Move RC4 + SOBER128 to src/stream/

2017-04-24 21:36:25 +02:00 · 2017-04-24 21:36:25 +02:00 · fe14c8bfaf
commit fe14c8bfaf
parent 93317a1d6a
26 changed files with 1066 additions and 736 deletions
--- a/src/headers/tomcrypt_cipher.h
+++ b/src/headers/tomcrypt_cipher.h
@ -939,7 +939,7 @@ LTC_MUTEX_PROTO(ltc_cipher_mutex)
 /* ---- stream ciphers ---- */
-#ifdef LTC_CHACHA
+#ifdef LTC_CHACHA_STREAM
 typedef struct {
   ulong32 input[16];
@ -957,7 +957,41 @@ int chacha_keystream(chacha_state *st, unsigned char *out, unsigned long outlen)
 int chacha_done(chacha_state *st);
 int chacha_test(void);
-#endif /* LTC_CHACHA */
+#endif /* LTC_CHACHA_STREAM */
 #ifdef LTC_RC4_STREAM
 typedef struct {
   int x, y;
   unsigned char buf[256];
 } rc4_state;
 int rc4_setup(rc4_state *st, const unsigned char *key, unsigned long keylen);
 int rc4_crypt(rc4_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out);
 int rc4_keystream(rc4_state *st, unsigned char *out, unsigned long outlen);
 int rc4_stream_done(rc4_state *st);
 int rc4_test(void);
 #endif /* LTC_RC4_STREAM */
 #ifdef LTC_SOBER128_STREAM
 typedef struct {
   ulong32 R[17],       /* Working storage for the shift register */
           initR[17],   /* saved register contents */
           konst,       /* key dependent constant */
           sbuf;        /* partial word encryption buffer */
   int     nbuf;        /* number of part-word stream bits buffered */
 } sober128_state;
 int sober128_setup(sober128_state *st, const unsigned char *key, unsigned long keylen);
 int sober128_setiv(sober128_state *st, const unsigned char *iv, unsigned long ivlen);
 int sober128_crypt(sober128_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out);
 int sober128_keystream(sober128_state *st, unsigned char *out, unsigned long outlen);
 int sober128_stream_done(sober128_state *st);
 int sober128_test(void);
 #endif /* LTC_SOBER128_STREAM */
 /* $Source$ */
 /* $Revision$ */
--- a/src/headers/tomcrypt_custom.h
+++ b/src/headers/tomcrypt_custom.h
@ -189,8 +189,11 @@
 #define LTC_KASUMI
 #define LTC_MULTI2
 #define LTC_CAMELLIA
-/* ChaCha is special (a stream cipher) */
+
-#define LTC_CHACHA
+/* stream ciphers */
 #define LTC_CHACHA_STREAM
 #define LTC_RC4_STREAM
 #define LTC_SOBER128_STREAM
 #endif /* LTC_NO_CIPHERS */
@ -295,7 +298,7 @@
 /* a PRNG that simply reads from an available system source */
 #define LTC_SPRNG
-/* The LTC_RC4 stream cipher */
+/* The RC4 stream cipher based PRNG */
 #define LTC_RC4
 /* The ChaCha20 stream cipher based PRNG */
@ -304,7 +307,7 @@
 /* Fortuna PRNG */
 #define LTC_FORTUNA
-/* Greg's LTC_SOBER128 PRNG ;-0 */
+/* Greg's SOBER128 stream cipher based PRNG */
 #define LTC_SOBER128
 /* the *nix style /dev/random device */
@ -515,12 +518,20 @@
   #error PK requires ASN.1 DER functionality, make sure LTC_DER is enabled
 #endif
-#if defined(LTC_CHACHA20POLY1305_MODE) && (!defined(LTC_CHACHA) || !defined(LTC_POLY1305))
+#if defined(LTC_CHACHA20POLY1305_MODE) && (!defined(LTC_CHACHA_STREAM) || !defined(LTC_POLY1305))
-   #error LTC_CHACHA20POLY1305_MODE requires LTC_CHACHA + LTC_POLY1305
+   #error LTC_CHACHA20POLY1305_MODE requires LTC_CHACHA_STREAM + LTC_POLY1305
 #endif
-#if defined(LTC_CHACHA20_PRNG) && !defined(LTC_CHACHA)
+#if defined(LTC_CHACHA20_PRNG) && !defined(LTC_CHACHA_STREAM)
-   #error LTC_CHACHA20_PRNG requires LTC_CHACHA
+   #error LTC_CHACHA20_PRNG requires LTC_CHACHA_STREAM
 #endif
 #if defined(LTC_RC4) && !defined(LTC_RC4_STREAM)
   #error LTC_RC4 requires LTC_RC4_STREAM
 #endif
 #if defined(LTC_SOBER128) && !defined(LTC_SOBER128_STREAM)
   #error LTC_SOBER128 requires LTC_SOBER128_STREAM
 #endif
 #if defined(LTC_BLAKE2SMAC) && !defined(LTC_BLAKE2S)
@ -557,7 +568,7 @@
 /* Debuggers */
-/* define this if you use Valgrind, note: it CHANGES the way SOBER-128 and LTC_RC4 work (see the code) */
+/* define this if you use Valgrind, note: it CHANGES the way SOBER-128 and RC4 work (see the code) */
 /* #define LTC_VALGRIND */
 #endif
--- a/src/headers/tomcrypt_prng.h
+++ b/src/headers/tomcrypt_prng.h
@ -4,14 +4,12 @@ struct yarrow_prng {
    int                   cipher, hash;
    unsigned char         pool[MAXBLOCKSIZE];
    symmetric_CTR         ctr;
    LTC_MUTEX_TYPE(prng_lock)
 };
 #endif
 #ifdef LTC_RC4
 struct rc4_prng {
-    int x, y;
+    rc4_state s;
    unsigned char buf[256];
 };
 #endif
@ -20,7 +18,6 @@ struct chacha20_prng {
    chacha_state s;        /* chacha state */
    unsigned char ent[40]; /* entropy buffer */
    unsigned long idx;     /* entropy counter */
    short ready;           /* ready flag 0-1 */
 };
 #endif
@ -38,25 +35,19 @@ struct fortuna_prng {
                  wd;
    ulong64       reset_cnt;  /* number of times we have reset */
    LTC_MUTEX_TYPE(prng_lock)
 };
 #endif
 #ifdef LTC_SOBER128
 struct sober128_prng {
-    ulong32      R[17],          /* Working storage for the shift register */
+    sober128_state s;      /* sober128 state */
-                 initR[17],      /* saved register contents */
+    unsigned char ent[40]; /* entropy buffer */
-                 konst,          /* key dependent constant */
+    unsigned long idx;     /* entropy counter */
                 sbuf;           /* partial word encryption buffer */
    int          nbuf,           /* number of part-word stream bits buffered */
                 flag,           /* first add_entropy call or not? */
                 set;            /* did we call add_entropy to set key? */
 };
 #endif
-typedef union Prng_state {
+typedef struct {
   union {
      char dummy[1];
 #ifdef LTC_YARROW
      struct yarrow_prng    yarrow;
@ -73,6 +64,9 @@ typedef union Prng_state {
 #ifdef LTC_SOBER128
      struct sober128_prng  sober128;
 #endif
   };
   short ready;            /* ready flag 0-1 */
   LTC_MUTEX_TYPE(lock);   /* lock */
 } prng_state;
 /** PRNG descriptor */
--- a/src/misc/crypt/crypt.c
+++ b/src/misc/crypt/crypt.c
@ -124,9 +124,16 @@ const char *crypt_build_settings =
 #if defined(LTC_CAMELLIA)
   "   Camellia\n"
 #endif
-#if defined(LTC_CHACHA)
+   "Stream ciphers built-in:\n"
 #if defined(LTC_CHACHA_STREAM)
   "   ChaCha\n"
 #endif
 #if defined(LTC_RC4_STREAM)
   "   RC4\n"
 #endif
 #if defined(LTC_SOBER128_STREAM)
   "   SOBER128\n"
 #endif
    "\nHashes built-in:\n"
 #if defined(LTC_SHA3)
--- a/src/prngs/chacha20.c
+++ b/src/prngs/chacha20.c
@ -17,8 +17,8 @@
 const struct ltc_prng_descriptor chacha20_prng_desc =
 {
-   "chacha",
+   "chacha20",
-   sizeof(chacha_state),
+   40,
   &chacha20_prng_start,
   &chacha20_prng_add_entropy,
   &chacha20_prng_ready,
@ -37,9 +37,10 @@ const struct ltc_prng_descriptor chacha20_prng_desc =
 int chacha20_prng_start(prng_state *prng)
 {
   LTC_ARGCHK(prng != NULL);
-   prng->chacha.ready = 0;
+   prng->ready = 0;
-   XMEMSET(&prng->chacha.ent, 0, 40);
+   XMEMSET(&prng->chacha.ent, 0, sizeof(prng->chacha.ent));
   prng->chacha.idx = 0;
   LTC_MUTEX_INIT(&prng->lock)
   return CRYPT_OK;
 }
@ -60,23 +61,26 @@ int chacha20_prng_add_entropy(const unsigned char *in, unsigned long inlen, prng
   LTC_ARGCHK(in != NULL);
   LTC_ARGCHK(inlen > 0);
-   if (prng->chacha.ready) {
+   LTC_MUTEX_LOCK(&prng->lock);
   if (prng->ready) {
      /* chacha20_prng_ready() was already called, do "rekey" operation */
-      if ((err = chacha_keystream(&prng->chacha.s, buf, 40)) != CRYPT_OK)      return err;
+      if ((err = chacha_keystream(&prng->chacha.s, buf, sizeof(buf))) != CRYPT_OK) goto LBL_UNLOCK;
-      for(i = 0; i < inlen; i++) buf[i % 40] ^= in[i];
+      for(i = 0; i < inlen; i++) buf[i % sizeof(buf)] ^= in[i];
      /* key 32 bytes, 20 rounds */
-      if ((err = chacha_setup(&prng->chacha.s, buf, 32, 20)) != CRYPT_OK)      return err;
+      if ((err = chacha_setup(&prng->chacha.s, buf, 32, 20)) != CRYPT_OK)      goto LBL_UNLOCK;
      /* iv 8 bytes */
-      if ((err = chacha_ivctr64(&prng->chacha.s, buf + 32, 8, 0)) != CRYPT_OK) return err;
+      if ((err = chacha_ivctr64(&prng->chacha.s, buf + 32, 8, 0)) != CRYPT_OK) goto LBL_UNLOCK;
      /* clear KEY + IV */
-      XMEMSET(buf, 0, 40);
+      XMEMSET(buf, 0, sizeof(buf));
   }
   else {
      /* chacha20_prng_ready() was not called yet, add entropy to ent buffer */
-      while (inlen--) prng->chacha.ent[prng->chacha.idx++ % 40] ^= *in++;
+      while (inlen--) prng->chacha.ent[prng->chacha.idx++ % sizeof(prng->chacha.ent)] ^= *in++;
   }
-
+   err = CRYPT_OK;
-   return CRYPT_OK;
+LBL_UNLOCK:
   LTC_MUTEX_UNLOCK(&prng->lock);
   return err;
 }
 /**
@ -90,14 +94,18 @@ int chacha20_prng_ready(prng_state *prng)
   LTC_ARGCHK(prng != NULL);
   LTC_MUTEX_LOCK(&prng->lock);
   if (prng->ready)                                                    { err = CRYPT_OK; goto LBL_UNLOCK; }
   /* key 32 bytes, 20 rounds */
-   if ((err = chacha_setup(&prng->chacha.s, prng->chacha.ent, 32, 20)) != CRYPT_OK)      return err;
+   if ((err = chacha_setup(&prng->chacha.s, prng->chacha.ent, 32, 20)) != CRYPT_OK)      goto LBL_UNLOCK;
   /* iv 8 bytes */
-   if ((err = chacha_ivctr64(&prng->chacha.s, prng->chacha.ent + 32, 8, 0)) != CRYPT_OK) return err;
+   if ((err = chacha_ivctr64(&prng->chacha.s, prng->chacha.ent + 32, 8, 0)) != CRYPT_OK) goto LBL_UNLOCK;
-   XMEMSET(&prng->chacha.ent, 0, 40);
+   XMEMSET(&prng->chacha.ent, 0, sizeof(prng->chacha.ent));
   prng->chacha.ready = 1;
   prng->chacha.idx = 0;
-   return CRYPT_OK;
+   prng->ready = 1;
 LBL_UNLOCK:
   LTC_MUTEX_UNLOCK(&prng->lock);
   return err;
 }
 /**
@ -109,8 +117,12 @@ int chacha20_prng_ready(prng_state *prng)
 */
 unsigned long chacha20_prng_read(unsigned char *out, unsigned long outlen, prng_state *prng)
 {
-   LTC_ARGCHK(prng != NULL);
+   if (outlen == 0 || prng == NULL || out == NULL) return 0;
-   if (chacha_keystream(&prng->chacha.s, out, outlen) != CRYPT_OK) return 0;
+   LTC_MUTEX_LOCK(&prng->lock);
   if (!prng->ready) { outlen = 0; goto LBL_UNLOCK; }
   if (chacha_keystream(&prng->chacha.s, out, outlen) != CRYPT_OK) outlen = 0;
 LBL_UNLOCK:
   LTC_MUTEX_UNLOCK(&prng->lock);
   return outlen;
 }
@ -121,8 +133,13 @@ unsigned long chacha20_prng_read(unsigned char *out, unsigned long outlen, prng_
 */
 int chacha20_prng_done(prng_state *prng)
 {
   int err;
   LTC_ARGCHK(prng != NULL);
-   return chacha_done(&prng->chacha.s);
+   LTC_MUTEX_LOCK(&prng->lock);
   prng->ready = 0;
   err = chacha_done(&prng->chacha.s);
   LTC_MUTEX_UNLOCK(&prng->lock);
   return err;
 }
 /**
@ -134,19 +151,21 @@ int chacha20_prng_done(prng_state *prng)
 */
 int chacha20_prng_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
 {
-   unsigned long len = sizeof(chacha_state);
+   unsigned long len = chacha20_prng_desc.export_size;
-   LTC_ARGCHK(outlen != NULL);
+
-   LTC_ARGCHK(out    != NULL);
+   LTC_ARGCHK(prng   != NULL);
-   LTC_ARGCHK(prng   != NULL);
+   LTC_ARGCHK(out    != NULL);
   LTC_ARGCHK(outlen != NULL);
   if (!prng->chacha.ready) {
      return CRYPT_ERROR;
   }
   if (*outlen < len) {
      *outlen = len;
      return CRYPT_BUFFER_OVERFLOW;
   }
-   XMEMCPY(out, &prng->chacha.s, len);
+
   if (chacha20_prng_read(out, len, prng) != len) {
      return CRYPT_ERROR_READPRNG;
   }
   *outlen = len;
   return CRYPT_OK;
 }
@ -160,13 +179,14 @@ int chacha20_prng_export(unsigned char *out, unsigned long *outlen, prng_state *
 */
 int chacha20_prng_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
 {
-   unsigned long len = sizeof(chacha_state);
+   int err;
   LTC_ARGCHK(in   != NULL);
   LTC_ARGCHK(prng != NULL);
-   if (inlen != len) return CRYPT_INVALID_ARG;
+   LTC_ARGCHK(prng != NULL);
-   XMEMCPY(&prng->chacha.s, in, inlen);
+   LTC_ARGCHK(in   != NULL);
-   prng->chacha.ready = 1;
+   if (inlen < (unsigned long)chacha20_prng_desc.export_size) return CRYPT_INVALID_ARG;
   if ((err = chacha20_prng_start(prng)) != CRYPT_OK)                  return err;
   if ((err = chacha20_prng_add_entropy(in, inlen, prng)) != CRYPT_OK) return err;
   return CRYPT_OK;
 }
@ -188,29 +208,32 @@ int chacha20_prng_test(void)
   unsigned char dmp[300];
   unsigned long dmplen = sizeof(dmp);
   unsigned char out[500];
-   unsigned char t1[] = { 0x59, 0xb2, 0x26, 0x95, 0x2b, 0x01, 0x8f, 0x05, 0xbe, 0xd8 };
+   unsigned char t1[] = { 0x59, 0xB2, 0x26, 0x95, 0x2B, 0x01, 0x8F, 0x05, 0xBE, 0xD8 };
-   unsigned char t2[] = { 0x30, 0x34, 0x5c, 0x6e, 0x56, 0x18, 0x8c, 0x46, 0xbe, 0x8a };
+   unsigned char t2[] = { 0x47, 0xC9, 0x0D, 0x03, 0xE4, 0x75, 0x34, 0x27, 0xBD, 0xDE };
   unsigned char t3[] = { 0xBC, 0xFA, 0xEF, 0x59, 0x37, 0x7F, 0x1A, 0x91, 0x1A, 0xA6 };
   int err;
-   chacha20_prng_start(&st);
+   if ((err = chacha20_prng_start(&st)) != CRYPT_OK)                       return err;
-   chacha20_prng_add_entropy(en, sizeof(en), &st); /* add entropy to uninitialized prng */
+   /* add entropy to uninitialized prng */
-   chacha20_prng_ready(&st);
+   if ((err = chacha20_prng_add_entropy(en, sizeof(en), &st)) != CRYPT_OK) return err;
-   chacha20_prng_read(out, 10, &st);  /* 10 bytes for testing */
+   if ((err = chacha20_prng_ready(&st)) != CRYPT_OK)                       return err;
   if (chacha20_prng_read(out, 10, &st) != 10)                             return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
   if (compare_testvector(out, 10, t1, sizeof(t1), "CHACHA-PRNG", 1))      return CRYPT_FAIL_TESTVECTOR;
-   chacha20_prng_read(out, 500, &st);
+   if (chacha20_prng_read(out, 500, &st) != 500)                           return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
-   chacha20_prng_add_entropy(en, sizeof(en), &st); /* add entropy to already initialized prng */
+   /* add entropy to already initialized prng */
-   chacha20_prng_read(out, 500, &st);
+   if ((err = chacha20_prng_add_entropy(en, sizeof(en), &st)) != CRYPT_OK) return err;
-   chacha20_prng_export(dmp, &dmplen, &st);
+   if (chacha20_prng_read(out, 500, &st) != 500)                           return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
-   chacha20_prng_read(out, 500, &st); /* skip 500 bytes */
+   if ((err = chacha20_prng_export(dmp, &dmplen, &st)) != CRYPT_OK)        return err;
-   chacha20_prng_read(out, 10, &st);  /* 10 bytes for testing */
+   if (chacha20_prng_read(out, 500, &st) != 500)                           return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
   if (chacha20_prng_read(out, 10, &st) != 10)                             return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
   if (compare_testvector(out, 10, t2, sizeof(t2), "CHACHA-PRNG", 2))      return CRYPT_FAIL_TESTVECTOR;
-   chacha20_prng_done(&st);
+   if ((err = chacha20_prng_done(&st)) != CRYPT_OK)                        return err;
-
+   if ((err = chacha20_prng_import(dmp, dmplen, &st)) != CRYPT_OK)         return err;
-   XMEMSET(&st, 0xFF, sizeof(st)); /* just to be sure */
+   if ((err = chacha20_prng_ready(&st)) != CRYPT_OK)                       return err;
-   chacha20_prng_import(dmp, dmplen, &st);
+   if (chacha20_prng_read(out, 500, &st) != 500)                           return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
-   chacha20_prng_read(out, 500, &st); /* skip 500 bytes */
+   if (chacha20_prng_read(out, 10, &st) != 10)                             return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
-   chacha20_prng_read(out, 10, &st);  /* 10 bytes for testing */
+   if (compare_testvector(out, 10, t3, sizeof(t3), "CHACHA-PRNG", 3))      return CRYPT_FAIL_TESTVECTOR;
-   if (compare_testvector(out, 10, t2, sizeof(t2), "CHACHA-PRNG", 3)) return CRYPT_FAIL_TESTVECTOR;
+   if ((err = chacha20_prng_done(&st)) != CRYPT_OK)                        return err;
   chacha20_prng_done(&st);
   return CRYPT_OK;
 #endif
--- a/src/prngs/fortuna.c
+++ b/src/prngs/fortuna.c
@ -5,8 +5,6 @@
 *
 * The library is free for all purposes without any express
 * guarantee it works.
 *
 * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
 */
 #include "tomcrypt.h"
@ -133,6 +131,7 @@ int fortuna_start(prng_state *prng)
   unsigned char tmp[MAXBLOCKSIZE];
   LTC_ARGCHK(prng != NULL);
   prng->ready = 0;
   /* initialize the pools */
   for (x = 0; x < LTC_FORTUNA_POOLS; x++) {
@ -156,7 +155,7 @@ int fortuna_start(prng_state *prng)
   }
   zeromem(prng->fortuna.IV, 16);
-   LTC_MUTEX_INIT(&prng->fortuna.prng_lock)
+   LTC_MUTEX_INIT(&prng->lock)
   return CRYPT_OK;
 }
@ -173,27 +172,25 @@ int fortuna_add_entropy(const unsigned char *in, unsigned long inlen, prng_state
   unsigned char tmp[2];
   int           err;
   LTC_ARGCHK(in  != NULL);
   LTC_ARGCHK(prng != NULL);
-
+   LTC_ARGCHK(in != NULL);
-   LTC_MUTEX_LOCK(&prng->fortuna.prng_lock);
+   LTC_ARGCHK(inlen > 0);
   /* ensure inlen <= 32 */
   if (inlen > 32) {
-      LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
+      inlen = 32;
      return CRYPT_INVALID_ARG;
   }
   /* add s || length(in) || in to pool[pool_idx] */
   tmp[0] = 0;
   tmp[1] = (unsigned char)inlen;
   LTC_MUTEX_LOCK(&prng->lock);
   if ((err = sha256_process(&prng->fortuna.pool[prng->fortuna.pool_idx], tmp, 2)) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
+      goto LBL_UNLOCK;
      return err;
   }
   if ((err = sha256_process(&prng->fortuna.pool[prng->fortuna.pool_idx], in, inlen)) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
+      goto LBL_UNLOCK;
      return err;
   }
   if (prng->fortuna.pool_idx == 0) {
      prng->fortuna.pool0_len += inlen;
@ -201,9 +198,11 @@ int fortuna_add_entropy(const unsigned char *in, unsigned long inlen, prng_state
   if (++(prng->fortuna.pool_idx) == LTC_FORTUNA_POOLS) {
      prng->fortuna.pool_idx = 0;
   }
   err = CRYPT_OK; /* success */
-   LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
+LBL_UNLOCK:
-   return CRYPT_OK;
+   LTC_MUTEX_UNLOCK(&prng->lock);
   return err;
 }
 /**
@ -213,7 +212,15 @@ int fortuna_add_entropy(const unsigned char *in, unsigned long inlen, prng_state
 */
 int fortuna_ready(prng_state *prng)
 {
-   return fortuna_reseed(prng);
+   int err;
   LTC_ARGCHK(prng != NULL);
   LTC_MUTEX_LOCK(&prng->lock);
   err = fortuna_reseed(prng);
   prng->ready = (err == CRYPT_OK) ? 1 : 0;
   LTC_MUTEX_UNLOCK(&prng->lock);
   return err;
 }
 /**
@ -226,18 +233,20 @@ int fortuna_ready(prng_state *prng)
 unsigned long fortuna_read(unsigned char *out, unsigned long outlen, prng_state *prng)
 {
   unsigned char tmp[16];
-   unsigned long tlen;
+   unsigned long tlen = 0;
-   LTC_ARGCHK(out  != NULL);
+   if (outlen == 0 || prng == NULL || out == NULL) return 0;
   LTC_ARGCHK(prng != NULL);
-   LTC_MUTEX_LOCK(&prng->fortuna.prng_lock);
+   LTC_MUTEX_LOCK(&prng->lock);
   if (!prng->ready) {
      goto LBL_UNLOCK;
   }
   /* do we have to reseed? */
   if (++prng->fortuna.wd == LTC_FORTUNA_WD || prng->fortuna.pool0_len >= 64) {
      if (fortuna_reseed(prng) != CRYPT_OK) {
-         LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
+         goto LBL_UNLOCK;
         return 0;
      }
   }
@ -268,14 +277,14 @@ unsigned long fortuna_read(unsigned char *out, unsigned long outlen, prng_state
   fortuna_update_iv(prng);
   if (rijndael_setup(prng->fortuna.K, 32, 0, &prng->fortuna.skey) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
+      tlen = 0;
      return 0;
   }
 #ifdef LTC_CLEAN_STACK
   zeromem(tmp, sizeof(tmp));
 #endif
-   LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
+LBL_UNLOCK:
   LTC_MUTEX_UNLOCK(&prng->lock);
   return tlen;
 }
@ -290,23 +299,25 @@ int fortuna_done(prng_state *prng)
   unsigned char tmp[32];
   LTC_ARGCHK(prng != NULL);
-   LTC_MUTEX_LOCK(&prng->fortuna.prng_lock);
+
   LTC_MUTEX_LOCK(&prng->lock);
   prng->ready = 0;
   /* terminate all the hashes */
   for (x = 0; x < LTC_FORTUNA_POOLS; x++) {
       if ((err = sha256_done(&(prng->fortuna.pool[x]), tmp)) != CRYPT_OK) {
-          LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
+          goto LBL_UNLOCK;
          return err;
       }
   }
   /* call cipher done when we invent one ;-) */
   err = CRYPT_OK; /* success */
 #ifdef LTC_CLEAN_STACK
   zeromem(tmp, sizeof(tmp));
 #endif
-
+LBL_UNLOCK:
-   LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
+   LTC_MUTEX_UNLOCK(&prng->lock);
-   return CRYPT_OK;
+   return err;
 }
 /**
@ -325,19 +336,24 @@ int fortuna_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
   LTC_ARGCHK(outlen != NULL);
   LTC_ARGCHK(prng   != NULL);
-   LTC_MUTEX_LOCK(&prng->fortuna.prng_lock);
+   LTC_MUTEX_LOCK(&prng->lock);
   if (!prng->ready) {
      err = CRYPT_ERROR;
      goto LBL_UNLOCK;
   }
   /* we'll write bytes for s&g's */
   if (*outlen < 32*LTC_FORTUNA_POOLS) {
      LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
      *outlen = 32*LTC_FORTUNA_POOLS;
-      return CRYPT_BUFFER_OVERFLOW;
+      err = CRYPT_BUFFER_OVERFLOW;
      goto LBL_UNLOCK;
   }
   md = XMALLOC(sizeof(hash_state));
   if (md == NULL) {
-      LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
+      err = CRYPT_MEM;
-      return CRYPT_MEM;
+      goto LBL_UNLOCK;
   }
   /* to emit the state we copy each pool, terminate it then hash it again so
@ -371,7 +387,8 @@ LBL_ERR:
   zeromem(md, sizeof(*md));
 #endif
   XFREE(md);
-   LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
+LBL_UNLOCK:
   LTC_MUTEX_UNLOCK(&prng->lock);
   return err;
 }
@ -401,7 +418,7 @@ int fortuna_import(const unsigned char *in, unsigned long inlen, prng_state *prn
         return err;
      }
   }
-   return err;
+   return CRYPT_OK;
 }
 /**
--- a/src/prngs/rc4.c
+++ b/src/prngs/rc4.c
@ -5,21 +5,20 @@
 *
 * The library is free for all purposes without any express
 * guarantee it works.
 *
 * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
 */
 #include "tomcrypt.h"
 /**
  @file rc4.c
-  LTC_RC4 PRNG, Tom St Denis
+  RC4 PRNG, Tom St Denis
 */
 #ifdef LTC_RC4
 const struct ltc_prng_descriptor rc4_desc =
 {
-   "rc4", 32,
+   "rc4",
   32,
   &rc4_start,
   &rc4_add_entropy,
   &rc4_ready,
@ -38,10 +37,12 @@ const struct ltc_prng_descriptor rc4_desc =
 int rc4_start(prng_state *prng)
 {
   LTC_ARGCHK(prng != NULL);
-
+   prng->ready = 0;
-    /* set keysize to zero */
+   /* set entropy (key) size to zero */
-    prng->rc4.x = 0;
+   prng->rc4.s.x = 0;
-
+   /* clear entropy (key) buffer */
   XMEMSET(&prng->rc4.s.buf, 0, sizeof(prng->rc4.s.buf));
   LTC_MUTEX_INIT(&prng->lock)
   return CRYPT_OK;
 }
@ -54,26 +55,32 @@ int rc4_start(prng_state *prng)
 */
 int rc4_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng)
 {
-    LTC_ARGCHK(in  != NULL);
+   unsigned char buf[256];
   unsigned long i;
   int err;
   LTC_ARGCHK(prng != NULL);
   LTC_ARGCHK(in != NULL);
   LTC_ARGCHK(inlen > 0);
-    /* trim as required */
+   LTC_MUTEX_LOCK(&prng->lock);
-    if (prng->rc4.x + inlen > 256) {
+   if (prng->ready) {
-       if (prng->rc4.x == 256) {
+      /* rc4_ready() was already called, do "rekey" operation */
-          /* I can't possibly accept another byte, ok maybe a mint wafer... */
+      if ((err = rc4_keystream(&prng->rc4.s, buf, sizeof(buf))) != CRYPT_OK)    goto LBL_UNLOCK;
-          return CRYPT_OK;
+      for(i = 0; i < inlen; i++) buf[i % sizeof(buf)] ^= in[i];
-       } else {
+      /* initialize RC4 */
-          /* only accept part of it */
+      if ((err = rc4_setup(&prng->rc4.s, buf, sizeof(buf))) != CRYPT_OK)        goto LBL_UNLOCK;
-          inlen = 256 - prng->rc4.x;
+      /* drop first 3072 bytes - https://en.wikipedia.org/wiki/RC4#Fluhrer.2C_Mantin_and_Shamir_attack */
      for (i = 0; i < 12; i++) rc4_keystream(&prng->rc4.s, buf, sizeof(buf));
   }
   else {
      /* rc4_ready() was not called yet, add entropy to the buffer */
      while (inlen--) prng->rc4.s.buf[prng->rc4.s.x++ % sizeof(prng->rc4.s.buf)] ^= *in++;
   }
-
+   err = CRYPT_OK;
-    while (inlen--) {
+LBL_UNLOCK:
-       prng->rc4.buf[prng->rc4.x++] = *in++;
+   LTC_MUTEX_UNLOCK(&prng->lock);
-    }
+   return err;
    return CRYPT_OK;
 }
 /**
@ -83,36 +90,24 @@ int rc4_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *pr
 */
 int rc4_ready(prng_state *prng)
 {
-    unsigned char key[256], tmp, *s;
+   unsigned char buf[256] = { 0 };
-    int keylen, x, y, j;
+   unsigned long len;
   int err, i;
   LTC_ARGCHK(prng != NULL);
-    /* extract the key */
+   LTC_MUTEX_LOCK(&prng->lock);
-    s = prng->rc4.buf;
+   if (prng->ready) { err = CRYPT_OK; goto LBL_UNLOCK; }
-    XMEMCPY(key, s, 256);
+   XMEMCPY(buf, prng->rc4.s.buf, sizeof(buf));
-    keylen = prng->rc4.x;
+   /* initialize RC4 */
-
+   len = MIN(prng->rc4.s.x, 256); /* TODO: we can perhaps always use all 256 bytes */
-    /* make LTC_RC4 perm and shuffle */
+   if ((err = rc4_setup(&prng->rc4.s, buf, len)) != CRYPT_OK) goto LBL_UNLOCK;
-    for (x = 0; x < 256; x++) {
+   /* drop first 3072 bytes - https://en.wikipedia.org/wiki/RC4#Fluhrer.2C_Mantin_and_Shamir_attack */
-        s[x] = x;
+   for (i = 0; i < 12; i++) rc4_keystream(&prng->rc4.s, buf, sizeof(buf));
-    }
+   prng->ready = 1;
-
+LBL_UNLOCK:
-    for (j = x = y = 0; x < 256; x++) {
+   LTC_MUTEX_UNLOCK(&prng->lock);
-        y = (y + prng->rc4.buf[x] + key[j++]) & 255;
+   return err;
        if (j == keylen) {
           j = 0;
        }
        tmp = s[x]; s[x] = s[y]; s[y] = tmp;
    }
    prng->rc4.x = 0;
    prng->rc4.y = 0;
 #ifdef LTC_CLEAN_STACK
    zeromem(key, sizeof(key));
 #endif
    return CRYPT_OK;
 }
 /**
@ -124,30 +119,13 @@ int rc4_ready(prng_state *prng)
 */
 unsigned long rc4_read(unsigned char *out, unsigned long outlen, prng_state *prng)
 {
-   unsigned char x, y, *s, tmp;
+   if (outlen == 0 || prng == NULL || out == NULL) return 0;
-   unsigned long n;
+   LTC_MUTEX_LOCK(&prng->lock);
-
+   if (!prng->ready) { outlen = 0; goto LBL_UNLOCK; }
-   LTC_ARGCHK(out != NULL);
+   if (rc4_keystream(&prng->rc4.s, out, outlen) != CRYPT_OK) outlen = 0;
-   LTC_ARGCHK(prng != NULL);
+LBL_UNLOCK:
-
+   LTC_MUTEX_UNLOCK(&prng->lock);
-#ifdef LTC_VALGRIND
+   return outlen;
   zeromem(out, outlen);
 #endif
   n = outlen;
   x = prng->rc4.x;
   y = prng->rc4.y;
   s = prng->rc4.buf;
   while (outlen--) {
      x = (x + 1) & 255;
      y = (y + s[x]) & 255;
      tmp = s[x]; s[x] = s[y]; s[y] = tmp;
      tmp = (s[x] + s[y]) & 255;
      *out++ ^= s[tmp];
   }
   prng->rc4.x = x;
   prng->rc4.y = y;
   return n;
 }
 /**
@ -157,8 +135,13 @@ unsigned long rc4_read(unsigned char *out, unsigned long outlen, prng_state *prn
 */
 int rc4_done(prng_state *prng)
 {
   int err;
   LTC_ARGCHK(prng != NULL);
-   return CRYPT_OK;
+   LTC_MUTEX_LOCK(&prng->lock);
   prng->ready = 0;
   err = rc4_stream_done(&prng->rc4.s);
   LTC_MUTEX_UNLOCK(&prng->lock);
   return err;
 }
 /**
@ -170,20 +153,22 @@ int rc4_done(prng_state *prng)
 */
 int rc4_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
 {
-   LTC_ARGCHK(outlen != NULL);
+   unsigned long len = rc4_desc.export_size;
   LTC_ARGCHK(out    != NULL);
   LTC_ARGCHK(prng   != NULL);
-   if (*outlen < 32) {
+   LTC_ARGCHK(prng   != NULL);
-      *outlen = 32;
+   LTC_ARGCHK(out    != NULL);
   LTC_ARGCHK(outlen != NULL);
   if (*outlen < len) {
      *outlen = len;
      return CRYPT_BUFFER_OVERFLOW;
   }
-   if (rc4_read(out, 32, prng) != 32) {
+   if (rc4_read(out, len, prng) != len) {
      return CRYPT_ERROR_READPRNG;
   }
   *outlen = 32;
   *outlen = len;
   return CRYPT_OK;
 }
@ -197,17 +182,14 @@ int rc4_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
 int rc4_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
 {
   int err;
-   LTC_ARGCHK(in   != NULL);
+
   LTC_ARGCHK(prng != NULL);
   LTC_ARGCHK(in   != NULL);
   if (inlen < (unsigned long)rc4_desc.export_size) return CRYPT_INVALID_ARG;
-   if (inlen != 32) {
+   if ((err = rc4_start(prng)) != CRYPT_OK)                  return err;
-      return CRYPT_INVALID_ARG;
+   if ((err = rc4_add_entropy(in, inlen, prng)) != CRYPT_OK) return err;
-   }
+   return CRYPT_OK;
   if ((err = rc4_start(prng)) != CRYPT_OK) {
      return err;
   }
   return rc4_add_entropy(in, 32, prng);
 }
 /**
@ -216,54 +198,43 @@ int rc4_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
 */
 int rc4_test(void)
 {
-#if !defined(LTC_TEST) || defined(LTC_VALGRIND)
+#ifndef LTC_TEST
   return CRYPT_NOP;
 #else
-   static const struct {
+   prng_state st;
-      unsigned char key[8], pt[8], ct[8];
+   unsigned char en[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
-   } tests[] = {
+                          0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
-{
+                          0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e,
-   { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
+                          0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
-   { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef },
+                          0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32 };
-   { 0x75, 0xb7, 0x87, 0x80, 0x99, 0xe0, 0xc5, 0x96 }
+   unsigned char dmp[500];
-}
+   unsigned long dmplen = sizeof(dmp);
-};
+   unsigned char out[1000];
-   prng_state prng;
+   unsigned char t1[] = { 0xE0, 0x4D, 0x9A, 0xF6, 0xA8, 0x9D, 0x77, 0x53, 0xAE, 0x09 };
-   unsigned char dst[8];
+   unsigned char t2[] = { 0x9D, 0x3C, 0xC6, 0x64, 0x36, 0xB6, 0x76, 0xD5, 0xEB, 0x93 };
-   int err, x;
+   unsigned char t3[] = { 0x6B, 0x6D, 0xF5, 0xCB, 0x84, 0x37, 0x8F, 0x02, 0xA2, 0x90 };
   int err;
   if ((err = rc4_start(&st)) != CRYPT_OK)                         return err;
   if ((err = rc4_add_entropy(en, sizeof(en), &st)) != CRYPT_OK)   return err;
   if ((err = rc4_ready(&st)) != CRYPT_OK)                         return err;
   if (rc4_read(out, 10, &st) != 10)                               return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
   if (compare_testvector(out, 10, t1, sizeof(t1), "RC4-PRNG", 1)) return CRYPT_FAIL_TESTVECTOR;
   if (rc4_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG;
   if ((err = rc4_export(dmp, &dmplen, &st)) != CRYPT_OK)          return err;
   if (rc4_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
   if (rc4_read(out, 10, &st) != 10)                               return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
   if (compare_testvector(out, 10, t2, sizeof(t2), "RC4-PRNG", 2)) return CRYPT_FAIL_TESTVECTOR;
   if ((err = rc4_done(&st)) != CRYPT_OK)                          return err;
   if ((err = rc4_import(dmp, dmplen, &st)) != CRYPT_OK)           return err;
   if ((err = rc4_ready(&st)) != CRYPT_OK)                         return err;
   if (rc4_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
   if (rc4_read(out, 10, &st) != 10)                               return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
   if (compare_testvector(out, 10, t3, sizeof(t3), "RC4-PRNG", 3)) return CRYPT_FAIL_TESTVECTOR;
   if ((err = rc4_done(&st)) != CRYPT_OK)                          return err;
   for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
       if ((err = rc4_start(&prng)) != CRYPT_OK) {
          return err;
       }
       if ((err = rc4_add_entropy(tests[x].key, 8, &prng)) != CRYPT_OK) {
          return err;
       }
       if ((err = rc4_ready(&prng)) != CRYPT_OK) {
          return err;
       }
       XMEMCPY(dst, tests[x].pt, 8);
       if (rc4_read(dst, 8, &prng) != 8) {
          return CRYPT_ERROR_READPRNG;
       }
       rc4_done(&prng);
       if (XMEMCMP(dst, tests[x].ct, 8)) {
 #if 0
          int y;
          printf("\n\nLTC_RC4 failed, I got:\n");
          for (y = 0; y < 8; y++) printf("%02x ", dst[y]);
          printf("\n");
 #endif
          return CRYPT_FAIL_TESTVECTOR;
       }
   }
   return CRYPT_OK;
 #endif
 }
 #endif
 /* $Source$ */
 /* $Revision$ */
 /* $Date$ */
--- a/src/prngs/rng_get_bytes.c
+++ b/src/prngs/rng_get_bytes.c
@ -5,8 +5,6 @@
 *
 * The library is free for all purposes without any express
 * guarantee it works.
 *
 * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
 */
 #include "tomcrypt.h"
--- a/src/prngs/rng_make_prng.c
+++ b/src/prngs/rng_make_prng.c
@ -5,8 +5,6 @@
 *
 * The library is free for all purposes without any express
 * guarantee it works.
 *
 * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
 */
 #include "tomcrypt.h"
--- a/src/prngs/sober128.c
+++ b/src/prngs/sober128.c
@ -5,9 +5,8 @@
 *
 * The library is free for all purposes without any express
 * guarantee it works.
 *
 * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
 */
 #include "tomcrypt.h"
 /**
@ -18,12 +17,10 @@
 #ifdef LTC_SOBER128
 #define __LTC_SOBER128TAB_C__
 #include "sober128tab.c"
 const struct ltc_prng_descriptor sober128_desc =
 {
-   "sober128", 64,
+   "sober128",
   40,
   &sober128_start,
   &sober128_add_entropy,
   &sober128_ready,
@ -34,74 +31,6 @@ const struct ltc_prng_descriptor sober128_desc =
   &sober128_test
 };
 /* don't change these... */
 #define N                        17
 #define FOLD                      N /* how many iterations of folding to do */
 #define INITKONST        0x6996c53a /* value of KONST to use during key loading */
 #define KEYP                     15 /* where to insert key words */
 #define FOLDP                     4 /* where to insert non-linear feedback */
 #define B(x,i) ((unsigned char)(((x) >> (8*i)) & 0xFF))
 static ulong32 BYTE2WORD(unsigned char *b)
 {
   ulong32 t;
   LOAD32L(t, b);
   return t;
 }
 #define WORD2BYTE(w, b) STORE32L(b, w)
 static void XORWORD(ulong32 w, unsigned char *b)
 {
   ulong32 t;
   LOAD32L(t, b);
   t ^= w;
   STORE32L(t, b);
 }
 /* give correct offset for the current position of the register,
 * where logically R[0] is at position "zero".
 */
 #define OFF(zero, i) (((zero)+(i)) % N)
 /* step the LFSR */
 /* After stepping, "zero" moves right one place */
 #define STEP(R,z) \
    R[OFF(z,0)] = R[OFF(z,15)] ^ R[OFF(z,4)] ^ (R[OFF(z,0)] << 8) ^ Multab[(R[OFF(z,0)] >> 24) & 0xFF];
 static void cycle(ulong32 *R)
 {
    ulong32 t;
    int     i;
    STEP(R,0);
    t = R[0];
    for (i = 1; i < N; ++i) {
        R[i-1] = R[i];
    }
    R[N-1] = t;
 }
 /* Return a non-linear function of some parts of the register.
 */
 #define NLFUNC(c,z) \
 { \
    t = c->R[OFF(z,0)] + c->R[OFF(z,16)]; \
    t ^= Sbox[(t >> 24) & 0xFF]; \
    t = RORc(t, 8); \
    t = ((t + c->R[OFF(z,1)]) ^ c->konst) + c->R[OFF(z,6)]; \
    t ^= Sbox[(t >> 24) & 0xFF]; \
    t = t + c->R[OFF(z,13)]; \
 }
 static ulong32 nltap(struct sober128_prng *c)
 {
    ulong32 t;
    NLFUNC(c, 0);
    return t;
 }
 /**
  Start the PRNG
  @param prng     [out] The PRNG state to initialize
@ -109,95 +38,14 @@ static ulong32 nltap(struct sober128_prng *c)
 */
 int sober128_start(prng_state *prng)
 {
    int                   i;
    struct sober128_prng *c;
   LTC_ARGCHK(prng != NULL);
-
+   prng->ready = 0;
-    c = &(prng->sober128);
+   XMEMSET(&prng->sober128.ent, 0, sizeof(prng->sober128.ent));
-
+   prng->sober128.idx = 0;
-    /* Register initialised to Fibonacci numbers */
+   LTC_MUTEX_INIT(&prng->lock)
    c->R[0] = 1;
    c->R[1] = 1;
    for (i = 2; i < N; ++i) {
       c->R[i] = c->R[i-1] + c->R[i-2];
    }
    c->konst = INITKONST;
    /* next add_entropy will be the key */
    c->flag  = 1;
    c->set   = 0;
   return CRYPT_OK;
 }
 /* Save the current register state
 */
 static void s128_savestate(struct sober128_prng *c)
 {
    int i;
    for (i = 0; i < N; ++i) {
        c->initR[i] = c->R[i];
    }
 }
 /* initialise to previously saved register state
 */
 static void s128_reloadstate(struct sober128_prng *c)
 {
    int i;
    for (i = 0; i < N; ++i) {
        c->R[i] = c->initR[i];
    }
 }
 /* Initialise "konst"
 */
 static void s128_genkonst(struct sober128_prng *c)
 {
    ulong32 newkonst;
    do {
       cycle(c->R);
       newkonst = nltap(c);
    } while ((newkonst & 0xFF000000) == 0);
    c->konst = newkonst;
 }
 /* Load key material into the register
 */
 #define ADDKEY(k) \
   c->R[KEYP] += (k);
 #define XORNL(nl) \
   c->R[FOLDP] ^= (nl);
 /* nonlinear diffusion of register for key */
 #define DROUND(z) STEP(c->R,z); NLFUNC(c,(z+1)); c->R[OFF((z+1),FOLDP)] ^= t;
 static void s128_diffuse(struct sober128_prng *c)
 {
    ulong32 t;
    /* relies on FOLD == N == 17! */
    DROUND(0);
    DROUND(1);
    DROUND(2);
    DROUND(3);
    DROUND(4);
    DROUND(5);
    DROUND(6);
    DROUND(7);
    DROUND(8);
    DROUND(9);
    DROUND(10);
    DROUND(11);
    DROUND(12);
    DROUND(13);
    DROUND(14);
    DROUND(15);
    DROUND(16);
 }
 /**
  Add entropy to the PRNG state
  @param in       The data to add
@ -207,63 +55,34 @@ static void s128_diffuse(struct sober128_prng *c)
 */
 int sober128_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng)
 {
-    struct sober128_prng *c;
+   unsigned char buf[40];
-    ulong32               i, k;
+   unsigned long i;
   int err;
    LTC_ARGCHK(in != NULL);
   LTC_ARGCHK(prng != NULL);
-    c = &(prng->sober128);
+   LTC_ARGCHK(in != NULL);
   LTC_ARGCHK(inlen > 0);
-    if (c->flag == 1) {
+   LTC_MUTEX_LOCK(&prng->lock);
-       /* this is the first call to the add_entropy so this input is the key */
+   if (prng->ready) {
-       /* inlen must be multiple of 4 bytes */
+      /* sober128_ready() was already called, do "rekey" operation */
-       if ((inlen & 3) != 0) {
+      if ((err = sober128_keystream(&prng->sober128.s, buf, sizeof(buf))) != CRYPT_OK) goto LBL_UNLOCK;
-          return CRYPT_INVALID_KEYSIZE;
+      for(i = 0; i < inlen; i++) buf[i % sizeof(buf)] ^= in[i];
      /* key 32 bytes, 20 rounds */
      if ((err = sober128_setup(&prng->sober128.s, buf, 32)) != CRYPT_OK)       goto LBL_UNLOCK;
      /* iv 8 bytes */
      if ((err = sober128_setiv(&prng->sober128.s, buf + 32, 8)) != CRYPT_OK)   goto LBL_UNLOCK;
      /* clear KEY + IV */
      XMEMSET(buf, 0, sizeof(buf));
   }
-
+   else {
-       for (i = 0; i < inlen; i += 4) {
+      /* sober128_ready() was not called yet, add entropy to ent buffer */
-           k = BYTE2WORD((unsigned char *)&in[i]);
+      while (inlen--) prng->sober128.ent[prng->sober128.idx++ % sizeof(prng->sober128.ent)] ^= *in++;
          ADDKEY(k);
          cycle(c->R);
          XORNL(nltap(c));
   }
-
+   err = CRYPT_OK;
-       /* also fold in the length of the key */
+LBL_UNLOCK:
-       ADDKEY(inlen);
+   LTC_MUTEX_UNLOCK(&prng->lock);
-
+   return err;
       /* now diffuse */
       s128_diffuse(c);
       s128_genkonst(c);
       s128_savestate(c);
       c->nbuf = 0;
       c->flag = 0;
       c->set  = 1;
    } else {
       /* ok we are adding an IV then... */
       s128_reloadstate(c);
       /* inlen must be multiple of 4 bytes */
       if ((inlen & 3) != 0) {
          return CRYPT_INVALID_KEYSIZE;
       }
       for (i = 0; i < inlen; i += 4) {
           k = BYTE2WORD((unsigned char *)&in[i]);
          ADDKEY(k);
          cycle(c->R);
          XORNL(nltap(c));
       }
       /* also fold in the length of the key */
       ADDKEY(inlen);
       /* now diffuse */
       s128_diffuse(c);
       c->nbuf = 0;
    }
    return CRYPT_OK;
 }
 /**
@ -273,12 +92,23 @@ int sober128_add_entropy(const unsigned char *in, unsigned long inlen, prng_stat
 */
 int sober128_ready(prng_state *prng)
 {
-   return prng->sober128.set == 1 ? CRYPT_OK : CRYPT_ERROR;
+   int err;
 }
-/* XOR pseudo-random bytes into buffer
+   LTC_ARGCHK(prng != NULL);
- */
+
-#define SROUND(z) STEP(c->R,z); NLFUNC(c,(z+1)); XORWORD(t, out+(z*4));
+   LTC_MUTEX_LOCK(&prng->lock);
   if (prng->ready)                                                     { err = CRYPT_OK; goto LBL_UNLOCK; }
   /* key 32 bytes, 20 rounds */
   if ((err = sober128_setup(&prng->sober128.s, prng->sober128.ent, 32)) != CRYPT_OK)     goto LBL_UNLOCK;
   /* iv 8 bytes */
   if ((err = sober128_setiv(&prng->sober128.s, prng->sober128.ent + 32, 8)) != CRYPT_OK) goto LBL_UNLOCK;
   XMEMSET(&prng->sober128.ent, 0, sizeof(prng->sober128.ent));
   prng->sober128.idx = 0;
   prng->ready = 1;
 LBL_UNLOCK:
   LTC_MUTEX_UNLOCK(&prng->lock);
   return err;
 }
 /**
  Read from the PRNG
@ -289,75 +119,13 @@ int sober128_ready(prng_state *prng)
 */
 unsigned long sober128_read(unsigned char *out, unsigned long outlen, prng_state *prng)
 {
-   struct sober128_prng *c;
+   if (outlen == 0 || prng == NULL || out == NULL) return 0;
-   ulong32               t, tlen;
+   LTC_MUTEX_LOCK(&prng->lock);
-
+   if (!prng->ready) { outlen = 0; goto LBL_UNLOCK; }
-   LTC_ARGCHK(out  != NULL);
+   if (sober128_keystream(&prng->sober128.s, out, outlen) != CRYPT_OK) outlen = 0;
-   LTC_ARGCHK(prng != NULL);
+LBL_UNLOCK:
-
+   LTC_MUTEX_UNLOCK(&prng->lock);
-#ifdef LTC_VALGRIND
+   return outlen;
   zeromem(out, outlen);
 #endif
   c = &(prng->sober128);
   tlen = outlen;
   /* handle any previously buffered bytes */
   while (c->nbuf != 0 && outlen != 0) {
      *out++ ^= c->sbuf & 0xFF;
       c->sbuf >>= 8;
       c->nbuf -= 8;
       --outlen;
   }
 #ifndef LTC_SMALL_CODE
   /* do lots at a time, if there's enough to do */
   while (outlen >= N*4) {
      SROUND(0);
      SROUND(1);
      SROUND(2);
      SROUND(3);
      SROUND(4);
      SROUND(5);
      SROUND(6);
      SROUND(7);
      SROUND(8);
      SROUND(9);
      SROUND(10);
      SROUND(11);
      SROUND(12);
      SROUND(13);
      SROUND(14);
      SROUND(15);
      SROUND(16);
      out    += 4*N;
      outlen -= 4*N;
   }
 #endif
   /* do small or odd size buffers the slow way */
   while (4 <= outlen) {
      cycle(c->R);
      t = nltap(c);
      XORWORD(t, out);
      out    += 4;
      outlen -= 4;
   }
   /* handle any trailing bytes */
   if (outlen != 0) {
      cycle(c->R);
      c->sbuf = nltap(c);
      c->nbuf = 32;
      while (c->nbuf != 0 && outlen != 0) {
          *out++ ^= c->sbuf & 0xFF;
          c->sbuf >>= 8;
          c->nbuf -= 8;
          --outlen;
      }
   }
   return tlen;
 }
 /**
@ -367,8 +135,13 @@ unsigned long sober128_read(unsigned char *out, unsigned long outlen, prng_state
 */
 int sober128_done(prng_state *prng)
 {
   int err;
   LTC_ARGCHK(prng != NULL);
-   return CRYPT_OK;
+   LTC_MUTEX_LOCK(&prng->lock);
   prng->ready = 0;
   err = sober128_stream_done(&prng->sober128.s);
   LTC_MUTEX_UNLOCK(&prng->lock);
   return err;
 }
 /**
@ -380,20 +153,22 @@ int sober128_done(prng_state *prng)
 */
 int sober128_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
 {
-   LTC_ARGCHK(outlen != NULL);
+   unsigned long len = sober128_desc.export_size;
   LTC_ARGCHK(out    != NULL);
   LTC_ARGCHK(prng   != NULL);
-   if (*outlen < 64) {
+   LTC_ARGCHK(prng   != NULL);
-      *outlen = 64;
+   LTC_ARGCHK(out    != NULL);
   LTC_ARGCHK(outlen != NULL);
   if (*outlen < len) {
      *outlen = len;
      return CRYPT_BUFFER_OVERFLOW;
   }
-   if (sober128_read(out, 64, prng) != 64) {
+   if (sober128_read(out, len, prng) != len) {
      return CRYPT_ERROR_READPRNG;
   }
   *outlen = 64;
   *outlen = len;
   return CRYPT_OK;
 }
@ -407,20 +182,14 @@ int sober128_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
 int sober128_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
 {
   int err;
-   LTC_ARGCHK(in   != NULL);
+
   LTC_ARGCHK(prng != NULL);
   LTC_ARGCHK(in   != NULL);
   if (inlen < (unsigned long)sober128_desc.export_size) return CRYPT_INVALID_ARG;
-   if (inlen != 64) {
+   if ((err = sober128_start(prng)) != CRYPT_OK)                  return err;
-      return CRYPT_INVALID_ARG;
+   if ((err = sober128_add_entropy(in, inlen, prng)) != CRYPT_OK) return err;
-   }
+   return CRYPT_OK;
   if ((err = sober128_start(prng)) != CRYPT_OK) {
      return err;
   }
   if ((err = sober128_add_entropy(in, 64, prng)) != CRYPT_OK) {
      return err;
   }
   return sober128_ready(prng);
 }
 /**
@ -432,69 +201,44 @@ int sober128_test(void)
 #ifndef LTC_TEST
   return CRYPT_NOP;
 #else
-   static const struct {
+   prng_state st;
-     int keylen, ivlen, len;
+   unsigned char en[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
-     unsigned char key[16], iv[4], out[20];
+                          0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
-   } tests[] = {
+                          0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e,
                          0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
                          0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32 };
   unsigned char dmp[300];
   unsigned long dmplen = sizeof(dmp);
   unsigned char out[500];
   unsigned char t1[] = { 0x31, 0x82, 0xA7, 0xA5, 0x8B, 0xD7, 0xCB, 0x39, 0x86, 0x1A };
   unsigned char t2[] = { 0x6B, 0x43, 0x9E, 0xBC, 0xE7, 0x62, 0x9B, 0xE6, 0x9B, 0x83 };
   unsigned char t3[] = { 0x4A, 0x0E, 0x6C, 0xC1, 0xCF, 0xB4, 0x73, 0x49, 0x99, 0x05 };
   int err;
-{
+   if ((err = sober128_start(&st)) != CRYPT_OK)                         return err;
-   16, 4, 20,
+   /* add entropy to uninitialized prng */
   if ((err = sober128_add_entropy(en, sizeof(en), &st)) != CRYPT_OK)   return err;
   if ((err = sober128_ready(&st)) != CRYPT_OK)                         return err;
   if (sober128_read(out, 10, &st) != 10)                               return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
   if (compare_testvector(out, 10, t1, sizeof(t1), "SOBER128-PRNG", 1)) return CRYPT_FAIL_TESTVECTOR;
   if (sober128_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
   /* add entropy to already initialized prng */
   if ((err = sober128_add_entropy(en, sizeof(en), &st)) != CRYPT_OK)   return err;
   if (sober128_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
   if ((err = sober128_export(dmp, &dmplen, &st)) != CRYPT_OK)          return err;
   if (sober128_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
   if (sober128_read(out, 10, &st) != 10)                               return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
   if (compare_testvector(out, 10, t2, sizeof(t2), "SOBER128-PRNG", 2)) return CRYPT_FAIL_TESTVECTOR;
   if ((err = sober128_done(&st)) != CRYPT_OK)                          return err;
   if ((err = sober128_import(dmp, dmplen, &st)) != CRYPT_OK)           return err;
   if ((err = sober128_ready(&st)) != CRYPT_OK)                         return err;
   if (sober128_read(out, 500, &st) != 500)                             return CRYPT_ERROR_READPRNG; /* skip 500 bytes */
   if (sober128_read(out, 10, &st) != 10)                               return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */
   if (compare_testvector(out, 10, t3, sizeof(t3), "SOBER128-PRNG", 3)) return CRYPT_FAIL_TESTVECTOR;
   if ((err = sober128_done(&st)) != CRYPT_OK)                          return err;
   /* key */
   { 0x74, 0x65, 0x73, 0x74, 0x20, 0x6b, 0x65, 0x79,
     0x20, 0x31, 0x32, 0x38, 0x62, 0x69, 0x74, 0x73 },
   /* IV */
   { 0x00, 0x00, 0x00, 0x00 },
   /* expected output */
   { 0x43, 0x50, 0x0c, 0xcf, 0x89, 0x91, 0x9f, 0x1d,
     0xaa, 0x37, 0x74, 0x95, 0xf4, 0xb4, 0x58, 0xc2,
     0x40, 0x37, 0x8b, 0xbb }
 }
 };
   prng_state    prng;
   unsigned char dst[20];
   int           err, x;
   for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
       if ((err = sober128_start(&prng)) != CRYPT_OK) {
          return err;
       }
       if ((err = sober128_add_entropy(tests[x].key, tests[x].keylen, &prng)) != CRYPT_OK) {
          return err;
       }
       /* add IV */
       if ((err = sober128_add_entropy(tests[x].iv, tests[x].ivlen, &prng)) != CRYPT_OK) {
          return err;
       }
       /* ready up */
       if ((err = sober128_ready(&prng)) != CRYPT_OK) {
          return err;
       }
       XMEMSET(dst, 0, tests[x].len);
       if (sober128_read(dst, tests[x].len, &prng) != (unsigned long)tests[x].len) {
          return CRYPT_ERROR_READPRNG;
       }
       sober128_done(&prng);
       if (XMEMCMP(dst, tests[x].out, tests[x].len)) {
 #if 0
          printf("\n\nLTC_SOBER128 failed, I got:\n");
          for (y = 0; y < tests[x].len; y++) printf("%02x ", dst[y]);
          printf("\n");
 #endif
          return CRYPT_FAIL_TESTVECTOR;
       }
   }
   return CRYPT_OK;
 #endif
 }
 #endif
 /* $Source$ */
 /* $Revision$ */
 /* $Date$ */
--- a/src/prngs/sprng.c
+++ b/src/prngs/sprng.c
@ -5,8 +5,6 @@
 *
 * The library is free for all purposes without any express
 * guarantee it works.
 *
 * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
 */
 #include "tomcrypt.h"
--- a/src/prngs/yarrow.c
+++ b/src/prngs/yarrow.c
@ -5,8 +5,6 @@
 *
 * The library is free for all purposes without any express
 * guarantee it works.
 *
 * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
 */
 #include "tomcrypt.h"
@ -40,6 +38,7 @@ int yarrow_start(prng_state *prng)
   int err;
   LTC_ARGCHK(prng != NULL);
   prng->ready = 0;
   /* these are the default hash/cipher combo used */
 #ifdef LTC_RIJNDAEL
@ -120,7 +119,7 @@ int yarrow_start(prng_state *prng)
   /* zero the memory used */
   zeromem(prng->yarrow.pool, sizeof(prng->yarrow.pool));
-   LTC_MUTEX_INIT(&prng->yarrow.prng_lock)
+   LTC_MUTEX_INIT(&prng->lock)
   return CRYPT_OK;
 }
@ -137,43 +136,38 @@ int yarrow_add_entropy(const unsigned char *in, unsigned long inlen, prng_state
   hash_state md;
   int err;
   LTC_ARGCHK(in  != NULL);
   LTC_ARGCHK(prng != NULL);
   LTC_ARGCHK(in != NULL);
   LTC_ARGCHK(inlen > 0);
-   LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
+   LTC_MUTEX_LOCK(&prng->lock);
   if ((err = hash_is_valid(prng->yarrow.hash)) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
+      goto LBL_UNLOCK;
      return err;
   }
   /* start the hash */
   if ((err = hash_descriptor[prng->yarrow.hash].init(&md)) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
+      goto LBL_UNLOCK;
      return err;
   }
   /* hash the current pool */
   if ((err = hash_descriptor[prng->yarrow.hash].process(&md, prng->yarrow.pool,
                                                        hash_descriptor[prng->yarrow.hash].hashsize)) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
+      goto LBL_UNLOCK;
      return err;
   }
   /* add the new entropy */
   if ((err = hash_descriptor[prng->yarrow.hash].process(&md, in, inlen)) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
+      goto LBL_UNLOCK;
      return err;
   }
   /* store result */
-   if ((err = hash_descriptor[prng->yarrow.hash].done(&md, prng->yarrow.pool)) != CRYPT_OK) {
+   err = hash_descriptor[prng->yarrow.hash].done(&md, prng->yarrow.pool);
      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
      return err;
   }
-   LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
+LBL_UNLOCK:
-   return CRYPT_OK;
+   LTC_MUTEX_UNLOCK(&prng->lock);
   return err;
 }
 /**
@ -186,23 +180,21 @@ int yarrow_ready(prng_state *prng)
   int ks, err;
   LTC_ARGCHK(prng != NULL);
-   LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
+
   LTC_MUTEX_LOCK(&prng->lock);
   if ((err = hash_is_valid(prng->yarrow.hash)) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
+      goto LBL_UNLOCK;
      return err;
   }
   if ((err = cipher_is_valid(prng->yarrow.cipher)) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
+      goto LBL_UNLOCK;
      return err;
   }
   /* setup CTR mode using the "pool" as the key */
   ks = (int)hash_descriptor[prng->yarrow.hash].hashsize;
   if ((err = cipher_descriptor[prng->yarrow.cipher].keysize(&ks)) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
+      goto LBL_UNLOCK;
      return err;
   }
   if ((err = ctr_start(prng->yarrow.cipher,     /* what cipher to use */
@ -211,11 +203,13 @@ int yarrow_ready(prng_state *prng)
                        0,                       /* number of rounds */
                        CTR_COUNTER_LITTLE_ENDIAN, /* little endian counter */
                        &prng->yarrow.ctr)) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
+      goto LBL_UNLOCK;
      return err;
   }
-   LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
+   prng->ready = 1;
-   return CRYPT_OK;
+
 LBL_UNLOCK:
   LTC_MUTEX_UNLOCK(&prng->lock);
   return err;
 }
 /**
@ -227,20 +221,25 @@ int yarrow_ready(prng_state *prng)
 */
 unsigned long yarrow_read(unsigned char *out, unsigned long outlen, prng_state *prng)
 {
-   LTC_ARGCHK(out  != NULL);
+   if (outlen == 0 || prng == NULL || out == NULL) return 0;
   LTC_ARGCHK(prng != NULL);
-   LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
+   LTC_MUTEX_LOCK(&prng->lock);
   if (!prng->ready) {
      outlen = 0;
      goto LBL_UNLOCK;
   }
   /* put out in predictable state first */
   zeromem(out, outlen);
   /* now randomize it */
   if (ctr_encrypt(out, out, outlen, &prng->yarrow.ctr) != CRYPT_OK) {
-      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
+      outlen = 0;
      return 0;
   }
-   LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
+
 LBL_UNLOCK:
   LTC_MUTEX_UNLOCK(&prng->lock);
   return outlen;
 }
@ -254,14 +253,15 @@ int yarrow_done(prng_state *prng)
   int err;
   LTC_ARGCHK(prng != NULL);
-   LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
+   LTC_MUTEX_LOCK(&prng->lock);
   prng->ready = 0;
   /* call cipher done when we invent one ;-) */
   /* we invented one */
   err = ctr_done(&prng->yarrow.ctr);
-   LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
+   LTC_MUTEX_UNLOCK(&prng->lock);
   return err;
 }
@ -277,22 +277,19 @@ int yarrow_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
   LTC_ARGCHK(out    != NULL);
   LTC_ARGCHK(outlen != NULL);
   LTC_ARGCHK(prng   != NULL);
-
+   if (!prng->ready) return CRYPT_ERROR;
   LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
   /* we'll write 64 bytes for s&g's */
   if (*outlen < 64) {
      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
      *outlen = 64;
      return CRYPT_BUFFER_OVERFLOW;
   }
   if (yarrow_read(out, 64, prng) != 64) {
      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
      return CRYPT_ERROR_READPRNG;
   }
   *outlen = 64;
   *outlen = 64;
   return CRYPT_OK;
 }
@ -310,21 +307,17 @@ int yarrow_import(const unsigned char *in, unsigned long inlen, prng_state *prng
   LTC_ARGCHK(in   != NULL);
   LTC_ARGCHK(prng != NULL);
   LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
   if (inlen != 64) {
      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
      return CRYPT_INVALID_ARG;
   }
   if ((err = yarrow_start(prng)) != CRYPT_OK) {
      LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
      return err;
   }
-   err = yarrow_add_entropy(in, 64, prng);
+   if ((err = yarrow_add_entropy(in, 64, prng)) != CRYPT_OK) {
   LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
      return err;
   }
   return CRYPT_OK;
 }
 /**
  PRNG self-test
--- a/src/stream/chacha/chacha_crypt.c
+++ b/src/stream/chacha/chacha_crypt.c
@ -14,7 +14,7 @@
 #include "tomcrypt.h"
-#ifdef LTC_CHACHA
+#ifdef LTC_CHACHA_STREAM
 #define QUARTERROUND(a,b,c,d) \
  x[a] += x[b]; x[d] = ROL(x[d] ^ x[a], 16); \
--- a/src/stream/chacha/chacha_done.c
+++ b/src/stream/chacha/chacha_done.c
@ -9,7 +9,7 @@
 #include "tomcrypt.h"
-#ifdef LTC_CHACHA
+#ifdef LTC_CHACHA_STREAM
 /**
  Terminate and clear ChaCha state
--- a/src/stream/chacha/chacha_ivctr32.c
+++ b/src/stream/chacha/chacha_ivctr32.c
@ -14,7 +14,7 @@
 #include "tomcrypt.h"
-#ifdef LTC_CHACHA
+#ifdef LTC_CHACHA_STREAM
 /**
  Set IV + counter data to the ChaCha state
--- a/src/stream/chacha/chacha_ivctr64.c
+++ b/src/stream/chacha/chacha_ivctr64.c
@ -14,7 +14,7 @@
 #include "tomcrypt.h"
-#ifdef LTC_CHACHA
+#ifdef LTC_CHACHA_STREAM
 /**
  Set IV + counter data to the ChaCha state
--- a/src/stream/chacha/chacha_keystream.c
+++ b/src/stream/chacha/chacha_keystream.c
@ -14,7 +14,7 @@
 #include "tomcrypt.h"
-#ifdef LTC_CHACHA
+#ifdef LTC_CHACHA_STREAM
 /**
  Generate a stream of random bytes via ChaCha
--- a/src/stream/chacha/chacha_setup.c
+++ b/src/stream/chacha/chacha_setup.c
@ -14,7 +14,7 @@
 #include "tomcrypt.h"
-#ifdef LTC_CHACHA
+#ifdef LTC_CHACHA_STREAM
 static const char * const sigma = "expand 32-byte k";
 static const char * const tau   = "expand 16-byte k";
--- a/src/stream/chacha/chacha_test.c
+++ b/src/stream/chacha/chacha_test.c
@ -14,7 +14,7 @@
 #include "tomcrypt.h"
-#ifdef LTC_CHACHA
+#ifdef LTC_CHACHA_STREAM
 int chacha_test(void)
 {
@ -37,26 +37,27 @@ int chacha_test(void)
                          0x87, 0x4D };
   char pt[] = "Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it.";
   chacha_state st;
   int err;
   len = strlen(pt);
   /* crypt piece by piece */
-   chacha_setup(&st, k, sizeof(k), 20);
+   if ((err = chacha_setup(&st, k, sizeof(k), 20)) != CRYPT_OK)                            return err;
-   chacha_ivctr32(&st, n, sizeof(n), 1);
+   if ((err = chacha_ivctr32(&st, n, sizeof(n), 1)) != CRYPT_OK)                           return err;
-   chacha_crypt(&st, (unsigned char*)pt,      35,       out);
+   if ((err = chacha_crypt(&st, (unsigned char*)pt,      35,       out)) != CRYPT_OK)      return err;
-   chacha_crypt(&st, (unsigned char*)pt + 35, 35,       out + 35);
+   if ((err = chacha_crypt(&st, (unsigned char*)pt + 35, 35,       out + 35)) != CRYPT_OK) return err;
-   chacha_crypt(&st, (unsigned char*)pt + 70,  5,       out + 70);
+   if ((err = chacha_crypt(&st, (unsigned char*)pt + 70,  5,       out + 70)) != CRYPT_OK) return err;
-   chacha_crypt(&st, (unsigned char*)pt + 75,  5,       out + 75);
+   if ((err = chacha_crypt(&st, (unsigned char*)pt + 75,  5,       out + 75)) != CRYPT_OK) return err;
-   chacha_crypt(&st, (unsigned char*)pt + 80, len - 80, out + 80);
+   if ((err = chacha_crypt(&st, (unsigned char*)pt + 80, len - 80, out + 80)) != CRYPT_OK) return err;
   if (compare_testvector(out, len, ct, sizeof(ct), "CHACHA-TV1", 1))                      return CRYPT_FAIL_TESTVECTOR;
   /* crypt in one go */
-   chacha_setup(&st, k, sizeof(k), 20);
+   if ((err = chacha_setup(&st, k, sizeof(k), 20)) != CRYPT_OK)                            return err;
-   chacha_ivctr32(&st, n, sizeof(n), 1);
+   if ((err = chacha_ivctr32(&st, n, sizeof(n), 1)) != CRYPT_OK)                           return err;
-   chacha_crypt(&st, (unsigned char*)pt, len, out);
+   if ((err = chacha_crypt(&st, (unsigned char*)pt, len, out)) != CRYPT_OK)                return err;
   if (compare_testvector(out, len, ct, sizeof(ct), "CHACHA-TV2", 1))                      return CRYPT_FAIL_TESTVECTOR;
   /* crypt in one go - using chacha_ivctr64() */
-   chacha_setup(&st, k, sizeof(k), 20);
+   if ((err = chacha_setup(&st, k, sizeof(k), 20)) != CRYPT_OK)                            return err;
-   chacha_ivctr64(&st, n + 4, sizeof(n) - 4, 1);
+   if ((err = chacha_ivctr64(&st, n + 4, sizeof(n) - 4, 1)) != CRYPT_OK)                   return err;
-   chacha_crypt(&st, (unsigned char*)pt, len, out);
+   if ((err = chacha_crypt(&st, (unsigned char*)pt, len, out)) != CRYPT_OK)                return err;
   if (compare_testvector(out, len, ct, sizeof(ct), "CHACHA-TV3", 1))                      return CRYPT_FAIL_TESTVECTOR;
   return CRYPT_OK;
--- a/src/stream/rc4/rc4.c
+++ b/src/stream/rc4/rc4.c
@ -0,0 +1,107 @@
 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
 *
 * LibTomCrypt is a library that provides various cryptographic
 * algorithms in a highly modular and flexible manner.
 *
 * The library is free for all purposes without any express
 * guarantee it works.
 */
 #include "tomcrypt.h"
 #ifdef LTC_RC4_STREAM
 /**
   Initialize an RC4 context (only the key)
   @param st        [out] The destination of the RC4 state
   @param key       The secret key
   @param keylen    The length of the secret key (8 - 256 bytes)
   @return CRYPT_OK if successful
 */
 int rc4_setup(rc4_state *st, const unsigned char *key, unsigned long keylen)
 {
   unsigned char tmp, *s;
   int x, y;
   unsigned long j;
   LTC_ARGCHK(st  != NULL);
   LTC_ARGCHK(key != NULL);
   LTC_ARGCHK(keylen >= 5); /* 40-2048 bits */
   s = st->buf;
   for (x = 0; x < 256; x++) {
      s[x] = x;
   }
   for (j = x = y = 0; x < 256; x++) {
      y = (y + s[x] + key[j++]) & 255;
      if (j == keylen) {
         j = 0;
      }
      tmp = s[x]; s[x] = s[y]; s[y] = tmp;
   }
   st->x = 0;
   st->y = 0;
   return CRYPT_OK;
 }
 /**
   Encrypt (or decrypt) bytes of ciphertext (or plaintext) with RC4
   @param st      The RC4 state
   @param in      The plaintext (or ciphertext)
   @param inlen   The length of the input (octets)
   @param out     [out] The ciphertext (or plaintext), length inlen
   @return CRYPT_OK if successful
 */
 int rc4_crypt(rc4_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out)
 {
   unsigned char x, y, *s, tmp;
   LTC_ARGCHK(st  != NULL);
   LTC_ARGCHK(in  != NULL);
   LTC_ARGCHK(out != NULL);
   x = st->x;
   y = st->y;
   s = st->buf;
   while (inlen--) {
      x = (x + 1) & 255;
      y = (y + s[x]) & 255;
      tmp = s[x]; s[x] = s[y]; s[y] = tmp;
      tmp = (s[x] + s[y]) & 255;
      *out++ = *in++ ^ s[tmp];
   }
   st->x = x;
   st->y = y;
   return CRYPT_OK;
 }
 /**
  Generate a stream of random bytes via RC4
  @param st      The RC420 state
  @param out     [out] The output buffer
  @param outlen  The output length
  @return CRYPT_OK on success
 */
 int rc4_keystream(rc4_state *st, unsigned char *out, unsigned long outlen)
 {
   if (outlen == 0) return CRYPT_OK; /* nothing to do */
   LTC_ARGCHK(out != NULL);
   XMEMSET(out, 0, outlen);
   return rc4_crypt(st, out, outlen, out);
 }
 /**
  Terminate and clear RC4 state
  @param st      The RC4 state
  @return CRYPT_OK on success
 */
 int rc4_stream_done(rc4_state *st)
 {
   LTC_ARGCHK(st != NULL);
   XMEMSET(st, 0, sizeof(rc4_state));
   return CRYPT_OK;
 }
 #endif
--- a/src/stream/rc4/rc4_test.c
+++ b/src/stream/rc4/rc4_test.c
@ -0,0 +1,35 @@
 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
 *
 * LibTomCrypt is a library that provides various cryptographic
 * algorithms in a highly modular and flexible manner.
 *
 * The library is free for all purposes without any express
 * guarantee it works.
 */
 #include "tomcrypt.h"
 #ifdef LTC_RC4_STREAM
 int rc4_test(void)
 {
 #ifndef LTC_TEST
   return CRYPT_NOP;
 #else
   rc4_state st;
   int err;
   const unsigned char key[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
   const unsigned char pt[]  = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
   const unsigned char ct[]  = { 0x75, 0xb7, 0x87, 0x80, 0x99, 0xe0, 0xc5, 0x96 };
   unsigned char buf[10];
   if ((err = rc4_setup(&st, key, sizeof(key))) != CRYPT_OK)    return err;
   if ((err = rc4_crypt(&st, pt, sizeof(pt), buf)) != CRYPT_OK) return err;
   if (XMEMCMP(buf, ct, sizeof(ct)))                            return CRYPT_FAIL_TESTVECTOR;
   if ((err = rc4_stream_done(&st)) != CRYPT_OK)                return err;
   return CRYPT_OK;
 #endif
 }
 #endif
--- a/src/stream/sober128/sober128.c
+++ b/src/stream/sober128/sober128.c
@ -0,0 +1,344 @@
 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
 *
 * LibTomCrypt is a library that provides various cryptographic
 * algorithms in a highly modular and flexible manner.
 *
 * The library is free for all purposes without any express
 * guarantee it works.
 *
 * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
 */
 #include "tomcrypt.h"
 /**
 @file sober128.c
 Implementation of SOBER-128 by Tom St Denis.
 Based on s128fast.c reference code supplied by Greg Rose of QUALCOMM.
 */
 #ifdef LTC_SOBER128
 #define __LTC_SOBER128TAB_C__
 #include "sober128tab.c"
 /* don't change these... */
 #define N                        17
 #define FOLD                      N /* how many iterations of folding to do */
 #define INITKONST        0x6996c53a /* value of KONST to use during key loading */
 #define KEYP                     15 /* where to insert key words */
 #define FOLDP                     4 /* where to insert non-linear feedback */
 #define B(x,i) ((unsigned char)(((x) >> (8*i)) & 0xFF))
 static ulong32 BYTE2WORD(unsigned char *b)
 {
   ulong32 t;
   LOAD32L(t, b);
   return t;
 }
 static void XORWORD(ulong32 w, const unsigned char *in, unsigned char *out)
 {
   ulong32 t;
   LOAD32L(t, in);
   t ^= w;
   STORE32L(t, out);
 }
 /* give correct offset for the current position of the register,
 * where logically R[0] is at position "zero".
 */
 #define OFF(zero, i) (((zero)+(i)) % N)
 /* step the LFSR */
 /* After stepping, "zero" moves right one place */
 #define STEP(R,z) \
    R[OFF(z,0)] = R[OFF(z,15)] ^ R[OFF(z,4)] ^ (R[OFF(z,0)] << 8) ^ Multab[(R[OFF(z,0)] >> 24) & 0xFF];
 static void cycle(ulong32 *R)
 {
    ulong32 t;
    int     i;
    STEP(R,0);
    t = R[0];
    for (i = 1; i < N; ++i) {
        R[i-1] = R[i];
    }
    R[N-1] = t;
 }
 /* Return a non-linear function of some parts of the register.
 */
 #define NLFUNC(c,z) \
 { \
    t = c->R[OFF(z,0)] + c->R[OFF(z,16)]; \
    t ^= Sbox[(t >> 24) & 0xFF]; \
    t = RORc(t, 8); \
    t = ((t + c->R[OFF(z,1)]) ^ c->konst) + c->R[OFF(z,6)]; \
    t ^= Sbox[(t >> 24) & 0xFF]; \
    t = t + c->R[OFF(z,13)]; \
 }
 static ulong32 nltap(sober128_state *c)
 {
    ulong32 t;
    NLFUNC(c, 0);
    return t;
 }
 /* Save the current register state
 */
 static void s128_savestate(sober128_state *c)
 {
    int i;
    for (i = 0; i < N; ++i) {
        c->initR[i] = c->R[i];
    }
 }
 /* initialise to previously saved register state
 */
 static void s128_reloadstate(sober128_state *c)
 {
    int i;
    for (i = 0; i < N; ++i) {
        c->R[i] = c->initR[i];
    }
 }
 /* Initialise "konst"
 */
 static void s128_genkonst(sober128_state *c)
 {
    ulong32 newkonst;
    do {
       cycle(c->R);
       newkonst = nltap(c);
    } while ((newkonst & 0xFF000000) == 0);
    c->konst = newkonst;
 }
 /* Load key material into the register
 */
 #define ADDKEY(k) \
   c->R[KEYP] += (k);
 #define XORNL(nl) \
   c->R[FOLDP] ^= (nl);
 /* nonlinear diffusion of register for key */
 #define DROUND(z) STEP(c->R,z); NLFUNC(c,(z+1)); c->R[OFF((z+1),FOLDP)] ^= t;
 static void s128_diffuse(sober128_state *c)
 {
    ulong32 t;
    /* relies on FOLD == N == 17! */
    DROUND(0);
    DROUND(1);
    DROUND(2);
    DROUND(3);
    DROUND(4);
    DROUND(5);
    DROUND(6);
    DROUND(7);
    DROUND(8);
    DROUND(9);
    DROUND(10);
    DROUND(11);
    DROUND(12);
    DROUND(13);
    DROUND(14);
    DROUND(15);
    DROUND(16);
 }
 /**
   Initialize an Sober128 context (only the key)
   @param c         [out] The destination of the Sober128 state
   @param key       The secret key
   @param keylen    The length of the secret key (octets)
   @return CRYPT_OK if successful
 */
 int sober128_setup(sober128_state *c, const unsigned char *key, unsigned long keylen)
 {
   ulong32 i, k;
   LTC_ARGCHK(c   != NULL);
   LTC_ARGCHK(key != NULL);
   LTC_ARGCHK(keylen > 0);
   /* keylen must be multiple of 4 bytes */
   if ((keylen & 3) != 0) {
      return CRYPT_INVALID_KEYSIZE;
   }
   /* Register initialised to Fibonacci numbers */
   c->R[0] = 1;
   c->R[1] = 1;
   for (i = 2; i < N; ++i) {
      c->R[i] = c->R[i-1] + c->R[i-2];
   }
   c->konst = INITKONST;
   for (i = 0; i < keylen; i += 4) {
      k = BYTE2WORD((unsigned char *)&key[i]);
      ADDKEY(k);
      cycle(c->R);
      XORNL(nltap(c));
   }
   /* also fold in the length of the key */
   ADDKEY(keylen);
   /* now diffuse */
   s128_diffuse(c);
   s128_genkonst(c);
   s128_savestate(c);
   c->nbuf = 0;
   return CRYPT_OK;
 }
 /**
  Set IV to the Sober128 state
  @param c       The Sober12820 state
  @param iv      The IV data to add
  @param inlen   The length of the IV (must be 12)
  @return CRYPT_OK on success
 */
 int sober128_setiv(sober128_state *c, const unsigned char *iv, unsigned long ivlen)
 {
   ulong32 i, k;
   LTC_ARGCHK(c  != NULL);
   LTC_ARGCHK(iv != NULL);
   LTC_ARGCHK(ivlen > 0);
   /* ok we are adding an IV then... */
   s128_reloadstate(c);
   /* ivlen must be multiple of 4 bytes */
   if ((ivlen & 3) != 0) {
      return CRYPT_INVALID_KEYSIZE;
   }
   for (i = 0; i < ivlen; i += 4) {
      k = BYTE2WORD((unsigned char *)&iv[i]);
      ADDKEY(k);
      cycle(c->R);
      XORNL(nltap(c));
   }
   /* also fold in the length of the key */
   ADDKEY(ivlen);
   /* now diffuse */
   s128_diffuse(c);
   c->nbuf = 0;
   return CRYPT_OK;
 }
 /* XOR pseudo-random bytes into buffer
 */
 #define SROUND(z) STEP(c->R,z); NLFUNC(c,(z+1)); XORWORD(t, in+(z*4), out+(z*4));
 /**
   Encrypt (or decrypt) bytes of ciphertext (or plaintext) with Sober128
   @param c       The Sober128 state
   @param in      The plaintext (or ciphertext)
   @param inlen   The length of the input (octets)
   @param out     [out] The ciphertext (or plaintext), length inlen
   @return CRYPT_OK if successful
 */
 int sober128_crypt(sober128_state *c, const unsigned char *in, unsigned long inlen, unsigned char *out)
 {
   ulong32 t;
   if (inlen == 0) return CRYPT_OK; /* nothing to do */
   LTC_ARGCHK(out != NULL);
   LTC_ARGCHK(c   != NULL);
   /* handle any previously buffered bytes */
   while (c->nbuf != 0 && inlen != 0) {
      *out++ = *in++ ^ (c->sbuf & 0xFF);
      c->sbuf >>= 8;
      c->nbuf -= 8;
      --inlen;
   }
 #ifndef LTC_SMALL_CODE
   /* do lots at a time, if there's enough to do */
   while (inlen >= N*4) {
      SROUND(0);
      SROUND(1);
      SROUND(2);
      SROUND(3);
      SROUND(4);
      SROUND(5);
      SROUND(6);
      SROUND(7);
      SROUND(8);
      SROUND(9);
      SROUND(10);
      SROUND(11);
      SROUND(12);
      SROUND(13);
      SROUND(14);
      SROUND(15);
      SROUND(16);
      out    += 4*N;
      in     += 4*N;
      inlen  -= 4*N;
   }
 #endif
   /* do small or odd size buffers the slow way */
   while (4 <= inlen) {
      cycle(c->R);
      t = nltap(c);
      XORWORD(t, in, out);
      out    += 4;
      in     += 4;
      inlen  -= 4;
   }
   /* handle any trailing bytes */
   if (inlen != 0) {
      cycle(c->R);
      c->sbuf = nltap(c);
      c->nbuf = 32;
      while (c->nbuf != 0 && inlen != 0) {
          *out++ = *in++ ^ (c->sbuf & 0xFF);
          c->sbuf >>= 8;
          c->nbuf -= 8;
          --inlen;
      }
   }
   return CRYPT_OK;
 }
 int sober128_keystream(sober128_state *c, unsigned char *out, unsigned long outlen)
 {
   if (outlen == 0) return CRYPT_OK; /* nothing to do */
   LTC_ARGCHK(out != NULL);
   XMEMSET(out, 0, outlen);
   return sober128_crypt(c, out, outlen, out);
 }
 /**
  Terminate and clear Sober128 state
  @param c       The Sober128 state
  @return CRYPT_OK on success
 */
 int sober128_stream_done(sober128_state *c)
 {
   LTC_ARGCHK(c != NULL);
   XMEMSET(c, 0, sizeof(sober128_state));
   return CRYPT_OK;
 }
 #endif
--- a/src/stream/sober128/sober128_test.c
+++ b/src/stream/sober128/sober128_test.c
@ -0,0 +1,49 @@
 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
 *
 * LibTomCrypt is a library that provides various cryptographic
 * algorithms in a highly modular and flexible manner.
 *
 * The library is free for all purposes without any express
 * guarantee it works.
 */
 #include "tomcrypt.h"
 #ifdef LTC_SOBER128
 int sober128_test(void)
 {
 #ifndef LTC_TEST
   return CRYPT_NOP;
 #else
   unsigned char key[16] = { 0x74, 0x65, 0x73, 0x74, 0x20, 0x6b, 0x65, 0x79,
                             0x20, 0x31, 0x32, 0x38, 0x62, 0x69, 0x74, 0x73 };
   unsigned char iv[4]   = { 0x00, 0x00, 0x00, 0x00 };
   unsigned char out[20] = { 0x43, 0x50, 0x0c, 0xcf, 0x89, 0x91, 0x9f, 0x1d,
                             0xaa, 0x37, 0x74, 0x95, 0xf4, 0xb4, 0x58, 0xc2,
                             0x40, 0x37, 0x8b, 0xbb };
   int err, len = 20;
   unsigned char  src[20], dst[20];
   sober128_state st;
   XMEMSET(src, 0, len); /* input */
   if ((err = sober128_setup(&st, key, sizeof(key))) != CRYPT_OK) return err;
   if ((err = sober128_setiv(&st, iv, sizeof(iv))) != CRYPT_OK)   return err;
   if ((err = sober128_crypt(&st, src, len, dst)) != CRYPT_OK)    return err;
   if ((err = sober128_stream_done(&st)) != CRYPT_OK)             return err;
   if (XMEMCMP(dst, out, len)) {
 #if 0
      int y;
      printf("\nLTC_SOBER128 failed, I got:\n");
      for (y = 0; y < len; y++) printf("%02x ", dst[y]);
      printf("\nLTC_SOBER128 failed, expected:\n");
      for (y = 0; y < len; y++) printf("%02x ", out[y]);
      printf("\n");
 #endif
      return CRYPT_FAIL_TESTVECTOR;
   }
   return CRYPT_OK;
 #endif
 }
 #endif
--- a/src/stream/sober128/sober128tab.c
+++ b/src/stream/sober128/sober128tab.c
--- a/testprof/cipher_hash_test.c
+++ b/testprof/cipher_hash_test.c
@ -14,10 +14,16 @@ int cipher_hash_test(void)
      DOX(cipher_descriptor[x].test(), cipher_descriptor[x].name);
   }
-#ifdef LTC_CHACHA
+   /* stream ciphers */
-   /* ChaCha is a special case (stream cipher) */
+#ifdef LTC_CHACHA_STREAM
   DO(chacha_test());
 #endif
 #ifdef LTC_RC4_STREAM
   DO(rc4_test());
 #endif
 #ifdef LTC_SOBER128_STREAM
   DO(sober128_test());
 #endif
   /* test hashes */
   for (x = 0; hash_descriptor[x].name != NULL; x++) {
--- a/testprof/x86_prof.c
+++ b/testprof/x86_prof.c
@ -342,7 +342,7 @@ static void _unregister_all(void)
 #ifdef LTC_RC4
  unregister_prng(&rc4_desc);
 #endif
-#ifdef LTC_CHACHA
+#ifdef LTC_CHACHA_PRNG
  unregister_prng(&chacha20_prng_desc);
 #endif
 #ifdef LTC_SOBER128
@ -524,7 +524,7 @@ register_prng(&fortuna_desc);
 #ifdef LTC_RC4
 register_prng(&rc4_desc);
 #endif
-#ifdef LTC_CHACHA
+#ifdef LTC_CHACHA_PRNG
 register_prng(&chacha20_prng_desc);
 #endif
 #ifdef LTC_SOBER128