \
+src/pk/dsa/dsa_shared_secret.obj src/pk/dsa/dsa_sign_hash.obj src/pk/dsa/dsa_verify_hash.obj \
+src/pk/dsa/dsa_verify_key.obj src/pk/ecc/ecc.obj src/pk/ecc/ecc_ansi_x963_export.obj \
+src/pk/ecc/ecc_ansi_x963_import.obj src/pk/ecc/ecc_decrypt_key.obj src/pk/ecc/ecc_encrypt_key.obj \
+src/pk/ecc/ecc_export.obj src/pk/ecc/ecc_free.obj src/pk/ecc/ecc_get_size.obj src/pk/ecc/ecc_import.obj \
+src/pk/ecc/ecc_make_key.obj src/pk/ecc/ecc_shared_secret.obj src/pk/ecc/ecc_sign_hash.obj \
+src/pk/ecc/ecc_sizes.obj src/pk/ecc/ecc_test.obj src/pk/ecc/ecc_verify_hash.obj \
 src/pk/ecc/ltc_ecc_is_valid_idx.obj src/pk/ecc/ltc_ecc_map.obj src/pk/ecc/ltc_ecc_mul2add.obj \
 src/pk/ecc/ltc_ecc_mulmod.obj src/pk/ecc/ltc_ecc_mulmod_timing.obj src/pk/ecc/ltc_ecc_points.obj \
 src/pk/ecc/ltc_ecc_projective_add_point.obj src/pk/ecc/ltc_ecc_projective_dbl_point.obj \
@@ -107,43 +173,101 @@ src/pk/katja/katja_make_key.obj src/pk/pkcs1/pkcs_1_i2osp.obj src/pk/pkcs1/pkcs_
 src/pk/pkcs1/pkcs_1_oaep_decode.obj src/pk/pkcs1/pkcs_1_oaep_encode.obj src/pk/pkcs1/pkcs_1_os2ip.obj \
 src/pk/pkcs1/pkcs_1_pss_decode.obj src/pk/pkcs1/pkcs_1_pss_encode.obj src/pk/pkcs1/pkcs_1_v1_5_decode.obj \
 src/pk/pkcs1/pkcs_1_v1_5_encode.obj src/pk/rsa/rsa_decrypt_key.obj src/pk/rsa/rsa_encrypt_key.obj \
-src/pk/rsa/rsa_export.obj src/pk/rsa/rsa_exptmod.obj src/pk/rsa/rsa_free.obj src/pk/rsa/rsa_import.obj \
-src/pk/rsa/rsa_make_key.obj src/pk/rsa/rsa_sign_hash.obj src/pk/rsa/rsa_verify_hash.obj src/prngs/fortuna.obj \
+src/pk/rsa/rsa_export.obj src/pk/rsa/rsa_exptmod.obj src/pk/rsa/rsa_free.obj src/pk/rsa/rsa_get_size.obj \
+src/pk/rsa/rsa_import.obj src/pk/rsa/rsa_import_pkcs8.obj src/pk/rsa/rsa_import_x509.obj \
+src/pk/rsa/rsa_make_key.obj src/pk/rsa/rsa_set.obj src/pk/rsa/rsa_sign_hash.obj \
+src/pk/rsa/rsa_sign_saltlen_get.obj src/pk/rsa/rsa_verify_hash.obj src/prngs/chacha20.obj src/prngs/fortuna.obj \
 src/prngs/rc4.obj src/prngs/rng_get_bytes.obj src/prngs/rng_make_prng.obj src/prngs/sober128.obj \
-src/prngs/sprng.obj src/prngs/yarrow.obj 
+src/prngs/sprng.obj src/prngs/yarrow.obj src/stream/chacha/chacha_crypt.obj src/stream/chacha/chacha_done.obj \
+src/stream/chacha/chacha_ivctr32.obj src/stream/chacha/chacha_ivctr64.obj \
+src/stream/chacha/chacha_keystream.obj src/stream/chacha/chacha_setup.obj src/stream/chacha/chacha_test.obj \
+src/stream/rc4/rc4_stream.obj src/stream/rc4/rc4_test.obj src/stream/sober128/sober128_stream.obj \
+src/stream/sober128/sober128_test.obj
 
-HEADERS=src/headers/tomcrypt_cfg.h src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h \
-src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cipher.h \
-src/headers/tomcrypt_pk.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_math.h \
-src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
-src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
+#List of test objects to compile
+TOBJECTS=tests/base64_test.obj tests/cipher_hash_test.obj tests/common.obj tests/der_test.obj tests/dh_test.obj \
+tests/dsa_test.obj tests/ecc_test.obj tests/file_test.obj tests/katja_test.obj tests/mac_test.obj tests/misc_test.obj \
+tests/modes_test.obj tests/mpi_test.obj tests/multi_test.obj tests/no_prng.obj tests/pkcs_1_eme_test.obj \
+tests/pkcs_1_emsa_test.obj tests/pkcs_1_oaep_test.obj tests/pkcs_1_pss_test.obj tests/pkcs_1_test.obj \
+tests/prng_test.obj tests/rotate_test.obj tests/rsa_test.obj tests/store_test.obj tests/test.obj
 
-#END_INS
+#The following headers will be installed by "make install"
+HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
+src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
+src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h src/headers/tomcrypt_math.h \
+src/headers/tomcrypt_misc.h src/headers/tomcrypt_pk.h src/headers/tomcrypt_pkcs.h \
+src/headers/tomcrypt_prng.h
 
-default: library
+#The default rule for make builds the tomcrypt.lib library (static)
+default: $(LIBMAIN_S)
 
-#ciphers come in two flavours... enc+dec and enc
+#SPECIAL: AES comes in two flavours - enc+dec and enc-only
 src/ciphers/aes/aes_enc.obj: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
-	$(CC) $(CFLAGS) /DENCRYPT_ONLY /c src/ciphers/aes/aes.c /Fosrc/ciphers/aes/aes_enc.obj
+	$(CC) $(LTC_CFLAGS) /DENCRYPT_ONLY /c src/ciphers/aes/aes.c /Fosrc/ciphers/aes/aes_enc.obj
 
-library: $(OBJECTS)
-	lib /out:tomcrypt.lib $(OBJECTS)
-	cd testprof 
-	nmake -f makefile.msvc
-	cd ..
-	
-tv_gen: demos/tv_gen.c library
-	cl $(CFLAGS) demos/tv_gen.c tomcrypt.lib advapi32.lib $(EXTRALIBS)
+#SPECIAL: these are the rules to make certain object files
+src/ciphers/aes/aes.obj: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
+src/ciphers/twofish/twofish.obj: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c
+src/hashes/whirl/whirl.obj: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c
+src/hashes/sha2/sha512.obj: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
+src/hashes/sha2/sha512_224.obj: src/hashes/sha2/sha512.c src/hashes/sha2/sha512_224.c
+src/hashes/sha2/sha512_256.obj: src/hashes/sha2/sha512.c src/hashes/sha2/sha512_256.c
+src/hashes/sha2/sha256.obj: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
 
-hashsum: demos/hashsum.c library
-	cl $(CFLAGS) demos/hashsum.c tomcrypt.lib advapi32.lib $(EXTRALIBS)
+#Dependencies on *.h
+$(OBJECTS): $(HEADERS)
+$(TOBJECTS): $(HEADERS) tests/tomcrypt_test.h
 
-test: demos/test.c library
-	cl $(CFLAGS) demos/test.c testprof/tomcrypt_prof.lib tomcrypt.lib advapi32.lib $(EXTRALIBS)
+.c.obj:
+	$(CC) $(LTC_CFLAGS) /c $< /Fo$@
 
-timing: demos/timing.c library
-	cl $(CFLAGS) demos/timing.c testprof/tomcrypt_prof.lib tomcrypt.lib advapi32.lib $(EXTRALIBS)
+#Create tomcrypt.lib
+$(LIBMAIN_S): $(OBJECTS)
+	lib /out:$(LIBMAIN_S) $(OBJECTS)
 
-# $Source: /cvs/libtom/libtomcrypt/makefile.msvc,v $   
-# $Revision: 1.51 $   
-# $Date: 2006/12/02 19:23:21 $ 
+#Demo tools/utilities
+hashsum.exe: demos/hashsum.c tests/common.c $(LIBMAIN_S)
+	cl $(LTC_CFLAGS) demos/hashsum.c tests/common.c $(LIBMAIN_S) $(LTC_LDFLAGS) /Fe$@
+ltcrypt.exe: demos/ltcrypt.c $(LIBMAIN_S)
+	cl $(LTC_CFLAGS) demos/ltcrypt.c tests/common.c $(LIBMAIN_S) $(LTC_LDFLAGS) /Fe$@
+small.exe: demos/small.c $(LIBMAIN_S)
+	cl $(LTC_CFLAGS) demos/small.c tests/common.c $(LIBMAIN_S) $(LTC_LDFLAGS) /Fe$@
+tv_gen.exe: demos/tv_gen.c $(LIBMAIN_S)
+	cl $(LTC_CFLAGS) demos/tv_gen.c tests/common.c $(LIBMAIN_S) $(LTC_LDFLAGS) /Fe$@
+sizes.exe: demos/sizes.c $(LIBMAIN_S)
+	cl $(LTC_CFLAGS) demos/sizes.c tests/common.c $(LIBMAIN_S) $(LTC_LDFLAGS) /Fe$@
+constants.exe: demos/constants.c $(LIBMAIN_S)
+	cl $(LTC_CFLAGS) demos/constants.c tests/common.c $(LIBMAIN_S) $(LTC_LDFLAGS) /Fe$@
+timing.exe: demos/timing.c $(LIBMAIN_S)
+	cl $(LTC_CFLAGS) demos/timing.c tests/common.c $(LIBMAIN_S) $(LTC_LDFLAGS) /Fe$@
+
+#Tests
+test.exe: $(LIBMAIN_S) $(TOBJECTS)
+	cl $(LTC_CFLAGS) $(TOBJECTS) $(LIBMAIN_S) $(LTC_LDFLAGS) /Fe$@
+	@echo NOTICE: start the tests by launching test.exe
+
+all: $(LIBMAIN_S) hashsum.exe ltcrypt.exe small.exe tv_gen.exe sizes.exe constants.exe timing.exe test.exe
+
+test: test.exe
+
+clean:
+	@-cmd /c del /Q *_tv.txt 2>nul
+	@-cmd /c del /Q /S *.OBJ *.LIB *.EXE *.DLL 2>nul
+
+#Install the library + headers
+install: $(LIBMAIN_S)
+	cmd /c if not exist "$(PREFIX)\bin" mkdir "$(PREFIX)\bin"
+	cmd /c if not exist "$(PREFIX)\lib" mkdir "$(PREFIX)\lib"
+	cmd /c if not exist "$(PREFIX)\include" mkdir "$(PREFIX)\include"
+	copy /Y $(LIBMAIN_S) "$(PREFIX)\lib"
+	copy /Y src\headers\tomcrypt*.h "$(PREFIX)\include"
+
+#Install useful tools
+install_bins: hashsum
+	cmd /c if not exist "$(PREFIX)\bin" mkdir "$(PREFIX)\bin"
+	copy /Y hashsum.exe "$(PREFIX)\bin"
+
+#Install documentation
+install_docs: doc/crypt.pdf
+	cmd /c if not exist "$(PREFIX)\doc" mkdir "$(PREFIX)\doc"
+	copy /Y doc\crypt.pdf "$(PREFIX)\doc"

libtomcrypt/makefile.shared

@@ -2,278 +2,76 @@
 #
 # This makefile produces a shared object and requires libtool to be installed.
 #
-# Thanks to Zed Shaw for helping debug this on BSD/OSX.  
+# Thanks to Zed Shaw for helping debug this on BSD/OSX.
 # Tom St Denis
+#
+#  (GNU make only)
 
-# The version
-VERSION=0:116
+### USAGE:
+#
+# CFLAGS="-DUSE_LTM -DLTM_DESC -I/path/to/libtommath" make -f makefile.shared all EXTRALIBS=/path/to/libtommath/libtommath.a
+# ./test
+# make -f makefile.shared PREFIX=/opt/libtom install
+#
 
-# Compiler and Linker Names
-CC=libtool --mode=compile --tag=CC gcc 
+PLATFORM := $(shell uname | sed -e 's/_.*//')
 
-# ranlib tools
-ifndef RANLIB
-   RANLIB=ranlib
+ifndef LIBTOOL
+  ifeq ($(PLATFORM), Darwin)
+    LIBTOOL:=glibtool
+  else
+    LIBTOOL:=libtool
+  endif
 endif
-
-# Compilation flags. Note the += does not write over the user's CFLAGS!
-CFLAGS += -c -I./src/headers/ -Wall -Wsign-compare -W -Wshadow -DLTC_SOURCE
-
-# additional warnings (newer GCC 3.4 and higher)
-ifdef GCC_34
-CFLAGS += -Wsystem-headers -Wdeclaration-after-statement -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wmissing-prototypes \
-			 -Wmissing-declarations -Wpointer-arith 
+ifeq ($(PLATFORM), CYGWIN)
+  NO_UNDEFINED:=-no-undefined
 endif
-
-
-ifndef IGNORE_SPEED
-
-# optimize for SPEED
-CFLAGS += -O3 -funroll-loops
-
-# add -fomit-frame-pointer.  hinders debugging!
-CFLAGS += -fomit-frame-pointer
-
-# optimize for SIZE
-#CFLAGS += -Os -DLTC_SMALL_CODE
-
-endif
-
-# compile for DEBUGING (required for ccmalloc checking!!!)
-#CFLAGS += -g3
-
-# older GCCs can't handle the "rotate with immediate" ROLc/RORc/etc macros
-# define this to help
-#CFLAGS += -DLTC_NO_ROLC
+LTCOMPILE = $(LIBTOOL) --mode=compile --tag=CC $(CC)
+INSTALL_CMD = $(LIBTOOL) --mode=install install
+UNINSTALL_CMD = $(LIBTOOL) --mode=uninstall rm
 
 #Output filenames for various targets.
-ifndef LIBTEST_S
-   LIBTEST_S=libtomcrypt_prof.a
-endif
-ifndef LIBTEST
-   LIBTEST=libtomcrypt_prof.la
-endif
 ifndef LIBNAME
    LIBNAME=libtomcrypt.la
 endif
-ifndef LIBNAME_S
-   LIBNAME_S=libtomcrypt.a
-endif
 
-HASH=hashsum
-CRYPT=encrypt
-SMALL=small
-PROF=x86_prof
-TV=tv_gen
-TEST=test
-TIMING=timing
 
-#LIBPATH-The directory for libtomcrypt to be installed to.
-#INCPATH-The directory to install the header files for libtomcrypt.
-#DATAPATH-The directory to install the pdf docs.
-ifndef DESTDIR
-   DESTDIR=
-endif
-ifndef LIBPATH
-   LIBPATH=/usr/lib
-endif
-ifndef INCPATH
-   INCPATH=/usr/include
-endif
-ifndef DATAPATH
-   DATAPATH=/usr/share/doc/libtomcrypt/pdf
-endif
+include makefile_include.mk
 
-#Who do we install as?
-ifdef INSTALL_USER
-USER=$(INSTALL_USER)
-else
-USER=root
-endif
 
-ifdef INSTALL_GROUP
-GROUP=$(INSTALL_GROUP)   
-else
-GROUP=wheel  
-endif
-
-#List of objects to compile.
-#START_INS
-OBJECTS=src/ciphers/aes/aes_enc.o src/ciphers/aes/aes.o src/ciphers/anubis.o src/ciphers/blowfish.o \
-src/ciphers/cast5.o src/ciphers/des.o src/ciphers/kasumi.o src/ciphers/khazad.o src/ciphers/kseed.o \
-src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o src/ciphers/rc6.o src/ciphers/safer/safer.o \
-src/ciphers/safer/safer_tab.o src/ciphers/safer/saferp.o src/ciphers/skipjack.o \
-src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_memory.o \
-src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
-src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o src/encauth/eax/eax_encrypt.o \
-src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_init.o \
-src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o src/encauth/gcm/gcm_add_iv.o \
-src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o src/encauth/gcm/gcm_init.o \
-src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o src/encauth/gcm/gcm_process.o \
-src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o \
-src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \
-src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
-src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
-src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
-src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \
-src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
-src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o \
-src/hashes/sha1.o src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \
-src/hashes/whirl/whirl.o src/mac/f9/f9_done.o src/mac/f9/f9_file.o src/mac/f9/f9_init.o \
-src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o src/mac/f9/f9_process.o src/mac/f9/f9_test.o \
-src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
-src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \
-src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
-src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \
-src/mac/pelican/pelican.o src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o \
-src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
-src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
-src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/xcbc/xcbc_done.o \
-src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \
-src/mac/xcbc/xcbc_memory_multi.o src/mac/xcbc/xcbc_process.o src/mac/xcbc/xcbc_test.o \
-src/math/fp/ltc_ecc_fp_mulmod.o src/math/gmp_desc.o src/math/ltm_desc.o src/math/multi.o \
-src/math/rand_prime.o src/math/tfm_desc.o src/misc/base64/base64_decode.o \
-src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt.o \
-src/misc/crypt/crypt_argchk.o src/misc/crypt/crypt_cipher_descriptor.o \
-src/misc/crypt/crypt_cipher_is_valid.o src/misc/crypt/crypt_find_cipher.o \
-src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher_id.o \
-src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_any.o \
-src/misc/crypt/crypt_find_hash_id.o src/misc/crypt/crypt_find_hash_oid.o \
-src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_fsa.o src/misc/crypt/crypt_hash_descriptor.o \
-src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_ltc_mp_descriptor.o \
-src/misc/crypt/crypt_prng_descriptor.o src/misc/crypt/crypt_prng_is_valid.o \
-src/misc/crypt/crypt_register_cipher.o src/misc/crypt/crypt_register_hash.o \
-src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_unregister_cipher.o \
-src/misc/crypt/crypt_unregister_hash.o src/misc/crypt/crypt_unregister_prng.o \
-src/misc/error_to_string.o src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
-src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o \
-src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o \
-src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o \
-src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \
-src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \
-src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \
-src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
-src/modes/ecb/ecb_start.o src/modes/f8/f8_decrypt.o src/modes/f8/f8_done.o src/modes/f8/f8_encrypt.o \
-src/modes/f8/f8_getiv.o src/modes/f8/f8_setiv.o src/modes/f8/f8_start.o src/modes/f8/f8_test_mode.o \
-src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o src/modes/lrw/lrw_encrypt.o \
-src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o src/modes/lrw/lrw_setiv.o \
-src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
-src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
-src/modes/ofb/ofb_start.o src/pk/asn1/der/bit/der_decode_bit_string.o \
-src/pk/asn1/der/bit/der_encode_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \
-src/pk/asn1/der/boolean/der_decode_boolean.o src/pk/asn1/der/boolean/der_encode_boolean.o \
-src/pk/asn1/der/boolean/der_length_boolean.o src/pk/asn1/der/choice/der_decode_choice.o \
-src/pk/asn1/der/ia5/der_decode_ia5_string.o src/pk/asn1/der/ia5/der_encode_ia5_string.o \
-src/pk/asn1/der/ia5/der_length_ia5_string.o src/pk/asn1/der/integer/der_decode_integer.o \
-src/pk/asn1/der/integer/der_encode_integer.o src/pk/asn1/der/integer/der_length_integer.o \
-src/pk/asn1/der/object_identifier/der_decode_object_identifier.o \
-src/pk/asn1/der/object_identifier/der_encode_object_identifier.o \
-src/pk/asn1/der/object_identifier/der_length_object_identifier.o \
-src/pk/asn1/der/octet/der_decode_octet_string.o src/pk/asn1/der/octet/der_encode_octet_string.o \
-src/pk/asn1/der/octet/der_length_octet_string.o \
-src/pk/asn1/der/printable_string/der_decode_printable_string.o \
-src/pk/asn1/der/printable_string/der_encode_printable_string.o \
-src/pk/asn1/der/printable_string/der_length_printable_string.o \
-src/pk/asn1/der/sequence/der_decode_sequence_ex.o \
-src/pk/asn1/der/sequence/der_decode_sequence_flexi.o \
-src/pk/asn1/der/sequence/der_decode_sequence_multi.o \
-src/pk/asn1/der/sequence/der_encode_sequence_ex.o \
-src/pk/asn1/der/sequence/der_encode_sequence_multi.o src/pk/asn1/der/sequence/der_length_sequence.o \
-src/pk/asn1/der/sequence/der_sequence_free.o src/pk/asn1/der/set/der_encode_set.o \
-src/pk/asn1/der/set/der_encode_setof.o src/pk/asn1/der/short_integer/der_decode_short_integer.o \
-src/pk/asn1/der/short_integer/der_encode_short_integer.o \
-src/pk/asn1/der/short_integer/der_length_short_integer.o src/pk/asn1/der/utctime/der_decode_utctime.o \
-src/pk/asn1/der/utctime/der_encode_utctime.o src/pk/asn1/der/utctime/der_length_utctime.o \
-src/pk/asn1/der/utf8/der_decode_utf8_string.o src/pk/asn1/der/utf8/der_encode_utf8_string.o \
-src/pk/asn1/der/utf8/der_length_utf8_string.o src/pk/dsa/dsa_decrypt_key.o \
-src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o \
-src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o \
-src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o \
-src/pk/ecc/ecc_ansi_x963_export.o src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o \
-src/pk/ecc/ecc_encrypt_key.o src/pk/ecc/ecc_export.o src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_size.o \
-src/pk/ecc/ecc_import.o src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_shared_secret.o \
-src/pk/ecc/ecc_sign_hash.o src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o src/pk/ecc/ecc_verify_hash.o \
-src/pk/ecc/ltc_ecc_is_valid_idx.o src/pk/ecc/ltc_ecc_map.o src/pk/ecc/ltc_ecc_mul2add.o \
-src/pk/ecc/ltc_ecc_mulmod.o src/pk/ecc/ltc_ecc_mulmod_timing.o src/pk/ecc/ltc_ecc_points.o \
-src/pk/ecc/ltc_ecc_projective_add_point.o src/pk/ecc/ltc_ecc_projective_dbl_point.o \
-src/pk/katja/katja_decrypt_key.o src/pk/katja/katja_encrypt_key.o src/pk/katja/katja_export.o \
-src/pk/katja/katja_exptmod.o src/pk/katja/katja_free.o src/pk/katja/katja_import.o \
-src/pk/katja/katja_make_key.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \
-src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
-src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \
-src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
-src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \
-src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o \
-src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
-src/prngs/sprng.o src/prngs/yarrow.o 
-
-HEADERS=src/headers/tomcrypt_cfg.h src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h \
-src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cipher.h \
-src/headers/tomcrypt_pk.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_math.h \
-src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
-src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
-
-#END_INS
-
-TESTOBJECTS=demos/test.o
-HASHOBJECTS=demos/hashsum.o
-CRYPTOBJECTS=demos/encrypt.o
-SMALLOBJECTS=demos/small.o
-TVS=demos/tv_gen.o
-TESTS=demos/test.o
-TIMINGS=demos/timing.o
-
-#The default rule for make builds the libtomcrypt library.
-default:library
-
-#ciphers come in two flavours... enc+dec and enc 
+#ciphers come in two flavours... enc+dec and enc
 src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
-	$(CC) $(CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
+	$(LTCOMPILE) $(LTC_CFLAGS) $(CPPFLAGS) $(LTC_LDFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
 
-#These are the rules to make certain object files.
-src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
-src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c
-src/hashes/whirl/whirl.o: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c
-src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
-src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
+.c.o:
+	$(LTCOMPILE) $(LTC_CFLAGS) $(CPPFLAGS) $(LTC_LDFLAGS) -o $@ -c $<
 
-#This rule makes the libtomcrypt library.
-library: $(LIBNAME)
+LOBJECTS = $(OBJECTS:.o=.lo)
 
-testprof/$(LIBTEST):
-	cd testprof ; CFLAGS="$(CFLAGS)" GROUP=$(GROUP) USER=$(USER) VERSION=$(VERSION) LIBPATH=$(LIBPATH) LIBTEST=$(LIBTEST) LIBTEST_S=$(LIBTEST_S) make -f makefile.shared
+$(LIBNAME): $(OBJECTS)
+	$(LIBTOOL) --mode=link --tag=CC $(CC) $(LTC_LDFLAGS) $(LOBJECTS) $(EXTRALIBS) -o $@ -rpath $(LIBPATH) -version-info $(VERSION_LT) $(NO_UNDEFINED)
 
-objs: $(OBJECTS)
+test: $(call print-help,test,Builds the library and the 'test' application to run all self-tests) $(LIBNAME) $(TOBJECTS)
+	$(LIBTOOL) --mode=link --tag=CC $(CC) $(LTC_LDFLAGS) -o $(TEST) $(TOBJECTS) $(LIBNAME) $(EXTRALIBS)
 
-$(LIBNAME): $(OBJECTS) testprof/$(LIBTEST)
-	libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | grep "src/" | xargs` $(EXTRALIBS) -o $(LIBNAME) -rpath $(LIBPATH) -version-info $(VERSION)
+# build the demos from a template
+define DEMO_template
+$(1): $(call print-help,$(1),Builds the library and the '$(1)' demo) demos/$(1).o $$(LIBNAME)
+	$$(LIBTOOL) --mode=link --tag=CC $$(CC) $$(LTC_LDFLAGS) $$^ $$(EXTRALIBS) -o $(1)
+endef
 
-install: $(LIBNAME)
-	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(LIBPATH)
-	cd testprof ; CFLAGS="$(CFLAGS)" GROUP=$(GROUP) USER=$(USER) VERSION=$(VERSION) LIBPATH=$(LIBPATH) LIBTEST=$(LIBTEST) LIBTEST_S=$(LIBTEST_S) DESTDIR=$(DESTDIR) make -f makefile.shared install
-	libtool --silent --mode=install install -c libtomcrypt.la $(DESTDIR)$(LIBPATH)/libtomcrypt.la
-	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH)
-	install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH)
+$(foreach demo, $(strip $(DEMOS)), $(eval $(call DEMO_template,$(demo))))
 
-#This rule makes the hash program included with libtomcrypt
-hashsum: library
-	gcc $(CFLAGS) demos/hashsum.c -o hashsum.o
-	gcc -o hashsum hashsum.o -ltomcrypt $(EXTRALIBS)
+install: $(call print-help,install,Installs the library + headers + pkg-config file) .common_install
+	sed -e 's,^prefix=.*,prefix=$(PREFIX),' -e 's,^Version:.*,Version: $(VERSION_PC),' libtomcrypt.pc.in > libtomcrypt.pc
+	install -p -d $(DESTDIR)$(LIBPATH)/pkgconfig
+	install -p -m 644 libtomcrypt.pc $(DESTDIR)$(LIBPATH)/pkgconfig/
 
-#makes the crypt program
-crypt: library 
-	gcc $(CFLAGS) demos/encrypt.c -o encrypt.o
-	gcc -o crypt encrypt.o -ltomcrypt $(EXTRALIBS)
+install_bins: $(call print-help,install_bins,Installs the useful demos ($(USEFUL_DEMOS))) .common_install_bins
 
-tv_gen: library $(TVS)
-	gcc -o tv_gen $(TVS) -ltomcrypt $(EXTRALIBS)
+uninstall: $(call print-help,uninstall,Uninstalls the library + headers + pkg-config file) .common_uninstall
+	rm $(DESTDIR)$(LIBPATH)/pkgconfig/libtomcrypt.pc
 
-test: library testprof/$(LIBTEST) $(TESTS)
-	gcc -o $(TEST) $(TESTS) -ltomcrypt_prof -ltomcrypt $(EXTRALIBS)
-
-timing: library testprof/$(LIBTEST) $(TIMINGS)
-	gcc -o $(TIMING) $(TIMINGS) -ltomcrypt_prof -ltomcrypt $(EXTRALIBS)
-
-# $Source: /cvs/libtom/libtomcrypt/makefile.shared,v $   
-# $Revision: 1.76 $   
-# $Date: 2006/12/02 19:23:21 $ 
+# ref:         $Format:%D$
+# git commit:  $Format:%H$
+# commit time: $Format:%ai$

libtomcrypt/makefile.unix

@@ -1,98 +1,129 @@
-# MAKEFILE for bsd make
+# MAKEFILE that is intended to be compatible with any kind of make (GNU make, BSD make, ...)
+# works on: Linux, *BSD, Cygwin, AIX, HP-UX and hopefully other UNIX systems
 #
-# Tom St Denis
+# Please do not use here neither any special make syntax nor any unusual tools/utilities!
+#
+# BEWARE: variables OBJECTS, TOBJECTS, HEADERS, VERSION are updated via ./updatemakes.sh
 
-# Compiler and Linker Names
-CC=cc
-LD=ld
+### USAGE:
+#
+# make -f makefile.unix all
+# ./test
+# make -f makefile.unix install
+#
+#Or:
+#
+# make -f makefile.unix CFLAGS="-O3 -DUSE_LTM -DLTM_DESC -I/path/to/libtommath" EXTRALIBS=/path/to/libtommath/libtommath.a all
+# ./test
+# make -f makefile.unix PREFIX=/opt/libtom install
+#
+#Or if you are using Intel C compiler you might need something like:
+#
+# make -f makefile.unix CC=icc AR=xiar CFLAGS="-fast -DUSE_LTM -DLTM_DESC -I/path/to/libtommath" EXTRALIBS=/path/to/libtommath/libtommath.a all
+#
 
-# Archiver [makes .a files]
-AR=ar
-ARFLAGS=r
+#The following can be overridden from command line e.g. "make -f makefile.unix CC=gcc ARFLAGS=rcs"
+DESTDIR   =
+PREFIX    = /usr/local
+LIBPATH   = $(PREFIX)/lib
+INCPATH   = $(PREFIX)/include
+DATAPATH  = $(PREFIX)/share/doc/libtomcrypt/pdf
+BINPATH   = $(PREFIX)/bin
+CC        = cc
+AR        = ar
+ARFLAGS   = r
+RANLIB    = ranlib
+CFLAGS    = -O2 -DUSE_LTM -DLTM_DESC -I../libtommath
+EXTRALIBS = ../libtommath/libtommath.a
 
-# Compilation flags. Note the += does not write over the user's CFLAGS!
-CFLAGS = -c -I./testprof/ -I./src/headers/ -DLTC_SOURCE -O2 ${CFLAGS_OPTS} -o $@
+#Compilation flags
+LTC_CFLAGS  = -Isrc/headers -Itests -DLTC_SOURCE $(CFLAGS)
+LTC_LDFLAGS = $(LDFLAGS) $(EXTRALIBS)
+VERSION=1.18.2
 
-LIBNAME=libtomcrypt.a
-LIBTEST=libtomcrypt_prof.a
-LIBTEST_S=$(LIBTEST)
+#Libraries to be created (this makefile builds only static libraries)
+LIBMAIN_S =libtomcrypt.a
 
-HASH=hashsum
-CRYPT=encrypt
-SMALL=small
-PROF=x86_prof
-TV=tv_gen
-MULTI=multi
-TIMING=timing
-TEST=test
-
-#LIBPATH-The directory for libtomcrypt to be installed to.
-#INCPATH-The directory to install the header files for libtomcrypt.
-#DATAPATH-The directory to install the pdf docs.
-LIBPATH=/usr/local/lib
-INCPATH=/usr/local/include
-DATAPATH=/usr/local/share/doc/libtomcrypt/pdf
-
-#Who do we install as?
-USER=root
-
-GROUP=wheel
-
-#List of objects to compile.
-#START_INS
-OBJECTS=src/ciphers/aes/aes_enc.o src/ciphers/aes/aes.o src/ciphers/anubis.o src/ciphers/blowfish.o \
-src/ciphers/cast5.o src/ciphers/des.o src/ciphers/kasumi.o src/ciphers/khazad.o src/ciphers/kseed.o \
-src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o src/ciphers/rc6.o src/ciphers/safer/safer.o \
-src/ciphers/safer/safer_tab.o src/ciphers/safer/saferp.o src/ciphers/skipjack.o \
-src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_memory.o \
-src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
-src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o src/encauth/eax/eax_encrypt.o \
-src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_init.o \
-src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o src/encauth/gcm/gcm_add_iv.o \
-src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o src/encauth/gcm/gcm_init.o \
-src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o src/encauth/gcm/gcm_process.o \
-src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o \
-src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \
-src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
+#List of objects to compile (all goes to libtomcrypt.a)
+OBJECTS=src/ciphers/aes/aes.o src/ciphers/aes/aes_enc.o src/ciphers/anubis.o src/ciphers/blowfish.o \
+src/ciphers/camellia.o src/ciphers/cast5.o src/ciphers/des.o src/ciphers/kasumi.o src/ciphers/khazad.o \
+src/ciphers/kseed.o src/ciphers/multi2.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \
+src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/saferp.o src/ciphers/skipjack.o \
+src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_add_aad.o \
+src/encauth/ccm/ccm_add_nonce.o src/encauth/ccm/ccm_done.o src/encauth/ccm/ccm_init.o \
+src/encauth/ccm/ccm_memory.o src/encauth/ccm/ccm_process.o src/encauth/ccm/ccm_reset.o \
+src/encauth/ccm/ccm_test.o src/encauth/chachapoly/chacha20poly1305_add_aad.o \
+src/encauth/chachapoly/chacha20poly1305_decrypt.o src/encauth/chachapoly/chacha20poly1305_done.o \
+src/encauth/chachapoly/chacha20poly1305_encrypt.o src/encauth/chachapoly/chacha20poly1305_init.o \
+src/encauth/chachapoly/chacha20poly1305_memory.o src/encauth/chachapoly/chacha20poly1305_setiv.o \
+src/encauth/chachapoly/chacha20poly1305_setiv_rfc7905.o \
+src/encauth/chachapoly/chacha20poly1305_test.o src/encauth/eax/eax_addheader.o \
+src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
+src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
+src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \
+src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
+src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
+src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
+src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
+src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
 src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
 src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
-src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \
-src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
-src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o \
-src/hashes/sha1.o src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \
-src/hashes/whirl/whirl.o src/mac/f9/f9_done.o src/mac/f9/f9_file.o src/mac/f9/f9_init.o \
-src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o src/mac/f9/f9_process.o src/mac/f9/f9_test.o \
-src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
-src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \
-src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
-src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \
-src/mac/pelican/pelican.o src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o \
-src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
+src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \
+src/encauth/ocb3/ocb3_decrypt_verify_memory.o src/encauth/ocb3/ocb3_done.o \
+src/encauth/ocb3/ocb3_encrypt.o src/encauth/ocb3/ocb3_encrypt_authenticate_memory.o \
+src/encauth/ocb3/ocb3_encrypt_last.o src/encauth/ocb3/ocb3_init.o src/encauth/ocb3/ocb3_int_ntz.o \
+src/encauth/ocb3/ocb3_int_xor_blocks.o src/encauth/ocb3/ocb3_test.o src/hashes/blake2b.o \
+src/hashes/blake2s.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \
+src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
+src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o src/hashes/md5.o \
+src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o src/hashes/sha1.o \
+src/hashes/sha2/sha224.o src/hashes/sha2/sha256.o src/hashes/sha2/sha384.o src/hashes/sha2/sha512.o \
+src/hashes/sha2/sha512_224.o src/hashes/sha2/sha512_256.o src/hashes/sha3.o src/hashes/sha3_test.o \
+src/hashes/tiger.o src/hashes/whirl/whirl.o src/mac/blake2/blake2bmac.o \
+src/mac/blake2/blake2bmac_file.o src/mac/blake2/blake2bmac_memory.o \
+src/mac/blake2/blake2bmac_memory_multi.o src/mac/blake2/blake2bmac_test.o src/mac/blake2/blake2smac.o \
+src/mac/blake2/blake2smac_file.o src/mac/blake2/blake2smac_memory.o \
+src/mac/blake2/blake2smac_memory_multi.o src/mac/blake2/blake2smac_test.o src/mac/f9/f9_done.o \
+src/mac/f9/f9_file.o src/mac/f9/f9_init.o src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o \
+src/mac/f9/f9_process.o src/mac/f9/f9_test.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \
+src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o src/mac/hmac/hmac_memory_multi.o \
+src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \
+src/mac/omac/omac_init.o src/mac/omac/omac_memory.o src/mac/omac/omac_memory_multi.o \
+src/mac/omac/omac_process.o src/mac/omac/omac_test.o src/mac/pelican/pelican.o \
+src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o src/mac/pmac/pmac_done.o \
+src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
 src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
-src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/xcbc/xcbc_done.o \
+src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/poly1305/poly1305.o \
+src/mac/poly1305/poly1305_file.o src/mac/poly1305/poly1305_memory.o \
+src/mac/poly1305/poly1305_memory_multi.o src/mac/poly1305/poly1305_test.o src/mac/xcbc/xcbc_done.o \
 src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \
 src/mac/xcbc/xcbc_memory_multi.o src/mac/xcbc/xcbc_process.o src/mac/xcbc/xcbc_test.o \
 src/math/fp/ltc_ecc_fp_mulmod.o src/math/gmp_desc.o src/math/ltm_desc.o src/math/multi.o \
-src/math/rand_prime.o src/math/tfm_desc.o src/misc/base64/base64_decode.o \
-src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt.o \
-src/misc/crypt/crypt_argchk.o src/misc/crypt/crypt_cipher_descriptor.o \
-src/misc/crypt/crypt_cipher_is_valid.o src/misc/crypt/crypt_find_cipher.o \
+src/math/radix_to_bin.o src/math/rand_bn.o src/math/rand_prime.o src/math/tfm_desc.o src/misc/adler32.o \
+src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o src/misc/burn_stack.o \
+src/misc/compare_testvector.o src/misc/crc32.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \
+src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
+src/misc/crypt/crypt_constants.o src/misc/crypt/crypt_find_cipher.o \
 src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher_id.o \
 src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_any.o \
 src/misc/crypt/crypt_find_hash_id.o src/misc/crypt/crypt_find_hash_oid.o \
 src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_fsa.o src/misc/crypt/crypt_hash_descriptor.o \
-src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_ltc_mp_descriptor.o \
-src/misc/crypt/crypt_prng_descriptor.o src/misc/crypt/crypt_prng_is_valid.o \
-src/misc/crypt/crypt_register_cipher.o src/misc/crypt/crypt_register_hash.o \
-src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_unregister_cipher.o \
-src/misc/crypt/crypt_unregister_hash.o src/misc/crypt/crypt_unregister_prng.o \
-src/misc/error_to_string.o src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
-src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o \
-src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o \
-src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o \
-src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \
-src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \
-src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \
+src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_inits.o \
+src/misc/crypt/crypt_ltc_mp_descriptor.o src/misc/crypt/crypt_prng_descriptor.o \
+src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_prng_rng_descriptor.o \
+src/misc/crypt/crypt_register_all_ciphers.o src/misc/crypt/crypt_register_all_hashes.o \
+src/misc/crypt/crypt_register_all_prngs.o src/misc/crypt/crypt_register_cipher.o \
+src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_sizes.o \
+src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
+src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o src/misc/hkdf/hkdf.o \
+src/misc/hkdf/hkdf_test.o src/misc/mem_neq.o src/misc/pk_get_oid.o src/misc/pkcs5/pkcs_5_1.o \
+src/misc/pkcs5/pkcs_5_2.o src/misc/pkcs5/pkcs_5_test.o src/misc/zeromem.o src/modes/cbc/cbc_decrypt.o \
+src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
+src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
+src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o \
+src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o \
+src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o src/modes/ctr/ctr_getiv.o \
+src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \
 src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
 src/modes/ecb/ecb_start.o src/modes/f8/f8_decrypt.o src/modes/f8/f8_done.o src/modes/f8/f8_encrypt.o \
 src/modes/f8/f8_getiv.o src/modes/f8/f8_setiv.o src/modes/f8/f8_start.o src/modes/f8/f8_test_mode.o \
@@ -100,10 +131,16 @@ src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o src/modes/lrw/lrw_encrypt.o
 src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o src/modes/lrw/lrw_setiv.o \
 src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
 src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
-src/modes/ofb/ofb_start.o src/pk/asn1/der/bit/der_decode_bit_string.o \
-src/pk/asn1/der/bit/der_encode_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \
+src/modes/ofb/ofb_start.o src/modes/xts/xts_decrypt.o src/modes/xts/xts_done.o \
+src/modes/xts/xts_encrypt.o src/modes/xts/xts_init.o src/modes/xts/xts_mult_x.o \
+src/modes/xts/xts_test.o src/pk/asn1/der/bit/der_decode_bit_string.o \
+src/pk/asn1/der/bit/der_decode_raw_bit_string.o src/pk/asn1/der/bit/der_encode_bit_string.o \
+src/pk/asn1/der/bit/der_encode_raw_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \
 src/pk/asn1/der/boolean/der_decode_boolean.o src/pk/asn1/der/boolean/der_encode_boolean.o \
 src/pk/asn1/der/boolean/der_length_boolean.o src/pk/asn1/der/choice/der_decode_choice.o \
+src/pk/asn1/der/generalizedtime/der_decode_generalizedtime.o \
+src/pk/asn1/der/generalizedtime/der_encode_generalizedtime.o \
+src/pk/asn1/der/generalizedtime/der_length_generalizedtime.o \
 src/pk/asn1/der/ia5/der_decode_ia5_string.o src/pk/asn1/der/ia5/der_encode_ia5_string.o \
 src/pk/asn1/der/ia5/der_length_ia5_string.o src/pk/asn1/der/integer/der_decode_integer.o \
 src/pk/asn1/der/integer/der_encode_integer.o src/pk/asn1/der/integer/der_length_integer.o \
@@ -118,22 +155,32 @@ src/pk/asn1/der/printable_string/der_length_printable_string.o \
 src/pk/asn1/der/sequence/der_decode_sequence_ex.o \
 src/pk/asn1/der/sequence/der_decode_sequence_flexi.o \
 src/pk/asn1/der/sequence/der_decode_sequence_multi.o \
+src/pk/asn1/der/sequence/der_decode_subject_public_key_info.o \
 src/pk/asn1/der/sequence/der_encode_sequence_ex.o \
-src/pk/asn1/der/sequence/der_encode_sequence_multi.o src/pk/asn1/der/sequence/der_length_sequence.o \
-src/pk/asn1/der/sequence/der_sequence_free.o src/pk/asn1/der/set/der_encode_set.o \
+src/pk/asn1/der/sequence/der_encode_sequence_multi.o \
+src/pk/asn1/der/sequence/der_encode_subject_public_key_info.o \
+src/pk/asn1/der/sequence/der_length_sequence.o src/pk/asn1/der/sequence/der_sequence_free.o \
+src/pk/asn1/der/sequence/der_sequence_shrink.o src/pk/asn1/der/set/der_encode_set.o \
 src/pk/asn1/der/set/der_encode_setof.o src/pk/asn1/der/short_integer/der_decode_short_integer.o \
 src/pk/asn1/der/short_integer/der_encode_short_integer.o \
-src/pk/asn1/der/short_integer/der_length_short_integer.o src/pk/asn1/der/utctime/der_decode_utctime.o \
-src/pk/asn1/der/utctime/der_encode_utctime.o src/pk/asn1/der/utctime/der_length_utctime.o \
-src/pk/asn1/der/utf8/der_decode_utf8_string.o src/pk/asn1/der/utf8/der_encode_utf8_string.o \
-src/pk/asn1/der/utf8/der_length_utf8_string.o src/pk/dsa/dsa_decrypt_key.o \
-src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o \
-src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o \
-src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o \
-src/pk/ecc/ecc_ansi_x963_export.o src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o \
-src/pk/ecc/ecc_encrypt_key.o src/pk/ecc/ecc_export.o src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_size.o \
-src/pk/ecc/ecc_import.o src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_shared_secret.o \
-src/pk/ecc/ecc_sign_hash.o src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o src/pk/ecc/ecc_verify_hash.o \
+src/pk/asn1/der/short_integer/der_length_short_integer.o \
+src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
+src/pk/asn1/der/teletex_string/der_length_teletex_string.o \
+src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_utctime.o \
+src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \
+src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \
+src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o src/pk/dh/dh_export.o src/pk/dh/dh_export_key.o \
+src/pk/dh/dh_free.o src/pk/dh/dh_generate_key.o src/pk/dh/dh_import.o src/pk/dh/dh_set.o \
+src/pk/dh/dh_set_pg_dhparam.o src/pk/dh/dh_shared_secret.o src/pk/dsa/dsa_decrypt_key.o \
+src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o \
+src/pk/dsa/dsa_generate_key.o src/pk/dsa/dsa_generate_pqg.o src/pk/dsa/dsa_import.o \
+src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_set.o src/pk/dsa/dsa_set_pqg_dsaparam.o \
+src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \
+src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/ecc/ecc_ansi_x963_export.o \
+src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o src/pk/ecc/ecc_encrypt_key.o \
+src/pk/ecc/ecc_export.o src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_size.o src/pk/ecc/ecc_import.o \
+src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_shared_secret.o src/pk/ecc/ecc_sign_hash.o \
+src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o src/pk/ecc/ecc_verify_hash.o \
 src/pk/ecc/ltc_ecc_is_valid_idx.o src/pk/ecc/ltc_ecc_map.o src/pk/ecc/ltc_ecc_mul2add.o \
 src/pk/ecc/ltc_ecc_mulmod.o src/pk/ecc/ltc_ecc_mulmod_timing.o src/pk/ecc/ltc_ecc_points.o \
 src/pk/ecc/ltc_ecc_projective_add_point.o src/pk/ecc/ltc_ecc_projective_dbl_point.o \
@@ -143,97 +190,105 @@ src/pk/katja/katja_make_key.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mg
 src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
 src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \
 src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
-src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \
-src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o \
+src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \
+src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_pkcs8.o src/pk/rsa/rsa_import_x509.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_set.o src/pk/rsa/rsa_sign_hash.o \
+src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o src/prngs/chacha20.o src/prngs/fortuna.o \
 src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
-src/prngs/sprng.o src/prngs/yarrow.o 
+src/prngs/sprng.o src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \
+src/stream/chacha/chacha_ivctr32.o src/stream/chacha/chacha_ivctr64.o \
+src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o \
+src/stream/rc4/rc4_stream.o src/stream/rc4/rc4_test.o src/stream/sober128/sober128_stream.o \
+src/stream/sober128/sober128_test.o
 
-HEADERS=src/headers/tomcrypt_cfg.h src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h \
-src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cipher.h \
-src/headers/tomcrypt_pk.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_math.h \
-src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
-src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
+#List of test objects to compile (all goes to libtomcrypt_prof.a)
+TOBJECTS=tests/base64_test.o tests/cipher_hash_test.o tests/common.o tests/der_test.o tests/dh_test.o \
+tests/dsa_test.o tests/ecc_test.o tests/file_test.o tests/katja_test.o tests/mac_test.o tests/misc_test.o \
+tests/modes_test.o tests/mpi_test.o tests/multi_test.o tests/no_prng.o tests/pkcs_1_eme_test.o \
+tests/pkcs_1_emsa_test.o tests/pkcs_1_oaep_test.o tests/pkcs_1_pss_test.o tests/pkcs_1_test.o \
+tests/prng_test.o tests/rotate_test.o tests/rsa_test.o tests/store_test.o tests/test.o
 
-#END_INS
+#The following headers will be installed by "make install"
+HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
+src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
+src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h src/headers/tomcrypt_math.h \
+src/headers/tomcrypt_misc.h src/headers/tomcrypt_pk.h src/headers/tomcrypt_pkcs.h \
+src/headers/tomcrypt_prng.h
 
-TESTOBJECTS=demos/test.o
-HASHOBJECTS=demos/hashsum.o
-CRYPTOBJECTS=demos/encrypt.o
-SMALLOBJECTS=demos/small.o
-TVS=demos/tv_gen.o
-MULTIS=demos/multi.o
-TIMINGS=demos/timing.o
-TESTS=demos/test.o
+#The default rule for make builds the libtomcrypt.a library (static)
+default: $(LIBMAIN_S)
 
-#Files left over from making the crypt.pdf.
-LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind *.out
-
-#Compressed filenames
-COMPRESSED=crypt-$(VERSION).tar.bz2 crypt-$(VERSION).zip
-
-#The default rule for make builds the libtomcrypt library.
-default:library
-
-#ciphers come in two flavours... enc+dec and enc 
+#SPECIAL: AES comes in two flavours - enc+dec and enc-only
 src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
-	$(CC) $(CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
+	$(CC) $(LTC_CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
 
-#These are the rules to make certain object files.
+#SPECIAL: these are the rules to make certain object files
 src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
 src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c
 src/hashes/whirl/whirl.o: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c
 src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
+src/hashes/sha2/sha512_224.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha512_224.c
+src/hashes/sha2/sha512_256.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha512_256.c
 src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
 
-#This rule makes the libtomcrypt library.
-library: $(LIBNAME)
+#Dependencies on *.h
+$(OBJECTS): $(HEADERS)
+$(TOBJECTS): $(HEADERS) tests/tomcrypt_test.h
 
-testprof/$(LIBTEST): 
-	cd testprof ; CFLAGS="$(CFLAGS)" LIBTEST_S=$(LIBTEST_S) $(MAKE) 
+#This is necessary for compatibility with BSD make (namely on OpenBSD)
+.SUFFIXES: .o .c
+.c.o:
+	$(CC) $(LTC_CFLAGS) -c $< -o $@
 
-$(LIBNAME): $(OBJECTS)
+#Create libtomcrypt.a
+$(LIBMAIN_S): $(OBJECTS)
 	$(AR) $(ARFLAGS) $@ $(OBJECTS)
 	$(RANLIB) $@
 
-#This rule makes the hash program included with libtomcrypt
-hashsum: library $(HASHOBJECTS)
-	$(CC) $(HASHOBJECTS) $(LIBNAME) $(EXTRALIBS) -o $(HASH) $(WARN)
+#Demo tools/utilities
+hashsum: demos/hashsum.o $(LIBMAIN_S)
+	$(CC) demos/hashsum.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+ltcrypt: demos/ltcrypt.o $(LIBMAIN_S)
+	$(CC) demos/ltcrypt.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+small: demos/small.o $(LIBMAIN_S)
+	$(CC) demos/small.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+tv_gen: demos/tv_gen.o $(LIBMAIN_S)
+	$(CC) demos/tv_gen.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+sizes: demos/sizes.o $(LIBMAIN_S)
+	$(CC) demos/sizes.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+constants: demos/constants.o $(LIBMAIN_S)
+	$(CC) demos/constants.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+timing: demos/timing.o $(LIBMAIN_S)
+	$(CC) demos/timing.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
 
-#makes the crypt program
-crypt: library $(CRYPTOBJECTS)
-	$(CC) $(CRYPTOBJECTS) $(LIBNAME) $(EXTRALIBS) -o $(CRYPT) $(WARN)
+#Tests
+test: $(TOBJECTS) $(LIBMAIN_S)
+	$(CC) $(TOBJECTS) $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+	@echo "NOTICE: start the tests by: ./test"
 
-#makes the small program
-small: library $(SMALLOBJECTS)
-	$(CC) $(SMALLOBJECTS) $(LIBNAME) $(EXTRALIBS) -o $(SMALL) $(WARN)
-	
-tv_gen: library $(TVS)
-	$(CC) $(LDFLAGS) $(TVS) $(LIBNAME) $(EXTRALIBS) -o $(TV)
+all: $(LIBMAIN_S) hashsum ltcrypt small tv_gen sizes constants timing test
 
-multi: library $(MULTIS)
-	$(CC) $(MULTIS) $(LIBNAME) $(EXTRALIBS) -o $(MULTI)
+#NOTE: this makefile works also on cygwin, thus we need to delete *.exe
+clean:
+	-@rm -f $(OBJECTS) $(TOBJECTS)
+	-@rm -f $(LIBMAIN_S)
+	-@rm -f demos/*.o *_tv.txt
+	-@rm -f test constants sizes tv_gen hashsum ltcrypt small timing
+	-@rm -f test.exe constants.exe sizes.exe tv_gen.exe hashsum.exe ltcrypt.exe small.exe timing.exe
 
-timing: library testprof/$(LIBTEST) $(TIMINGS)
-	$(CC) $(LDFLAGS) $(TIMINGS) testprof/$(LIBTEST) $(LIBNAME) $(EXTRALIBS) -o $(TIMING)
+#Install the library + headers
+install: $(LIBMAIN_S) $(HEADERS)
+	@mkdir -p $(DESTDIR)$(INCPATH) $(DESTDIR)$(LIBPATH)/pkgconfig
+	@cp $(LIBMAIN_S) $(DESTDIR)$(LIBPATH)/
+	@cp $(HEADERS) $(DESTDIR)$(INCPATH)/
+	@sed -e 's,^prefix=.*,prefix=$(PREFIX),' -e 's,^Version:.*,Version: $(VERSION),' libtomcrypt.pc.in > $(DESTDIR)$(LIBPATH)/pkgconfig/libtomcrypt.pc
 
-test: library testprof/$(LIBTEST) $(TESTS)
-	$(CC) $(LDFLAGS) $(TESTS) testprof/$(LIBTEST) $(LIBNAME) $(EXTRALIBS) -o $(TEST)
+#Install useful tools
+install_bins: hashsum
+	@mkdir -p $(DESTDIR)$(BINPATH)
+	@cp hashsum $(DESTDIR)$(BINPATH)/
 
-#This rule installs the library and the header files. This must be run
-#as root in order to have a high enough permission to write to the correct
-#directories and to set the owner and group to root.
-install: library
-	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(LIBPATH)
-	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH)
-	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(DATAPATH)
-	install -g $(GROUP) -o $(USER) $(LIBNAME) $(DESTDIR)$(LIBPATH)
-	install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH)
-
-install_test: testprof/$(LIBTEST)
-	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(LIBPATH)
-	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH)
-	install -g $(GROUP) -o $(USER) testprof/$(LIBTEST) $(DESTDIR)$(LIBPATH)
-
-# $Source: /cvs/libtom/libtomcrypt/makefile.unix,v $ 
-# $Revision: 1.4 $ 
-# $Date: 2006/12/02 19:23:21 $ 
+#Install documentation
+install_docs: doc/crypt.pdf
+	@mkdir -p $(DESTDIR)$(DATAPATH)
+	@cp doc/crypt.pdf $(DESTDIR)$(DATAPATH)/

libtomcrypt/makefile_include.mk

@@ -0,0 +1,490 @@
+#
+# Include makefile used by makefile + makefile.shared
+#  (GNU make only)
+
+# The version - BEWARE: VERSION, VERSION_PC and VERSION_LT are updated via ./updatemakes.sh
+VERSION=1.18.2
+VERSION_PC=1.18.2
+# http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
+VERSION_LT=1:1
+
+# Compiler and Linker Names
+ifndef CROSS_COMPILE
+  CROSS_COMPILE:=
+endif
+
+# We only need to go through this dance of determining the right compiler if we're using
+# cross compilation, otherwise $(CC) is fine as-is.
+ifneq (,$(CROSS_COMPILE))
+ifeq ($(origin CC),default)
+CSTR := "\#ifdef __clang__\nCLANG\n\#endif\n"
+ifeq ($(PLATFORM),FreeBSD)
+  # XXX: FreeBSD needs extra escaping for some reason
+  CSTR := $$$(CSTR)
+endif
+ifneq (,$(shell echo $(CSTR) | $(CC) -E - | grep CLANG))
+  CC := $(CROSS_COMPILE)clang
+else
+  CC := $(CROSS_COMPILE)gcc
+endif # Clang
+endif # cc is Make's default
+endif # CROSS_COMPILE non-empty
+
+LD:=$(CROSS_COMPILE)ld
+AR:=$(CROSS_COMPILE)ar
+
+# Archiver [makes .a files]
+#AR=ar
+ARFLAGS:=r
+
+ifndef MAKE
+# BSDs refer to GNU Make as gmake
+ifneq (,$(findstring $(PLATFORM),FreeBSD OpenBSD DragonFly NetBSD))
+  MAKE=gmake
+else
+  MAKE=make
+endif
+endif
+
+ifndef INSTALL_CMD
+$(error your makefile must define INSTALL_CMD)
+endif
+ifndef UNINSTALL_CMD
+$(error your makefile must define UNINSTALL_CMD)
+endif
+
+ifndef EXTRALIBS
+ifneq ($(shell echo $(CFLAGS) | grep USE_LTM),)
+EXTRALIBS=$(shell PKG_CONFIG_PATH=$(LIBPATH)/pkgconfig pkg-config libtommath --libs)
+else
+ifneq ($(shell echo $(CFLAGS) | grep USE_TFM),)
+EXTRALIBS=$(shell PKG_CONFIG_PATH=$(LIBPATH)/pkgconfig pkg-config tomsfastmath --libs)
+endif
+endif
+endif
+
+need-help := $(filter help,$(MAKECMDGOALS))
+define print-help
+$(if $(need-help),$(info $1 -- $2))
+endef
+
+#
+# Compilation flags. Note the += does not write over the user's CFLAGS!
+#
+# Also note that we're extending the environments' CFLAGS.
+# If you think that our CFLAGS are not nice you can easily override them
+# by giving them as a parameter to make:
+#  make CFLAGS="-I./src/headers/ -DLTC_SOURCE ..." ...
+#
+LTC_CFLAGS += -I./src/headers/ -Wall -Wsign-compare -Wshadow -DLTC_SOURCE
+
+ifdef OLD_GCC
+LTC_CFLAGS += -W
+# older GCCs can't handle the "rotate with immediate" ROLc/RORc/etc macros
+# define this to help
+LTC_CFLAGS += -DLTC_NO_ROLC
+else
+LTC_CFLAGS += -Wextra
+# additional warnings
+LTC_CFLAGS += -Wsystem-headers -Wbad-function-cast -Wcast-align
+LTC_CFLAGS += -Wstrict-prototypes -Wpointer-arith
+LTC_CFLAGS += -Wdeclaration-after-statement
+LTC_CFLAGS += -Wwrite-strings
+endif
+
+LTC_CFLAGS += -Wno-type-limits
+
+ifdef LTC_DEBUG
+$(info Debug build)
+# compile for DEBUGGING (required for ccmalloc checking!!!)
+LTC_CFLAGS += -g3 -DLTC_NO_ASM
+ifneq (,$(strip $(LTC_DEBUG)))
+LTC_CFLAGS += -DLTC_TEST_DBG=$(LTC_DEBUG)
+else
+LTC_CFLAGS += -DLTC_TEST_DBG
+endif
+else
+
+ifdef LTC_SMALL
+# optimize for SIZE
+LTC_CFLAGS += -Os -DLTC_SMALL_CODE
+else
+
+ifndef IGNORE_SPEED
+# optimize for SPEED
+LTC_CFLAGS += -O3 -funroll-loops
+
+# add -fomit-frame-pointer.  hinders debugging!
+LTC_CFLAGS += -fomit-frame-pointer
+endif
+
+endif # COMPILE_SMALL
+endif # COMPILE_DEBUG
+
+
+ifneq ($(findstring clang,$(CC)),)
+LTC_CFLAGS += -Wno-typedef-redefinition -Wno-tautological-compare -Wno-builtin-requires-header -Wno-missing-field-initializers
+endif
+ifneq ($(findstring mingw,$(CC)),)
+LTC_CFLAGS += -Wno-shadow -Wno-attributes
+endif
+ifeq ($(PLATFORM), Darwin)
+LTC_CFLAGS += -Wno-nullability-completeness
+endif
+
+
+GIT_VERSION := $(shell { [ -e .git ] && which git 2>/dev/null 1>&2 ; } && { printf git- ; git describe --tags --always --dirty ; } || echo $(VERSION))
+ifneq ($(GIT_VERSION),)
+LTC_CFLAGS += -DGIT_VERSION=\"$(GIT_VERSION)\"
+endif
+
+LTC_CFLAGS := $(LTC_CFLAGS) $(CFLAGS)
+
+ifneq ($(findstring -DLTC_PTHREAD,$(LTC_CFLAGS)),)
+LTC_LDFLAGS += -pthread
+endif
+
+LTC_LDFLAGS := $(LTC_LDFLAGS) $(LDFLAGS)
+
+#List of demo objects
+DSOURCES = $(wildcard demos/*.c)
+DOBJECTS = $(DSOURCES:.c=.o)
+
+#List of tests headers
+THEADERS = $(wildcard tests/*.h)
+
+TEST=test
+
+# Demos that are even somehow useful and could be installed as a system-tool
+USEFUL_DEMOS   = hashsum
+
+# Demos that are usable but only rarely make sense to be installed
+USEABLE_DEMOS  = ltcrypt sizes constants
+
+# Demos that are used for testing or measuring
+TEST_DEMOS     = small tv_gen
+
+# Demos that are in one config broken
+#  openssl-enc - can't be build with LTC_EASY
+#  timing      - not really broken, but older gcc builds spit warnings
+BROKEN_DEMOS   = openssl-enc timing
+
+# Combine demos in groups
+UNBROKEN_DEMOS = $(TEST_DEMOS) $(USEABLE_DEMOS) $(USEFUL_DEMOS)
+DEMOS          = $(UNBROKEN_DEMOS) $(BROKEN_DEMOS)
+
+#LIBPATH  The directory for libtomcrypt to be installed to.
+#INCPATH  The directory to install the header files for libtomcrypt.
+#DATAPATH The directory to install the pdf docs.
+#BINPATH  The directory to install the binaries provided.
+DESTDIR  ?=
+PREFIX   ?= /usr/local
+LIBPATH  ?= $(PREFIX)/lib
+INCPATH  ?= $(PREFIX)/include
+DATAPATH ?= $(PREFIX)/share/doc/libtomcrypt/pdf
+BINPATH  ?= $(PREFIX)/bin
+
+#Who do we install as?
+ifdef INSTALL_USER
+USER=$(INSTALL_USER)
+else
+USER=root
+endif
+
+ifdef INSTALL_GROUP
+GROUP=$(INSTALL_GROUP)
+else
+GROUP=wheel
+endif
+
+
+#The first rule is also the default rule and builds the libtomcrypt library.
+library: $(call print-help,library,Builds the library) $(LIBNAME)
+
+
+# List of objects to compile (all goes to libtomcrypt.a)
+OBJECTS=src/ciphers/aes/aes.o src/ciphers/aes/aes_enc.o src/ciphers/anubis.o src/ciphers/blowfish.o \
+src/ciphers/camellia.o src/ciphers/cast5.o src/ciphers/des.o src/ciphers/kasumi.o src/ciphers/khazad.o \
+src/ciphers/kseed.o src/ciphers/multi2.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \
+src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/saferp.o src/ciphers/skipjack.o \
+src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_add_aad.o \
+src/encauth/ccm/ccm_add_nonce.o src/encauth/ccm/ccm_done.o src/encauth/ccm/ccm_init.o \
+src/encauth/ccm/ccm_memory.o src/encauth/ccm/ccm_process.o src/encauth/ccm/ccm_reset.o \
+src/encauth/ccm/ccm_test.o src/encauth/chachapoly/chacha20poly1305_add_aad.o \
+src/encauth/chachapoly/chacha20poly1305_decrypt.o src/encauth/chachapoly/chacha20poly1305_done.o \
+src/encauth/chachapoly/chacha20poly1305_encrypt.o src/encauth/chachapoly/chacha20poly1305_init.o \
+src/encauth/chachapoly/chacha20poly1305_memory.o src/encauth/chachapoly/chacha20poly1305_setiv.o \
+src/encauth/chachapoly/chacha20poly1305_setiv_rfc7905.o \
+src/encauth/chachapoly/chacha20poly1305_test.o src/encauth/eax/eax_addheader.o \
+src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
+src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
+src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \
+src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
+src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
+src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
+src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
+src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
+src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
+src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
+src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \
+src/encauth/ocb3/ocb3_decrypt_verify_memory.o src/encauth/ocb3/ocb3_done.o \
+src/encauth/ocb3/ocb3_encrypt.o src/encauth/ocb3/ocb3_encrypt_authenticate_memory.o \
+src/encauth/ocb3/ocb3_encrypt_last.o src/encauth/ocb3/ocb3_init.o src/encauth/ocb3/ocb3_int_ntz.o \
+src/encauth/ocb3/ocb3_int_xor_blocks.o src/encauth/ocb3/ocb3_test.o src/hashes/blake2b.o \
+src/hashes/blake2s.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \
+src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
+src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o src/hashes/md5.o \
+src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o src/hashes/sha1.o \
+src/hashes/sha2/sha224.o src/hashes/sha2/sha256.o src/hashes/sha2/sha384.o src/hashes/sha2/sha512.o \
+src/hashes/sha2/sha512_224.o src/hashes/sha2/sha512_256.o src/hashes/sha3.o src/hashes/sha3_test.o \
+src/hashes/tiger.o src/hashes/whirl/whirl.o src/mac/blake2/blake2bmac.o \
+src/mac/blake2/blake2bmac_file.o src/mac/blake2/blake2bmac_memory.o \
+src/mac/blake2/blake2bmac_memory_multi.o src/mac/blake2/blake2bmac_test.o src/mac/blake2/blake2smac.o \
+src/mac/blake2/blake2smac_file.o src/mac/blake2/blake2smac_memory.o \
+src/mac/blake2/blake2smac_memory_multi.o src/mac/blake2/blake2smac_test.o src/mac/f9/f9_done.o \
+src/mac/f9/f9_file.o src/mac/f9/f9_init.o src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o \
+src/mac/f9/f9_process.o src/mac/f9/f9_test.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \
+src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o src/mac/hmac/hmac_memory_multi.o \
+src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \
+src/mac/omac/omac_init.o src/mac/omac/omac_memory.o src/mac/omac/omac_memory_multi.o \
+src/mac/omac/omac_process.o src/mac/omac/omac_test.o src/mac/pelican/pelican.o \
+src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o src/mac/pmac/pmac_done.o \
+src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
+src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
+src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/poly1305/poly1305.o \
+src/mac/poly1305/poly1305_file.o src/mac/poly1305/poly1305_memory.o \
+src/mac/poly1305/poly1305_memory_multi.o src/mac/poly1305/poly1305_test.o src/mac/xcbc/xcbc_done.o \
+src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \
+src/mac/xcbc/xcbc_memory_multi.o src/mac/xcbc/xcbc_process.o src/mac/xcbc/xcbc_test.o \
+src/math/fp/ltc_ecc_fp_mulmod.o src/math/gmp_desc.o src/math/ltm_desc.o src/math/multi.o \
+src/math/radix_to_bin.o src/math/rand_bn.o src/math/rand_prime.o src/math/tfm_desc.o src/misc/adler32.o \
+src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o src/misc/burn_stack.o \
+src/misc/compare_testvector.o src/misc/crc32.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \
+src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
+src/misc/crypt/crypt_constants.o src/misc/crypt/crypt_find_cipher.o \
+src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher_id.o \
+src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_any.o \
+src/misc/crypt/crypt_find_hash_id.o src/misc/crypt/crypt_find_hash_oid.o \
+src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_fsa.o src/misc/crypt/crypt_hash_descriptor.o \
+src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_inits.o \
+src/misc/crypt/crypt_ltc_mp_descriptor.o src/misc/crypt/crypt_prng_descriptor.o \
+src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_prng_rng_descriptor.o \
+src/misc/crypt/crypt_register_all_ciphers.o src/misc/crypt/crypt_register_all_hashes.o \
+src/misc/crypt/crypt_register_all_prngs.o src/misc/crypt/crypt_register_cipher.o \
+src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_sizes.o \
+src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
+src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o src/misc/hkdf/hkdf.o \
+src/misc/hkdf/hkdf_test.o src/misc/mem_neq.o src/misc/pk_get_oid.o src/misc/pkcs5/pkcs_5_1.o \
+src/misc/pkcs5/pkcs_5_2.o src/misc/pkcs5/pkcs_5_test.o src/misc/zeromem.o src/modes/cbc/cbc_decrypt.o \
+src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
+src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
+src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o \
+src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o \
+src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o src/modes/ctr/ctr_getiv.o \
+src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \
+src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
+src/modes/ecb/ecb_start.o src/modes/f8/f8_decrypt.o src/modes/f8/f8_done.o src/modes/f8/f8_encrypt.o \
+src/modes/f8/f8_getiv.o src/modes/f8/f8_setiv.o src/modes/f8/f8_start.o src/modes/f8/f8_test_mode.o \
+src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o src/modes/lrw/lrw_encrypt.o \
+src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o src/modes/lrw/lrw_setiv.o \
+src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
+src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
+src/modes/ofb/ofb_start.o src/modes/xts/xts_decrypt.o src/modes/xts/xts_done.o \
+src/modes/xts/xts_encrypt.o src/modes/xts/xts_init.o src/modes/xts/xts_mult_x.o \
+src/modes/xts/xts_test.o src/pk/asn1/der/bit/der_decode_bit_string.o \
+src/pk/asn1/der/bit/der_decode_raw_bit_string.o src/pk/asn1/der/bit/der_encode_bit_string.o \
+src/pk/asn1/der/bit/der_encode_raw_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \
+src/pk/asn1/der/boolean/der_decode_boolean.o src/pk/asn1/der/boolean/der_encode_boolean.o \
+src/pk/asn1/der/boolean/der_length_boolean.o src/pk/asn1/der/choice/der_decode_choice.o \
+src/pk/asn1/der/generalizedtime/der_decode_generalizedtime.o \
+src/pk/asn1/der/generalizedtime/der_encode_generalizedtime.o \
+src/pk/asn1/der/generalizedtime/der_length_generalizedtime.o \
+src/pk/asn1/der/ia5/der_decode_ia5_string.o src/pk/asn1/der/ia5/der_encode_ia5_string.o \
+src/pk/asn1/der/ia5/der_length_ia5_string.o src/pk/asn1/der/integer/der_decode_integer.o \
+src/pk/asn1/der/integer/der_encode_integer.o src/pk/asn1/der/integer/der_length_integer.o \
+src/pk/asn1/der/object_identifier/der_decode_object_identifier.o \
+src/pk/asn1/der/object_identifier/der_encode_object_identifier.o \
+src/pk/asn1/der/object_identifier/der_length_object_identifier.o \
+src/pk/asn1/der/octet/der_decode_octet_string.o src/pk/asn1/der/octet/der_encode_octet_string.o \
+src/pk/asn1/der/octet/der_length_octet_string.o \
+src/pk/asn1/der/printable_string/der_decode_printable_string.o \
+src/pk/asn1/der/printable_string/der_encode_printable_string.o \
+src/pk/asn1/der/printable_string/der_length_printable_string.o \
+src/pk/asn1/der/sequence/der_decode_sequence_ex.o \
+src/pk/asn1/der/sequence/der_decode_sequence_flexi.o \
+src/pk/asn1/der/sequence/der_decode_sequence_multi.o \
+src/pk/asn1/der/sequence/der_decode_subject_public_key_info.o \
+src/pk/asn1/der/sequence/der_encode_sequence_ex.o \
+src/pk/asn1/der/sequence/der_encode_sequence_multi.o \
+src/pk/asn1/der/sequence/der_encode_subject_public_key_info.o \
+src/pk/asn1/der/sequence/der_length_sequence.o src/pk/asn1/der/sequence/der_sequence_free.o \
+src/pk/asn1/der/sequence/der_sequence_shrink.o src/pk/asn1/der/set/der_encode_set.o \
+src/pk/asn1/der/set/der_encode_setof.o src/pk/asn1/der/short_integer/der_decode_short_integer.o \
+src/pk/asn1/der/short_integer/der_encode_short_integer.o \
+src/pk/asn1/der/short_integer/der_length_short_integer.o \
+src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
+src/pk/asn1/der/teletex_string/der_length_teletex_string.o \
+src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_utctime.o \
+src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \
+src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \
+src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o src/pk/dh/dh_export.o src/pk/dh/dh_export_key.o \
+src/pk/dh/dh_free.o src/pk/dh/dh_generate_key.o src/pk/dh/dh_import.o src/pk/dh/dh_set.o \
+src/pk/dh/dh_set_pg_dhparam.o src/pk/dh/dh_shared_secret.o src/pk/dsa/dsa_decrypt_key.o \
+src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o \
+src/pk/dsa/dsa_generate_key.o src/pk/dsa/dsa_generate_pqg.o src/pk/dsa/dsa_import.o \
+src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_set.o src/pk/dsa/dsa_set_pqg_dsaparam.o \
+src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \
+src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/ecc/ecc_ansi_x963_export.o \
+src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o src/pk/ecc/ecc_encrypt_key.o \
+src/pk/ecc/ecc_export.o src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_size.o src/pk/ecc/ecc_import.o \
+src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_shared_secret.o src/pk/ecc/ecc_sign_hash.o \
+src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o src/pk/ecc/ecc_verify_hash.o \
+src/pk/ecc/ltc_ecc_is_valid_idx.o src/pk/ecc/ltc_ecc_map.o src/pk/ecc/ltc_ecc_mul2add.o \
+src/pk/ecc/ltc_ecc_mulmod.o src/pk/ecc/ltc_ecc_mulmod_timing.o src/pk/ecc/ltc_ecc_points.o \
+src/pk/ecc/ltc_ecc_projective_add_point.o src/pk/ecc/ltc_ecc_projective_dbl_point.o \
+src/pk/katja/katja_decrypt_key.o src/pk/katja/katja_encrypt_key.o src/pk/katja/katja_export.o \
+src/pk/katja/katja_exptmod.o src/pk/katja/katja_free.o src/pk/katja/katja_import.o \
+src/pk/katja/katja_make_key.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \
+src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
+src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \
+src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
+src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \
+src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_pkcs8.o src/pk/rsa/rsa_import_x509.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_set.o src/pk/rsa/rsa_sign_hash.o \
+src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o src/prngs/chacha20.o src/prngs/fortuna.o \
+src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
+src/prngs/sprng.o src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \
+src/stream/chacha/chacha_ivctr32.o src/stream/chacha/chacha_ivctr64.o \
+src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o \
+src/stream/rc4/rc4_stream.o src/stream/rc4/rc4_test.o src/stream/sober128/sober128_stream.o \
+src/stream/sober128/sober128_test.o
+
+# List of test objects to compile (all goes to libtomcrypt_prof.a)
+TOBJECTS=tests/base64_test.o tests/cipher_hash_test.o tests/common.o tests/der_test.o tests/dh_test.o \
+tests/dsa_test.o tests/ecc_test.o tests/file_test.o tests/katja_test.o tests/mac_test.o tests/misc_test.o \
+tests/modes_test.o tests/mpi_test.o tests/multi_test.o tests/no_prng.o tests/pkcs_1_eme_test.o \
+tests/pkcs_1_emsa_test.o tests/pkcs_1_oaep_test.o tests/pkcs_1_pss_test.o tests/pkcs_1_test.o \
+tests/prng_test.o tests/rotate_test.o tests/rsa_test.o tests/store_test.o tests/test.o
+
+# The following headers will be installed by "make install"
+HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
+src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
+src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h src/headers/tomcrypt_math.h \
+src/headers/tomcrypt_misc.h src/headers/tomcrypt_pk.h src/headers/tomcrypt_pkcs.h \
+src/headers/tomcrypt_prng.h
+
+#These are the rules to make certain object files.
+src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
+src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c
+src/hashes/whirl/whirl.o: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c
+src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
+src/hashes/sha2/sha512_224.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha512_224.c
+src/hashes/sha2/sha512_256.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha512_256.c
+src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
+
+$(DOBJECTS): LTC_CFLAGS := -Itests $(LTC_CFLAGS)
+$(TOBJECTS): LTC_CFLAGS := -Itests $(LTC_CFLAGS)
+
+#Dependencies on *.h
+$(OBJECTS): $(HEADERS)
+$(DOBJECTS): $(HEADERS) $(THEADERS)
+$(TOBJECTS): $(HEADERS) $(THEADERS)
+
+all: $(call print-help,all,Builds the library and all demos and test utils (test $(UNBROKEN_DEMOS) $(BROKEN_DEMOS))) all_test $(BROKEN_DEMOS)
+
+all_test: $(call print-help,all_test,Builds the library and all unbroken demos and test utils (test $(UNBROKEN_DEMOS))) test $(UNBROKEN_DEMOS)
+
+bins: $(call print-help,bins,Builds the library and all useful demos) $(USEFUL_DEMOS)
+
+#build the doxy files (requires Doxygen, tetex and patience)
+doxygen: $(call print-help,doxygen,Builds the doxygen html documentation)
+	$(MAKE) -C doc/ $@ V=$(V)
+doxy: $(call print-help,doxy,Builds the complete doxygen documentation including refman.pdf (takes long to generate))
+	$(MAKE) -C doc/ $@ V=$(V)
+docs: $(call print-help,docs,Builds the Developer Manual)
+	$(MAKE) -C doc/ $@ V=$(V)
+
+doc/crypt.pdf: $(call print-help,doc/crypt.pdf,Builds the Developer Manual)
+	$(MAKE) -C doc/ crypt.pdf V=$(V)
+
+
+install_all: $(call print-help,install_all,Install everything - library bins docs tests) install install_bins install_docs
+
+INSTALL_OPTS ?= -m 644
+
+.common_install: $(LIBNAME)
+	install -p -d $(DESTDIR)$(INCPATH)
+	install -p -d $(DESTDIR)$(LIBPATH)
+	$(INSTALL_CMD) -p $(INSTALL_OPTS) $(LIBNAME) $(DESTDIR)$(LIBPATH)/$(LIBNAME)
+	install -p -m 644 $(HEADERS) $(DESTDIR)$(INCPATH)
+
+$(DESTDIR)$(BINPATH):
+	install -p -d $(DESTDIR)$(BINPATH)
+
+.common_install_bins: $(USEFUL_DEMOS) $(DESTDIR)$(BINPATH)
+	$(INSTALL_CMD) -p -m 775 $(USEFUL_DEMOS) $(DESTDIR)$(BINPATH)
+
+install_docs: $(call print-help,install_docs,Installs the Developer Manual) doc/crypt.pdf
+	install -p -d $(DESTDIR)$(DATAPATH)
+	install -p -m 644 doc/crypt.pdf $(DESTDIR)$(DATAPATH)
+
+install_test: $(call print-help,install_test,Installs the self-test binary) test $(DESTDIR)$(BINPATH)
+	$(INSTALL_CMD) -p -m 775 $< $(DESTDIR)$(BINPATH)
+
+install_hooks: $(call print-help,install_hooks,Installs the git hooks)
+	for s in `ls hooks/`; do ln -s ../../hooks/$$s .git/hooks/$$s; done
+
+HEADER_FILES=$(notdir $(HEADERS))
+.common_uninstall:
+	$(UNINSTALL_CMD) $(DESTDIR)$(LIBPATH)/$(LIBNAME)
+	rm $(HEADER_FILES:%=$(DESTDIR)$(INCPATH)/%)
+
+#This rule cleans the source tree of all compiled code, not including the pdf
+#documentation.
+clean: $(call print-help,clean,Clean everything besides the pdf documentation)
+	find . -type f    -name "*.o"   \
+               -o -name "*.lo"  \
+               -o -name "*.a"   \
+               -o -name "*.la"  \
+               -o -name "*.obj" \
+               -o -name "*.lib" \
+               -o -name "*.exe" \
+               -o -name "*.dll" \
+               -o -name "*.so"  \
+               -o -name "*.gcov"\
+               -o -name "*.gcda"\
+               -o -name "*.gcno"\
+               -o -name "*.il"  \
+               -o -name "*.dyn" \
+               -o -name "*.dpi"  | xargs rm -f
+	rm -f $(TIMING) $(TEST) $(DEMOS)
+	rm -f *_tv.txt
+	rm -f *.pc
+	rm -rf `find . -type d -name "*.libs" | xargs`
+	$(MAKE) -C doc/ clean
+
+zipup: $(call print-help,zipup,Prepare the archives for a release) doc/crypt.pdf
+	@# Update the index, so diff-index won't fail in case the pdf has been created.
+	@#   As the pdf creation modifies crypt.tex, git sometimes detects the
+	@#   modified file, but misses that it's put back to its original version.
+	@git update-index --refresh
+	@git diff-index --quiet HEAD -- || ( echo "FAILURE: uncommited changes or not a git" && exit 1 )
+	@perl helper.pl --check-all || ( echo "FAILURE: helper.pl --check-all errors" && exit 1 )
+	rm -rf libtomcrypt-$(VERSION) crypt-$(VERSION).*
+	@# files/dirs excluded from "git archive" are defined in .gitattributes
+	git archive --format=tar --prefix=libtomcrypt-$(VERSION)/ HEAD | tar x
+	@echo 'fixme check'
+	-@(find libtomcrypt-$(VERSION)/ -type f | xargs grep 'FIXM[E]') && echo '############## BEWARE: the "fixme" marker was found !!! ##############' || true
+	mkdir -p libtomcrypt-$(VERSION)/doc
+	cp doc/crypt.pdf libtomcrypt-$(VERSION)/doc/crypt.pdf
+	tar -c libtomcrypt-$(VERSION)/ | xz -6e -c - > crypt-$(VERSION).tar.xz
+	zip -9rq crypt-$(VERSION).zip libtomcrypt-$(VERSION)
+	rm -rf libtomcrypt-$(VERSION)
+	gpg -b -a crypt-$(VERSION).tar.xz
+	gpg -b -a crypt-$(VERSION).zip
+
+codecheck: $(call print-help,codecheck,Check the code of the library)
+	perl helper.pl -a
+	perlcritic *.pl
+
+help: $(call print-help,help,That's what you're currently looking at)

libtomcrypt/notes/ccm_tv.txt

@@ -143,39 +143,39 @@ CCM-twofish (16 byte key)
  32: 839A9BFA1D3CA37924BC6648DED2291FC61736A3638906D9C5DA28A66AA684AC, CD07B83C8E0C3E6FB4115A149BDF6FDA
 
 CCM-noekeon (16 byte key)
-  0: , FF73C6775C61DB36D9B5EEC812091FF7
-  1: 5F, 7D2AEA62A5202E3C4FBE05F33EBE4CC5
-  2: 0EA5, 312ED15FDDAB6EEEAC6AF9BE9CE698FA
-  3: 968F95, FA1AD58B85B93B5A4B5096C881F773C3
-  4: 9A8F4069, 8911063ADDF79E27D9DCEFF3F440E6D7
-  5: A5C0376E27, 9553F44B0BA8039527F8E05CD70AD8B0
-  6: 5B097736F3DA, 405B7EC685FC94903B36AC8E700558B8
-  7: 616810AE303B2C, 64C95A2DF5263F7BE6D1F9F3CF88EADE
-  8: C8D69A2E1170532C, 073A7E426266237FD73D8109F55AE5D3
-  9: 3E42CDB7DA4A72F2E0, 48675EA4302CA6BFE5992DE96CE43BB3
- 10: 88532CC1F3E321F66D64, 528B3516C6D9A4B5390DD32C2A2E6C19
- 11: 9216A8FC9A961E7F602F7D, B03047186B783844F5B6757057576B38
- 12: 89B0858D4FDE6795EDE19CCC, F4530A2DCA823307AEDE5AF34E5C4191
- 13: A676E20BB0A5E84FD0B9149BF7, 11B823B315DA93B0E15780851526D4BD
- 14: 903AD5C108C43A80436FE2117EF0, EB1C79C7DF20CE2967A99783EA8D6EF8
- 15: 81774C36F46F67159B7FFC24C080D7, 2E9E4812D9A92977EC34922782B6420D
- 16: 63FD1C3F692D64B2DA3982FCD474A5D4, 04171AE84857713A9BABBD4564875D33
- 17: B1BF6AD99F83C9173C6C021ACA74C5431C, 38D17D4F6AA3C24B8F3B465EAACE0A1E
- 18: 0948D1ED59F07DE44A96A76E05B0B6F7C309, 1848D886FCFF35E85B0DC3CBE5BEE7FA
- 19: 3458E5911222F9C555A1054C7D9748876DA39A, 584AFAE72FB6065A74BE016CF39D2E86
- 20: 641F3867185D0605E9D666AB605187E75A1299EF, 6F9332E6FB5EA0CE811E3345593CD163
- 21: 0676622D07733EF31A765AAB1E713FCE329277FB16, 88547474050FFC986930CC04BA8A03F0
- 22: 79861EC2FD2BCC5C12B69F30A1575FC66AC1405281BB, FC68EEAC8F39ED69D312AEABF8000084
- 23: CB2731835A576F7F8F2C2786D786FB6186E2F85D89DA3B, 3ED9E95BC51CF6368E6EF63667B35BD8
- 24: 3CB1C02FADB6DD5483BC5D3C03D944102CFCEDF82B913402, 1C3F60C989A6FBF41A7AF4F29115C334
- 25: E69FAEA5E3D0B76EF9E70F99C5918D934D0E9836F248DB9EEE, 7F1916B2CF7C9A5E3F5581D365ADBD31
- 26: 36779AD755A9DF2DC3C5824DC2F7DD4FFE038628A4E1A1C33AE7, 2BDED3703468D267F8AB7EC0AF8F1E65
- 27: E9D325646A41EE5AA7DABCDE98DE83440A7DC02714BA0AEE017E22, 972F4D7832F3371C60DCD04A6DEDEA15
- 28: 0FAAE3F6028A28A80BBFE71FA7AA9042E538B41A0D514D6EB4EE6029, F7B3925495E260249ACC6E1CBE956BC5
- 29: A9CC39EFFEE354C0E0579256AA85CBAA7B10E670DD3828A7A05DA0F49D, 28D9D20187AFE70AD9DD16759F0EFEB5
- 30: 032F4BBB4EBF2E65758C541FDAFF2107DDBED399739849F8EBB41AF9711F, A3436981ED637CE5EEE01B380C46ACAD
- 31: 7B321ED831CE96A603668E3E74BBC7453749A03D04A1B38E95966E6CC488F0, 88D1DADF2C1EE0BA579D0A8A90C1E62A
- 32: D862B0BD0E2178AE05AEFB14F34C791547C5956F1F3B5BD525926578DE383A94, BF32CFE059F27222DC55D3E7CE7C5F10
+  0: , AB924F56DFA05F4E8628C14111272E5C
+  1: 08, 8A76DCADA7CE53A0F4577E67B0B958D7
+  2: B602, E0BEAC0B1E95C4570A823295E7517C25
+  3: 50E4B1, F874F8B5F2806F64AE0AED151821C638
+  4: 990F28F6, 9AE2D6D5576D1C4722E2E3C11F5D98FF
+  5: 297104DD8D, 7A245E5F5E0F4C3466E16D5EF2B96D80
+  6: 7B6E9776EF05, 6B540166DE5E154D7A3A34EEA3FAD5F3
+  7: 67EB1922FAB0E1, 549F39F7C3CB17F0EA6EA9C75899BD55
+  8: 343E752F0F956C7F, 19CBB59CC4117DE6EB9924AB0CE2C9B9
+  9: 98A25FBBD87D8C1829, 6E3D4F0ED0C5B9161EB11AE9600003F6
+ 10: AAA54C273F69638CFB54, 1192FCD1F9F543889F3607CD6B623AA6
+ 11: 51B3F33EF8B1F38438618B, 8A704F5B003A21E4033ABFCC6C53577A
+ 12: C7E5167D81B23F47AE90DFC8, E218F7DD222CE31642CB06C329911CD9
+ 13: B065DFE10B9C32F1B028AACE4F, 5EC4DE45C29C78D1CDDF2A6AC05BD53F
+ 14: B5AAF0ADCA03812F251C8A2BE745, AA353E20F65237279643D4CCC06150A8
+ 15: 88AF734661B83CBA42FF983C260B63, 8F20A5190A218B8D392ABA1295CBF905
+ 16: 6663AE30F79A110747D6678784330BF6, 142196DDD26668E08D196BCE0989AE01
+ 17: 8153816C6E9C449B0439AD7892DF8C0492, 58B376CF240C37A08337C7794736838D
+ 18: 1611C22134C06CF8F43625017CCC65B6E305, C0443028C8DC5FB78F9350C4A8D1D32D
+ 19: FD2EEDDF2B20F7623D854FF4E987DB4196AB2E, 8B2CD7C72438F3EB071A33A7C65610B3
+ 20: 641256A9C543D0860E609F1AABC36EAB515E29C1, 0E1A0FE82BB18BFBB3D13BEB84BA185D
+ 21: 437719619E96C3AD2080470809F7CDDEC3011EB6E9, E31934C5F0C2E4A04A4ED533A98C795C
+ 22: CF2B11E8660CC6E650EDDB2146B11F864E01B4C99DDD, 8647759347E7A4FD2CE8AC17AF4186C9
+ 23: F339314695B539B715A7E5FB4799029CC133CEE26A2E86, 136274C51D9797986E92F9E540A80EB1
+ 24: 38F843B9DA155D57166D310D85406E72FB382604C2EA4CE3, D1D7C6397599ACC2EB5CF1E06975B423
+ 25: 29E497528D72C2BEBB12663F71B3981705BEF60A5451FAE4F4, 50F6C796CC00FE590E5E975206045702
+ 26: F16F583E1FEBC78F5AB0FA61B5BC389D3C16B62ECA7C6A86BC98, B3643EA448ECA0511312895B63193516
+ 27: 80347C7148FE1A5B078A27B3821DDFD93341F0351F4323EFEA6632, 8AF133E83EB316E615F1BC9DF241E23F
+ 28: 96939F79855C211B23E45771DDA2C3AB81C2672F94B87A7FFE46FC84, 4E7DEF91D1A102667BF55922B2531E6A
+ 29: 4789028961FDB78E8821A1FD9AF93BDB3CAC5C75566613E148B4439E90, 470DC4389C466AE79051A62F8122A1BD
+ 30: 7D2030ACE87827B785D3EFA3AE5CCB3DBF3A06DE4BED2D4FAB31DBE90F58, 55437514620E6B499C4FC01445FD2828
+ 31: 276940205F5B869E40BBB064BB0DEF9D86D520DFCFE531A77A55AA78DE8709, F291F6A4D7EFF52E5EE47CC3ED7902B3
+ 32: A75FCDC9F4E38C02E70D885353F5E3E7E13A14237D75EFA0D53B0C808EAF10AE, CABDB90052202C4EC777936B6097320F
 
 CCM-anubis (16 byte key)
   0: , C85F41475E06F25682F855C3D45A6523
@@ -212,3 +212,73 @@ CCM-anubis (16 byte key)
  31: B8176469E6A0D5797ED6421A871FEECDE48ACF011E394981C43AC917E8FFD5, E9B01383DB1A32E6126BD802A6C6F47E
  32: AB6A0AA29B687D05735167D78DB697BA2478BD14ECD059AE9D1239E7F2AB48FD, A560A30FD87CF28BA66F5B2638567E4B
 
+CCM-seed (16 byte key)
+  0: , 960414F81DF9F363AE6234067B946EA6
+  1: 15, 17746EC09B06AF1DE24710D2506629CD
+  2: 892C, 828705A8CF1E51688EC4F1FFAC4C151A
+  3: E411A7, 1AF2DD611D05DAF48118D1E7D810C173
+  4: B9DC8276, 4D335DF8B860AF121904310F5C004212
+  5: 8182C84A25, B713177663D498218908178B3EA3C65E
+  6: 5933E7872324, 52413BB22BABEC9E43F1A98B78B4496E
+  7: A243E381075DEA, 8FF3D2D465748AAF2373D1D8F8EDCFC3
+  8: 57A4E46B9B5C1795, B26653992639D54D5CEBAC7473CD3285
+  9: 4D05D6669D9A0C3079, 6B26FA6D5271D74D444985466D2CF0AA
+ 10: 1D35BB653A9F48C3314B, 494E108B0780280DF7CB4BE24CACB5CB
+ 11: 9A227951B4565021D29DD4, 3E21A07540744E26424996B0670CB07A
+ 12: 3E893574DD3D82CCD83E87E0, 017D51F744FE95E375D0456FA8BB0EC9
+ 13: 5DF04297D842B3CEFCF93F5B95, 49CCE7A12C85648BD2A07944623C81AC
+ 14: 27F7D25EDE3471AAE1B91BBAEAD0, A6F1DD19DF08160D982184A414247B8B
+ 15: 6F8583E5B88B15F89070FB7A49383F, 4C98CC3884A2BD20AC6FA5184FB72670
+ 16: 5D8D511AE705860B1A55E2FDAE9581D9, 96EF02C285AFD27D2B26BCAC02EC56A0
+ 17: C4508E9E03DFE7C3B89192589CFD171A16, A2A4DC81E900BC5C404389BBD0B4710D
+ 18: 3163AE0E74B3DE3779745A82B783D882F092, A89574F7D1C2B90241A702A2C6A2AD86
+ 19: 2D9C64EF9D8C2E195AF05BAE747A7BF8EC6C30, 07EEB7667A539164862E472366FFAD68
+ 20: 03D145C9133E9108BB7A61D17880B155A56A58E6, 4F8EBC9A3F3C74EEA02099BB5AE6D456
+ 21: 41C20EF2D199B6C0FAD9DA02DA0296D37B23059C3A, 062AE92091F7A8CF74A8E9DAFC58BEDE
+ 22: 402912121F84EDB82F101195A68EF214F0A8F4DA6DC0, B35C944A4E5BA8AB60A4415B5BDF6E30
+ 23: 4D3F14438904F8F4F911CE729B26415F4EF819F80D2254, 2304E0373E136010B9BC6E061660D881
+ 24: A855C170C1E2D326D74996939C48A85EDEED2E06F97BE61A, E66F188735CDBD27F6354C260A4796BA
+ 25: F882B023A3B25B878073DF739A234256E4174238A30A5B5062, 3C8BEBFA98ABF880891AF2539D3A0FCF
+ 26: C66F850279CD23D5243CF15E6084A17C124DDDE840DFD9532954, 003202A7E393626BFF93D48207E7DE39
+ 27: BAC89C099A8AF633EFAFA496198DC9398DB3AAB47A8D24E2FE7D62, 32583F94ADE55278F2533ABE934CD535
+ 28: B9EB02F63EFB72455CFFA2799A5BFA9E0BFDE240379AA98B4D0532C8, 5D01FD2F100C003EA284A2AF55EE5934
+ 29: BAD5BB6B8DF316401B12B2BF36329F1D977E1FD943F594A6F4ED696194, 3D91CE3618998F3E060038D4DCAAD084
+ 30: 8964B7FAC865310E56DB3238E03803F3B79D095523D278D609AD34BA8B67, C57D3AA1FF71636CC7497DF3CB4F7B71
+ 31: F83C35D61E5C48CC7C402C9C78758D0DC696D2708FBC5294879DBF700BAF75, C69997844AB43312C90E995AD8C91E58
+ 32: 03CA8E42B89C0AEEF0B7A364E94E326C537AFC4392AED3E6DA71EE65032A5CDB, E8DCD9120DE61900A194E8B94AEF6B2B
+
+CCM-camellia (16 byte key)
+  0: , 3B53D5CC8B26A5FFC78D2E974E45A661
+  1: 5B, ED7741D8C258D56A29392A7A65CF147D
+  2: 9396, AEC9E6690624A94E9ED39A0507C32277
+  3: 7D7DDB, E7D4B50F856F78EAFCCD6B91CA985AFE
+  4: 1DE036A3, 4F519237C8534508140174DD3F5D5E10
+  5: 9BD3C8B888, 760CADF4D2722C52BE28D89F9F1BEAAC
+  6: CA4252105A3D, 675B4D6953136E0691C3FE174381C231
+  7: EFF8ABC8F5CFA0, DDECDDF8FAE2BCAE971003D05A86024C
+  8: D155E0590C4DC889, 08EFED0B6FA5C0EB64B7900229EA41DC
+  9: 50AC40B4A083BEBF21, 14DABECF5CDBBB8F0AF3E7DDC034DAC6
+ 10: 1C5442AF9F2D491BE911, FD19818919D55FD80BCC9EBA0A108920
+ 11: 85A748561995A968CC9124, 69F769B8EA2BE927DADD209300752181
+ 12: 2F0838A1C593A629C1AE9032, 4C8AB614BCF4F7988EB4B93E1DC48EE2
+ 13: F19EE633F8B5E323904469D5C3, F82B28464B4BF73C39B332814E1672EF
+ 14: D6DBE7D82D4C99830FA1A6245125, 94D9EDF12A4A4EE357B647184EACC01B
+ 15: E8D02CBECEAD690DDFC1E48EE16B1F, 2D1355394CD62544D8840302715862D8
+ 16: 74C395F0C833ECB858F6D09C097192C4, 9079E949C4081B348259080AA0AAD85B
+ 17: ECB27927C303ABE439BCD9F9D4E87D5674, 726E8E755398A30E930F2159B510DD8B
+ 18: 86593B1148EF7D5B446AA3AD22001CB66CB5, 63B0D269B586B9C887584498FF61D8BA
+ 19: 0373123872929AAF354B085FCEAB74DD2D28E4, 5FE2491F2603E474D15500DB2E32481D
+ 20: 3EA3D8DC013F2A6E42BFCCEE51BBFCEDD194BA40, 5667BD5212E31F02C8D8B94FAB5A9DEF
+ 21: 5ACC89A28DB162595FD55D63ED2C5B48976E0BA0E9, A52EDC5A3AB7B070B755DBB008D99787
+ 22: 381266462C783DF3B5F3F3570611D6E0A61ABDFF7BA5, C79D371D81511D85D7B54B686AADFAFD
+ 23: 8819DDC964172B3BE049CCBABCF5AA7EDB50BD90E871F4, 45561AD598EB2DB8F7825878786B2CED
+ 24: F514E9F64E90197728E2D061443ED006F2CF2236EC2E65CF, 0C47214A73F6CEAEC1C96FE859C519E1
+ 25: 3B965F16101777CF84C85AD864701BCDD617681B92944386AD, ECBE6B6BA145D10FE0D5042A5F04BB68
+ 26: B573EB75A48CB8F56163A55DFB870017E06940D799ECCECE7C2C, 63A7C16D33F6ECA72B2B33C6FFF4F13D
+ 27: 47A3A96928BC9B28E22C3AF1999A30E271806BD3E6C8FAA4D82D62, 25E319011BA2F72BF7447C8EB36BBD01
+ 28: 0E873D38B34A0857FB82BF278AE07AEF9A4B378A8300CDD96C5BDE34, 6045114D75AE7681C91E5BC508E2398B
+ 29: FF33B9683538014DCF4F7D78CF7126FB43448BF9883D69B824019B05FB, 28AD47D363A7F9A4653C6685F90C2971
+ 30: 58005BF96E194411DF808DB3A6D405CA241986486160313AD092026A0A54, 7D8A8C8E8AB6ACE7312D82146219F37B
+ 31: 20C3DFE512F4EC1F17973BBB164E9F1B77CC3EB37B486119614764F4C7D0E2, 57CEB0625D34AD40935B03C54A1B8779
+ 32: 913F8D366D4C2AC10ACB3196CCBDB5F436CFA92377045EB3A1C066F6ED7DE0E9, F48C8BB647E719049DB38C39EF779CE2
+

libtomcrypt/notes/cipher_tv.txt

@@ -321,56 +321,56 @@ Key Size: 56 bytes
 
 Cipher: xtea
 Key Size: 16 bytes
- 0: 256004E1F55BC0C7
- 1: 2D385C151A691C42
- 2: F93BFEA758A7DDB4
- 3: 2A905D97C0CA3E48
- 4: 12C7C2787B913AE6
- 5: FB24B1F32549EF59
- 6: 2A8BFF867FB4FF73
- 7: 5692243526C6BA77
- 8: 4CD423ADFCDD1B6C
- 9: 9B99AFC35EB2FED0
-10: 416B4AA4E07DA7F4
-11: 4DBC9052ABFF9510
-12: 8AF9457F8E599216
-13: BC3CA2B1C7267395
-14: E4BE31DF42282F7A
-15: B344CA8AA57E9E40
-16: 57A1F94CD2F4576D
-17: 96177FCD28BFF1BB
-18: 78A1F63A0EBAAC33
-19: 5F3FCBCD7442B617
-20: D6F7CD5ECA688967
-21: D92EDF70CBDE703F
-22: E2E2C2EE5D18E58E
-23: 4BF00478CB7833C3
-24: F9936D550815FE8F
-25: 19A3B07B3E47D7D8
-26: ACA441F099A7E30C
-27: F70183F199988E3F
-28: 0A41FC22F369310A
-29: ABFAF40853A4A38C
-30: 6B5D29DB1155D96B
-31: 0DD0C08A27561D66
-32: 4C56E22292F17AA3
-33: 3F925ED65613DF4A
-34: 521B4C97081DC901
-35: 2B1EC3E1C8CF84EC
-36: 2A412556F42A48F6
-37: 0A57B8A527DFE507
-38: EB55C9C157E3C922
-39: 6E6D6E9AB925ED92
-40: A4C5C90A0D4A8F16
-41: 7F9F9F658C427D55
-42: 9A5139994FF04C3F
-43: 9054771F027E29BC
-44: 90543E7BAED313BD
-45: 5DEC1EBE6A617D36
-46: 19AB6A708CDB9B2D
-47: BABB97BB5CF9D4E4
-48: 2C2ADC05AF255861
-49: 52266710153E3F7E
+ 0: FFC52D10A010010B
+ 1: 9CFB2B659387BC37
+ 2: 7067D153B259E0D6
+ 3: 0A1769C085DD67A9
+ 4: A9D781A1A7B4B292
+ 5: 6FEF8300DF395062
+ 6: A67B66CA99B9121C
+ 7: 006E657E1DAD46D3
+ 8: 2D63322467438A5B
+ 9: 4F67A826126BE01D
+10: 852C6FD597EBAB00
+11: F8DD14F59FF44A20
+12: CD4DC4E92B5CD40B
+13: 802B89A3EFB75810
+14: CCA7D920F69A5491
+15: 0DFF98CA4F71CA0E
+16: 80118F2AE4E83DE8
+17: CD6935285D45D83C
+18: 47B4613483889187
+19: 87F3F1975B8618E3
+20: 49BF15EF40C72DBA
+21: F850822AD58AD1CC
+22: 9701AD2EF51FD705
+23: 705AE7F6FD60420B
+24: E885CC84A9866B28
+25: 93E0D712D27E4E22
+26: 8C9CE43E517D3324
+27: 31004841AF51FB0E
+28: B250BEBF0E58457C
+29: 78290B6D83D442E9
+30: 3EC72388709CC6E2
+31: 099FB875AB5CA6EA
+32: B15E20B58F5E8DD0
+33: A41511E198E0B1E7
+34: B8B5CDD9607B6B40
+35: BEF9624E922DB8AC
+36: AF198FCD314D8DD4
+37: 1A37E433C261EF9D
+38: AB7895A2E9D41EE4
+39: 4C95BE8D34A7D75B
+40: 0D90A8EB03F2852E
+41: 9AAD1D630D835C67
+42: 6AD88003661B2C5E
+43: 4FA7E2CC53EBA728
+44: 862245D794441522
+45: FAB262C13D245B3E
+46: C0A29AA315A5721E
+47: F98617BBEFA6AD6A
+48: 6F84EAB462F10F36
+49: 30850051303CDB96
 
 
 Cipher: rc5
@@ -1434,6 +1434,58 @@ Key Size: 8 bytes
 
 
 Cipher: 3des
+Key Size: 16 bytes
+ 0: DF0B6C9C31CD0CE4
+ 1: 9B3503FDF249920B
+ 2: 653924639C39E7FF
+ 3: 6A29E0A7F42025BB
+ 4: 1628B719BC875D20
+ 5: 7D77004A18D0C0B2
+ 6: 4D21684EFE962DC1
+ 7: B6BD7F82B648A364
+ 8: 1F87ABAD83D19E96
+ 9: 3DF3533220C3CDED
+10: D0E7D0ABFBA68747
+11: 109FE5B38D74E6C9
+12: AE12C4B4D523784F
+13: 953CD7F264166764
+14: 70B3A87D72FA0A22
+15: 9C9D09AC66AB8F6D
+16: 4A15AEACB35B76F0
+17: EFA32F95623BCF1A
+18: 679901F7737E195C
+19: 221BB06209DDFCF4
+20: 0889A953C60BB1BF
+21: 88F2249380E2D5D9
+22: 5AB26168B7FA24D5
+23: 934229150997D390
+24: 535E4F4C4DA97062
+25: 03E8D711AC2B8154
+26: CB5EF6E72EA3EC49
+27: 9278A864F488C94A
+28: CB91B77401DAF004
+29: 4D0BA1C9794E0099
+30: 9CFA24A21F48043F
+31: BB6B3A33AEEC01F4
+32: F2A8566E0FF6033D
+33: E6AC213000E955E6
+34: 91F5FF42BBE0B81B
+35: 6506D72ADEA70E12
+36: F9BD8C0506C7CC4E
+37: 89CD85D1C98439ED
+38: 409410E3E7D66B10
+39: 4CA64F96F4F3D216
+40: 383D18FBF8C006BC
+41: 3806A8CB006EC243
+42: EE73C06D903D2FCF
+43: 624BFD3FAD7ED9EB
+44: 1B5457F2731FB5D1
+45: 4EC4632DFAC9D5D6
+46: 8F0B3100FAD612C5
+47: F955FCAD55AC6C90
+48: BEB5F023BD413960
+49: BDC369F3288ED754
+
 Key Size: 24 bytes
  0: 58ED248F77F6B19E
  1: DA5C39983FD34F30
@@ -1647,56 +1699,56 @@ Key Size: 16 bytes
 
 Cipher: noekeon
 Key Size: 16 bytes
- 0: 18A6ECE528AA797328B2C091A02F54C5
- 1: 2A570E89CD8B7EEEE2C0249C8B68682E
- 2: 828F4F6E3F3CB82EEEF26F37B26AEA78
- 3: A3CA71833499F244BF26F487620266A4
- 4: 333ACCE84B0A9DE91A22D1407F9DA83C
- 5: 224285F3DB3D0D184D53F8FFDC8008D0
- 6: DE39E2973025FE9EC1ACDE8F06985F91
- 7: 2F00F45A01B1B0AA979E164DC5CCFE10
- 8: 43775F3CBEE629EF6A9BA77CA36171D9
- 9: 1E6A67ABF1B6ACF59FB484866AC15A86
-10: 70490989E2CD2145730921CCC37F0A17
-11: 67B0DD0EA903486B1CB56591FCF42678
-12: 774AAB71FF28E49A30E1E718D98114E8
-13: DF4797990E1C65C9F6735BD967164D45
-14: DE2779DF26FC1B99F576ED4CFBAE76CB
-15: A13AD17440641B3460A01175E3274AB9
-16: 1166499165F2A1196CA2DB831F264E77
-17: 35D24A385416CF2A44AB97A4AEC45E14
-18: D3D0E0DC962B1AD1AED92F57129088B2
-19: 00EF3E246B32634ABAF8BEE31D5C592A
-20: 79BBF3F807675B9F264BABC67DF4C2AB
-21: F391F2D58F0998F24BC9E5FA75DB9E99
-22: 066EF13C2617E97E6015B86BA1E059B2
-23: 5B0E2D7AE1E2734B9D5734C87F7BE272
-24: CDF7020212B7CF21F4817829386A6F8E
-25: 24873E1A0EF4908DF85114ED9BDB0168
-26: 99904360C843472F71AB86B26DC78A00
-27: BEE70B3735A67268578FF107C328940B
-28: 97DBB283536BC8AE8DBF56F3474C7740
-29: 2F4C903975EF709E004D24DC132A8A51
-30: 3EF0859A281782F905198C607FBE5C43
-31: 2D9CD48BC6A99E86468CBDD2A55C7D5F
-32: 5518D3ED18D5E5A62752CDF0846D0C77
-33: F751E9CAF107BAD8A1F1F9C374277A6A
-34: C5BA4DE907C41221FBABC5EC43710D0C
-35: 5CA48836330870365A10E7B676695C9D
-36: 937A964E0EA4D246E97293375B167EFD
-37: C0A876CB6957717541A90CCCB034BFB8
-38: A57C93A09F9160A28D3D4DEDC987746C
-39: 1FFA1E0B5EE0F0A18425F62717254419
-40: 8411C87262AE482CFC43C3092BEAFD90
-41: 0B9BB379FB3587A9ACEEED4771D8DC20
-42: 3B32EDBF9557E1DFBCEEC269B51FA494
-43: D1104E2888679A9EF6A13AE00ED7E1FB
-44: 0EC9849BAD58A279B42B5BA629B0045B
-45: CF206E8D3399918E75DE4765DD743060
-46: 55CCEB28E27D4DC7CE2546454FFD2C33
-47: 6E2339281583420B76E1750D35296C12
-48: 7800EC3D8C344BE7F2D2812F5AFF3DA4
-49: B80F4B0BDAA54A04D5A26BCA185F4EA2
+ 0: 22C082F55D7F6D861B11C36911BE694F
+ 1: 0485388F24B147918116347E942BCF4A
+ 2: 47388A4B060617B21134D3B4EB1CABCA
+ 3: AA8866CFB9D7507CC67A7F271AEF11E0
+ 4: F6A078AEF1BDF8B621A76CB732804FF3
+ 5: 8301F76E39A4E8C8AC38A7751B26DD31
+ 6: 5BE06821E7B23277B808143F36BABDE0
+ 7: E326A3A32F4F0D8A4FA94877997DA11B
+ 8: 2BA7773B55F90B5399C11EA80D6CADEF
+ 9: E64776D92B81770E51E4E2F44688A59D
+10: E987ED52D4C33B2668BB9DCF0889D5AB
+11: 351F5BC075D06BC6977D31A442CCC2B6
+12: 645468E2497FA5EB913C04032457C1DF
+13: 10CFDBEC689B01FB969AA2C760F76CCB
+14: 0BC5B171A3B727B9594238EC522F72F0
+15: 887D105D54D8EAABABC892F04F3455C0
+16: 53CC30B5F16713AC77205B0F194FED59
+17: CD63AD99CC0D5F34D67C363F99F7CF1E
+18: 59BE7B22114383FE8491304FB291D2BC
+19: 4B107C8D37CD46EF1DB68ECF4588FEF3
+20: 46034C755D278E368305D1133BA6B4FA
+21: E2472AC6D4048AB59E126930F6476D06
+22: 821014CDA5084A85058F1D556854D33D
+23: F67C3FB5CB1271B454810FEE632F7EE8
+24: 57705CB352AF1A8B342E1E555C9DAEAA
+25: 72AB36C1A8D3C2111330D0EF78726227
+26: 1931783D7E3DD6A33962BAD6962D8A33
+27: 06029A07CA801027D97BFAFF4719FB89
+28: D78B7E4E3083A60610C42BFC03810590
+29: 3CA3B14C5741A43F1FF5AF2179684DBA
+30: D1BCC52AE476999E25391E7FFDC59C81
+31: 1E102DBAA4224ED5E32515A59A07EDAA
+32: 81BE227D2663DBB733F9CB5018AED67C
+33: 92C5A77D5D62A16C031DA0BD968FBAC0
+34: 9EC8E61B543BE73AAD711A9F58C86790
+35: B6A1FD059A7D8D73C143C17D97E4C177
+36: 0316ED78EA520EE98BB568413A390E44
+37: BEFEE68550E2FAFC4AECBE309031BEFD
+38: D394CBCC38A47482B2B6900BD68D6540
+39: C58F2EE6C493BD1EB41DEB88A169D240
+40: 0A45FFA6D6E888B1F6E95E388818C6AE
+41: 8A9CAD2C511F284CE1D77167E5D23456
+42: 577CB9155A69CA34213FFD15E03D54F4
+43: 2AB7DD760EB7DDDD3883A6966B9D44D2
+44: 4564DC5318B0A940CBBC3C1607804B70
+45: 0E9F42D9C2AC03694CC2E82BA3C4BBBF
+46: A49089D9FD9E13DF35B0490E59A9B7C9
+47: D58B3008003D6C8D556D7D76180691FF
+48: 1FBC6D5F3F1B0E599DED48FF7A63CB76
+49: 077533478FABE8AD5DC2B9E96E7CC6CB
 
 
 Cipher: skipjack
@@ -1965,3 +2017,323 @@ Key Size: 16 bytes
 49: 0133E1745856C44C
 
 
+Cipher: seed
+Key Size: 16 bytes
+ 0: A6E8D7325BBE0998CF235C1B57E64360
+ 1: 83A2EB0094D1CF95E683DE8BA93DE478
+ 2: 3DF178E121DA1CDB77ACFB37F9499A3B
+ 3: 785A1D88210885D6D2D84C2CB4461D57
+ 4: 4F177E4C76F6CA9C989E724A0EC275F4
+ 5: 3AC502689139EC1AFA7EDCDB622A6061
+ 6: E1B9675AEFFE45A249644E7E0863110D
+ 7: C8A4294FF821E88EC5D181E54BBD3919
+ 8: 7598C35780522C63B531758F53B7CCCE
+ 9: 3E59799FC5A5F99100A3791F6AA284EA
+10: A8572971F5FC281E7617BCB8D616FAD3
+11: 3C5DCA82BA53DAC088D34E6C4D069E22
+12: 0886C2F45E358409230F6FA0F4ADB7BF
+13: F4BF0388027AFBADEB6AD1AD0AC9339E
+14: 587F60852DA55F76C486D9A6BA884F8A
+15: A6F2518AD3B9A68C3FB8847E28B15212
+16: 6B6DB6C7085FEF6FD2BF32CAA2FEC2E2
+17: 40FF5FC134BC3911614A4E021254EFDF
+18: 9B1016CD948F70B8A04D2604D4FF08AD
+19: FBB86D1B49204838C7D544C8BAAE61F9
+20: 02EDFBE9A9A4CA2206CF9047FF146949
+21: 6B9FF89C1E607E494204B28D4391ED35
+22: BB85B8BAA9A4B74ED66C7485415834A0
+23: A6F72520E6F0248D88AFDBDA7CBDD6FE
+24: 4BC1D4E990FC80E9ABF9E0FBC745E2D4
+25: 0358D44D7A59743AAF6D25CA179FB6FE
+26: 320924C80B53E406DE45D31AB0E265F3
+27: B727A4AB9E8455EF11B18F300E22ADED
+28: DCB6BEF8F35FFA2F2CDADAE161E56D48
+29: 847A39F0670E930BF7899656908C2B92
+30: B5223282B9328ACC4C6BF06F15C920EB
+31: C265081FC225CA4ED28FABBF0BBB0298
+32: 35F6113CEA7C15DB21223D5AB0E9E558
+33: 3437EECD2984AADC9F07286CC23FB940
+34: D0C878AC8C01BB9868B499691373988A
+35: 684381B5D98E9D1290AF5D633A903F68
+36: 69652249BD52F49ED11219881059ED38
+37: 08DD215881D98B1D8234FA1806E634FF
+38: BFA836EB71C35B3E3CC9BFE9168D1B5F
+39: 238BDB3340961C47A13F011AAB45FC5A
+40: F55C630CE6008E7F15EA1686D887DEA4
+41: B78DED6C49E3167CD7ACF2CCB4E365DC
+42: 79990527F22373B043039F18E343A8B7
+43: ACD08505E2759003C016F6E820DDC562
+44: 8DB7189177EF39A7A969F28B882CFF05
+45: EC0BEA22AE28469B91AAD4654858367E
+46: 19A7F32CBCB4CE89163EC6F98FACFF36
+47: 3747F9C67FA044D52C3893D170DEC4A9
+48: DE799E6986BB77CA5C24F9A956BC28E4
+49: AD4CEBB75177F1CBD6FCEBF8457F85D2
+
+
+Cipher: kasumi
+Key Size: 16 bytes
+ 0: BB6B2E0C88AD7C37
+ 1: 5AFA50CBEF3FD5A4
+ 2: 1914DFD8DD86C361
+ 3: 0976E7F6AEBFFEDF
+ 4: DE0EF590AEC61F17
+ 5: 089FA192859E6124
+ 6: 72E283C82D366B51
+ 7: 61DA033662AF0B74
+ 8: C4CFA2C3ECA84CEA
+ 9: 15757205BAAC8639
+10: 4349914688A6A850
+11: 4B1F5E0D5B7ABBDF
+12: 5482444DC8815041
+13: A8C198FB1D865A93
+14: C2641B2501AB6525
+15: FE492BE02E717496
+16: 03B3034E3A26006D
+17: 0CB4B7FBA4582D1B
+18: A61C750E5DFF1791
+19: AD5374F2B0860365
+20: CBC588879F98A820
+21: 04CA5EABB466C1C1
+22: F4DF5CEDAE6C0E17
+23: 6133AAD21D875DBB
+24: D386BCFA19FAA860
+25: 68C9ED9206F07F47
+26: 00A49444A0C176CC
+27: 4BEA00D55452196A
+28: A9A3FAC7A2D553A3
+29: BE61DDF4CFA8EC8E
+30: B1547D01A23C2632
+31: 400604E71F3F85AC
+32: 8F431BCB447A132D
+33: 0ED503EBD61D4286
+34: DF7B087B7D315E2C
+35: 247A7872587F0507
+36: 7814D6B13A08CA60
+37: ADE44D69362B8199
+38: 49FF8C275D50A175
+39: 5DAC0F53391421C5
+40: B1C316E682E4F314
+41: 72FFFEA2DFD85E08
+42: 0418F02B7A89FC43
+43: 12826A96C5633C97
+44: A4726DA149DBFED1
+45: 5B276374E1EFC6CF
+46: A91C4E4804D9A103
+47: 7A2894030C9FE01E
+48: 0C59C6FA87DF2DCD
+49: A86C6D3C7EAE644D
+
+
+Cipher: multi2
+Key Size: 40 bytes
+ 0: A69A64BE9EAF56FC
+ 1: A8AB26A19D7804C6
+ 2: D5468EF0C9CDF530
+ 3: 2D08D23459949175
+ 4: EE66EB212BEC593C
+ 5: A2D088F95C855F60
+ 6: C206004787FEECEE
+ 7: E4875B7BE2C819B2
+ 8: FBC692536393F8C5
+ 9: 886DB391EE3BA443
+10: F45359B08EFC56FF
+11: 1113E4F4A177E1DC
+12: 8A02560CAD0CCF87
+13: CF57FF05E6BB7A67
+14: 21F4EDCF8E8A3D9D
+15: 26A26EEFDF51B7F6
+16: E9AF9D2EF2A9EE4A
+17: 6866182BC49D09D7
+18: 657E0D732BD7B5CF
+19: EFCC33778BC265AE
+20: 3556CD607D59C32B
+21: A7477466892D114F
+22: E210A7B32E9A2E08
+23: 9EBC0B60EB1FEA70
+24: C1E8C3A38E0063B9
+25: 3C9FC4089F87B0D6
+26: 100EA58D00F38495
+27: 3BB3D47D52A81774
+28: F1FA3DE89274A681
+29: 18DF1E38CC0C5230
+30: C3FDCDD9159B0258
+31: EA6ADFAF7D8D3C87
+32: FC4C369E7835461A
+33: 791D1D34EBEF801B
+34: 3B5A5B64C72B2F77
+35: 55ECED8C5D0F69FC
+36: A6DE960F4B81C114
+37: 3C4EDB0671BFFC57
+38: C493186F4BF52F5D
+39: 01B2C607B2329E87
+40: 109035510A1AEB20
+41: 0EA4699CA4A161FC
+42: 182665FBB15EBD34
+43: 04458216DCB8F55F
+44: 850BD374C892FC07
+45: 4C428488381D6FD0
+46: 56FF4CE0AA4132D9
+47: 9F95F0A47D70A317
+48: E12CC913356EFF86
+49: 7E614927A295C45B
+
+
+Cipher: camellia
+Key Size: 16 bytes
+ 0: ED18D83F3153160C5A6D01AC3717515C
+ 1: 1012886CCDF3FFD25E588BA10D6CE363
+ 2: D25562F6943EBE3A7E0EF28D33CF091E
+ 3: C26FDC4539DD1E6D0330B5836AB24420
+ 4: E14A50CE727B74B8CEBEB284FEF3C810
+ 5: AABFD72D334F594344C617EF8E8F5741
+ 6: E8D941419ABE88060835E9BD375455BB
+ 7: ED863784E1590139A2CA50D77450300A
+ 8: 545FCF42030BD764724C3EF5C139B038
+ 9: 08C194E007FAA99997D855A759D10743
+10: 3899D3731500C79D2945AFC2980B4C17
+11: 2720FA4B402AB7F1B019AF6248702369
+12: 3FF6C3C90AB4141DEE5FF30EA2047F73
+13: BB5BAF7545AA774C7AA5A58568F96832
+14: 66349C52709EDE0EE34AB6501B420C7C
+15: E1E93D923504A5421BAEA5F1D61D4C9A
+16: 3C07DFD64B2407BB7575A905F3F31E83
+17: 0FC569AC89ED790F69BBD1E998700C97
+18: 6B6F390AFA1052BD2E8DB0DC261E4D26
+19: CBEA83ED55DA9DED95B87F2BBBEAC37D
+20: CE005DECECB98F5937D5ED26FD83154E
+21: 738301D76316EC4173F124A9C9D6577A
+22: D00A1E40CFB5F2B8FD2C0714580FAD50
+23: 7EBF497C78B72E646EB72A326F1D5C4B
+24: 7E0023900F6000D00737242DA8F2E1B1
+25: 0F7737E715BEF0DEA503E355394540A9
+26: 15452DD70DEBF45BEF39782CDB8BB086
+27: E7464917B3AF060BC763D8959DDF90C1
+28: CBE4B90FF8C66672122D53585198773B
+29: B7262E6CAA2C14B18EE374DF922CDB98
+30: 01E695E3CD87A2FD4B9C49D08D032DAD
+31: AA1686BA0B5C5688D0F370C6E2BFA43C
+32: 9448BA348E8E904992C3F4233C226B22
+33: A1DCD1CB810DFB46BDCE6FBE3A192560
+34: 4345D200A309FA8C5A0CE9EC60EE506C
+35: 54C7F64D9B411BF90B283ED62686D28F
+36: E347E882EC2635081547612B1D9589D1
+37: 36D44CC101B37BB6F6AF68C3FEA3A7B7
+38: F38C2D5B921965D2AFFDBF4EC5BCEC19
+39: F7ED6BF85782F0526301BD1CD1624E67
+40: 7959C134BFC85CA176550EA689F81054
+41: A8FC96504C437F0EFD0BDF6CCEF516D2
+42: 6B88D1A06D7C8C74379FEFE2D6A7C895
+43: 39C21AA165F4A71A161971D89CA5DC32
+44: CC123C40071BF02D282DC83D2AC18226
+45: 0780A63741AE47CD03FA99A74C320E33
+46: DFB0831BA27AA0750701439603B8A805
+47: 0C783CBA4ECD9EEE1F91838259831187
+48: 1456624438B22555B08D59CA50D6E95D
+49: D5F463D983A9A6FE9A0B47C245596D40
+
+Key Size: 24 bytes
+ 0: 1D1DAF85EA5CAE19F5F5EA1DC61E5B83
+ 1: DDAC7FCF2C2F275C7041E7821AAC84A3
+ 2: 591091C3755816AAEB9170D5DF77A0B3
+ 3: C4BC965CDC20E6FC039F07DA2CD10BE3
+ 4: CD8DA54FC48524EDCFEF985C0C39C961
+ 5: 14FA12F39AC3D701A958765B4499FFAC
+ 6: 2BBEA5F3AA140CFFED9F1EB2BC969D56
+ 7: 5F73CA8BF641770D6833A43947D9A5C3
+ 8: 3E872D303B882284AB02393D43137450
+ 9: 01EF55D4CE182FA03216A83A5128F761
+10: 915C2F5793692A6D118D865783317C58
+11: 4368A442B61D6F12D5447F1CB8854714
+12: 3477ECB27ECFF2D7108ED1297DE80F86
+13: 89C875CB55C1CE80FF2D430921FADB05
+14: C5AAFE7A4588D4D9039E4552B3FC9B02
+15: BF1E7509405AB219B540BDD0D3DE7528
+16: 7E5CC85B6563099B902638B7E0D09728
+17: FF04D2350647F117F81DA037A9E11946
+18: EA294A53395A20B391B11AB9F97262F3
+19: 448C801307E9405F740623BA55A45639
+20: 62032AE6EB01322233FB321B2D6A8C38
+21: 79A54FFB9CA25AE315BA0E7B6E59EA99
+22: EDE7E634C396926876A49DB3C0E261E1
+23: E9DA5106B8BD33391C28407E9B3758BD
+24: D8EAF9F744E060695AD1F55F85AF3D76
+25: F1E61F0F467C0785B6053332129114EA
+26: 3119CACB24B012F3B96EFAD3FB856AFB
+27: 97753ACDAFD6224E5D289BF76673A73A
+28: 8D5912FFFD628736C64B3DE01DF1E674
+29: 8951CEDB758DF5EA5D2A78B2A08480EE
+30: 3C0FC9DFD8CF79A5F9F75CC43B1A9247
+31: 4C7047481FE0849EA0416BDC00A52321
+32: 97034388AE8553570366EDFB9F6D618F
+33: F16BCC0FB2B77CCBDC5EF7AB2233599D
+34: 6D94D041196F43F0224B1DAC84165E7C
+35: 313C6BA0AD767259860DCF8003F2F5A2
+36: C5F835DCF63D1C40E56DBAC7ADCE7F3C
+37: DAFAFF6BB46EA9280562E5DDFA793BA8
+38: 5C8C0570B06C595E296DD4A9FB864FCE
+39: 72B433F78D7CA638C2ADA09D99CFB769
+40: B6D7A6C47339743E9739D35D0F08A25D
+41: 6CFD73F9E9781FFCE53C69AD2EF11E03
+42: B7F0BA994EF90642B80FDD798666D752
+43: DD49766125316ED4F546B246A2CFA23A
+44: 8ED53D6CEF3CFB9DB0147F02656EDA35
+45: 95690401D61C84A013EC6D25CCAC5CD1
+46: 7693648B4A6CA804B6F01AE67816746C
+47: F08C5898CE7970C41A5F8C05882CAB8B
+48: 91EC0EC1CF839B58009E6CAAB3FD67A0
+49: 853DFA14A029EB8FB8D693B0A65306A1
+
+Key Size: 32 bytes
+ 0: 5F77DC44E5E6701E8755C1FA176E2434
+ 1: 5C1F70FC144C66D82D8F21DD2A0BA54E
+ 2: A98317BC656475F83E83062A69A17EF6
+ 3: D5B8C0DB1095E65D49CEC82D78FD4C7E
+ 4: 37A537292409ABE5B922DD97EC0F6CA4
+ 5: C7FD40883DE6BBC6059327DA586AD96E
+ 6: F4D19C443A2195B66085DACA7EFFDADF
+ 7: 6F12FD74B4D25C9F2856CAA1BA32461E
+ 8: DFC00046F41BC27684321B980BF68F6E
+ 9: 4A8BECB6A8D57002FCC6FE08B6D31118
+10: 859562FB3727E535BD4A914907822545
+11: EBA65EA3BD622DC044CA5384E568C65F
+12: 79C16A751FBE22340F30462600724324
+13: 8F4FB71B5B3E0C1DB870B4BC81E995D0
+14: 4B82E7E8D64D8EF9D78DA944B292CED9
+15: D873F8D7125A63EBB04473F7331B1975
+16: 2FA25AF9E8D5A4DC82CAD98505E5DA60
+17: C80C24625096E6E9852A6F9EE12735BB
+18: 10D4434CB795DC06E926CFA3B43D2368
+19: 070795AEA2765A443213F9CA909DF6C4
+20: 7184D2F5644306FB6DD55F1C90C111CA
+21: F4FAEDF12FB40DE7CE7B08121A340557
+22: 86CE014AA863FD3030A26E6F8C178673
+23: 5A46BF2B3F14D5FEA884C3361EA87ED3
+24: 456584515D983D17ED4F3AE944BFB2C4
+25: E1E8F394691C2A9123023A8EE3FCBBEF
+26: AC73E8BD1758850DEDAA3817B01E6353
+27: 15AE5395CBC3371F81A6F5B05C52671F
+28: F15AA72D34C4E0EEF8DDDDA90D9A9539
+29: 3325E709043735898EA242E94D169112
+30: 044AB447754DADD4E2709FEE08D5CEA2
+31: E02DD5E86D32B3A6CC7F0016375AEC5F
+32: 790278BD19E2860618E24DC69993F92B
+33: F776D24FD90A43A78D000CFC1189E56A
+34: A3EE4A3D121280750F7C70E55DD40FF4
+35: 32928BBBF98DF4B9E107599DFB30364F
+36: B3E9296B529118B656D27AFF0F4D1A55
+37: 4668FD77100255C3406281EC813719AE
+38: 16F9FF27B26F13300DB8DEE2EDD023AA
+39: 9295F8435D688D12BE631A31B2531482
+40: D86917DF41ED4342C0ABF10628DBD1B4
+41: 1F5215B987C3F079769292E65D04B823
+42: F68B98BD2F12AACEBE78666AA83CA7D0
+43: 09BB635B67279F5A6B1D5C5D880A1357
+44: AE4ABBCC1D35CD8C4C254111D5F27158
+45: 5552B3E39DE67F759799A686222EE4EC
+46: 1CA439434B9FD2F24561A32A0A2A79C5
+47: 0E33BE7CE3B9A5CFF00A73BD27DFE9EF
+48: 6B7056FDC97983173D6B3D5BFC9B09B8
+49: DA293A4CB96FE3608CFFD89B927C9ED6
+
+