crypto:convert code style form openbsd to nuttx

Signed-off-by: anjiahao <anjiahao@xiaomi.com>
2026-05-30 05:16:47 +08:00 · 2022-07-27 19:51:53 +08:00
parent acd3350554
commit 82956a2894
48 changed files with 11663 additions and 9236 deletions
@@ -1,62 +1,72 @@
-/*	$OpenBSD: chacha_private.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $	*/
+/****************************************************************************
-/*
+ * crypto/chacha_private.h
-chacha-merged.c version 20080118
+ * $OpenBSD: chacha_private.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $
-D. J. Bernstein
+ *
-Public domain.
+ * chacha-merged.c version 20080118
-*/
+ * D. J. Bernstein
 * Public domain.
 ****************************************************************************/
 /****************************************************************************
 * Included Files
 ****************************************************************************/
 #include <sys/systm.h>
 typedef unsigned char u8;
 typedef unsigned int u32;
 typedef struct
 {
-  u32 input[16]; /* could be compressed */
+  uint32_t input[16]; /* could be compressed */
-} chacha_ctx;
+}
 chacha_ctx;
 #define U8C(v) (v##U)
 #define U32C(v) (v##U)
-#define U8V(v) ((u8)(v) & U8C(0xFF))
+#define U8V(v) ((uint8_t)(v) & U8C(0xFF))
-#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF))
+#define U32V(v) ((uint32_t)(v) & U32C(0xFFFFFFFF))
 #define ROTL32(v, n) \
  (U32V((v) << (n)) | ((v) >> (32 - (n))))
 #define U8TO32_LITTLE(p) \
-  (((u32)((p)[0])      ) | \
+    (((uint32_t)((p)[0])) | \
-   ((u32)((p)[1]) <<  8) | \
+    ((uint32_t)((p)[1]) << 8) | \
-   ((u32)((p)[2]) << 16) | \
+    ((uint32_t)((p)[2]) << 16) | \
-   ((u32)((p)[3]) << 24))
+    ((uint32_t)((p)[3]) << 24)) \
 #define U32TO8_LITTLE(p, v) \
  do { \
-    (p)[0] = U8V((v)      ); \
+    (p)[0] = U8V((v)); \
-    (p)[1] = U8V((v) >>  8); \
+    (p)[1] = U8V((v) >> 8); \
    (p)[2] = U8V((v) >> 16); \
    (p)[3] = U8V((v) >> 24); \
  } while (0)
-#define ROTATE(v,c) (ROTL32(v,c))
+#define ROTATE(v, c) (ROTL32(v, c))
-#define XOR(v,w) ((v) ^ (w))
+#define XOR(v, w) ((v) ^ (w))
-#define PLUS(v,w) (U32V((v) + (w)))
+#define PLUS(v, w) (U32V((v) + (w)))
-#define PLUSONE(v) (PLUS((v),1))
+#define PLUSONE(v) (PLUS((v), 1))
-#define QUARTERROUND(a,b,c,d) \
+#define QUARTERROUND(a, b, c, d)                 \
-  a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \
+  do                                             \
-  c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \
+    {                                            \
-  a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \
+      a = PLUS(a, b); d = ROTATE(XOR(d, a), 16); \
-  c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
+      c = PLUS(c, d); b = ROTATE(XOR(b, c), 12); \
      a = PLUS(a, b); d = ROTATE(XOR(d, a), 8);  \
      c = PLUS(c, d); b = ROTATE(XOR(b, c), 7);  \
    }                                            \
  while (0)
 static const char sigma[16] = "expand 32-byte k";
 static const char tau[16] = "expand 16-byte k";
-static inline void
+static inline void hchacha20(FAR uint32_t *derived_key,
-hchacha20(u32 derived_key[8], const u8 nonce[16], const u8 key[32])
+                             FAR const uint8_t *nonce,
                             FAR const uint8_t *key)
 {
  int i;
-  uint32_t x[] = {
+  uint32_t x[] =
  {
    U8TO32_LITTLE(sigma + 0),
    U8TO32_LITTLE(sigma + 4),
    U8TO32_LITTLE(sigma + 8),
@@ -75,36 +85,46 @@ hchacha20(u32 derived_key[8], const u8 nonce[16], const u8 key[32])
    U8TO32_LITTLE(nonce + 12)
  };
-  for (i = 20;i > 0;i -= 2) {
+  for (i = 20; i > 0; i -= 2)
-    QUARTERROUND( x[0], x[4], x[8],x[12])
+    {
-    QUARTERROUND( x[1], x[5], x[9],x[13])
+      QUARTERROUND(x[0], x[4], x[8], x[12]);
-    QUARTERROUND( x[2], x[6],x[10],x[14])
+      QUARTERROUND(x[1], x[5], x[9], x[13]);
-    QUARTERROUND( x[3], x[7],x[11],x[15])
+      QUARTERROUND(x[2], x[6], x[10], x[14]);
-    QUARTERROUND( x[0], x[5],x[10],x[15])
+      QUARTERROUND(x[3], x[7], x[11], x[15]);
-    QUARTERROUND( x[1], x[6],x[11],x[12])
+      QUARTERROUND(x[0], x[5], x[10], x[15]);
-    QUARTERROUND( x[2], x[7], x[8],x[13])
+      QUARTERROUND(x[1], x[6], x[11], x[12]);
-    QUARTERROUND( x[3], x[4], x[9],x[14])
+      QUARTERROUND(x[2], x[7], x[8], x[13]);
-  }
+      QUARTERROUND(x[3], x[4], x[9], x[14]);
    }
-  memcpy(derived_key + 0, x +  0, sizeof(u32) * 4);
+  memcpy(derived_key + 0, x + 0, sizeof(uint32_t) * 4);
-  memcpy(derived_key + 4, x + 12, sizeof(u32) * 4);
+  memcpy(derived_key + 4, x + 12, sizeof(uint32_t) * 4);
 }
-static void
+static void chacha_keysetup(FAR chacha_ctx *x,
-chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits)
+                            FAR const uint8_t *k,
                            FAR uint32_t kbits)
 {
-  const char *constants;
+  FAR const char *constants;
  x->input[4] = U8TO32_LITTLE(k + 0);
  x->input[5] = U8TO32_LITTLE(k + 4);
  x->input[6] = U8TO32_LITTLE(k + 8);
  x->input[7] = U8TO32_LITTLE(k + 12);
-  if (kbits == 256) { /* recommended */
+  if (kbits == 256)
-    k += 16;
+    {
-    constants = sigma;
+      /* recommended */
-  } else { /* kbits == 128 */
+
-    constants = tau;
+      k += 16;
-  }
+      constants = sigma;
    }
  else
    {
      /* kbits == 128 */
      constants = tau;
    }
  x->input[8] = U8TO32_LITTLE(k + 0);
  x->input[9] = U8TO32_LITTLE(k + 4);
  x->input[10] = U8TO32_LITTLE(k + 8);
@@ -115,8 +135,9 @@ chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits)
  x->input[3] = U8TO32_LITTLE(constants + 12);
 }
-static void
+static void chacha_ivsetup(FAR chacha_ctx *x,
-chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter)
+                           FAR const uint8_t *iv,
                           FAR const uint8_t *counter)
 {
  x->input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 0);
  x->input[13] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 4);
@@ -124,16 +145,51 @@ chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter)
  x->input[15] = U8TO32_LITTLE(iv + 4);
 }
-static void
+static void chacha_encrypt_bytes(FAR chacha_ctx *x,
-chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
+                                 FAR const uint8_t *m,
                                 FAR uint8_t *c,
                                 uint32_t bytes)
 {
-  u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
+  uint32_t x0;
-  u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
+  uint32_t x1;
-  u8 *ctarget = NULL;
+  uint32_t x2;
-  u8 tmp[64];
+  uint32_t x3;
  uint32_t x4;
  uint32_t x5;
  uint32_t x6;
  uint32_t x7;
  uint32_t x8;
  uint32_t x9;
  uint32_t x10;
  uint32_t x11;
  uint32_t x12;
  uint32_t x13;
  uint32_t x14;
  uint32_t x15;
  uint32_t j0;
  uint32_t j1;
  uint32_t j2;
  uint32_t j3;
  uint32_t j4;
  uint32_t j5;
  uint32_t j6;
  uint32_t j7;
  uint32_t j8;
  uint32_t j9;
  uint32_t j10;
  uint32_t j11;
  uint32_t j12;
  uint32_t j13;
  uint32_t j14;
  uint32_t j15;
  FAR uint8_t *ctarget = NULL;
  uint8_t tmp[64];
  u_int i;
-  if (!bytes) return;
+  if (!bytes)
    {
      return;
    }
  j0 = x->input[0];
  j1 = x->input[1];
@@ -152,110 +208,128 @@ chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
  j14 = x->input[14];
  j15 = x->input[15];
-  for (;;) {
+  for (; ; )
-    if (bytes < 64) {
+    {
-      for (i = 0;i < bytes;++i) tmp[i] = m[i];
+      if (bytes < 64)
-      m = tmp;
+        {
-      ctarget = c;
+          for (i = 0; i < bytes; ++i)
-      c = tmp;
+            {
-    }
+              tmp[i] = m[i];
-    x0 = j0;
+            }
-    x1 = j1;
+
-    x2 = j2;
+          m = tmp;
-    x3 = j3;
+          ctarget = c;
-    x4 = j4;
+          c = tmp;
-    x5 = j5;
+        }
-    x6 = j6;
+
-    x7 = j7;
+      x0 = j0;
-    x8 = j8;
+      x1 = j1;
-    x9 = j9;
+      x2 = j2;
-    x10 = j10;
+      x3 = j3;
-    x11 = j11;
+      x4 = j4;
-    x12 = j12;
+      x5 = j5;
-    x13 = j13;
+      x6 = j6;
-    x14 = j14;
+      x7 = j7;
-    x15 = j15;
+      x8 = j8;
-    for (i = 20;i > 0;i -= 2) {
+      x9 = j9;
-      QUARTERROUND( x0, x4, x8,x12)
+      x10 = j10;
-      QUARTERROUND( x1, x5, x9,x13)
+      x11 = j11;
-      QUARTERROUND( x2, x6,x10,x14)
+      x12 = j12;
-      QUARTERROUND( x3, x7,x11,x15)
+      x13 = j13;
-      QUARTERROUND( x0, x5,x10,x15)
+      x14 = j14;
-      QUARTERROUND( x1, x6,x11,x12)
+      x15 = j15;
-      QUARTERROUND( x2, x7, x8,x13)
+      for (i = 20; i > 0; i -= 2)
-      QUARTERROUND( x3, x4, x9,x14)
+        {
-    }
+          QUARTERROUND(x0, x4, x8, x12);
-    x0 = PLUS(x0,j0);
+          QUARTERROUND(x1, x5, x9, x13);
-    x1 = PLUS(x1,j1);
+          QUARTERROUND(x2, x6, x10, x14);
-    x2 = PLUS(x2,j2);
+          QUARTERROUND(x3, x7, x11, x15);
-    x3 = PLUS(x3,j3);
+          QUARTERROUND(x0, x5, x10, x15);
-    x4 = PLUS(x4,j4);
+          QUARTERROUND(x1, x6, x11, x12);
-    x5 = PLUS(x5,j5);
+          QUARTERROUND(x2, x7, x8, x13);
-    x6 = PLUS(x6,j6);
+          QUARTERROUND(x3, x4, x9, x14);
-    x7 = PLUS(x7,j7);
+        }
-    x8 = PLUS(x8,j8);
+
-    x9 = PLUS(x9,j9);
+      x0 = PLUS(x0, j0);
-    x10 = PLUS(x10,j10);
+      x1 = PLUS(x1, j1);
-    x11 = PLUS(x11,j11);
+      x2 = PLUS(x2, j2);
-    x12 = PLUS(x12,j12);
+      x3 = PLUS(x3, j3);
-    x13 = PLUS(x13,j13);
+      x4 = PLUS(x4, j4);
-    x14 = PLUS(x14,j14);
+      x5 = PLUS(x5, j5);
-    x15 = PLUS(x15,j15);
+      x6 = PLUS(x6, j6);
      x7 = PLUS(x7, j7);
      x8 = PLUS(x8, j8);
      x9 = PLUS(x9, j9);
      x10 = PLUS(x10, j10);
      x11 = PLUS(x11, j11);
      x12 = PLUS(x12, j12);
      x13 = PLUS(x13, j13);
      x14 = PLUS(x14, j14);
      x15 = PLUS(x15, j15);
 #ifndef KEYSTREAM_ONLY
-    x0 = XOR(x0,U8TO32_LITTLE(m + 0));
+      x0 = XOR(x0, U8TO32_LITTLE(m + 0));
-    x1 = XOR(x1,U8TO32_LITTLE(m + 4));
+      x1 = XOR(x1, U8TO32_LITTLE(m + 4));
-    x2 = XOR(x2,U8TO32_LITTLE(m + 8));
+      x2 = XOR(x2, U8TO32_LITTLE(m + 8));
-    x3 = XOR(x3,U8TO32_LITTLE(m + 12));
+      x3 = XOR(x3, U8TO32_LITTLE(m + 12));
-    x4 = XOR(x4,U8TO32_LITTLE(m + 16));
+      x4 = XOR(x4, U8TO32_LITTLE(m + 16));
-    x5 = XOR(x5,U8TO32_LITTLE(m + 20));
+      x5 = XOR(x5, U8TO32_LITTLE(m + 20));
-    x6 = XOR(x6,U8TO32_LITTLE(m + 24));
+      x6 = XOR(x6, U8TO32_LITTLE(m + 24));
-    x7 = XOR(x7,U8TO32_LITTLE(m + 28));
+      x7 = XOR(x7, U8TO32_LITTLE(m + 28));
-    x8 = XOR(x8,U8TO32_LITTLE(m + 32));
+      x8 = XOR(x8, U8TO32_LITTLE(m + 32));
-    x9 = XOR(x9,U8TO32_LITTLE(m + 36));
+      x9 = XOR(x9, U8TO32_LITTLE(m + 36));
-    x10 = XOR(x10,U8TO32_LITTLE(m + 40));
+      x10 = XOR(x10, U8TO32_LITTLE(m + 40));
-    x11 = XOR(x11,U8TO32_LITTLE(m + 44));
+      x11 = XOR(x11, U8TO32_LITTLE(m + 44));
-    x12 = XOR(x12,U8TO32_LITTLE(m + 48));
+      x12 = XOR(x12, U8TO32_LITTLE(m + 48));
-    x13 = XOR(x13,U8TO32_LITTLE(m + 52));
+      x13 = XOR(x13, U8TO32_LITTLE(m + 52));
-    x14 = XOR(x14,U8TO32_LITTLE(m + 56));
+      x14 = XOR(x14, U8TO32_LITTLE(m + 56));
-    x15 = XOR(x15,U8TO32_LITTLE(m + 60));
+      x15 = XOR(x15, U8TO32_LITTLE(m + 60));
 #endif
-    j12 = PLUSONE(j12);
+      j12 = PLUSONE(j12);
-    if (!j12) {
+      if (!j12)
-      j13 = PLUSONE(j13);
+        {
-      /* stopping at 2^70 bytes per nonce is user's responsibility */
+          j13 = PLUSONE(j13);
    }
-    U32TO8_LITTLE(c + 0,x0);
+          /* stopping at 2^70 bytes per nonce is user's responsibility */
-    U32TO8_LITTLE(c + 4,x1);
+        }
    U32TO8_LITTLE(c + 8,x2);
    U32TO8_LITTLE(c + 12,x3);
    U32TO8_LITTLE(c + 16,x4);
    U32TO8_LITTLE(c + 20,x5);
    U32TO8_LITTLE(c + 24,x6);
    U32TO8_LITTLE(c + 28,x7);
    U32TO8_LITTLE(c + 32,x8);
    U32TO8_LITTLE(c + 36,x9);
    U32TO8_LITTLE(c + 40,x10);
    U32TO8_LITTLE(c + 44,x11);
    U32TO8_LITTLE(c + 48,x12);
    U32TO8_LITTLE(c + 52,x13);
    U32TO8_LITTLE(c + 56,x14);
    U32TO8_LITTLE(c + 60,x15);
-    if (bytes <= 64) {
+      U32TO8_LITTLE(c + 0, x0);
-      if (bytes < 64) {
+      U32TO8_LITTLE(c + 4, x1);
-        for (i = 0;i < bytes;++i) ctarget[i] = c[i];
+      U32TO8_LITTLE(c + 8, x2);
-      }
+      U32TO8_LITTLE(c + 12, x3);
-      x->input[12] = j12;
+      U32TO8_LITTLE(c + 16, x4);
-      x->input[13] = j13;
+      U32TO8_LITTLE(c + 20, x5);
-      return;
+      U32TO8_LITTLE(c + 24, x6);
-    }
+      U32TO8_LITTLE(c + 28, x7);
-    bytes -= 64;
+      U32TO8_LITTLE(c + 32, x8);
-    c += 64;
+      U32TO8_LITTLE(c + 36, x9);
      U32TO8_LITTLE(c + 40, x10);
      U32TO8_LITTLE(c + 44, x11);
      U32TO8_LITTLE(c + 48, x12);
      U32TO8_LITTLE(c + 52, x13);
      U32TO8_LITTLE(c + 56, x14);
      U32TO8_LITTLE(c + 60, x15);
      if (bytes <= 64)
        {
          if (bytes < 64)
            {
              for (i = 0; i < bytes; ++i)
                {
                  ctarget[i] = c[i];
                }
            }
          x->input[12] = j12;
          x->input[13] = j13;
          return;
        }
      bytes -= 64;
      c += 64;
 #ifndef KEYSTREAM_ONLY
-    m += 64;
+      m += 64;
 #endif
-  }
+    }
 }
@@ -1,5 +1,7 @@
-/*	$OpenBSD: chachapoly.c,v 1.6 2020/07/22 13:54:30 tobhe Exp $	*/
+/****************************************************************************
-/*
+ * crypto/chachapoly.c
 * $OpenBSD: chachapoly.c,v 1.6 2020/07/22 13:54:30 tobhe Exp $
 *
 * Copyright (c) 2015 Mike Belopuhov
 *
 * Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +15,11 @@
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
+ ****************************************************************************/
 /****************************************************************************
 * Included Files
 ****************************************************************************/
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -22,240 +28,272 @@
 #include <crypto/poly1305.h>
 #include <crypto/chachapoly.h>
-int
+#include "chacha_private.h"
-chacha20_setkey(void *sched, u_int8_t *key, int len)
+
 /****************************************************************************
 * Private Data
 ****************************************************************************/
 static const uint8_t pad0[16];
 /****************************************************************************
 * Public Functions
 ****************************************************************************/
 int chacha20_setkey(FAR void *sched, FAR uint8_t *key, int len)
 {
-	struct chacha20_ctx *ctx = (struct chacha20_ctx *)sched;
+  FAR struct chacha20_ctx *ctx = (FAR struct chacha20_ctx *)sched;
-	if (len != CHACHA20_KEYSIZE + CHACHA20_SALT)
+  if (len != CHACHA20_KEYSIZE + CHACHA20_SALT)
-		return (-1);
+    {
      return -1;
    }
-	/* initial counter is 1 */
+  /* initial counter is 1 */
-	ctx->nonce[0] = 1;
+
-	memcpy(ctx->nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE,
+  ctx->nonce[0] = 1;
-	    CHACHA20_SALT);
+  memcpy(ctx->nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE,
-	chacha_keysetup((chacha_ctx *)&ctx->block, key, CHACHA20_KEYSIZE * 8);
+         CHACHA20_SALT);
-	return (0);
+  chacha_keysetup((FAR chacha_ctx *)&ctx->block, key, CHACHA20_KEYSIZE * 8);
  return 0;
 }
-void
+void chacha20_reinit(caddr_t key, FAR uint8_t *iv)
 chacha20_reinit(caddr_t key, u_int8_t *iv)
 {
-	struct chacha20_ctx *ctx = (struct chacha20_ctx *)key;
+  FAR struct chacha20_ctx *ctx = (FAR struct chacha20_ctx *)key;
-	chacha_ivsetup((chacha_ctx *)ctx->block, iv, ctx->nonce);
+  chacha_ivsetup((FAR chacha_ctx *)ctx->block, iv, ctx->nonce);
 }
-void
+void chacha20_crypt(caddr_t key, FAR uint8_t *data)
 chacha20_crypt(caddr_t key, u_int8_t *data)
 {
-	struct chacha20_ctx *ctx = (struct chacha20_ctx *)key;
+  FAR struct chacha20_ctx *ctx = (FAR struct chacha20_ctx *)key;
-	chacha_encrypt_bytes((chacha_ctx *)ctx->block, data, data,
+  chacha_encrypt_bytes((FAR chacha_ctx *)ctx->block, data, data,
-	    CHACHA20_BLOCK_LEN);
+                       CHACHA20_BLOCK_LEN);
 }
-void
+void chacha20_poly1305_init(FAR void *xctx)
 Chacha20_Poly1305_Init(void *xctx)
 {
-	CHACHA20_POLY1305_CTX *ctx = xctx;
+  FAR CHACHA20_POLY1305_CTX *ctx = xctx;
-	memset(ctx, 0, sizeof(*ctx));
+  memset(ctx, 0, sizeof(*ctx));
 }
-void
+void chacha20_poly1305_setkey(FAR void *xctx, FAR const uint8_t *key,
-Chacha20_Poly1305_Setkey(void *xctx, const uint8_t *key, uint16_t klen)
+                              uint16_t klen)
 {
-	CHACHA20_POLY1305_CTX *ctx = xctx;
+  FAR CHACHA20_POLY1305_CTX *ctx = xctx;
-	/* salt is provided with the key material */
+  /* salt is provided with the key material */
-	memcpy(ctx->nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE,
+
-	    CHACHA20_SALT);
+  memcpy(ctx->nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE,
-	chacha_keysetup((chacha_ctx *)&ctx->chacha, key, CHACHA20_KEYSIZE * 8);
+         CHACHA20_SALT);
  chacha_keysetup((FAR chacha_ctx *)&ctx->chacha, key, CHACHA20_KEYSIZE * 8);
 }
-void
+void chacha20_poly1305_reinit(FAR void *xctx, FAR const uint8_t *iv,
-Chacha20_Poly1305_Reinit(void *xctx, const uint8_t *iv, uint16_t ivlen)
+                              uint16_t ivlen)
 {
-	CHACHA20_POLY1305_CTX *ctx = xctx;
+  FAR CHACHA20_POLY1305_CTX *ctx = xctx;
-	/* initial counter is 0 */
+  /* initial counter is 0 */
-	chacha_ivsetup((chacha_ctx *)&ctx->chacha, iv, ctx->nonce);
+
-	chacha_encrypt_bytes((chacha_ctx *)&ctx->chacha, ctx->key, ctx->key,
+  chacha_ivsetup((FAR chacha_ctx *)&ctx->chacha, iv, ctx->nonce);
-	    POLY1305_KEYLEN);
+  chacha_encrypt_bytes((FAR chacha_ctx *)&ctx->chacha, ctx->key, ctx->key,
-	poly1305_init((poly1305_state *)&ctx->poly, ctx->key);
+                        POLY1305_KEYLEN);
  poly1305_init((FAR poly1305_state *)&ctx->poly, ctx->key);
 }
-int
+int chacha20_poly1305_update(FAR void *xctx, FAR const uint8_t *data,
-Chacha20_Poly1305_Update(void *xctx, const uint8_t *data, uint16_t len)
+                             uint16_t len)
 {
-	static const unsigned char zeroes[POLY1305_BLOCK_LEN];
+  static const unsigned char zeroes[POLY1305_BLOCK_LEN];
-	CHACHA20_POLY1305_CTX *ctx = xctx;
+  FAR CHACHA20_POLY1305_CTX *ctx = xctx;
-	size_t rem;
+  size_t rem;
-	poly1305_update((poly1305_state *)&ctx->poly, data, len);
+  poly1305_update((FAR poly1305_state *)&ctx->poly, data, len);
-	/* number of bytes in the last 16 byte block */
+  /* number of bytes in the last 16 byte block */
-	rem = (len + POLY1305_BLOCK_LEN) & (POLY1305_BLOCK_LEN - 1);
+
-	if (rem > 0)
+  rem = (len + POLY1305_BLOCK_LEN) & (POLY1305_BLOCK_LEN - 1);
-		poly1305_update((poly1305_state *)&ctx->poly, zeroes,
+  if (rem > 0)
-		    POLY1305_BLOCK_LEN - rem);
+    {
-	return (0);
+      poly1305_update((FAR poly1305_state *)&ctx->poly, zeroes,
                      POLY1305_BLOCK_LEN - rem);
    }
  return 0;
 }
-void
+void chacha20_poly1305_final(FAR uint8_t *tag, FAR void *xctx)
 Chacha20_Poly1305_Final(uint8_t tag[POLY1305_TAGLEN], void *xctx)
 {
-	CHACHA20_POLY1305_CTX *ctx = xctx;
+  FAR CHACHA20_POLY1305_CTX *ctx = xctx;
-	poly1305_finish((poly1305_state *)&ctx->poly, tag);
+  poly1305_finish((FAR poly1305_state *)&ctx->poly, tag);
-	explicit_bzero(ctx, sizeof(*ctx));
+  explicit_bzero(ctx, sizeof(*ctx));
 }
-static const uint8_t pad0[16] = { 0 };
+void chacha20poly1305_encrypt(
  FAR uint8_t *dst,
  FAR const uint8_t *src,
  const size_t src_len,
  FAR const uint8_t *ad,
  const size_t ad_len,
  const uint64_t nonce,
  FAR const uint8_t *key)
 {
  poly1305_state poly1305_ctx;
  chacha_ctx ctx;
  union
  {
    uint8_t b0[CHACHA20POLY1305_KEY_SIZE];
    uint64_t lens[2];
  } b =
  {
    {
      0
    }
  };
-void
+  uint64_t le_nonce = htole64(nonce);
 chacha20poly1305_encrypt(
    uint8_t *dst,
    const uint8_t *src,
    const size_t src_len,
    const uint8_t *ad,
    const size_t ad_len,
    const uint64_t nonce,
    const uint8_t key[CHACHA20POLY1305_KEY_SIZE]
 ) {
 	poly1305_state poly1305_ctx;
 	chacha_ctx ctx;
 	union {
 		uint8_t b0[CHACHA20POLY1305_KEY_SIZE];
 		uint64_t lens[2];
 	} b = { { 0 } };
 	uint64_t le_nonce = htole64(nonce);
-	chacha_keysetup(&ctx, key, CHACHA20POLY1305_KEY_SIZE * 8);
+  chacha_keysetup(&ctx, key, CHACHA20POLY1305_KEY_SIZE * 8);
-	chacha_ivsetup(&ctx, (uint8_t *) &le_nonce, NULL);
+  chacha_ivsetup(&ctx, (FAR uint8_t *) &le_nonce, NULL);
-	chacha_encrypt_bytes(&ctx, b.b0, b.b0, sizeof(b.b0));
+  chacha_encrypt_bytes(&ctx, b.b0, b.b0, sizeof(b.b0));
-	poly1305_init(&poly1305_ctx, b.b0);
+  poly1305_init(&poly1305_ctx, b.b0);
-	poly1305_update(&poly1305_ctx, ad, ad_len);
+  poly1305_update(&poly1305_ctx, ad, ad_len);
-	poly1305_update(&poly1305_ctx, pad0, (0x10 - ad_len) & 0xf);
+  poly1305_update(&poly1305_ctx, pad0, (0x10 - ad_len) & 0xf);
-	chacha_encrypt_bytes(&ctx, (uint8_t *) src, dst, src_len);
+  chacha_encrypt_bytes(&ctx, (FAR uint8_t *)src, dst, src_len);
-	poly1305_update(&poly1305_ctx, dst, src_len);
+  poly1305_update(&poly1305_ctx, dst, src_len);
-	poly1305_update(&poly1305_ctx, pad0, (0x10 - src_len) & 0xf);
+  poly1305_update(&poly1305_ctx, pad0, (0x10 - src_len) & 0xf);
-	b.lens[0] = htole64(ad_len);
+  b.lens[0] = htole64(ad_len);
-	b.lens[1] = htole64(src_len);
+  b.lens[1] = htole64(src_len);
-	poly1305_update(&poly1305_ctx, (uint8_t *)b.lens, sizeof(b.lens));
+  poly1305_update(&poly1305_ctx, (FAR uint8_t *)b.lens, sizeof(b.lens));
-	poly1305_finish(&poly1305_ctx, dst + src_len);
+  poly1305_finish(&poly1305_ctx, dst + src_len);
-	explicit_bzero(&ctx, sizeof(chacha_ctx));
+  explicit_bzero(&ctx, sizeof(chacha_ctx));
-	explicit_bzero(&b, sizeof(b));
+  explicit_bzero(&b, sizeof(b));
 }
-int
+int chacha20poly1305_decrypt(
-chacha20poly1305_decrypt(
+  FAR uint8_t *dst,
-    uint8_t *dst,
+  FAR const uint8_t *src,
-    const uint8_t *src,
+  const size_t src_len,
-    const size_t src_len,
+  FAR const uint8_t *ad,
-    const uint8_t *ad,
+  const size_t ad_len,
-    const size_t ad_len,
+  const uint64_t nonce,
-    const uint64_t nonce,
+  FAR const uint8_t *key)
-    const uint8_t key[CHACHA20POLY1305_KEY_SIZE]
+{
-) {
+  poly1305_state poly1305_ctx;
-	poly1305_state poly1305_ctx;
+  chacha_ctx ctx;
-	chacha_ctx ctx;
+  int ret;
-	int ret;
+  size_t dst_len;
-	size_t dst_len;
+  union {
-	union {
+    uint8_t b0[CHACHA20POLY1305_KEY_SIZE];
-		uint8_t b0[CHACHA20POLY1305_KEY_SIZE];
+    uint8_t mac[CHACHA20POLY1305_AUTHTAG_SIZE];
-		uint8_t mac[CHACHA20POLY1305_AUTHTAG_SIZE];
+    uint64_t lens[2];
-		uint64_t lens[2];
+  } b =
-	} b = { { 0 } };
+  {
-	uint64_t le_nonce = htole64(nonce);
+    {
      0
    }
  };
-	if (src_len < CHACHA20POLY1305_AUTHTAG_SIZE)
+  uint64_t le_nonce = htole64(nonce);
 		return 0;
-	chacha_keysetup(&ctx, key, CHACHA20POLY1305_KEY_SIZE * 8);
+  if (src_len < CHACHA20POLY1305_AUTHTAG_SIZE)
-	chacha_ivsetup(&ctx, (uint8_t *) &le_nonce, NULL);
+    {
-	chacha_encrypt_bytes(&ctx, b.b0, b.b0, sizeof(b.b0));
+      return 0;
-	poly1305_init(&poly1305_ctx, b.b0);
+    }
-	poly1305_update(&poly1305_ctx, ad, ad_len);
+  chacha_keysetup(&ctx, key, CHACHA20POLY1305_KEY_SIZE * 8);
-	poly1305_update(&poly1305_ctx, pad0, (0x10 - ad_len) & 0xf);
+  chacha_ivsetup(&ctx, (FAR uint8_t *) &le_nonce, NULL);
  chacha_encrypt_bytes(&ctx, b.b0, b.b0, sizeof(b.b0));
  poly1305_init(&poly1305_ctx, b.b0);
-	dst_len = src_len - CHACHA20POLY1305_AUTHTAG_SIZE;
+  poly1305_update(&poly1305_ctx, ad, ad_len);
-	poly1305_update(&poly1305_ctx, src, dst_len);
+  poly1305_update(&poly1305_ctx, pad0, (0x10 - ad_len) & 0xf);
 	poly1305_update(&poly1305_ctx, pad0, (0x10 - dst_len) & 0xf);
-	b.lens[0] = htole64(ad_len);
+  dst_len = src_len - CHACHA20POLY1305_AUTHTAG_SIZE;
-	b.lens[1] = htole64(dst_len);
+  poly1305_update(&poly1305_ctx, src, dst_len);
-	poly1305_update(&poly1305_ctx, (uint8_t *)b.lens, sizeof(b.lens));
+  poly1305_update(&poly1305_ctx, pad0, (0x10 - dst_len) & 0xf);
-	poly1305_finish(&poly1305_ctx, b.mac);
+  b.lens[0] = htole64(ad_len);
  b.lens[1] = htole64(dst_len);
  poly1305_update(&poly1305_ctx, (FAR uint8_t *)b.lens, sizeof(b.lens));
-	ret = timingsafe_bcmp(b.mac, src + dst_len, CHACHA20POLY1305_AUTHTAG_SIZE);
+  poly1305_finish(&poly1305_ctx, b.mac);
 	if (!ret)
 		chacha_encrypt_bytes(&ctx, (uint8_t *) src, dst, dst_len);
-	explicit_bzero(&ctx, sizeof(ctx));
+  ret = timingsafe_bcmp(b.mac, src + dst_len, CHACHA20POLY1305_AUTHTAG_SIZE);
-	explicit_bzero(&b, sizeof(b));
+  if (!ret)
    {
      chacha_encrypt_bytes(&ctx, (FAR uint8_t *) src, dst, dst_len);
    }
-	return !ret;
+  explicit_bzero(&ctx, sizeof(chacha_ctx));
  explicit_bzero(&b, sizeof(b));
  return !ret;
 }
-void
+void xchacha20poly1305_encrypt(
-xchacha20poly1305_encrypt(
+  FAR uint8_t *dst,
-    uint8_t *dst,
+  FAR const uint8_t *src,
-    const uint8_t *src,
+  const size_t src_len,
-    const size_t src_len,
+  FAR const uint8_t *ad,
-    const uint8_t *ad,
+  const size_t ad_len,
-    const size_t ad_len,
+  FAR const uint8_t *nonce,
-    const uint8_t nonce[XCHACHA20POLY1305_NONCE_SIZE],
+  FAR const uint8_t *key)
-    const uint8_t key[CHACHA20POLY1305_KEY_SIZE]
+{
-) {
+  int i;
-	int i;
+  uint32_t derived_key[CHACHA20POLY1305_KEY_SIZE / sizeof(uint32_t)];
-	uint32_t derived_key[CHACHA20POLY1305_KEY_SIZE / sizeof(uint32_t)];
+  uint64_t h_nonce;
 	uint64_t h_nonce;
-	memcpy(&h_nonce, nonce + 16, sizeof(h_nonce));
+  memcpy(&h_nonce, nonce + 16, sizeof(h_nonce));
-	h_nonce = le64toh(h_nonce);
+  h_nonce = le64toh(h_nonce);
-	hchacha20(derived_key, nonce, key);
+  hchacha20(derived_key, nonce, key);
-	for(i = 0; i < (sizeof(derived_key)/sizeof(derived_key[0])); i++)
+  for (i = 0; i < (sizeof(derived_key) / sizeof(derived_key[0])); i++)
-		(derived_key[i]) = htole32((derived_key[i]));
+    {
      derived_key[i] = htole32(derived_key[i]);
    }
-	chacha20poly1305_encrypt(dst, src, src_len, ad, ad_len,
+  chacha20poly1305_encrypt(dst, src, src_len, ad, ad_len,
-	    h_nonce, (uint8_t *)derived_key);
+                           h_nonce, (FAR uint8_t *)derived_key);
-	explicit_bzero(derived_key, CHACHA20POLY1305_KEY_SIZE);
+  explicit_bzero(derived_key, CHACHA20POLY1305_KEY_SIZE);
 }
-int
+int xchacha20poly1305_decrypt(
-xchacha20poly1305_decrypt(
+  FAR uint8_t *dst,
-    uint8_t *dst,
+  FAR const uint8_t *src,
-    const uint8_t *src,
+  const size_t src_len,
-    const size_t src_len,
+  FAR const uint8_t *ad,
-    const uint8_t *ad,
+  const size_t ad_len,
-    const size_t ad_len,
+  FAR const uint8_t *nonce,
-    const uint8_t nonce[XCHACHA20POLY1305_NONCE_SIZE],
+  FAR const uint8_t *key)
-    const uint8_t key[CHACHA20POLY1305_KEY_SIZE]
+{
-) {
+  int ret;
-	int ret, i;
+  int i;
-	uint32_t derived_key[CHACHA20POLY1305_KEY_SIZE / sizeof(uint32_t)];
+  uint32_t derived_key[CHACHA20POLY1305_KEY_SIZE / sizeof(uint32_t)];
-	uint64_t h_nonce;
+  uint64_t h_nonce;
-	memcpy(&h_nonce, nonce + 16, sizeof(h_nonce));
+  memcpy(&h_nonce, nonce + 16, sizeof(h_nonce));
-	h_nonce = le64toh(h_nonce);
+  h_nonce = le64toh(h_nonce);
-	hchacha20(derived_key, nonce, key);
+  hchacha20(derived_key, nonce, key);
-	for(i = 0; i < (sizeof(derived_key)/sizeof(derived_key[0])); i++)
+  for (i = 0; i < (sizeof(derived_key) / sizeof(derived_key[0])); i++)
-		(derived_key[i]) = htole32((derived_key[i]));
+    {
      derived_key[i] = htole32(derived_key[i]);
    }
-	ret = chacha20poly1305_decrypt(dst, src, src_len, ad, ad_len,
+  ret = chacha20poly1305_decrypt(dst, src, src_len, ad, ad_len,
-	    h_nonce, (uint8_t *)derived_key);
+                                 h_nonce, (FAR uint8_t *)derived_key);
-	explicit_bzero(derived_key, CHACHA20POLY1305_KEY_SIZE);
+  explicit_bzero(derived_key, CHACHA20POLY1305_KEY_SIZE);
-	return ret;
+  return ret;
 }
@@ -1,6 +1,7 @@
-/*	$OpenBSD: cmac.c,v 1.3 2017/05/02 17:07:06 mikeb Exp $	*/
+/****************************************************************************
-
+ * crypto/cmac.c
-/*-
+ * $OpenBSD: cmac.c,v 1.3 2017/05/02 17:07:06 mikeb Exp $
 *
 * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
 *
 * Permission to use, copy, modify, and distribute this software for any
@@ -14,107 +15,145 @@
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
+ *
 ****************************************************************************/
-/*
+/* This code implements the CMAC (Cipher-based Message Authentication)
 * This code implements the CMAC (Cipher-based Message Authentication)
 * algorithm described in FIPS SP800-38B using the AES-128 cipher.
 */
 /****************************************************************************
 * Included Files
 ****************************************************************************/
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <crypto/aes.h>
 #include <crypto/cmac.h>
-#define LSHIFT(v, r) do {					\
+#define LSHIFT(v, r) do \
-	int i;							\
+  { \
-	for (i = 0; i < 15; i++)				\
+    int i; \
-		(r)[i] = (v)[i] << 1 | (v)[i + 1] >> 7;		\
+    for (i = 0; i < 15; i++) \
-	(r)[15] = (v)[15] << 1;					\
+      (r)[i] = (v)[i] << 1 | (v)[i + 1] >> 7; \
-} while (0)
+    (r)[15] = (v)[15] << 1; \
  } while (0)
-#define XOR(v, r) do {						\
+#define XOR(v, r) do \
-	int i;							\
+  { \
-	for (i = 0; i < 16; i++)				\
+    int i; \
-		(r)[i] ^= (v)[i];				\
+    for (i = 0; i < 16; i++) \
-} while (0)
+      (r)[i] ^= (v)[i]; \
  } while (0)
-void
+/****************************************************************************
-AES_CMAC_Init(AES_CMAC_CTX *ctx)
+ * Public Functions
 ****************************************************************************/
 void aes_cmac_init(FAR AES_CMAC_CTX *ctx)
 {
-	memset(ctx->X, 0, sizeof ctx->X);
+  memset(ctx->X, 0, sizeof ctx->X);
-	ctx->M_n = 0;
+  ctx->m_n = 0;
 }
-void
+void aes_cmac_setkey(FAR AES_CMAC_CTX *ctx,
-AES_CMAC_SetKey(AES_CMAC_CTX *ctx, const u_int8_t key[AES_CMAC_KEY_LENGTH])
+                     FAR const uint8_t *key)
 {
-	AES_Setkey(&ctx->aesctx, key, 16);
+  aes_setkey(&ctx->aesctx, key, 16);
 }
-void
+void aes_cmac_update(FAR AES_CMAC_CTX *ctx,
-AES_CMAC_Update(AES_CMAC_CTX *ctx, const u_int8_t *data, u_int len)
+                     FAR const uint8_t *data,
                     u_int len)
 {
-	u_int mlen;
+  u_int mlen;
-	if (ctx->M_n > 0) {
+  if (ctx->m_n > 0)
-		mlen = MIN(16 - ctx->M_n, len);
+    {
-		memcpy(ctx->M_last + ctx->M_n, data, mlen);
+      mlen = MIN(16 - ctx->m_n, len);
-		ctx->M_n += mlen;
+      memcpy(ctx->m_last + ctx->m_n, data, mlen);
-		if (ctx->M_n < 16 || len == mlen)
+      ctx->m_n += mlen;
-			return;
+      if (ctx->m_n < 16 || len == mlen)
-		XOR(ctx->M_last, ctx->X);
+        {
-		AES_Encrypt(&ctx->aesctx, ctx->X, ctx->X);
+          return;
-		data += mlen;
+        }
-		len -= mlen;
+
-	}
+      XOR(ctx->m_last, ctx->X);
-	while (len > 16) {	/* not last block */
+      aes_encrypt(&ctx->aesctx, ctx->X, ctx->X);
-		XOR(data, ctx->X);
+      data += mlen;
-		AES_Encrypt(&ctx->aesctx, ctx->X, ctx->X);
+      len -= mlen;
-		data += 16;
+    }
-		len -= 16;
+
-	}
+  while (len > 16)
-	/* potential last block, save it */
+    {
-	memcpy(ctx->M_last, data, len);
+      /* not last block */
-	ctx->M_n = len;
+
      XOR(data, ctx->X);
      aes_encrypt(&ctx->aesctx, ctx->X, ctx->X);
      data += 16;
      len -= 16;
    }
  /* potential last block, save it */
  memcpy(ctx->m_last, data, len);
  ctx->m_n = len;
 }
-void
+void aes_cmac_final(FAR uint8_t *digest,
-AES_CMAC_Final(u_int8_t digest[AES_CMAC_DIGEST_LENGTH], AES_CMAC_CTX *ctx)
+                    FAR AES_CMAC_CTX *ctx)
 {
-	u_int8_t K[16];
+  uint8_t K[16];
-	/* generate subkey K1 */
+  /* generate subkey K1 */
 	memset(K, 0, sizeof K);
 	AES_Encrypt(&ctx->aesctx, K, K);
-	if (K[0] & 0x80) {
+  memset(K, 0, sizeof K);
-		LSHIFT(K, K);
+  aes_encrypt(&ctx->aesctx, K, K);
 		K[15] ^= 0x87;
 	} else
 		LSHIFT(K, K);
-	if (ctx->M_n == 16) {
+  if (K[0] & 0x80)
-		/* last block was a complete block */
+    {
-		XOR(K, ctx->M_last);
+      LSHIFT(K, K);
-	} else {
+      K[15] ^= 0x87;
-		/* generate subkey K2 */
+    }
-		if (K[0] & 0x80) {
+  else
-			LSHIFT(K, K);
+    {
-			K[15] ^= 0x87;
+      LSHIFT(K, K);
-		} else
+    }
 			LSHIFT(K, K);
-		/* padding(M_last) */
+  if (ctx->m_n == 16)
-		ctx->M_last[ctx->M_n] = 0x80;
+    {
-		while (++ctx->M_n < 16)
+      /* last block was a complete block */
 			ctx->M_last[ctx->M_n] = 0;
-		XOR(K, ctx->M_last);
+      XOR(K, ctx->m_last);
-	}
+    }
-	XOR(ctx->M_last, ctx->X);
+  else
-	AES_Encrypt(&ctx->aesctx, ctx->X, digest);
+    {
      /* generate subkey K2 */
-	explicit_bzero(K, sizeof K);
+      if (K[0] & 0x80)
        {
          LSHIFT(K, K);
          K[15] ^= 0x87;
        }
      else
        {
          LSHIFT(K, K);
        }
      /* padding(m_last) */
      ctx->m_last[ctx->m_n] = 0x80;
      while (++ctx->m_n < 16)
        {
          ctx->m_last[ctx->m_n] = 0;
        }
      XOR(K, ctx->m_last);
    }
  XOR(ctx->m_last, ctx->X);
  aes_encrypt(&ctx->aesctx, ctx->X, digest);
  explicit_bzero(K, sizeof K);
 }
@@ -1,22 +1,24 @@
-/*	$OpenBSD: des_locl.h,v 1.7 2015/12/10 21:00:51 naddy Exp $	*/
+/****************************************************************************
-
+ * crypto/des_locl.h
-/* lib/des/des_locl.h */
+ * $OpenBSD: des_locl.h,v 1.7 2015/12/10 21:00:51 naddy Exp $
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+ *
 * lib/des/des_locl.h
 * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
 * All rights reserved.
- * 
+ *
 * This file is part of an SSL implementation written
 * by Eric Young (eay@mincom.oz.au).
 * The implementation was written so as to conform with Netscapes SSL
 * specification.  This library and applications are
 * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
 * as long as the following conditions are aheared to.
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.  If this code is used in a product,
 * Eric Young should be given attribution as the author of the parts used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -27,8 +29,9 @@
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
+ *    This product includes software developed by
- * 
+ *    Eric Young (eay@mincom.oz.au)
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -40,122 +43,147 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * derivative of this code cannot be changed.
 * i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
- */
+ ****************************************************************************/
-#ifndef HEADER_DES_LOCL_H
+#ifndef __CRYPTO_DES_LOCL_H
-#define HEADER_DES_LOCL_H
+#define __CRYPTO_DES_LOCL_H
 /****************************************************************************
 * Included Files
 ****************************************************************************/
 #include <sys/types.h>
 #include <sys/systm.h>
 typedef unsigned char des_cblock[8];
 typedef struct des_ks_struct
-	{
+{
-	union	{
+  union
-		des_cblock cblock;
+    {
-		/* make sure things are correct size on machines with
+      des_cblock cblock;
-		 * 8 byte longs */
+      /* make sure things are correct size on machines with
-		int32_t pad[2];
+       * 8 byte longs
-		} ks;
+       */
 	} des_key_schedule[16];
-#define DES_KEY_SZ 	(sizeof(des_cblock))
+      int32_t pad[2];
    } ks;
 }
 des_key_schedule[16];
 #define DES_KEY_SZ (sizeof(des_cblock))
 #define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
-
+void des_encrypt2(FAR uint32_t *data, caddr_t ks, int enc);
 void des_encrypt2(u_int32_t *data,caddr_t ks, int enc);
 #define ITERATIONS 16
 #define HALF_ITERATIONS 8
 #define c2l(c, l)                          \
  do                                       \
    {                                      \
      l = ((uint32_t)(*((c)++)));          \
      l |= ((uint32_t)(*((c)++))) << 8l;   \
      l |= ((uint32_t)(*((c)++))) << 16l;  \
      l |= ((uint32_t)(*((c)++))) << 24l;  \
    }                                      \
  while (0)
-#define c2l(c,l)	(l =((u_int32_t)(*((c)++)))    , \
+#define l2c(l,c)                                          \
-			 l|=((u_int32_t)(*((c)++)))<< 8L, \
+  do                                                      \
-			 l|=((u_int32_t)(*((c)++)))<<16L, \
+    {                                                     \
-			 l|=((u_int32_t)(*((c)++)))<<24L)
+      *((c)++) = (unsigned char)(((l)) & 0xff);           \
      *((c)++) = (unsigned char)(((l) >> 8L) & 0xff);     \
      *((c)++) = (unsigned char)(((l) >> 16L) & 0xff);    \
      *((c)++) = (unsigned char)(((l) >> 24L) & 0xff);    \
    }                                                     \
  while (0)
-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
+#define D_ENCRYPT(Q, R, S)              \
-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+  do                                    \
-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+    {                                   \
-			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+      u = (R ^ s[S]);                   \
      t = R ^ s[S + 1];                 \
      t = ((t >> 4L) + (t << 28L));     \
      Q ^= des_sptrans[1][(t) & 0x3f]|  \
      des_sptrans[3][(t >> 8l) & 0x3f]| \
      des_sptrans[5][(t >>16l) & 0x3f]| \
      des_sptrans[7][(t >>24l) & 0x3f]| \
      des_sptrans[0][(u) & 0x3f]|       \
      des_sptrans[2][(u >> 8l) & 0x3f]| \
      des_sptrans[4][(u >>16l) & 0x3f]| \
      des_sptrans[6][(u >>24l) & 0x3f]; \
    }                                   \
  while (0)
-#define D_ENCRYPT(Q,R,S) {\
+  /* IP and FP
-	u=(R^s[S  ]); \
+   * The problem is more of a geometric problem that random bit fiddling.
-	t=R^s[S+1]; \
+   *    0  1  2  3  4  5  6  7      62 54 46 38 30 22 14  6
-	t=((t>>4L)+(t<<28L)); \
+   *    8  9 10 11 12 13 14 15      60 52 44 36 28 20 12  4
-	Q^=	des_SPtrans[1][(t     )&0x3f]| \
+   *  16 17 18 19 20 21 22 23      58 50 42 34 26 18 10  2
-		des_SPtrans[3][(t>> 8L)&0x3f]| \
+   *  24 25 26 27 28 29 30 31  to  56 48 40 32 24 16  8  0
-		des_SPtrans[5][(t>>16L)&0x3f]| \
+   *
-		des_SPtrans[7][(t>>24L)&0x3f]| \
+   *  32 33 34 35 36 37 38 39      63 55 47 39 31 23 15  7
-		des_SPtrans[0][(u     )&0x3f]| \
+   *  40 41 42 43 44 45 46 47      61 53 45 37 29 21 13  5
-		des_SPtrans[2][(u>> 8L)&0x3f]| \
+   *  48 49 50 51 52 53 54 55      59 51 43 35 27 19 11  3
-		des_SPtrans[4][(u>>16L)&0x3f]| \
+   *  56 57 58 59 60 61 62 63      57 49 41 33 25 17  9  1
-		des_SPtrans[6][(u>>24L)&0x3f]; }
+   *
   * The output has been subject to swaps of the form
   * 0 1 -> 3 1 but the odd and even bits have been put into
   * 2 3    2 0
   * different words.  The main trick is to remember that
   * t=((l>>size)^r)&(mask);
   * r^=t;
   * l^=(t<<size);
   * can be used to swap and move bits between words.
   *
   * So l =  0  1  2  3  r = 16 17 18 19
   *      4  5  6  7      20 21 22 23
   *       8  9 10 11      24 25 26 27
   *      12 13 14 15      28 29 30 31
   * becomes (for size == 2 and mask == 0x3333)
   *   t =   2^16  3^17 -- --   l =  0  1 16 17  r =  2  3 18 19
   *   6^20  7^21 -- --        4  5 20 21       6  7 22 23
   *  10^24 11^25 -- --        8  9 24 25      10 11 24 25
   *  14^28 15^29 -- --       12 13 28 29      14 15 28 29
   *
   * Thanks for hints from Richard Outerbridge - he told me IP&FP
   * could be done in 15 xor, 10 shifts and 5 ands.
   * When I finally started to think of the problem in 2D
   * I first got ~42 operations without xors.  When I remembered
   * how to use xors :-) I got it to its final state.
   */
-	/* IP and FP
+#define PERM_OP(a, b, t, n, m) ((t) = ((((a) >> (n)) ^ (b)) & (m)),\
-	 * The problem is more of a geometric problem that random bit fiddling.
+  (b) ^= (t),\
-	 0  1  2  3  4  5  6  7      62 54 46 38 30 22 14  6
+  (a) ^= ((t) << (n)))
 	 8  9 10 11 12 13 14 15      60 52 44 36 28 20 12  4
 	16 17 18 19 20 21 22 23      58 50 42 34 26 18 10  2
 	24 25 26 27 28 29 30 31  to  56 48 40 32 24 16  8  0
-	32 33 34 35 36 37 38 39      63 55 47 39 31 23 15  7
+#define IP(l, r)                        \
-	40 41 42 43 44 45 46 47      61 53 45 37 29 21 13  5
+  do                                    \
-	48 49 50 51 52 53 54 55      59 51 43 35 27 19 11  3
+    {                                   \
-	56 57 58 59 60 61 62 63      57 49 41 33 25 17  9  1
+    register uint32_t tt;               \
    PERM_OP(r, l, tt, 4, 0x0f0f0f0fl);  \
    PERM_OP(l, r, tt, 16, 0x0000ffffl); \
    PERM_OP(r, l, tt, 2, 0x33333333l);  \
    PERM_OP(l, r, tt, 8, 0x00ff00ffl);  \
    PERM_OP(r, l, tt, 1, 0x55555555l);  \
    }                                   \
  while (0)
-	The output has been subject to swaps of the form
+#define FP(l, r) \
-	0 1 -> 3 1 but the odd and even bits have been put into
+  do                                    \
-	2 3    2 0
+    {                                   \
-	different words.  The main trick is to remember that
+    register uint32_t tt;               \
-	t=((l>>size)^r)&(mask);
+    PERM_OP(l, r, tt, 1, 0x55555555L);  \
-	r^=t;
+    PERM_OP(r, l, tt, 8, 0x00ff00ffL);  \
-	l^=(t<<size);
+    PERM_OP(l, r, tt, 2, 0x33333333L);  \
-	can be used to swap and move bits between words.
+    PERM_OP(r, l, tt, 16, 0x0000ffffL); \
-
+    PERM_OP(l, r, tt, 4, 0x0f0f0f0fL);  \
-	So l =  0  1  2  3  r = 16 17 18 19
+    }                                   \
-	        4  5  6  7      20 21 22 23
+  while (0)
-	        8  9 10 11      24 25 26 27
+#endif /* __CRYPTO_DES_LOCL_H */
 	       12 13 14 15      28 29 30 31
 	becomes (for size == 2 and mask == 0x3333)
 	   t =   2^16  3^17 -- --   l =  0  1 16 17  r =  2  3 18 19
 		 6^20  7^21 -- --        4  5 20 21       6  7 22 23
 		10^24 11^25 -- --        8  9 24 25      10 11 24 25
 		14^28 15^29 -- --       12 13 28 29      14 15 28 29
 	Thanks for hints from Richard Outerbridge - he told me IP&FP
 	could be done in 15 xor, 10 shifts and 5 ands.
 	When I finally started to think of the problem in 2D
 	I first got ~42 operations without xors.  When I remembered
 	how to use xors :-) I got it to its final state.
 	*/
 #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
 	(b)^=(t),\
 	(a)^=((t)<<(n)))
 #define IP(l,r) \
 	{ \
 	register u_int32_t tt; \
 	PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
 	PERM_OP(l,r,tt,16,0x0000ffffL); \
 	PERM_OP(r,l,tt, 2,0x33333333L); \
 	PERM_OP(l,r,tt, 8,0x00ff00ffL); \
 	PERM_OP(r,l,tt, 1,0x55555555L); \
 	}
 #define FP(l,r) \
 	{ \
 	register u_int32_t tt; \
 	PERM_OP(l,r,tt, 1,0x55555555L); \
 	PERM_OP(r,l,tt, 8,0x00ff00ffL); \
 	PERM_OP(l,r,tt, 2,0x33333333L); \
 	PERM_OP(r,l,tt,16,0x0000ffffL); \
 	PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
 	}
 #endif
@@ -1,22 +1,23 @@
-/*	$OpenBSD: ecb3_enc.c,v 1.3 2013/11/18 18:49:53 brad Exp $	*/
+/****************************************************************************
-
+ * crypto/ecb3_enc.c
-/* lib/des/ecb3_enc.c */
+ * $OpenBSD: ecb3_enc.c,v 1.3 2013/11/18 18:49:53 brad Exp $
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+ * lib/des/ecb3_enc.c
 * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
 * All rights reserved.
- * 
+ *
 * This file is part of an SSL implementation written
 * by Eric Young (eay@mincom.oz.au).
 * The implementation was written so as to conform with Netscapes SSL
 * specification.  This library and applications are
 * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
 * as long as the following conditions are aheared to.
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.  If this code is used in a product,
 * Eric Young should be given attribution as the author of the parts used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -27,8 +28,9 @@
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
+ *    This product includes software developed
- * 
+ *    by Eric Young (eay@mincom.oz.au)
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -40,37 +42,46 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * derivative of this code cannot be changed.
 * i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
- */
+ ****************************************************************************/
 /****************************************************************************
 * Included Files
 ****************************************************************************/
 #include "des_locl.h"
-void
+/****************************************************************************
-des_ecb3_encrypt(caddr_t (*input), caddr_t (*output),
+ * Public Functions
-    caddr_t ks1, caddr_t ks2, caddr_t ks3,
+ ****************************************************************************/
    int encrypt)
 {
 	register u_int32_t l0, l1;
 	register unsigned char *in, *out;
 	u_int32_t ll[2];
-	in = (unsigned char *) input;
+void des_ecb3_encrypt(FAR des_cblock *input, FAR des_cblock *output,
-	out = (unsigned char *) output;
+                      caddr_t ks1, caddr_t ks2, caddr_t ks3, int encrypt)
-	c2l(in, l0);
+{
-	c2l(in, l1);
+  register uint32_t l0;
-	IP(l0, l1);
+  register uint32_t l1;
-	ll[0] = l0;
+  FAR register unsigned char *in;
-	ll[1] = l1;
+  FAR register unsigned char *out;
-	des_encrypt2(ll, ks1, encrypt);
+  uint32_t ll[2];
-	des_encrypt2(ll, ks2, !encrypt);
+
-	des_encrypt2(ll, ks3, encrypt);
+  in = (FAR unsigned char *)input;
-	l0 = ll[0];
+  out = (FAR unsigned char *)output;
-	l1 = ll[1];
+  c2l(in, l0);
-	FP(l1, l0);
+  c2l(in, l1);
-	l2c(l0, out);
+  IP(l0, l1);
-	l2c(l1, out);
+  ll[0] = l0;
  ll[1] = l1;
  des_encrypt2(ll, ks1, encrypt);
  des_encrypt2(ll, ks2, !encrypt);
  des_encrypt2(ll, ks3, encrypt);
  l0 = ll[0];
  l1 = ll[1];
  FP(l1, l0);
  l2c(l0, out);
  l2c(l1, out);
 }
@@ -1,22 +1,23 @@
-/*	$OpenBSD: ecb_enc.c,v 1.6 2015/12/10 21:00:51 naddy Exp $	*/
+/****************************************************************************
-
+ * crypto/ecb_enc.c
-/* lib/des/ecb_enc.c */
+ * $OpenBSD: ecb_enc.c,v 1.6 2015/12/10 21:00:51 naddy Exp $
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+ * lib/des/ecb_enc.c
 * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
 * All rights reserved.
- * 
+ *
 * This file is part of an SSL implementation written
 * by Eric Young (eay@mincom.oz.au).
 * The implementation was written so as to conform with Netscapes SSL
 * specification.  This library and applications are
 * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
 * as long as the following conditions are aheared to.
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.  If this code is used in a product,
 * Eric Young should be given attribution as the author of the parts used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -27,8 +28,9 @@
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
+ *    This product includes software developed by
- * 
+ *    Eric Young (eay@mincom.oz.au)
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -40,63 +42,88 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * derivative of this code cannot be changed.
 * i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
- */
+ ****************************************************************************/
 /****************************************************************************
 * Included Files
 ****************************************************************************/
 #include "des_locl.h"
 #include "spr.h"
-void
+/****************************************************************************
-des_encrypt2(u_int32_t *data, caddr_t ks, int encrypt)
+ * Public Functions
 ****************************************************************************/
 void des_encrypt2(FAR uint32_t *data, caddr_t ks, int encrypt)
 {
-	register u_int32_t l, r, t, u;
+  register uint32_t l;
  register uint32_t r;
  register uint32_t t;
  register uint32_t u;
 #ifdef DES_USE_PTR
-	register unsigned char *des_SP=(unsigned char *)des_SPtrans;
+  FAR register unsigned char *des_sp = (FAR unsigned char *)des_sptrans;
 #endif
-	register int i;
+  register int i;
-	register u_int32_t *s;
+  FAR register uint32_t *s;
-	u = data[0];
+  u = data[0];
-	r = data[1];
+  r = data[1];
-	/* Things have been modified so that the initial rotate is
+  /* Things have been modified so that the initial rotate is
-	 * done outside the loop.  This required the
+   * done outside the loop.  This required the
-	 * des_SPtrans values in sp.h to be rotated 1 bit to the right.
+   * des_SPtrans values in sp.h to be rotated 1 bit to the right.
-	 * One perl script later and things have a 5% speed up on a sparc2.
+   * One perl script later and things have a 5% speed up on a sparc2.
-	 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
+   * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
-	 * for pointing this out. */
+   * for pointing this out.
-	l = (r << 1) | (r >> 31);
+   */
 	r = (u << 1) | (u >> 31);
-	/* clear the top bits on machines with 8byte longs */
+  l = (r << 1) | (r >> 31);
-	l &= 0xffffffffL;
+  r = (u << 1) | (u >> 31);
 	r &= 0xffffffffL;
-	s = (u_int32_t *) ks;
+  /* clear the top bits on machines with 8byte longs */
 	/* I don't know if it is worth the effort of loop unrolling the
 	 * inner loop */
 	if (encrypt) {
 		for (i = 0; i < 32; i += 4) {
 			D_ENCRYPT(l, r, i + 0); /*  1 */
 			D_ENCRYPT(r, l, i + 2); /*  2 */
 		}
 	} else {
 		for (i = 30; i > 0; i -= 4) {
 			D_ENCRYPT(l, r, i - 0); /* 16 */
 			D_ENCRYPT(r, l, i - 2); /* 15 */
 		}
 	}
 	l = (l >> 1) | (l << 31);
 	r = (r >> 1) | (r << 31);
 	/* clear the top bits on machines with 8byte longs */
 	l &= 0xffffffffL;
 	r &= 0xffffffffL;
-	data[0] = l;
+  l &= 0xffffffffl;
-	data[1] = r;
+  r &= 0xffffffffl;
-	l = r = t = u = 0;
+
  s = (FAR uint32_t *)ks;
  /* I don't know if it is worth the effort of loop unrolling the
   * inner loop
   */
  if (encrypt)
    {
      for (i = 0; i < 32; i += 4)
        {
          D_ENCRYPT(l, r, i + 0); /*  1 */
          D_ENCRYPT(r, l, i + 2); /*  2 */
        }
    }
  else
    {
      for (i = 30; i > 0; i -= 4)
        {
          D_ENCRYPT(l, r, i - 0); /* 16 */
          D_ENCRYPT(r, l, i - 2); /* 15 */
        }
    }
  l = (l >> 1) | (l << 31);
  r = (r >> 1) | (r << 31);
  /* clear the top bits on machines with 8byte longs */
  l &= 0xffffffffl;
  r &= 0xffffffffl;
  data[0] = l;
  data[1] = r;
  l = r = t = u = 0;
 }
@@ -1,6 +1,7 @@
-/*	$OpenBSD: gmac.c,v 1.10 2017/05/02 11:44:32 mikeb Exp $	*/
+/****************************************************************************
-
+ * crypto/gmac.c
-/*
+ * $OpenBSD: gmac.c,v 1.10 2017/05/02 11:44:32 mikeb Exp $
 *
 * Copyright (c) 2010 Mike Belopuhov
 *
 * Permission to use, copy, modify, and distribute this software for any
@@ -14,13 +15,18 @@
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
+ *
-
+ *
-/*
+ *
 * This code implements the Message Authentication part of the
 * Galois/Counter Mode (as being described in the RFC 4543) using
 * the AES cipher.  FIPS SP 800-38D describes the algorithm details.
- */
+ *
 ****************************************************************************/
 /****************************************************************************
 * Included Files
 ****************************************************************************/
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -28,141 +34,169 @@
 #include <crypto/aes.h>
 #include <crypto/gmac.h>
-void	ghash_gfmul(uint32_t *, uint32_t *, uint32_t *);
+/****************************************************************************
-void	ghash_update_mi(GHASH_CTX *, uint8_t *, size_t);
+ * Public Functions
 ****************************************************************************/
 void ghash_gfmul(FAR uint32_t *, FAR uint32_t *, FAR uint32_t *);
 void ghash_update_mi(FAR GHASH_CTX *, FAR uint8_t *, size_t);
 /* Allow overriding with optimized MD function */
-void	(*ghash_update)(GHASH_CTX *, uint8_t *, size_t) = ghash_update_mi;
+
 CODE void (*ghash_update)(FAR GHASH_CTX *,
                          FAR uint8_t *,
                          size_t) = ghash_update_mi;
 /* Computes a block multiplication in the GF(2^128) */
-void
+
-ghash_gfmul(uint32_t *X, uint32_t *Y, uint32_t *product)
+void ghash_gfmul(FAR uint32_t *X, FAR uint32_t *Y, FAR uint32_t *product)
 {
-	uint32_t	v[4];
+  uint32_t v[4];
-	uint32_t	z[4] = { 0, 0, 0, 0};
+  uint32_t z[4] =
-	uint8_t		*x = (uint8_t *)X;
+  {
-	uint32_t	mask;
+    0, 0, 0, 0
-	int		i;
+  };
-	v[0] = betoh32(Y[0]);
+  FAR uint8_t *x = (FAR uint8_t *)X;
-	v[1] = betoh32(Y[1]);
+  uint32_t mask;
-	v[2] = betoh32(Y[2]);
+  int i;
 	v[3] = betoh32(Y[3]);
-	for (i = 0; i < GMAC_BLOCK_LEN * 8; i++) {
+  v[0] = betoh32(Y[0]);
-		/* update Z */
+  v[1] = betoh32(Y[1]);
-		mask = !!(x[i >> 3] & (1 << (~i & 7)));
+  v[2] = betoh32(Y[2]);
-		mask = ~(mask - 1);
+  v[3] = betoh32(Y[3]);
 		z[0] ^= v[0] & mask;
 		z[1] ^= v[1] & mask;
 		z[2] ^= v[2] & mask;
 		z[3] ^= v[3] & mask;
-		/* update V */
+  for (i = 0; i < GMAC_BLOCK_LEN * 8; i++)
-		mask = ~((v[3] & 1) - 1);
+    {
-		v[3] = (v[2] << 31) | (v[3] >> 1);
+      /* update Z */
 		v[2] = (v[1] << 31) | (v[2] >> 1);
 		v[1] = (v[0] << 31) | (v[1] >> 1);
 		v[0] = (v[0] >> 1) ^ (0xe1000000 & mask);
 	}
-	product[0] = htobe32(z[0]);
+      mask = !!(x[i >> 3] & (1 << (~i & 7)));
-	product[1] = htobe32(z[1]);
+      mask = ~(mask - 1);
-	product[2] = htobe32(z[2]);
+      z[0] ^= v[0] & mask;
-	product[3] = htobe32(z[3]);
+      z[1] ^= v[1] & mask;
      z[2] ^= v[2] & mask;
      z[3] ^= v[3] & mask;
      /* update V */
      mask = ~((v[3] & 1) - 1);
      v[3] = (v[2] << 31) | (v[3] >> 1);
      v[2] = (v[1] << 31) | (v[2] >> 1);
      v[1] = (v[0] << 31) | (v[1] >> 1);
      v[0] = (v[0] >> 1) ^ (0xe1000000 & mask);
    }
  product[0] = htobe32(z[0]);
  product[1] = htobe32(z[1]);
  product[2] = htobe32(z[2]);
  product[3] = htobe32(z[3]);
 }
-void
+void ghash_update_mi(FAR GHASH_CTX *ctx, FAR uint8_t *X, size_t len)
 ghash_update_mi(GHASH_CTX *ctx, uint8_t *X, size_t len)
 {
-	uint32_t	*x = (uint32_t *)X;
+  FAR uint32_t *x = (FAR uint32_t *)X;
-	uint32_t	*s = (uint32_t *)ctx->S;
+  FAR uint32_t *s = (FAR uint32_t *)ctx->S;
-	uint32_t	*y = (uint32_t *)ctx->Z;
+  FAR uint32_t *y = (FAR uint32_t *)ctx->Z;
-	int		i;
+  int i;
-	for (i = 0; i < len / GMAC_BLOCK_LEN; i++) {
+  for (i = 0; i < len / GMAC_BLOCK_LEN; i++)
-		s[0] = y[0] ^ x[0];
+    {
-		s[1] = y[1] ^ x[1];
+      s[0] = y[0] ^ x[0];
-		s[2] = y[2] ^ x[2];
+      s[1] = y[1] ^ x[1];
-		s[3] = y[3] ^ x[3];
+      s[2] = y[2] ^ x[2];
      s[3] = y[3] ^ x[3];
-		ghash_gfmul((uint32_t *)ctx->S, (uint32_t *)ctx->H,
+      ghash_gfmul((FAR uint32_t *)ctx->S, (FAR uint32_t *)ctx->H,
-		    (uint32_t *)ctx->S);
+          (FAR uint32_t *)ctx->S);
-		y = s;
+      y = s;
-		x += 4;
+      x += 4;
-	}
+    }
-	bcopy(ctx->S, ctx->Z, GMAC_BLOCK_LEN);
+  bcopy(ctx->S, ctx->Z, GMAC_BLOCK_LEN);
 }
-#define AESCTR_NONCESIZE	4
+#define AESCTR_NONCESIZE 4
-void
+void aes_gmac_init(FAR void *xctx)
 AES_GMAC_Init(void *xctx)
 {
-	AES_GMAC_CTX	*ctx = xctx;
+  FAR AES_GMAC_CTX *ctx = xctx;
-	bzero(ctx->ghash.H, GMAC_BLOCK_LEN);
+  bzero(ctx->ghash.H, GMAC_BLOCK_LEN);
-	bzero(ctx->ghash.S, GMAC_BLOCK_LEN);
+  bzero(ctx->ghash.S, GMAC_BLOCK_LEN);
-	bzero(ctx->ghash.Z, GMAC_BLOCK_LEN);
+  bzero(ctx->ghash.Z, GMAC_BLOCK_LEN);
-	bzero(ctx->J, GMAC_BLOCK_LEN);
+  bzero(ctx->J, GMAC_BLOCK_LEN);
 }
-void
+void aes_gmac_setkey(FAR void *xctx, FAR const uint8_t *key, uint16_t klen)
 AES_GMAC_Setkey(void *xctx, const uint8_t *key, uint16_t klen)
 {
-	AES_GMAC_CTX	*ctx = xctx;
+  FAR AES_GMAC_CTX *ctx = xctx;
-	AES_Setkey(&ctx->K, key, klen - AESCTR_NONCESIZE);
+  aes_setkey(&ctx->K, key, klen - AESCTR_NONCESIZE);
-	/* copy out salt to the counter block */
+
-	bcopy(key + klen - AESCTR_NONCESIZE, ctx->J, AESCTR_NONCESIZE);
+  /* copy out salt to the counter block */
-	/* prepare a hash subkey */
+
-	AES_Encrypt(&ctx->K, ctx->ghash.H, ctx->ghash.H);
+  bcopy(key + klen - AESCTR_NONCESIZE, ctx->J, AESCTR_NONCESIZE);
  /* prepare a hash subkey */
  aes_encrypt(&ctx->K, ctx->ghash.H, ctx->ghash.H);
 }
-void
+void aes_gmac_reinit(FAR void *xctx, FAR const uint8_t *iv, uint16_t ivlen)
 AES_GMAC_Reinit(void *xctx, const uint8_t *iv, uint16_t ivlen)
 {
-	AES_GMAC_CTX	*ctx = xctx;
+  FAR AES_GMAC_CTX *ctx = xctx;
-	/* copy out IV to the counter block */
+  /* copy out IV to the counter block */
-	bcopy(iv, ctx->J + AESCTR_NONCESIZE, ivlen);
+
  bcopy(iv, ctx->J + AESCTR_NONCESIZE, ivlen);
 }
-int
+int aes_gmac_update(FAR void *xctx, FAR const uint8_t *data, uint16_t len)
 AES_GMAC_Update(void *xctx, const uint8_t *data, uint16_t len)
 {
-	AES_GMAC_CTX	*ctx = xctx;
+  FAR AES_GMAC_CTX *ctx = xctx;
-	uint32_t	blk[4] = { 0, 0, 0, 0 };
+  uint32_t blk[4] =
-	int		plen;
+  {
    0, 0, 0, 0
  };
-	if (len > 0) {
+  int plen;
-		plen = len % GMAC_BLOCK_LEN;
+
-		if (len >= GMAC_BLOCK_LEN)
+  if (len > 0)
-			(*ghash_update)(&ctx->ghash, (uint8_t *)data,
+    {
-			    len - plen);
+      plen = len % GMAC_BLOCK_LEN;
-		if (plen) {
+      if (len >= GMAC_BLOCK_LEN)
-			memcpy((uint8_t *)blk, (uint8_t *)data + (len - plen),
+        {
-			    plen);
+          (*ghash_update)(&ctx->ghash, (FAR uint8_t *)data,
-			(*ghash_update)(&ctx->ghash, (uint8_t *)blk,
+            len - plen);
-			    GMAC_BLOCK_LEN);
+        }
-		}
+
-	}
+      if (plen)
-	return (0);
+        {
          memcpy((FAR uint8_t *)blk, (FAR uint8_t *)data + (len - plen),
              plen);
          (*ghash_update)(&ctx->ghash, (FAR uint8_t *)blk,
              GMAC_BLOCK_LEN);
        }
    }
  return (0);
 }
-void
+void aes_gmac_final(FAR uint8_t *digest, FAR void *xctx)
 AES_GMAC_Final(uint8_t digest[GMAC_DIGEST_LEN], void *xctx)
 {
-	AES_GMAC_CTX	*ctx = xctx;
+  FAR AES_GMAC_CTX *ctx = xctx;
-	uint8_t		keystream[GMAC_BLOCK_LEN];
+  uint8_t keystream[GMAC_BLOCK_LEN];
-	int		i;
+  int i;
-	/* do one round of GCTR */
+  /* do one round of GCTR */
-	ctx->J[GMAC_BLOCK_LEN - 1] = 1;
+
-	AES_Encrypt(&ctx->K, ctx->J, keystream);
+  ctx->J[GMAC_BLOCK_LEN - 1] = 1;
-	for (i = 0; i < GMAC_DIGEST_LEN; i++)
+  aes_encrypt(&ctx->K, ctx->J, keystream);
-		digest[i] = ctx->ghash.S[i] ^ keystream[i];
+  for (i = 0; i < GMAC_DIGEST_LEN; i++)
-	explicit_bzero(keystream, sizeof(keystream));
+    {
      digest[i] = ctx->ghash.S[i] ^ keystream[i];
    }
  explicit_bzero(keystream, sizeof(keystream));
 }
@@ -1,6 +1,7 @@
-/*	$OpenBSD: hmac.c,v 1.4 2016/09/19 18:09:40 tedu Exp $	*/
+/****************************************************************************
-
+ * crypto/hmac.c
-/*-
+ * $OpenBSD: hmac.c,v 1.4 2016/09/19 18:09:40 tedu Exp $
 *
 * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
 *
 * Permission to use, copy, modify, and distribute this software for any
@@ -14,13 +15,17 @@
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
+ *
 ****************************************************************************/
-/*
+/* This code implements the HMAC algorithm described in RFC 2104 using
 * This code implements the HMAC algorithm described in RFC 2104 using
 * the MD5, SHA1 and SHA-256 hash functions.
 */
 /****************************************************************************
 * Included Files
 ****************************************************************************/
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -29,164 +34,193 @@
 #include <crypto/sha2.h>
 #include <crypto/hmac.h>
-void
+/****************************************************************************
-HMAC_MD5_Init(HMAC_MD5_CTX *ctx, const u_int8_t *key, u_int key_len)
+ * Public Functions
 ****************************************************************************/
 void hmca_md5_init(FAR HMAC_MD5_CTX *ctx,
                   FAR const uint8_t *key,
                   u_int key_len)
 {
-	u_int8_t k_ipad[MD5_BLOCK_LENGTH];
+  uint8_t k_ipad[MD5_BLOCK_LENGTH];
-	int i;
+  int i;
-	if (key_len > MD5_BLOCK_LENGTH) {
+  if (key_len > MD5_BLOCK_LENGTH)
-		MD5Init(&ctx->ctx);
+    {
-		MD5Update(&ctx->ctx, key, key_len);
+      md5init(&ctx->ctx);
-		MD5Final(ctx->key, &ctx->ctx);
+      md5update(&ctx->ctx, key, key_len);
-		ctx->key_len = MD5_DIGEST_LENGTH;
+      md5final(ctx->key, &ctx->ctx);
-	} else {
+      ctx->key_len = MD5_DIGEST_LENGTH;
-		bcopy(key, ctx->key, key_len);
+    }
-		ctx->key_len = key_len;
+  else
-	}
+    {
      bcopy(key, ctx->key, key_len);
      ctx->key_len = key_len;
    }
-	bzero(k_ipad, MD5_BLOCK_LENGTH);
+  bzero(k_ipad, MD5_BLOCK_LENGTH);
-	memcpy(k_ipad, ctx->key, ctx->key_len);
+  memcpy(k_ipad, ctx->key, ctx->key_len);
-	for (i = 0; i < MD5_BLOCK_LENGTH; i++)
+  for (i = 0; i < MD5_BLOCK_LENGTH; i++)
-		k_ipad[i] ^= 0x36;
+    {
      k_ipad[i] ^= 0x36;
    }
-	MD5Init(&ctx->ctx);
+  md5init(&ctx->ctx);
-	MD5Update(&ctx->ctx, k_ipad, MD5_BLOCK_LENGTH);
+  md5update(&ctx->ctx, k_ipad, MD5_BLOCK_LENGTH);
-	explicit_bzero(k_ipad, sizeof k_ipad);
+  explicit_bzero(k_ipad, sizeof k_ipad);
 }
-void
+void hmac_md5_update(FAR HMAC_MD5_CTX *ctx,
-HMAC_MD5_Update(HMAC_MD5_CTX *ctx, const u_int8_t *data, u_int len)
+                     FAR const uint8_t *data,
                     u_int len)
 {
-	MD5Update(&ctx->ctx, data, len);
+  md5update(&ctx->ctx, data, len);
 }
-void
+void hmac_md5_final(FAR uint8_t *digest, FAR HMAC_MD5_CTX *ctx)
 HMAC_MD5_Final(u_int8_t digest[MD5_DIGEST_LENGTH], HMAC_MD5_CTX *ctx)
 {
-	u_int8_t k_opad[MD5_BLOCK_LENGTH];
+  uint8_t k_opad[MD5_BLOCK_LENGTH];
-	int i;
+  int i;
-	MD5Final(digest, &ctx->ctx);
+  md5final(digest, &ctx->ctx);
-	bzero(k_opad, MD5_BLOCK_LENGTH);
+  bzero(k_opad, MD5_BLOCK_LENGTH);
-	memcpy(k_opad, ctx->key, ctx->key_len);
+  memcpy(k_opad, ctx->key, ctx->key_len);
-	for (i = 0; i < MD5_BLOCK_LENGTH; i++)
+  for (i = 0; i < MD5_BLOCK_LENGTH; i++)
-		k_opad[i] ^= 0x5c;
+    {
      k_opad[i] ^= 0x5c;
    }
-	MD5Init(&ctx->ctx);
+  md5init(&ctx->ctx);
-	MD5Update(&ctx->ctx, k_opad, MD5_BLOCK_LENGTH);
+  md5update(&ctx->ctx, k_opad, MD5_BLOCK_LENGTH);
-	MD5Update(&ctx->ctx, digest, MD5_DIGEST_LENGTH);
+  md5update(&ctx->ctx, digest, MD5_DIGEST_LENGTH);
-	MD5Final(digest, &ctx->ctx);
+  md5final(digest, &ctx->ctx);
-	explicit_bzero(k_opad, sizeof k_opad);
+  explicit_bzero(k_opad, sizeof k_opad);
 }
-void
+void hmac_sha1_init(FAR HMAC_SHA1_CTX *ctx,
-HMAC_SHA1_Init(HMAC_SHA1_CTX *ctx, const u_int8_t *key, u_int key_len)
+                    FAR const uint8_t *key,
                    u_int key_len)
 {
-	u_int8_t k_ipad[SHA1_BLOCK_LENGTH];
+  uint8_t k_ipad[SHA1_BLOCK_LENGTH];
-	int i;
+  int i;
-	if (key_len > SHA1_BLOCK_LENGTH) {
+  if (key_len > SHA1_BLOCK_LENGTH)
-		SHA1Init(&ctx->ctx);
+    {
-		SHA1Update(&ctx->ctx, key, key_len);
+      sha1init(&ctx->ctx);
-		SHA1Final(ctx->key, &ctx->ctx);
+      sha1update(&ctx->ctx, key, key_len);
-		ctx->key_len = SHA1_DIGEST_LENGTH;
+      sha1final(ctx->key, &ctx->ctx);
-	} else {
+      ctx->key_len = SHA1_DIGEST_LENGTH;
-		bcopy(key, ctx->key, key_len);
+    }
-		ctx->key_len = key_len;
+  else
-	}
+    {
      bcopy(key, ctx->key, key_len);
      ctx->key_len = key_len;
    }
-	bzero(k_ipad, SHA1_BLOCK_LENGTH);
+  bzero(k_ipad, SHA1_BLOCK_LENGTH);
-	memcpy(k_ipad, ctx->key, ctx->key_len);
+  memcpy(k_ipad, ctx->key, ctx->key_len);
-	for (i = 0; i < SHA1_BLOCK_LENGTH; i++)
+  for (i = 0; i < SHA1_BLOCK_LENGTH; i++)
-		k_ipad[i] ^= 0x36;
+    {
      k_ipad[i] ^= 0x36;
    }
-	SHA1Init(&ctx->ctx);
+  sha1init(&ctx->ctx);
-	SHA1Update(&ctx->ctx, k_ipad, SHA1_BLOCK_LENGTH);
+  sha1update(&ctx->ctx, k_ipad, SHA1_BLOCK_LENGTH);
-	explicit_bzero(k_ipad, sizeof k_ipad);
+  explicit_bzero(k_ipad, sizeof k_ipad);
 }
-void
+void hmac_sha1_update(FAR HMAC_SHA1_CTX *ctx,
-HMAC_SHA1_Update(HMAC_SHA1_CTX *ctx, const u_int8_t *data, u_int len)
+                      FAR const uint8_t *data,
                      u_int len)
 {
-	SHA1Update(&ctx->ctx, data, len);
+  sha1update(&ctx->ctx, data, len);
 }
-void
+void hmca_sha1_final(FAR uint8_t *digest, FAR HMAC_SHA1_CTX *ctx)
 HMAC_SHA1_Final(u_int8_t digest[SHA1_DIGEST_LENGTH], HMAC_SHA1_CTX *ctx)
 {
-	u_int8_t k_opad[SHA1_BLOCK_LENGTH];
+  uint8_t k_opad[SHA1_BLOCK_LENGTH];
-	int i;
+  int i;
-	SHA1Final(digest, &ctx->ctx);
+  sha1final(digest, &ctx->ctx);
-	bzero(k_opad, SHA1_BLOCK_LENGTH);
+  bzero(k_opad, SHA1_BLOCK_LENGTH);
-	memcpy(k_opad, ctx->key, ctx->key_len);
+  memcpy(k_opad, ctx->key, ctx->key_len);
-	for (i = 0; i < SHA1_BLOCK_LENGTH; i++)
+  for (i = 0; i < SHA1_BLOCK_LENGTH; i++)
-		k_opad[i] ^= 0x5c;
+    {
      k_opad[i] ^= 0x5c;
    }
-	SHA1Init(&ctx->ctx);
+  sha1init(&ctx->ctx);
-	SHA1Update(&ctx->ctx, k_opad, SHA1_BLOCK_LENGTH);
+  sha1update(&ctx->ctx, k_opad, SHA1_BLOCK_LENGTH);
-	SHA1Update(&ctx->ctx, digest, SHA1_DIGEST_LENGTH);
+  sha1update(&ctx->ctx, digest, SHA1_DIGEST_LENGTH);
-	SHA1Final(digest, &ctx->ctx);
+  sha1final(digest, &ctx->ctx);
-	explicit_bzero(k_opad, sizeof k_opad);
+  explicit_bzero(k_opad, sizeof k_opad);
 }
-void
+void hmac_sha256_init(FAR HMAC_SHA256_CTX *ctx,
-HMAC_SHA256_Init(HMAC_SHA256_CTX *ctx, const u_int8_t *key, u_int key_len)
+                      FAR const uint8_t *key,
                      u_int key_len)
 {
-	u_int8_t k_ipad[SHA256_BLOCK_LENGTH];
+  uint8_t k_ipad[SHA256_BLOCK_LENGTH];
-	int i;
+  int i;
-	if (key_len > SHA256_BLOCK_LENGTH) {
+  if (key_len > SHA256_BLOCK_LENGTH)
-		SHA256Init(&ctx->ctx);
+    {
-		SHA256Update(&ctx->ctx, key, key_len);
+      sha256init(&ctx->ctx);
-		SHA256Final(ctx->key, &ctx->ctx);
+      sha256update(&ctx->ctx, key, key_len);
-		ctx->key_len = SHA256_DIGEST_LENGTH;
+      sha256final(ctx->key, &ctx->ctx);
-	} else {
+      ctx->key_len = SHA256_DIGEST_LENGTH;
-		bcopy(key, ctx->key, key_len);
+    }
-		ctx->key_len = key_len;
+  else
-	}
+    {
      bcopy(key, ctx->key, key_len);
      ctx->key_len = key_len;
    }
-	bzero(k_ipad, SHA256_BLOCK_LENGTH);
+  bzero(k_ipad, SHA256_BLOCK_LENGTH);
-	memcpy(k_ipad, ctx->key, ctx->key_len);
+  memcpy(k_ipad, ctx->key, ctx->key_len);
-	for (i = 0; i < SHA256_BLOCK_LENGTH; i++)
+  for (i = 0; i < SHA256_BLOCK_LENGTH; i++)
-		k_ipad[i] ^= 0x36;
+    {
      k_ipad[i] ^= 0x36;
    }
-	SHA256Init(&ctx->ctx);
+  sha256init(&ctx->ctx);
-	SHA256Update(&ctx->ctx, k_ipad, SHA256_BLOCK_LENGTH);
+  sha256update(&ctx->ctx, k_ipad, SHA256_BLOCK_LENGTH);
-	explicit_bzero(k_ipad, sizeof k_ipad);
+  explicit_bzero(k_ipad, sizeof k_ipad);
 }
-void
+void hmac_sha256_update(FAR HMAC_SHA256_CTX *ctx,
-HMAC_SHA256_Update(HMAC_SHA256_CTX *ctx, const u_int8_t *data, u_int len)
+                        FAR const uint8_t *data,
                        u_int len)
 {
-	SHA256Update(&ctx->ctx, data, len);
+  sha256update(&ctx->ctx, data, len);
 }
-void
+void hmac_sha256_final(FAR uint8_t *digest,
-HMAC_SHA256_Final(u_int8_t digest[SHA256_DIGEST_LENGTH], HMAC_SHA256_CTX *ctx)
+                       FAR HMAC_SHA256_CTX *ctx)
 {
-	u_int8_t k_opad[SHA256_BLOCK_LENGTH];
+  uint8_t k_opad[SHA256_BLOCK_LENGTH];
-	int i;
+  int i;
-	SHA256Final(digest, &ctx->ctx);
+  sha256final(digest, &ctx->ctx);
-	bzero(k_opad, SHA256_BLOCK_LENGTH);
+  bzero(k_opad, SHA256_BLOCK_LENGTH);
-	memcpy(k_opad, ctx->key, ctx->key_len);
+  memcpy(k_opad, ctx->key, ctx->key_len);
-	for (i = 0; i < SHA256_BLOCK_LENGTH; i++)
+  for (i = 0; i < SHA256_BLOCK_LENGTH; i++)
-		k_opad[i] ^= 0x5c;
+    {
      k_opad[i] ^= 0x5c;
    }
-	SHA256Init(&ctx->ctx);
+  sha256init(&ctx->ctx);
-	SHA256Update(&ctx->ctx, k_opad, SHA256_BLOCK_LENGTH);
+  sha256update(&ctx->ctx, k_opad, SHA256_BLOCK_LENGTH);
-	SHA256Update(&ctx->ctx, digest, SHA256_DIGEST_LENGTH);
+  sha256update(&ctx->ctx, digest, SHA256_DIGEST_LENGTH);
-	SHA256Final(digest, &ctx->ctx);
+  sha256final(digest, &ctx->ctx);
-	explicit_bzero(k_opad, sizeof k_opad);
+  explicit_bzero(k_opad, sizeof k_opad);
 }
@@ -1,5 +1,7 @@
-/*	$OpenBSD: idgen.c,v 1.8 2020/07/22 13:54:30 tobhe Exp $	*/
+/****************************************************************************
-/*
+ * crypto/idgen.c
 * $OpenBSD: idgen.c,v 1.8 2020/07/22 13:54:30 tobhe Exp $
 *
 * Copyright (c) 2008 Damien Miller <djm@mindrot.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
@@ -13,126 +15,142 @@
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
+ ****************************************************************************/
-/*
+/* IDGEN32: non-repeating ID generation covering an almost maximal 32-bit
 * IDGEN32: non-repeating ID generation covering an almost maximal 32-bit
 * range.
 *
 * IDGEN32 is based on public domain SKIP32 by Greg Rose.
 */
 /****************************************************************************
 * Included Files
 ****************************************************************************/
 #include <sys/types.h>
 #include <sys/systm.h>
 #include <sys/time.h>
 #include <crypto/idgen.h>
-static const u_int8_t idgen32_ftable[256] = { 
+static const uint8_t idgen32_ftable[256] =
-	0xa3, 0xd7, 0x09, 0x83, 0xf8, 0x48, 0xf6, 0xf4,
+{
-	0xb3, 0x21, 0x15, 0x78, 0x99, 0xb1, 0xaf, 0xf9,
+  0xa3, 0xd7, 0x09, 0x83, 0xf8, 0x48, 0xf6, 0xf4,
-	0xe7, 0x2d, 0x4d, 0x8a, 0xce, 0x4c, 0xca, 0x2e,
+  0xb3, 0x21, 0x15, 0x78, 0x99, 0xb1, 0xaf, 0xf9,
-	0x52, 0x95, 0xd9, 0x1e, 0x4e, 0x38, 0x44, 0x28,
+  0xe7, 0x2d, 0x4d, 0x8a, 0xce, 0x4c, 0xca, 0x2e,
-	0x0a, 0xdf, 0x02, 0xa0, 0x17, 0xf1, 0x60, 0x68,
+  0x52, 0x95, 0xd9, 0x1e, 0x4e, 0x38, 0x44, 0x28,
-	0x12, 0xb7, 0x7a, 0xc3, 0xe9, 0xfa, 0x3d, 0x53,
+  0x0a, 0xdf, 0x02, 0xa0, 0x17, 0xf1, 0x60, 0x68,
-	0x96, 0x84, 0x6b, 0xba, 0xf2, 0x63, 0x9a, 0x19,
+  0x12, 0xb7, 0x7a, 0xc3, 0xe9, 0xfa, 0x3d, 0x53,
-	0x7c, 0xae, 0xe5, 0xf5, 0xf7, 0x16, 0x6a, 0xa2,
+  0x96, 0x84, 0x6b, 0xba, 0xf2, 0x63, 0x9a, 0x19,
-	0x39, 0xb6, 0x7b, 0x0f, 0xc1, 0x93, 0x81, 0x1b,
+  0x7c, 0xae, 0xe5, 0xf5, 0xf7, 0x16, 0x6a, 0xa2,
-	0xee, 0xb4, 0x1a, 0xea, 0xd0, 0x91, 0x2f, 0xb8,
+  0x39, 0xb6, 0x7b, 0x0f, 0xc1, 0x93, 0x81, 0x1b,
-	0x55, 0xb9, 0xda, 0x85, 0x3f, 0x41, 0xbf, 0xe0,
+  0xee, 0xb4, 0x1a, 0xea, 0xd0, 0x91, 0x2f, 0xb8,
-	0x5a, 0x58, 0x80, 0x5f, 0x66, 0x0b, 0xd8, 0x90,
+  0x55, 0xb9, 0xda, 0x85, 0x3f, 0x41, 0xbf, 0xe0,
-	0x35, 0xd5, 0xc0, 0xa7, 0x33, 0x06, 0x65, 0x69,
+  0x5a, 0x58, 0x80, 0x5f, 0x66, 0x0b, 0xd8, 0x90,
-	0x45, 0x00, 0x94, 0x56, 0x6d, 0x98, 0x9b, 0x76,
+  0x35, 0xd5, 0xc0, 0xa7, 0x33, 0x06, 0x65, 0x69,
-	0x97, 0xfc, 0xb2, 0xc2, 0xb0, 0xfe, 0xdb, 0x20,
+  0x45, 0x00, 0x94, 0x56, 0x6d, 0x98, 0x9b, 0x76,
-	0xe1, 0xeb, 0xd6, 0xe4, 0xdd, 0x47, 0x4a, 0x1d,
+  0x97, 0xfc, 0xb2, 0xc2, 0xb0, 0xfe, 0xdb, 0x20,
-	0x42, 0xed, 0x9e, 0x6e, 0x49, 0x3c, 0xcd, 0x43,
+  0xe1, 0xeb, 0xd6, 0xe4, 0xdd, 0x47, 0x4a, 0x1d,
-	0x27, 0xd2, 0x07, 0xd4, 0xde, 0xc7, 0x67, 0x18,
+  0x42, 0xed, 0x9e, 0x6e, 0x49, 0x3c, 0xcd, 0x43,
-	0x89, 0xcb, 0x30, 0x1f, 0x8d, 0xc6, 0x8f, 0xaa,
+  0x27, 0xd2, 0x07, 0xd4, 0xde, 0xc7, 0x67, 0x18,
-	0xc8, 0x74, 0xdc, 0xc9, 0x5d, 0x5c, 0x31, 0xa4,
+  0x89, 0xcb, 0x30, 0x1f, 0x8d, 0xc6, 0x8f, 0xaa,
-	0x70, 0x88, 0x61, 0x2c, 0x9f, 0x0d, 0x2b, 0x87,
+  0xc8, 0x74, 0xdc, 0xc9, 0x5d, 0x5c, 0x31, 0xa4,
-	0x50, 0x82, 0x54, 0x64, 0x26, 0x7d, 0x03, 0x40,
+  0x70, 0x88, 0x61, 0x2c, 0x9f, 0x0d, 0x2b, 0x87,
-	0x34, 0x4b, 0x1c, 0x73, 0xd1, 0xc4, 0xfd, 0x3b,
+  0x50, 0x82, 0x54, 0x64, 0x26, 0x7d, 0x03, 0x40,
-	0xcc, 0xfb, 0x7f, 0xab, 0xe6, 0x3e, 0x5b, 0xa5,
+  0x34, 0x4b, 0x1c, 0x73, 0xd1, 0xc4, 0xfd, 0x3b,
-	0xad, 0x04, 0x23, 0x9c, 0x14, 0x51, 0x22, 0xf0,
+  0xcc, 0xfb, 0x7f, 0xab, 0xe6, 0x3e, 0x5b, 0xa5,
-	0x29, 0x79, 0x71, 0x7e, 0xff, 0x8c, 0x0e, 0xe2,
+  0xad, 0x04, 0x23, 0x9c, 0x14, 0x51, 0x22, 0xf0,
-	0x0c, 0xef, 0xbc, 0x72, 0x75, 0x6f, 0x37, 0xa1,
+  0x29, 0x79, 0x71, 0x7e, 0xff, 0x8c, 0x0e, 0xe2,
-	0xec, 0xd3, 0x8e, 0x62, 0x8b, 0x86, 0x10, 0xe8,
+  0x0c, 0xef, 0xbc, 0x72, 0x75, 0x6f, 0x37, 0xa1,
-	0x08, 0x77, 0x11, 0xbe, 0x92, 0x4f, 0x24, 0xc5,
+  0xec, 0xd3, 0x8e, 0x62, 0x8b, 0x86, 0x10, 0xe8,
-	0x32, 0x36, 0x9d, 0xcf, 0xf3, 0xa6, 0xbb, 0xac,
+  0x08, 0x77, 0x11, 0xbe, 0x92, 0x4f, 0x24, 0xc5,
-	0x5e, 0x6c, 0xa9, 0x13, 0x57, 0x25, 0xb5, 0xe3,
+  0x32, 0x36, 0x9d, 0xcf, 0xf3, 0xa6, 0xbb, 0xac,
-	0xbd, 0xa8, 0x3a, 0x01, 0x05, 0x59, 0x2a, 0x46
+  0x5e, 0x6c, 0xa9, 0x13, 0x57, 0x25, 0xb5, 0xe3,
  0xbd, 0xa8, 0x3a, 0x01, 0x05, 0x59, 0x2a, 0x46
 };
-static u_int16_t
+static uint16_t idgen32_g(FAR uint8_t *key, int k, uint16_t w)
 idgen32_g(u_int8_t *key, int k, u_int16_t w)
 {
-	u_int8_t g1, g2, g3, g4, g5, g6;
+  uint8_t g1;
-	u_int o = k * 4;
+  uint8_t g2;
  uint8_t g3;
  uint8_t g4;
  uint8_t g5;
  uint8_t g6;
  u_int o = k * 4;
-	g1 = (w >> 8) & 0xff;
+  g1 = (w >> 8) & 0xff;
-	g2 = w & 0xff;
+  g2 = w & 0xff;
-	g3 = idgen32_ftable[g2 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g1;
+  g3 = idgen32_ftable[g2 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g1;
-	g4 = idgen32_ftable[g3 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g2;
+  g4 = idgen32_ftable[g3 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g2;
-	g5 = idgen32_ftable[g4 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g3;
+  g5 = idgen32_ftable[g4 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g3;
-	g6 = idgen32_ftable[g5 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g4;
+  g6 = idgen32_ftable[g5 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g4;
-	return (g5 << 8) | g6;
+  return (g5 << 8) | g6;
 }
-static u_int32_t
+static uint32_t idgen32_permute(FAR struct idgen32_ctx *ctx, uint32_t in)
 idgen32_permute(struct idgen32_ctx *ctx, u_int32_t in)
 {
-	u_int i, r;
+  u_int i, r;
-	u_int16_t wl, wr;
+  uint16_t wl;
  uint16_t wr;
-	wl = (in >> 16) & 0x7fff;
+  wl = (in >> 16) & 0x7fff;
-	wr = in & 0xffff;
+  wr = in & 0xffff;
-	/* Doubled up rounds, with an odd round at the end to swap */
+  /* Doubled up rounds, with an odd round at the end to swap */
 	for (i = r = 0; i < IDGEN32_ROUNDS / 2; ++i) {
 		wr ^= (idgen32_g(ctx->id32_key, r, wl) ^ r);
 		r++;
 		wl ^= (idgen32_g(ctx->id32_key, r, wr) ^ r) & 0x7fff;
 		r++;
 	}
 	wr ^= (idgen32_g(ctx->id32_key, r, wl) ^ r);
-	return (wl << 16) | wr;
+  for (i = r = 0; i < IDGEN32_ROUNDS / 2; ++i)
    {
      wr ^= (idgen32_g(ctx->id32_key, r, wl) ^ r);
      r++;
      wl ^= (idgen32_g(ctx->id32_key, r, wr) ^ r) & 0x7fff;
      r++;
    }
  wr ^= (idgen32_g(ctx->id32_key, r, wl) ^ r);
  return (wl << 16) | wr;
 }
-static void
+static void idgen32_rekey(FAR struct idgen32_ctx *ctx)
 idgen32_rekey(struct idgen32_ctx *ctx)
 {
-	ctx->id32_counter = 0;
+  ctx->id32_counter = 0;
-	ctx->id32_hibit ^= 0x80000000;
+  ctx->id32_hibit ^= 0x80000000;
-	ctx->id32_offset = arc4random();
+  ctx->id32_offset = arc4random();
-	arc4random_buf(ctx->id32_key, sizeof(ctx->id32_key));
+  arc4random_buf(ctx->id32_key, sizeof(ctx->id32_key));
-	ctx->id32_rekey_time = getuptime() + IDGEN32_REKEY_TIME;
+  ctx->id32_rekey_time = getuptime() + IDGEN32_REKEY_TIME;
 }
-void
+/****************************************************************************
-idgen32_init(struct idgen32_ctx *ctx)
+ * Public Functions
 ****************************************************************************/
 void idgen32_init(FAR struct idgen32_ctx *ctx)
 {
-	bzero(ctx, sizeof(*ctx));
+  bzero(ctx, sizeof(*ctx));
-	ctx->id32_hibit = arc4random() & 0x80000000;
+  ctx->id32_hibit = arc4random() & 0x80000000;
-	idgen32_rekey(ctx);
+  idgen32_rekey(ctx);
 }
-u_int32_t
+uint32_t idgen32(FAR struct idgen32_ctx *ctx)
 idgen32(struct idgen32_ctx *ctx)
 {
-	u_int32_t ret;
+  uint32_t ret;
-	do {
+  do
-		/* Rekey a little early to avoid "card counting" attack */
+    {
-		if (ctx->id32_counter > IDGEN32_REKEY_LIMIT ||
+      /* Rekey a little early to avoid "card counting" attack */
 		    ctx->id32_rekey_time < getuptime())
 			idgen32_rekey(ctx);
 		ret = ctx->id32_hibit | idgen32_permute(ctx,
 		    (ctx->id32_offset + ctx->id32_counter++) & 0x7fffffff);
 	} while (ret == 0); /* Zero IDs are often special, so avoid */
-	return ret;
+      if (ctx->id32_counter > IDGEN32_REKEY_LIMIT ||
          ctx->id32_rekey_time < getuptime())
        {
          idgen32_rekey(ctx);
        }
      ret = ctx->id32_hibit | idgen32_permute(ctx,
          (ctx->id32_offset + ctx->id32_counter++) & 0x7fffffff);
    }
  while (ret == 0); /* Zero IDs are often special, so avoid */
  return ret;
 }
@@ -1,6 +1,7 @@
-/*	$OpenBSD: key_wrap.c,v 1.5 2017/05/02 17:07:06 mikeb Exp $	*/
+/****************************************************************************
-
+ * crypto/key_wrap.c
-/*-
+ * $OpenBSD: key_wrap.c,v 1.5 2017/05/02 17:07:06 mikeb Exp $
 *
 * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
 *
 * Permission to use, copy, modify, and distribute this software for any
@@ -14,11 +15,13 @@
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
+ ****************************************************************************/
-/*
+/* This code implements the AES Key Wrap algorithm described in RFC 3394. */
- * This code implements the AES Key Wrap algorithm described in RFC 3394.
+
- */
+/****************************************************************************
 * Included Files
 ****************************************************************************/
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -26,87 +29,127 @@
 #include <crypto/aes.h>
 #include <crypto/key_wrap.h>
-static const u_int8_t IV[8] =
+static const uint8_t IV[8] =
 	{ 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6 };
 void
 aes_key_wrap_set_key(aes_key_wrap_ctx *ctx, const u_int8_t *K, size_t K_len)
 {
-	AES_Setkey(&ctx->ctx, K, K_len);
+  0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6
 };
 /****************************************************************************
 * Public Functions
 ****************************************************************************/
 void aes_key_wrap_set_key(FAR aes_key_wrap_ctx *ctx,
                          FAR const uint8_t *K,
                          size_t k_len)
 {
  aes_setkey(&ctx->ctx, K, k_len);
 }
-void
+void aes_key_wrap_set_key_wrap_only(FAR aes_key_wrap_ctx *ctx,
-aes_key_wrap_set_key_wrap_only(aes_key_wrap_ctx *ctx, const u_int8_t *K,
+                                    FAR const uint8_t *K,
-    size_t K_len)
+                                    size_t k_len)
 {
-	AES_Setkey(&ctx->ctx, K, K_len);
+  aes_setkey(&ctx->ctx, K, k_len);
 }
-void
+void aes_key_wrap(FAR aes_key_wrap_ctx *ctx,
-aes_key_wrap(aes_key_wrap_ctx *ctx, const u_int8_t *P, size_t n, u_int8_t *C)
+                  FAR const uint8_t *P,
                  size_t n, FAR uint8_t *C)
 {
-	u_int64_t B[2], t;
+  uint64_t B[2];
-	u_int8_t *A, *R;
+  uint64_t t;
-	size_t i;
+  FAR uint8_t *A;
-	int j;
+  FAR uint8_t *R;
  size_t i;
  int j;
-	memmove(C + 8, P, n * 8);	/* P and C may overlap */
+  memmove(C + 8, P, n * 8); /* P and C may overlap */
-	A = C;				/* A points to C[0] */
+  A = C;                    /* A points to C[0] */
-	memcpy(A, IV, 8);		/* A = IV, an initial value */
+  memcpy(A, IV, 8);         /* A = IV, an initial value */
-	for (j = 0, t = 1; j <= 5; j++) {
+  for (j = 0, t = 1; j <= 5; j++)
-		R = C + 8;
+    {
-		for (i = 1; i <= n; i++, t++) {
+      R = C + 8;
-			/* B = A | R[i] */
+      for (i = 1; i <= n; i++, t++)
-			memcpy(&B[0], A, 8);
+        {
-			memcpy(&B[1], R, 8);
+          /* B = A | R[i] */
 			/* B = AES(K, B) */
 			AES_Encrypt(&ctx->ctx, (uint8_t *)B, (uint8_t *)B);
 			/* MSB(64, B) = MSB(64, B) ^ t */
 			B[0] ^= htobe64(t);
 			/* A = MSB(64, B) */
 			memcpy(A, &B[0], 8);
 			/* R[i] = LSB(64, B) */
 			memcpy(R, &B[1], 8);
-			R += 8;
+          memcpy(&B[0], A, 8);
-		}
+          memcpy(&B[1], R, 8);
-	}
+
-	explicit_bzero(B, sizeof B);
+          /* B = AES(K, B) */
          aes_encrypt(&ctx->ctx, (FAR uint8_t *)B, (FAR uint8_t *)B);
          /* MSB(64, B) = MSB(64, B) ^ t */
          B[0] ^= htobe64(t);
          /* A = MSB(64, B) */
          memcpy(A, &B[0], 8);
          /* R[i] = LSB(64, B) */
          memcpy(R, &B[1], 8);
          R += 8;
        }
    }
  explicit_bzero(B, sizeof B);
 }
-int
+int aes_key_unwrap(FAR aes_key_wrap_ctx *ctx,
-aes_key_unwrap(aes_key_wrap_ctx *ctx, const u_int8_t *C, u_int8_t *P, size_t n)
+                   FAR const uint8_t *C,
                   FAR uint8_t *P, size_t n)
 {
-	u_int64_t B[2], t;
+  uint64_t B[2];
-	u_int8_t A[8], *R;
+  uint64_t t;
-	size_t i;
+  uint8_t A[8];
-	int j;
+  FAR uint8_t *R;
  size_t i;
  int j;
-	memcpy(A, C, 8);		/* A = C[0] */
+  memcpy(A, C, 8);          /* A = C[0] */
-	memmove(P, C + 8, n * 8);	/* P and C may overlap */
+  memmove(P, C + 8, n * 8); /* P and C may overlap */
-	for (j = 5, t = 6 * n; j >= 0; j--) {
+  for (j = 5, t = 6 * n; j >= 0; j--)
-		R = P + (n - 1) * 8;
+    {
-		for (i = n; i >= 1; i--, t--) {
+      R = P + (n - 1) * 8;
-			/* MSB(64, B) = A */
+      for (i = n; i >= 1; i--, t--)
-			memcpy(&B[0], A, 8);
+        {
-			/* MSB(64, B) = MSB(64, B) ^ t */
+          /* MSB(64, B) = A */
 			B[0] ^= htobe64(t);
 			/* B = MSB(64, B) | R[i] */
 			memcpy(&B[1], R, 8);
 			/* B = AES-1(K, B) */
 			AES_Decrypt(&ctx->ctx, (uint8_t *)B, (uint8_t *)B);
 			/* A = MSB(64, B) */
 			memcpy(A, &B[0], 8);
 			/* R[i] = LSB(64, B) */
 			memcpy(R, &B[1], 8);
-			R -= 8;
+          memcpy(&B[0], A, 8);
 		}
 	}
 	explicit_bzero(B, sizeof B);
-	/* check that A is an appropriate initial value */
+          /* MSB(64, B) = MSB(64, B) ^ t */
-	return timingsafe_bcmp(A, IV, 8) != 0;
+
          B[0] ^= htobe64(t);
          /* B = MSB(64, B) | R[i] */
          memcpy(&B[1], R, 8);
          /* B = AES-1(K, B) */
          aes_decrypt(&ctx->ctx, (FAR uint8_t *)B, (FAR uint8_t *)B);
          /* A = MSB(64, B) */
          memcpy(A, &B[0], 8);
          /* R[i] = LSB(64, B) */
          memcpy(R, &B[1], 8);
          R -= 8;
        }
    }
  explicit_bzero(B, sizeof B);
  /* check that A is an appropriate initial value */
  return timingsafe_bcmp(A, IV, 8) != 0;
 }
@@ -1,8 +1,9 @@
-/*	$OpenBSD: md5.c,v 1.4 2014/12/28 10:04:35 tedu Exp $	*/
+/****************************************************************************
-
+ * crypto/md5.c
-/*
+ * $OpenBSD: md5.c,v 1.4 2014/12/28 10:04:35 tedu Exp $
 *
 * This code implements the MD5 message-digest algorithm.
- * The algorithm is due to Ron Rivest.	This code was
+ * The algorithm is due to Ron Rivest. This code was
 * written by Colin Plumb in 1993, no copyright is claimed.
 * This code is in the public domain; do with it what you wish.
 *
@@ -15,224 +16,263 @@
 * MD5Context structure, pass it to MD5Init, call MD5Update as
 * needed on buffers full of bytes, and then call MD5Final, which
 * will fill a supplied 16-byte array with the digest.
- */
+ ****************************************************************************/
 /****************************************************************************
 * Included Files
 ****************************************************************************/
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <crypto/md5.h>
-#define PUT_64BIT_LE(cp, value) do {					\
+#define PUT_64BIT_LE(cp, value)           \
-	(cp)[7] = (value) >> 56;					\
+  do                                      \
-	(cp)[6] = (value) >> 48;					\
+    {                                     \
-	(cp)[5] = (value) >> 40;					\
+      (cp)[7] = (value) >> 56;            \
-	(cp)[4] = (value) >> 32;					\
+      (cp)[6] = (value) >> 48;            \
-	(cp)[3] = (value) >> 24;					\
+      (cp)[5] = (value) >> 40;            \
-	(cp)[2] = (value) >> 16;					\
+      (cp)[4] = (value) >> 32;            \
-	(cp)[1] = (value) >> 8;						\
+      (cp)[3] = (value) >> 24;            \
-	(cp)[0] = (value); } while (0)
+      (cp)[2] = (value) >> 16;            \
      (cp)[1] = (value) >> 8;             \
      (cp)[0] = (value);                  \
    }                                     \
  while (0)
-#define PUT_32BIT_LE(cp, value) do {					\
+#define PUT_32BIT_LE(cp, value)           \
-	(cp)[3] = (value) >> 24;					\
+  do                                      \
-	(cp)[2] = (value) >> 16;					\
+    {                                     \
-	(cp)[1] = (value) >> 8;						\
+      (cp)[3] = (value) >> 24;            \
-	(cp)[0] = (value); } while (0)
+      (cp)[2] = (value) >> 16;            \
      (cp)[1] = (value) >> 8;             \
      (cp)[0] = (value);                  \
    }                                     \
  while (0)
-static u_int8_t PADDING[MD5_BLOCK_LENGTH] = {
+static uint8_t PADDING[MD5_BLOCK_LENGTH] =
-	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+{
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
 };
-/*
+/****************************************************************************
- * Start MD5 accumulation.  Set bit count to 0 and buffer to mysterious
+ * Public Functions
 ****************************************************************************/
 /* Start MD5 accumulation.  Set bit count to 0 and buffer to mysterious
 * initialization constants.
 */
-void
+
-MD5Init(MD5_CTX *ctx)
+void md5init(FAR MD5_CTX *ctx)
 {
-	ctx->count = 0;
+  ctx->count = 0;
-	ctx->state[0] = 0x67452301;
+  ctx->state[0] = 0x67452301;
-	ctx->state[1] = 0xefcdab89;
+  ctx->state[1] = 0xefcdab89;
-	ctx->state[2] = 0x98badcfe;
+  ctx->state[2] = 0x98badcfe;
-	ctx->state[3] = 0x10325476;
+  ctx->state[3] = 0x10325476;
 }
-/*
+/* Update context to reflect the concatenation of another buffer full
 * Update context to reflect the concatenation of another buffer full
 * of bytes.
 */
-void
+
-MD5Update(MD5_CTX *ctx, const void *inputptr, size_t len)
+void md5update(FAR MD5_CTX *ctx, FAR const void *inputptr, size_t len)
 {
-	const uint8_t *input = inputptr;
+  FAR const uint8_t *input = inputptr;
-	size_t have, need;
+  size_t have;
  size_t need;
-	/* Check how many bytes we already have and how many more we need. */
+  /* Check how many bytes we already have and how many more we need. */
 	have = (size_t)((ctx->count >> 3) & (MD5_BLOCK_LENGTH - 1));
 	need = MD5_BLOCK_LENGTH - have;
-	/* Update bitcount */
+  have = (size_t)((ctx->count >> 3) & (MD5_BLOCK_LENGTH - 1));
-	ctx->count += (u_int64_t)len << 3;
+  need = MD5_BLOCK_LENGTH - have;
-	if (len >= need) {
+  /* Update bitcount */
 		if (have != 0) {
 			memcpy(ctx->buffer + have, input, need);
 			MD5Transform(ctx->state, ctx->buffer);
 			input += need;
 			len -= need;
 			have = 0;
 		}
-		/* Process data in MD5_BLOCK_LENGTH-byte chunks. */
+  ctx->count += (uint64_t)len << 3;
 		while (len >= MD5_BLOCK_LENGTH) {
 			MD5Transform(ctx->state, input);
 			input += MD5_BLOCK_LENGTH;
 			len -= MD5_BLOCK_LENGTH;
 		}
 	}
-	/* Handle any remaining bytes of data. */
+  if (len >= need)
-	if (len != 0)
+    {
-		memcpy(ctx->buffer + have, input, len);
+      if (have != 0)
        {
          memcpy(ctx->buffer + have, input, need);
          md5transform(ctx->state, ctx->buffer);
          input += need;
          len -= need;
          have = 0;
        }
      /* Process data in MD5_BLOCK_LENGTH-byte chunks. */
      while (len >= MD5_BLOCK_LENGTH)
        {
          md5transform(ctx->state, input);
          input += MD5_BLOCK_LENGTH;
          len -= MD5_BLOCK_LENGTH;
        }
    }
  /* Handle any remaining bytes of data. */
  if (len != 0)
    {
      memcpy(ctx->buffer + have, input, len);
    }
 }
-/*
+/* Final wrapup - pad to 64-byte boundary with the bit pattern
 * Final wrapup - pad to 64-byte boundary with the bit pattern
 * 1 0* (64-bit count of bits processed, MSB-first)
 */
-void
+
-MD5Final(unsigned char digest[MD5_DIGEST_LENGTH], MD5_CTX *ctx)
+void md5final(FAR unsigned char *digest, FAR MD5_CTX *ctx)
 {
-	u_int8_t count[8];
+  uint8_t count[8];
-	size_t padlen;
+  size_t padlen;
-	int i;
+  int i;
-	/* Convert count to 8 bytes in little endian order. */
+  /* Convert count to 8 bytes in little endian order. */
 	PUT_64BIT_LE(count, ctx->count);
-	/* Pad out to 56 mod 64. */
+  PUT_64BIT_LE(count, ctx->count);
 	padlen = MD5_BLOCK_LENGTH -
 	    ((ctx->count >> 3) & (MD5_BLOCK_LENGTH - 1));
 	if (padlen < 1 + 8)
 		padlen += MD5_BLOCK_LENGTH;
 	MD5Update(ctx, PADDING, padlen - 8);		/* padlen - 8 <= 64 */
 	MD5Update(ctx, count, 8);
-	for (i = 0; i < 4; i++)
+  /* Pad out to 56 mod 64. */
-		PUT_32BIT_LE(digest + i * 4, ctx->state[i]);
+
-	explicit_bzero(ctx, sizeof(*ctx));	/* in case it's sensitive */
+  padlen = MD5_BLOCK_LENGTH -
      ((ctx->count >> 3) & (MD5_BLOCK_LENGTH - 1));
  if (padlen < 1 + 8)
    {
      padlen += MD5_BLOCK_LENGTH;
    }
  md5update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */
  md5update(ctx, count, 8);
  for (i = 0; i < 4; i++)
    {
      PUT_32BIT_LE(digest + i * 4, ctx->state[i]);
    }
  explicit_bzero(ctx, sizeof(*ctx)); /* in case it's sensitive */
 }
 /* The four core functions - F1 is optimized somewhat */
 /* #define F1(x, y, z) (x & y | ~x & z) */
-#define F1(x, y, z) (z ^ (x & (y ^ z)))
+
 #define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
 #define F2(x, y, z) F1(z, x, y)
-#define F3(x, y, z) (x ^ y ^ z)
+#define F3(x, y, z) ((x) ^ (y) ^ (z))
-#define F4(x, y, z) (y ^ (x | ~z))
+#define F4(x, y, z) ((y) ^ ((x) | ~(z)))
 /* This is the central step in the MD5 algorithm. */
 #define MD5STEP(f, w, x, y, z, data, s) \
 	( w += f(x, y, z) + data,  w = w<<s | w>>(32-s),  w += x )
-/*
+#define MD5STEP(f, w, x, y, z, data, s) \
- * The core of the MD5 algorithm, this alters an existing MD5 hash to
+  ((w) += f(x, y, z) + (data), \
   (w) = (w) << (s) | (w) >> (32 - (s)), \
   (w) += (x))
 /* The core of the MD5 algorithm, this alters an existing MD5 hash to
 * reflect the addition of 16 longwords of new data.  MD5Update blocks
 * the data and converts bytes into longwords for this routine.
 */
-void
+
-MD5Transform(u_int32_t state[4], const u_int8_t block[MD5_BLOCK_LENGTH])
+void md5transform(FAR uint32_t *state, FAR const uint8_t *block)
 {
-	u_int32_t a, b, c, d, in[MD5_BLOCK_LENGTH / 4];
+  uint32_t a;
  uint32_t b;
  uint32_t c;
  uint32_t d;
  uint32_t in[MD5_BLOCK_LENGTH / 4];
 #if BYTE_ORDER == LITTLE_ENDIAN
-	memcpy(in, block, sizeof(in));
+  memcpy(in, block, sizeof(in));
 #else
-	for (a = 0; a < MD5_BLOCK_LENGTH / 4; a++) {
+  for (a = 0; a < MD5_BLOCK_LENGTH / 4; a++)
-		in[a] = (u_int32_t)(
+    {
-		    (u_int32_t)(block[a * 4 + 0]) |
+      in[a] = (uint32_t)(
-		    (u_int32_t)(block[a * 4 + 1]) <<  8 |
+          (uint32_t)(block[a * 4 + 0]) |
-		    (u_int32_t)(block[a * 4 + 2]) << 16 |
+          (uint32_t)(block[a * 4 + 1]) <<  8 |
-		    (u_int32_t)(block[a * 4 + 3]) << 24);
+          (uint32_t)(block[a * 4 + 2]) << 16 |
-	}
+          (uint32_t)(block[a * 4 + 3]) << 24);
    }
 #endif
-	a = state[0];
+  a = state[0];
-	b = state[1];
+  b = state[1];
-	c = state[2];
+  c = state[2];
-	d = state[3];
+  d = state[3];
-	MD5STEP(F1, a, b, c, d, in[ 0] + 0xd76aa478,  7);
+  MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7);
-	MD5STEP(F1, d, a, b, c, in[ 1] + 0xe8c7b756, 12);
+  MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
-	MD5STEP(F1, c, d, a, b, in[ 2] + 0x242070db, 17);
+  MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17);
-	MD5STEP(F1, b, c, d, a, in[ 3] + 0xc1bdceee, 22);
+  MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
-	MD5STEP(F1, a, b, c, d, in[ 4] + 0xf57c0faf,  7);
+  MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
-	MD5STEP(F1, d, a, b, c, in[ 5] + 0x4787c62a, 12);
+  MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12);
-	MD5STEP(F1, c, d, a, b, in[ 6] + 0xa8304613, 17);
+  MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17);
-	MD5STEP(F1, b, c, d, a, in[ 7] + 0xfd469501, 22);
+  MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22);
-	MD5STEP(F1, a, b, c, d, in[ 8] + 0x698098d8,  7);
+  MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7);
-	MD5STEP(F1, d, a, b, c, in[ 9] + 0x8b44f7af, 12);
+  MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
-	MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
+  MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
-	MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22);
+  MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22);
-	MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122,  7);
+  MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7);
-	MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12);
+  MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12);
-	MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17);
+  MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17);
-	MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22);
+  MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22);
-	MD5STEP(F2, a, b, c, d, in[ 1] + 0xf61e2562,  5);
+  MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5);
-	MD5STEP(F2, d, a, b, c, in[ 6] + 0xc040b340,  9);
+  MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9);
-	MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14);
+  MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14);
-	MD5STEP(F2, b, c, d, a, in[ 0] + 0xe9b6c7aa, 20);
+  MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
-	MD5STEP(F2, a, b, c, d, in[ 5] + 0xd62f105d,  5);
+  MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5);
-	MD5STEP(F2, d, a, b, c, in[10] + 0x02441453,  9);
+  MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9);
-	MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
+  MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
-	MD5STEP(F2, b, c, d, a, in[ 4] + 0xe7d3fbc8, 20);
+  MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
-	MD5STEP(F2, a, b, c, d, in[ 9] + 0x21e1cde6,  5);
+  MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
-	MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6,  9);
+  MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9);
-	MD5STEP(F2, c, d, a, b, in[ 3] + 0xf4d50d87, 14);
+  MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
-	MD5STEP(F2, b, c, d, a, in[ 8] + 0x455a14ed, 20);
+  MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20);
-	MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905,  5);
+  MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
-	MD5STEP(F2, d, a, b, c, in[ 2] + 0xfcefa3f8,  9);
+  MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
-	MD5STEP(F2, c, d, a, b, in[ 7] + 0x676f02d9, 14);
+  MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14);
-	MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
+  MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
-	MD5STEP(F3, a, b, c, d, in[ 5] + 0xfffa3942,  4);
+  MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4);
-	MD5STEP(F3, d, a, b, c, in[ 8] + 0x8771f681, 11);
+  MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11);
-	MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
+  MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
-	MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23);
+  MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23);
-	MD5STEP(F3, a, b, c, d, in[ 1] + 0xa4beea44,  4);
+  MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4);
-	MD5STEP(F3, d, a, b, c, in[ 4] + 0x4bdecfa9, 11);
+  MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
-	MD5STEP(F3, c, d, a, b, in[ 7] + 0xf6bb4b60, 16);
+  MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
-	MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
+  MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
-	MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6,  4);
+  MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
-	MD5STEP(F3, d, a, b, c, in[ 0] + 0xeaa127fa, 11);
+  MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
-	MD5STEP(F3, c, d, a, b, in[ 3] + 0xd4ef3085, 16);
+  MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
-	MD5STEP(F3, b, c, d, a, in[ 6] + 0x04881d05, 23);
+  MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23);
-	MD5STEP(F3, a, b, c, d, in[ 9] + 0xd9d4d039,  4);
+  MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
-	MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
+  MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
-	MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
+  MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
-	MD5STEP(F3, b, c, d, a, in[2 ] + 0xc4ac5665, 23);
+  MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
-	MD5STEP(F4, a, b, c, d, in[ 0] + 0xf4292244,  6);
+  MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6);
-	MD5STEP(F4, d, a, b, c, in[7 ] + 0x432aff97, 10);
+  MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10);
-	MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15);
+  MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15);
-	MD5STEP(F4, b, c, d, a, in[5 ] + 0xfc93a039, 21);
+  MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21);
-	MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3,  6);
+  MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6);
-	MD5STEP(F4, d, a, b, c, in[3 ] + 0x8f0ccc92, 10);
+  MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
-	MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15);
+  MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15);
-	MD5STEP(F4, b, c, d, a, in[1 ] + 0x85845dd1, 21);
+  MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21);
-	MD5STEP(F4, a, b, c, d, in[8 ] + 0x6fa87e4f,  6);
+  MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
-	MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
+  MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
-	MD5STEP(F4, c, d, a, b, in[6 ] + 0xa3014314, 15);
+  MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15);
-	MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
+  MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
-	MD5STEP(F4, a, b, c, d, in[4 ] + 0xf7537e82,  6);
+  MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6);
-	MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10);
+  MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10);
-	MD5STEP(F4, c, d, a, b, in[2 ] + 0x2ad7d2bb, 15);
+  MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
-	MD5STEP(F4, b, c, d, a, in[9 ] + 0xeb86d391, 21);
+  MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21);
-	state[0] += a;
+  state[0] += a;
-	state[1] += b;
+  state[1] += b;
-	state[2] += c;
+  state[2] += c;
-	state[3] += d;
+  state[3] += d;
 }
@@ -1,22 +1,23 @@
-/*	$OpenBSD: podd.h,v 1.1 2000/02/28 23:13:05 deraadt Exp $	*/
+/****************************************************************************
-
+ * crypto/podd.h
-/* lib/des/podd.h */
+ * $OpenBSD: podd.h,v 1.1 2000/02/28 23:13:05 deraadt Exp $
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+ * lib/des/podd.h
 * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
 * All rights reserved.
- * 
+ *
 * This file is part of an SSL implementation written
 * by Eric Young (eay@mincom.oz.au).
 * The implementation was written so as to conform with Netscapes SSL
 * specification.  This library and applications are
 * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
 * as long as the following conditions are aheared to.
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.  If this code is used in a product,
 * Eric Young should be given attribution as the author of the parts used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -27,8 +28,9 @@
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
+ *    This product includes software developed
- * 
+ *    by Eric Young (eay@mincom.oz.au)
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -40,27 +42,41 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * derivative of this code cannot be changed.
 * i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
- */
+ ****************************************************************************/
-static const unsigned char odd_parity[256]={
+static const unsigned char odd_parity[256] =
-  1,  1,  2,  2,  4,  4,  7,  7,  8,  8, 11, 11, 13, 13, 14, 14,
+{
- 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
+  1, 1, 2,  2, 4, 4, 7, 7, 8, 8, 11, 11, 13,
- 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
+  13, 14, 14, 16, 16, 19, 19, 21, 21, 22, 22,
- 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
+  25, 25, 26, 26, 28, 28, 31, 31, 32, 32, 35,
- 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
+  35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44,
- 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
+  47, 47, 49, 49, 50, 50, 52, 52, 55, 55, 56,
- 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
+  56, 59, 59, 61, 61, 62, 62, 64, 64, 67, 67,
-112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
+  69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79,
-128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
+  79, 81, 81, 82, 82, 84, 84, 87, 87, 88, 88,
-145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
+  91, 91, 93, 93, 94, 94, 97, 97, 98, 98, 100,
-161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
+  100, 103, 103, 104, 104, 107, 107, 109, 109,
-176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
+  110, 110, 112, 112, 115, 115, 117, 117, 118,
-193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
+  118, 121, 121, 122, 122, 124, 124, 127, 127,
-208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
+  128, 128, 131, 131, 133, 133, 134, 134, 137,
-224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
+  137, 138, 138, 140, 140, 143, 143, 145, 145,
-241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
+  146, 146, 148, 148, 151, 151, 152, 152, 155,
  155, 157, 157, 158, 158, 161, 161, 162, 162,
  164, 164, 167, 167, 168, 168, 171, 171, 173,
  173, 174, 174, 176, 176, 179, 179, 181, 181,
  182, 182, 185, 185, 186, 186, 188, 188, 191,
  191, 193, 193, 194, 194, 196, 196, 199, 199,
  200, 200, 203, 203, 205, 205, 206, 206, 208,
  208, 211, 211, 213, 213, 214, 214, 217, 217,
  218, 218, 220, 220, 223, 223, 224, 224, 227,
  227, 229, 229, 230, 230, 233, 233, 234, 234,
  236, 236, 239, 239, 241, 241, 242, 242, 244,
  244, 247, 247, 248, 248, 251, 251, 253, 253,
  254, 254
 };
@@ -1,22 +1,23 @@
-/*	$OpenBSD: set_key.c,v 1.5 2021/03/12 10:22:46 jsg Exp $	*/
+/****************************************************************************
-
+ * crypto/set_key.c
-/* lib/des/set_key.c */
+ * $OpenBSD: set_key.c,v 1.5 2021/03/12 10:22:46 jsg Exp $
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+ * lib/des/set_key.c
 * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
 * All rights reserved.
- * 
+ *
 * This file is part of an SSL implementation written
 * by Eric Young (eay@mincom.oz.au).
 * The implementation was written so as to conform with Netscapes SSL
 * specification.  This library and applications are
 * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
 * as long as the following conditions are aheared to.
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.  If this code is used in a product,
 * Eric Young should be given attribution as the author of the parts used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -27,8 +28,9 @@
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
+ *    This product includes software developed by
- * 
+ *    Eric Young (eay@mincom.oz.au)
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -40,38 +42,45 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * derivative of this code cannot be changed.
 * i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
- */
+ *
-
+ * set_key.c v 1.4 eay 24/9/91
 /* set_key.c v 1.4 eay 24/9/91
 * 1.4 Speed up by 400% :-)
 * 1.3 added register declarations.
 * 1.2 unrolled make_key_sched a bit more
 * 1.1 added norm_expand_bits
 * 1.0 First working version
- */
+ ****************************************************************************/
 /****************************************************************************
 * Included Files
 ****************************************************************************/
 #include "des_locl.h"
 #include "podd.h"
 #include "sk.h"
-static int check_parity(des_cblock (*key));
+static int check_parity(FAR des_cblock *key);
-int des_check_key=0;
+int des_check_key;
-static int
+static int check_parity(FAR des_cblock *key)
 check_parity(des_cblock (*key))
 {
-	int i;
+  int i;
-	for (i = 0; i < DES_KEY_SZ; i++) {
+  for (i = 0; i < DES_KEY_SZ; i++)
-		if ((*key)[i] != odd_parity[(*key)[i]])
+  {
-			return(0);
+    if (*key[i] != odd_parity[*key[i]])
-	}
+      {
-	return (1);
+        return 0;
      }
  }
  return 1;
 }
 /* Weak and semi week keys as take from
@@ -83,132 +92,206 @@ check_parity(des_cblock (*key))
 * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
 * (and actual cblock values).
 */
 #define NUM_WEAK_KEY	16
 static des_cblock weak_keys[NUM_WEAK_KEY]={
 	/* weak keys */
 	{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
 	{0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
 	{0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F},
 	{0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0},
 	/* semi-weak keys */
 	{0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE},
 	{0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},
 	{0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1},
 	{0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E},
 	{0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1},
 	{0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01},
 	{0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE},
 	{0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E},
 	{0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E},
 	{0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01},
 	{0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
 	{0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}};
-int
+#define NUM_WEAK_KEY 16
-des_is_weak_key(des_cblock (*key))
+static des_cblock weak_keys[NUM_WEAK_KEY] =
 {
-	int i;
+  /* weak keys */
-	for (i = 0; i < NUM_WEAK_KEY; i++) {
+  {
-		/* Added == 0 to comparison, I obviously don't run
+    0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01
-		 * this section very often :-(, thanks to
+  },
-		 * engineering@MorningStar.Com for the fix
+  {
-		 * eay 93/06/29 */
+    0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe
-		if (bcmp(weak_keys[i], key, sizeof(des_cblock)) == 0)
+  },
-			return (1);
+  {
-	}
+    0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f
-	return (0);
+  },
  {
    0xe0, 0xe0, 0xe0, 0xe0, 0xe0, 0xe0, 0xe0, 0xe0
  },
  /* semi-weak keys */
  {
    0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe
  },
  {
    0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01
  },
  {
    0x1f, 0xe0, 0x1f, 0xe0, 0x0e, 0xf1, 0x0e, 0xf1
  },
  {
    0xe0, 0x1f, 0xe0, 0x1f, 0xf1, 0x0e, 0xf1, 0x0e
  },
  {
    0x01, 0xe0, 0x01, 0xe0, 0x01, 0xf1, 0x01, 0xf1
  },
  {
    0xe0, 0x01, 0xe0, 0x01, 0xf1, 0x01, 0xf1, 0x01
  },
  {
    0x1f, 0xfe, 0x1f, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe
  },
  {
    0xfe, 0x1f, 0xfe, 0x1f, 0xfe, 0x0e, 0xfe, 0x0e
  },
  {
    0x01, 0x1f, 0x01, 0x1f, 0x01, 0x0e, 0x01, 0x0e
  },
  {
    0x1f, 0x01, 0x1f, 0x01, 0x0e, 0x01, 0x0e, 0x01
  },
  {
    0xe0, 0xfe, 0xe0, 0xfe, 0xf1, 0xfe, 0xf1, 0xfe
  },
  {
    0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf1, 0xfe, 0xf1
  }
 };
 /****************************************************************************
 * Public Functions
 ****************************************************************************/
 int des_is_weak_key(FAR des_cblock *key)
 {
  int i;
  for (i = 0; i < NUM_WEAK_KEY; i++)
    {
      /* Added == 0 to comparison, I obviously don't run
       * this section very often :-(, thanks to
       * engineering@MorningStar.Com for the fix
       * eay 93/06/29
       */
      if (bcmp(weak_keys[i], key, sizeof(des_cblock)) == 0)
        {
          return 1;
        }
    }
  return 0;
 }
 /* NOW DEFINED IN des_local.h
- * See ecb_encrypt.c for a pseudo description of these macros. 
+ * See ecb_encrypt.c for a pseudo description of these macros.
 * #define PERM_OP(a, b, t, n, m) ((t) = ((((a) >> (n))^(b)) & (m)),\
- * 	(b)^=(t),\
+ *  (b)^=(t),\
- * 	(a) = ((a)^((t) << (n))))
+ *  (a) = ((a)^((t) << (n))))
 */
 #define HPERM_OP(a, t, n, m) ((t) = ((((a) << (16 - (n)))^(a)) & (m)),\
-	(a) = (a)^(t)^(t >> (16 - (n))))
+  (a) = (a)^(t)^(t >> (16 - (n))))
-static int shifts2[16]={0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0};
+static int shifts2[16] =
 {
  0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0
 };
 /* return 0 if key parity is odd (correct),
 * return -1 if key parity error,
 * return -2 if illegal weak key.
 */
-int
+
-des_set_key(des_cblock (*key), des_key_schedule schedule)
+int des_set_key(FAR des_cblock *key, des_key_schedule schedule)
 {
-	register u_int32_t c, d, t, s;
+  register uint32_t c;
-	register unsigned char *in;
+  register uint32_t d;
-	register u_int32_t *k;
+  register uint32_t t;
-	register int i;
+  register uint32_t s;
  FAR register unsigned char *in;
  FAR register uint32_t *k;
  register int i;
-	if (des_check_key) {
+  if (des_check_key)
-		if (!check_parity(key))
+    {
-			return(-1);
+      if (!check_parity(key))
        {
          return(-1);
        }
-		if (des_is_weak_key(key))
+      if (des_is_weak_key(key))
-			return(-2);
+        {
-	}
+          return(-2);
        }
    }
-	k = (u_int32_t *) schedule;
+  k = (FAR uint32_t *)schedule;
-	in = (unsigned char *) key;
+  in = (FAR unsigned char *)key;
-	c2l(in, c);
+  c2l(in, c);
-	c2l(in, d);
+  c2l(in, d);
-	/* do PC1 in 60 simple operations */ 
+  /* do PC1 in 60 simple operations */
 /*	PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
 	HPERM_OP(c, t, -2, 0xcccc0000L);
 	HPERM_OP(c, t, -1, 0xaaaa0000L);
 	HPERM_OP(c, t, 8, 0x00ff0000L);
 	HPERM_OP(c, t, -1, 0xaaaa0000L);
 	HPERM_OP(d, t, -8, 0xff000000L);
 	HPERM_OP(d, t, 8, 0x00ff0000L);
 	HPERM_OP(d, t, 2, 0x33330000L);
 	d = ((d & 0x00aa00aaL) << 7L) | ((d & 0x55005500L) >> 7L) | (d & 0xaa55aa55L);
 	d = (d >> 8) | ((c & 0xf0000000L) >> 4);
 	c &= 0x0fffffffL; */
-	/* I now do it in 47 simple operations :-)
+  /* PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
-	 * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
+   * HPERM_OP(c, t, -2, 0xcccc0000L);
-	 * for the inspiration. :-) */
+   * HPERM_OP(c, t, -1, 0xaaaa0000L);
-	PERM_OP (d, c, t, 4, 0x0f0f0f0fL);
+   * HPERM_OP(c, t, 8, 0x00ff0000L);
-	HPERM_OP(c, t, -2, 0xcccc0000L);
+   * HPERM_OP(c, t, -1, 0xaaaa0000L);
-	HPERM_OP(d, t, -2, 0xcccc0000L);
+   * HPERM_OP(d, t, -8, 0xff000000L);
-	PERM_OP (d, c, t, 1, 0x55555555L);
+   * HPERM_OP(d, t, 8, 0x00ff0000L);
-	PERM_OP (c, d, t, 8, 0x00ff00ffL);
+   * HPERM_OP(d, t, 2, 0x33330000L);
-	PERM_OP (d, c, t, 1, 0x55555555L);
+   * d = ((d & 0x00aa00aaL) << 7L) |
-	d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) |
+   * ((d & 0x55005500L) >> 7L) | (d & 0xaa55aa55L);
-	     ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L));
+   * d = (d >> 8) | ((c & 0xf0000000L) >> 4);
-	c &= 0x0fffffffL;
+   * c &= 0x0fffffffL;
   */
-	for (i = 0; i < ITERATIONS; i++) {
+  /* I now do it in 47 simple operations :-)
-		if (shifts2[i])
+   * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
-			{ c = ((c >> 2L) | (c << 26L)); d = ((d >> 2L) | (d << 26L)); }
+   * for the inspiration. :-)
-		else
+   */
 			{ c = ((c >> 1L) | (c << 27L)); d = ((d >> 1L) | (d << 27L)); }
 		c &= 0x0fffffffL;
 		d &= 0x0fffffffL;
 		/* could be a few less shifts but I am to lazy at this
 		 * point in time to investigate */
 		s = des_skb[0][ (c    ) & 0x3f                ]|
 		    des_skb[1][((c >> 6) & 0x03) | ((c >> 7L) & 0x3c)]|
 		    des_skb[2][((c >> 13) & 0x0f) | ((c >> 14L) & 0x30)]|
 		    des_skb[3][((c >> 20) & 0x01) | ((c >> 21L) & 0x06) |
 						  ((c >> 22L) & 0x38)];
 		t = des_skb[4][ (d    ) & 0x3f                ]|
 		    des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)]|
 		    des_skb[6][ (d >> 15L) & 0x3f                ]|
 		    des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)];
-		/* table contained 0213 4657 */
+  PERM_OP (d, c, t, 4, 0x0f0f0f0fl);
-		*(k++) = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL;
+  HPERM_OP(c, t, -2, 0xcccc0000l);
-		s = ((s >> 16L) | (t & 0xffff0000L));
+  HPERM_OP(d, t, -2, 0xcccc0000l);
-		
+  PERM_OP (d, c, t, 1, 0x55555555l);
-		s = (s << 4L) | (s >> 28L);
+  PERM_OP (c, d, t, 8, 0x00ff00ffl);
-		*(k++) = s & 0xffffffffL;
+  PERM_OP (d, c, t, 1, 0x55555555l);
-	}
+  d = (((d & 0x000000ffl) << 16l) | (d & 0x0000ff00l) |
-	return (0);
+      ((d & 0x00ff0000l) >> 16l) | ((c & 0xf0000000l) >> 4l));
  c &= 0x0fffffffl;
  for (i = 0; i < ITERATIONS; i++)
    {
      if (shifts2[i])
        {
          c = ((c >> 2l) | (c << 26l)); d = ((d >> 2l) | (d << 26l));
        }
      else
        {
          c = ((c >> 1l) | (c << 27l)); d = ((d >> 1l) | (d << 27l));
        }
      c &= 0x0fffffffl;
      d &= 0x0fffffffl;
      /* could be a few less shifts but I am to lazy at this
       * point in time to investigate
       */
      s = des_skb[0][(c) & 0x3f] |
          des_skb[1][((c >> 6) & 0x03) | ((c >> 7l) & 0x3c)] |
          des_skb[2][((c >> 13) & 0x0f) | ((c >> 14l) & 0x30)] |
          des_skb[3][((c >> 20) & 0x01) | ((c >> 21l) & 0x06) |
                ((c >> 22l) & 0x38)];
      t = des_skb[4][(d) & 0x3f] |
          des_skb[5][((d >> 7l) & 0x03) | ((d >> 8l) & 0x3c)] |
          des_skb[6][(d >> 15l) & 0x3f] |
          des_skb[7][((d >> 21l) & 0x0f) | ((d >> 22l) & 0x30)];
      /* table contained 0213 4657 */
      *(k++) = ((t << 16l) | (s & 0x0000ffffl)) & 0xffffffffl;
      s = ((s >> 16l) | (t & 0xffff0000l));
      s = (s << 4l) | (s >> 28l);
      *(k++) = s & 0xffffffffl;
    }
  return 0;
 }
@@ -1,10 +1,11 @@
-/*	$OpenBSD: sha1.c,v 1.11 2014/12/28 10:04:35 tedu Exp $	*/
+/****************************************************************************
-
+ * crypto/sha1.c
-/*
+ * $OpenBSD: sha1.c,v 1.11 2014/12/28 10:04:35 tedu Exp $
 *
 * SHA-1 in C
 * By Steve Reid <steve@edmweb.com>
 * 100% Public Domain
- * 
+ *
 * Test Vectors (from FIPS PUB 180-1)
 * "abc"
 *   A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
@@ -12,158 +13,294 @@
 *   84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
 * A million repetitions of "a"
 *   34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
 */
-/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
+ ****************************************************************************/
 /* #define SHA1HANDSOFF * Copies data before messing with it. */
-#define SHA1HANDSOFF
+/****************************************************************************
 * Included Files
 ****************************************************************************/
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <crypto/sha1.h>
 /* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
 /* #define SHA1HANDSOFF * Copies data before messing with it. */
 #define SHA1HANDSOFF
 #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
 /* blk0() and blk() perform the initial expand. */
 /* I got the idea of expanding during the round function from SSLeay */
 #if BYTE_ORDER == LITTLE_ENDIAN
-#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
+#  define blk0(i) (block->l[i] = (rol(block->l[i] , 24) & 0xff00ff00) \
-    |(rol(block->l[i],8)&0x00FF00FF))
+    | (rol(block->l[i], 8) & 0x00ff00ff))
 #else
-#define blk0(i) block->l[i]
+#  define blk0(i) block->l[i]
 #endif
-#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
+#define blk(i) (block->l[i & 15] = \
-    ^block->l[(i+2)&15]^block->l[i&15],1))
+    rol(block->l[(i + 13) & 15] ^ block->l[(i + 8) & 15] \
    ^ block->l[(i + 2) & 15] ^ block->l[i & 15], 1))
 /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
-#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
+#define R0(v,w,x,y,z,i)                   \
-#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
+  do                                      \
-#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
+    {                                     \
-#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
+      z += ((w & (x ^ y)) ^ y)            \
-#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
+      + blk0(i) + 0x5a827999 + rol(v, 5); \
      w = rol(w, 30);                     \
    }                                     \
  while (0)
 #define R1(v,w,x,y,z,i)                   \
  do                                      \
    {                                     \
      z += ((w & (x ^ y)) ^y)             \
      + blk(i) + 0x5a827999 + rol(v, 5);  \
      w = rol(w, 30);                     \
    }                                     \
  while (0)
 #define R2(v,w,x,y,z,i)                   \
  do                                      \
    {                                     \
      z += (w ^ x ^ y)                    \
      + blk(i) + 0x6ed9eba1 + rol(v, 5);  \
      w = rol(w,30);                      \
    }                                     \
  while (0)
 #define R3(v,w,x,y,z,i)                   \
  do                                      \
    {                                     \
      z += (((w | x) & y) | (w & x))      \
      + blk(i)+ 0x8f1bbcdc + rol(v, 5);   \
      w = rol(w, 30);                     \
    }                                     \
  while (0)
 #define R4(v,w,x,y,z,i)                   \
  do                                      \
    {                                     \
      z += (w ^ x ^y)                     \
      + blk(i) + 0xca62c1d6 + rol(v, 5);  \
      w=rol(w, 30);                       \
    }                                     \
  while (0)
 /****************************************************************************
 * Public Functions
 ****************************************************************************/
 /* Hash a single 512-bit block. This is the core of the algorithm. */
-void
+void sha1transform(FAR uint32_t *state,
-SHA1Transform(u_int32_t state[5], const unsigned char buffer[SHA1_BLOCK_LENGTH])
+                   FAR const unsigned char *buffer)
 {
-    u_int32_t a, b, c, d, e;
+  uint32_t a;
-    typedef union {
+  uint32_t b;
-        unsigned char c[64];
+  uint32_t c;
-        unsigned int l[16];
+  uint32_t d;
-    } CHAR64LONG16;
+  uint32_t e;
-    CHAR64LONG16* block;
+
  typedef union
  {
    unsigned char c[64];
    unsigned int l[16];
  } CHAR64LONG16;
  FAR CHAR64LONG16 *block;
 #ifdef SHA1HANDSOFF
-    unsigned char workspace[SHA1_BLOCK_LENGTH];
+  unsigned char workspace[SHA1_BLOCK_LENGTH];
-    block = (CHAR64LONG16 *)workspace;
+  block = (FAR CHAR64LONG16 *)workspace;
-    memcpy(block, buffer, SHA1_BLOCK_LENGTH);
+  memcpy(block, buffer, SHA1_BLOCK_LENGTH);
 #else
-    block = (CHAR64LONG16 *)buffer;
+  block = (FAR CHAR64LONG16 *)buffer;
 #endif
    /* Copy context->state[] to working vars */
    a = state[0];
    b = state[1];
    c = state[2];
    d = state[3];
    e = state[4];
-    /* 4 rounds of 20 operations each. Loop unrolled. */
+  /* Copy context->state[] to working vars */
    R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
    R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
    R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
    R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
    R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
    R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
    R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
    R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
    R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
    R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
    R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
    R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
    R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
    R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
    R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
    R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
    R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
    R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
    R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
    R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
-    /* Add the working vars back into context.state[] */
+  a = state[0];
-    state[0] += a;
+  b = state[1];
-    state[1] += b;
+  c = state[2];
-    state[2] += c;
+  d = state[3];
-    state[3] += d;
+  e = state[4];
-    state[4] += e;
+
-    /* Wipe variables */
+  /* 4 rounds of 20 operations each. Loop unrolled. */
-    a = b = c = d = e = 0;
+
  R0(a, b, c, d, e, 0);
  R0(e, a, b, c, d, 1);
  R0(d, e, a, b, c, 2);
  R0(c, d, e, a, b, 3);
  R0(b, c, d, e, a, 4);
  R0(a, b, c, d, e, 5);
  R0(e, a, b, c, d, 6);
  R0(d, e, a, b, c, 7);
  R0(c, d, e, a, b, 8);
  R0(b, c, d, e, a, 9);
  R0(a, b, c, d, e, 10);
  R0(e, a, b, c, d, 11);
  R0(d, e, a, b, c, 12);
  R0(c, d, e, a, b, 13);
  R0(b, c, d, e, a, 14);
  R0(a, b, c, d, e, 15);
  R1(e, a, b, c, d, 16);
  R1(d, e, a, b, c, 17);
  R1(c, d, e, a, b, 18);
  R1(b, c, d, e, a, 19);
  R2(a, b, c, d, e, 20);
  R2(e, a, b, c, d, 21);
  R2(d, e, a, b, c, 22);
  R2(c, d, e, a, b, 23);
  R2(b, c, d, e, a, 24);
  R2(a, b, c, d, e, 25);
  R2(e, a, b, c, d, 26);
  R2(d, e, a, b, c, 27);
  R2(c, d, e, a, b, 28);
  R2(b, c, d, e, a, 29);
  R2(a, b, c, d, e, 30);
  R2(e, a, b, c, d, 31);
  R2(d, e, a, b, c, 32);
  R2(c, d, e, a, b, 33);
  R2(b, c, d, e, a, 34);
  R2(a, b, c, d, e, 35);
  R2(e, a, b, c, d, 36);
  R2(d, e, a, b, c, 37);
  R2(c, d, e, a, b, 38);
  R2(b, c, d, e, a, 39);
  R3(a, b, c, d, e, 40);
  R3(e, a, b, c, d, 41);
  R3(d, e, a, b, c, 42);
  R3(c, d, e, a, b, 43);
  R3(b, c, d, e, a, 44);
  R3(a, b, c, d, e, 45);
  R3(e, a, b, c, d, 46);
  R3(d, e, a, b, c, 47);
  R3(c, d, e, a, b, 48);
  R3(b, c, d, e, a, 49);
  R3(a, b, c, d, e, 50);
  R3(e, a, b, c, d, 51);
  R3(d, e, a, b, c, 52);
  R3(c, d, e, a, b, 53);
  R3(b, c, d, e, a, 54);
  R3(a, b, c, d, e, 55);
  R3(e, a, b, c, d, 56);
  R3(d, e, a, b, c, 57);
  R3(c, d, e, a, b, 58);
  R3(b, c, d, e, a, 59);
  R4(a, b, c, d, e, 60);
  R4(e, a, b, c, d, 61);
  R4(d, e, a, b, c, 62);
  R4(c, d, e, a, b, 63);
  R4(b, c, d, e, a, 64);
  R4(a, b, c, d, e, 65);
  R4(e, a, b, c, d, 66);
  R4(d, e, a, b, c, 67);
  R4(c, d, e, a, b, 68);
  R4(b, c, d, e, a, 69);
  R4(a, b, c, d, e, 70);
  R4(e, a, b, c, d, 71);
  R4(d, e, a, b, c, 72);
  R4(c, d, e, a, b, 73);
  R4(b, c, d, e, a, 74);
  R4(a, b, c, d, e, 75);
  R4(e, a, b, c, d, 76);
  R4(d, e, a, b, c, 77);
  R4(c, d, e, a, b, 78);
  R4(b, c, d, e, a, 79);
  /* Add the working vars back into context.state[] */
  state[0] += a;
  state[1] += b;
  state[2] += c;
  state[3] += d;
  state[4] += e;
  /* Wipe variables */
  a = b = c = d = e = 0;
 }
 /* SHA1Init - Initialize new context */
-void
+void sha1init(FAR SHA1_CTX *context)
 SHA1Init(SHA1_CTX *context)
 {
-    /* SHA1 initialization constants */
+  /* SHA1 initialization constants */
    context->count = 0;
    context->state[0] = 0x67452301;
    context->state[1] = 0xEFCDAB89;
    context->state[2] = 0x98BADCFE;
    context->state[3] = 0x10325476;
    context->state[4] = 0xC3D2E1F0;
 }
  context->count = 0;
  context->state[0] = 0x67452301;
  context->state[1] = 0xefcdab89;
  context->state[2] = 0x98badcfe;
  context->state[3] = 0x10325476;
  context->state[4] = 0xc3d2e1f0;
 }
 /* Run your data through this. */
-void
+void sha1update(FAR SHA1_CTX *context,
-SHA1Update(SHA1_CTX *context, const void *dataptr, unsigned int len)
+                FAR const void *dataptr,
                unsigned int len)
 {
-    const uint8_t *data = dataptr;
+  FAR const uint8_t *data = dataptr;
-    unsigned int i;
+  unsigned int i;
-    unsigned int j;
+  unsigned int j;
-    j = (u_int32_t)((context->count >> 3) & 63);
+  j = (uint32_t)((context->count >> 3) & 63);
-    context->count += (len << 3);
+  context->count += (len << 3);
-    if ((j + len) > 63) {
+  if ((j + len) > 63)
-        memcpy(&context->buffer[j], data, (i = 64 - j));
+    {
-        SHA1Transform(context->state, context->buffer);
+      memcpy(&context->buffer[j], data, (i = 64 - j));
-        for ( ; i + 63 < len; i += 64) {
+      sha1transform(context->state, context->buffer);
-            SHA1Transform(context->state, &data[i]);
+      for (; i + 63 < len; i += 64)
        {
          sha1transform(context->state, &data[i]);
        }
        j = 0;
    }
    else i = 0;
    memcpy(&context->buffer[j], &data[i], len - i);
 }
      j = 0;
    }
  else
    {
      i = 0;
    }
  memcpy(&context->buffer[j], &data[i], len - i);
 }
 /* Add padding and return the message digest. */
-void
+void sha1final(FAR unsigned char *digest,
-SHA1Final(unsigned char digest[SHA1_DIGEST_LENGTH], SHA1_CTX *context)
+               FAR SHA1_CTX *context)
 {
-    unsigned int i;
+  unsigned int i;
-    unsigned char finalcount[8];
+  unsigned char finalcount[8];
-    for (i = 0; i < 8; i++) {
+  for (i = 0; i < 8; i++)
-        finalcount[i] = (unsigned char)((context->count >>
+    {
-            ((7 - (i & 7)) * 8)) & 255);  /* Endian independent */
+      finalcount[i] = (unsigned char)((context->count >>
          ((7 - (i & 7)) * 8)) & 255);  /* Endian independent */
    }
    SHA1Update(context, "\200", 1);
    while ((context->count & 504) != 448) {
        SHA1Update(context, "\0", 1);
    }
    SHA1Update(context, finalcount, 8);  /* Should cause a SHA1Transform() */
-    for (i = 0; i < SHA1_DIGEST_LENGTH; i++) {
+  sha1update(context, "\200", 1);
-        digest[i] = (unsigned char)((context->state[i >> 2] >>
+  while ((context->count & 504) != 448)
-            ((3 - (i & 3)) * 8)) & 255);
+    {
      sha1update(context, "\0", 1);
    }
-    explicit_bzero(&finalcount, sizeof(finalcount));
+
-    explicit_bzero(context, sizeof(*context));
+  sha1update(context, finalcount, 8);  /* Should cause a SHA1Transform() */
  for (i = 0; i < SHA1_DIGEST_LENGTH; i++)
    {
      digest[i] = (unsigned char)((context->state[i >> 2] >>
        ((3 - (i & 3)) * 8)) & 255);
    }
  explicit_bzero(&finalcount, sizeof(finalcount));
  explicit_bzero(context, sizeof(*context));
 }
@@ -1,6 +1,7 @@
-/*	$OpenBSD: siphash.c,v 1.5 2018/01/05 19:05:09 mikeb Exp $ */
+/****************************************************************************
-
+ * crypto/siphash.c
-/*-
+ * $OpenBSD: siphash.c,v 1.5 2018/01/05 19:05:09 mikeb Exp $
 *
 * Copyright (c) 2013 Andre Oppermann <andre@FreeBSD.org>
 * All rights reserved.
 *
@@ -27,11 +28,11 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- */
+ ****************************************************************************/
-/*
+/* SipHash is a family of PRFs SipHash-c-d where the integer parameters
- * SipHash is a family of PRFs SipHash-c-d where the integer parameters c and d
+ * c and d are the number of compression rounds and the number of
- * are the number of compression rounds and the number of finalization rounds.
+ * finalization rounds.
 * A compression round is identical to a finalization round and this round
 * function is called SipRound.  Given a 128-bit key k and a (possibly empty)
 * byte string m, SipHash-c-d returns a 64-bit value SipHash-c-d(k; m).
@@ -43,139 +44,154 @@
 * https://131002.net/siphash/
 */
 /****************************************************************************
 * Included Files
 ****************************************************************************/
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <crypto/siphash.h>
-static void	SipHash_CRounds(SIPHASH_CTX *, int);
+static void	siphash_crounds(FAR SIPHASH_CTX *, int);
-static void	SipHash_Rounds(SIPHASH_CTX *, int);
+static void	siphash_rounds(FAR SIPHASH_CTX *, int);
-void
+/****************************************************************************
-SipHash_Init(SIPHASH_CTX *ctx, const SIPHASH_KEY *key)
+ * Public Functions
 ****************************************************************************/
 void siphash_init(FAR SIPHASH_CTX *ctx, FAR const SIPHASH_KEY *key)
 {
-	uint64_t k0, k1;
+  uint64_t k0, k1;
-	k0 = lemtoh64(&key->k0);
+  k0 = lemtoh64(&key->k0);
-	k1 = lemtoh64(&key->k1);
+  k1 = lemtoh64(&key->k1);
-	ctx->v[0] = 0x736f6d6570736575ULL ^ k0;
+  ctx->v[0] = 0x736f6d6570736575ull ^ k0;
-	ctx->v[1] = 0x646f72616e646f6dULL ^ k1;
+  ctx->v[1] = 0x646f72616e646f6dull ^ k1;
-	ctx->v[2] = 0x6c7967656e657261ULL ^ k0;
+  ctx->v[2] = 0x6c7967656e657261ull ^ k0;
-	ctx->v[3] = 0x7465646279746573ULL ^ k1;
+  ctx->v[3] = 0x7465646279746573ull ^ k1;
-	memset(ctx->buf, 0, sizeof(ctx->buf));
+  memset(ctx->buf, 0, sizeof(ctx->buf));
-	ctx->bytes = 0;
+  ctx->bytes = 0;
 }
-void
+void siphash_update(FAR SIPHASH_CTX *ctx,
-SipHash_Update(SIPHASH_CTX *ctx, int rc, int rf, const void *src, size_t len)
+                    int rc, int rf,
                    FAR const void *src, size_t len)
 {
-	const uint8_t *ptr = src;
+  FAR const uint8_t *ptr = src;
-	size_t left, used;
+  size_t left;
  size_t used;
-	if (len == 0)
+  if (len == 0)
-		return;
+    return;
-	used = ctx->bytes % sizeof(ctx->buf);
+  used = ctx->bytes % sizeof(ctx->buf);
-	ctx->bytes += len;
+  ctx->bytes += len;
-	if (used > 0) {
+  if (used > 0)
-		left = sizeof(ctx->buf) - used;
+    {
      left = sizeof(ctx->buf) - used;
-		if (len >= left) {
+      if (len >= left)
-			memcpy(&ctx->buf[used], ptr, left);
+        {
-			SipHash_CRounds(ctx, rc);
+          memcpy(&ctx->buf[used], ptr, left);
-			len -= left;
+          siphash_crounds(ctx, rc);
-			ptr += left;
+          len -= left;
-		} else {
+          ptr += left;
-			memcpy(&ctx->buf[used], ptr, len);
+        }
-			return;
+      else
-		}
+        {
-	}
+          memcpy(&ctx->buf[used], ptr, len);
          return;
        }
    }
-	while (len >= sizeof(ctx->buf)) {
+  while (len >= sizeof(ctx->buf))
-		memcpy(ctx->buf, ptr, sizeof(ctx->buf));
+    {
-		SipHash_CRounds(ctx, rc);
+      memcpy(ctx->buf, ptr, sizeof(ctx->buf));
-		len -= sizeof(ctx->buf);
+      siphash_crounds(ctx, rc);
-		ptr += sizeof(ctx->buf);
+      len -= sizeof(ctx->buf);
-	}
+      ptr += sizeof(ctx->buf);
    }
-	if (len > 0)
+  if (len > 0)
-		memcpy(ctx->buf, ptr, len);
+    {
      memcpy(ctx->buf, ptr, len);
    }
 }
-void
+void siphash_final(FAR void *dst, FAR SIPHASH_CTX *ctx, int rc, int rf)
 SipHash_Final(void *dst, SIPHASH_CTX *ctx, int rc, int rf)
 {
-	uint64_t r;
+  uint64_t r;
-	htolem64(&r, SipHash_End(ctx, rc, rf));
+  htolem64(&r, siphash_end(ctx, rc, rf));
-	memcpy(dst, &r, sizeof r);
+  memcpy(dst, &r, sizeof r);
 }
-uint64_t
+uint64_t siphash_end(FAR SIPHASH_CTX *ctx, int rc, int rf)
 SipHash_End(SIPHASH_CTX *ctx, int rc, int rf)
 {
-	uint64_t r;
+  uint64_t r;
-	size_t left, used;
+  size_t left;
  size_t used;
-	used = ctx->bytes % sizeof(ctx->buf);
+  used = ctx->bytes % sizeof(ctx->buf);
-	left = sizeof(ctx->buf) - used;
+  left = sizeof(ctx->buf) - used;
-	memset(&ctx->buf[used], 0, left - 1);
+  memset(&ctx->buf[used], 0, left - 1);
-	ctx->buf[7] = ctx->bytes;
+  ctx->buf[7] = ctx->bytes;
-	SipHash_CRounds(ctx, rc);
+  siphash_crounds(ctx, rc);
-	ctx->v[2] ^= 0xff;
+  ctx->v[2] ^= 0xff;
-	SipHash_Rounds(ctx, rf);
+  siphash_rounds(ctx, rf);
-	r = (ctx->v[0] ^ ctx->v[1]) ^ (ctx->v[2] ^ ctx->v[3]);
+  r = (ctx->v[0] ^ ctx->v[1]) ^ (ctx->v[2] ^ ctx->v[3]);
-	explicit_bzero(ctx, sizeof(*ctx));
+  explicit_bzero(ctx, sizeof(*ctx));
-	return (r);
+  return (r);
 }
-uint64_t
+uint64_t siphash(FAR const SIPHASH_KEY *key,
-SipHash(const SIPHASH_KEY *key, int rc, int rf, const void *src, size_t len)
+                 int rc, int rf,
                 FAR const void *src, size_t len)
 {
-	SIPHASH_CTX ctx;
+  SIPHASH_CTX ctx;
-	SipHash_Init(&ctx, key);
+  siphash_init(&ctx, key);
-	SipHash_Update(&ctx, rc, rf, src, len);
+  siphash_update(&ctx, rc, rf, src, len);
-	return (SipHash_End(&ctx, rc, rf));
+  return (siphash_end(&ctx, rc, rf));
 }
 #define SIP_ROTL(x, b) ((x) << (b)) | ( (x) >> (64 - (b)))
-static void
+static void siphash_rounds(FAR SIPHASH_CTX *ctx, int rounds)
 SipHash_Rounds(SIPHASH_CTX *ctx, int rounds)
 {
-	while (rounds--) {
+  while (rounds--)
-		ctx->v[0] += ctx->v[1];
+    {
-		ctx->v[2] += ctx->v[3];
+      ctx->v[0] += ctx->v[1];
-		ctx->v[1] = SIP_ROTL(ctx->v[1], 13);
+      ctx->v[2] += ctx->v[3];
-		ctx->v[3] = SIP_ROTL(ctx->v[3], 16);
+      ctx->v[1] = SIP_ROTL(ctx->v[1], 13);
      ctx->v[3] = SIP_ROTL(ctx->v[3], 16);
-		ctx->v[1] ^= ctx->v[0];
+      ctx->v[1] ^= ctx->v[0];
-		ctx->v[3] ^= ctx->v[2];
+      ctx->v[3] ^= ctx->v[2];
-		ctx->v[0] = SIP_ROTL(ctx->v[0], 32);
+      ctx->v[0] = SIP_ROTL(ctx->v[0], 32);
-		ctx->v[2] += ctx->v[1];
+      ctx->v[2] += ctx->v[1];
-		ctx->v[0] += ctx->v[3];
+      ctx->v[0] += ctx->v[3];
-		ctx->v[1] = SIP_ROTL(ctx->v[1], 17);
+      ctx->v[1] = SIP_ROTL(ctx->v[1], 17);
-		ctx->v[3] = SIP_ROTL(ctx->v[3], 21);
+      ctx->v[3] = SIP_ROTL(ctx->v[3], 21);
-		ctx->v[1] ^= ctx->v[2];
+      ctx->v[1] ^= ctx->v[2];
-		ctx->v[3] ^= ctx->v[0];
+      ctx->v[3] ^= ctx->v[0];
-		ctx->v[2] = SIP_ROTL(ctx->v[2], 32);
+      ctx->v[2] = SIP_ROTL(ctx->v[2], 32);
-	}
+    }
 }
-static void
+static void siphash_crounds(FAR SIPHASH_CTX *ctx, int rounds)
 SipHash_CRounds(SIPHASH_CTX *ctx, int rounds)
 {
-	uint64_t m = lemtoh64((uint64_t *)ctx->buf);
+  uint64_t m = lemtoh64((uint64_t *)ctx->buf);
-	ctx->v[3] ^= m;
+  ctx->v[3] ^= m;
-	SipHash_Rounds(ctx, rounds);
+  siphash_rounds(ctx, rounds);
-	ctx->v[0] ^= m;
+  ctx->v[0] ^= m;
 }
@@ -1,22 +1,23 @@
-/*	$OpenBSD: sk.h,v 1.2 2002/10/27 13:24:26 miod Exp $	*/
+/****************************************************************************
-
+ * crypto/sk.h
-/* lib/des/sk.h */
+ * $OpenBSD: sk.h,v 1.2 2002/10/27 13:24:26 miod Exp $
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+ * lib/des/sk.h
 * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
 * All rights reserved.
- * 
+ *
 * This file is part of an SSL implementation written
 * by Eric Young (eay@mincom.oz.au).
 * The implementation was written so as to conform with Netscapes SSL
 * specification.  This library and applications are
 * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
 * as long as the following conditions are aheared to.
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.  If this code is used in a product,
 * Eric Young should be given attribution as the author of the parts used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -27,169 +28,189 @@
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
+ *    This product includes software developed
- * 
+ *    by Eric Young (eay@mincom.oz.au)
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAl,  SPECIAl,
 * EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
- * The licence and distribution terms for any publically available version or
+ * The licence and distribution terms for any publically
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * available version or derivative of this code cannot be changed.
 * i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
- */
+ ****************************************************************************/
-static const u_int32_t des_skb[8][64]={
+static const uint32_t des_skb[8][64] =
 {
-/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+  {
-0x00000000L,0x00000010L,0x20000000L,0x20000010L,
+    /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
-0x00010000L,0x00010010L,0x20010000L,0x20010010L,
+
-0x00000800L,0x00000810L,0x20000800L,0x20000810L,
+    0x00000000l, 0x00000010l, 0x20000000l, 0x20000010l,
-0x00010800L,0x00010810L,0x20010800L,0x20010810L,
+    0x00010000l, 0x00010010l, 0x20010000l, 0x20010010l,
-0x00000020L,0x00000030L,0x20000020L,0x20000030L,
+    0x00000800l, 0x00000810l, 0x20000800l, 0x20000810l,
-0x00010020L,0x00010030L,0x20010020L,0x20010030L,
+    0x00010800l, 0x00010810l, 0x20010800l, 0x20010810l,
-0x00000820L,0x00000830L,0x20000820L,0x20000830L,
+    0x00000020l, 0x00000030l, 0x20000020l, 0x20000030l,
-0x00010820L,0x00010830L,0x20010820L,0x20010830L,
+    0x00010020l, 0x00010030l, 0x20010020l, 0x20010030l,
-0x00080000L,0x00080010L,0x20080000L,0x20080010L,
+    0x00000820l, 0x00000830l, 0x20000820l, 0x20000830l,
-0x00090000L,0x00090010L,0x20090000L,0x20090010L,
+    0x00010820l, 0x00010830l, 0x20010820l, 0x20010830l,
-0x00080800L,0x00080810L,0x20080800L,0x20080810L,
+    0x00080000l, 0x00080010l, 0x20080000l, 0x20080010l,
-0x00090800L,0x00090810L,0x20090800L,0x20090810L,
+    0x00090000l, 0x00090010l, 0x20090000l, 0x20090010l,
-0x00080020L,0x00080030L,0x20080020L,0x20080030L,
+    0x00080800l, 0x00080810l, 0x20080800l, 0x20080810l,
-0x00090020L,0x00090030L,0x20090020L,0x20090030L,
+    0x00090800l, 0x00090810l, 0x20090800l, 0x20090810l,
-0x00080820L,0x00080830L,0x20080820L,0x20080830L,
+    0x00080020l, 0x00080030l, 0x20080020l, 0x20080030l,
-0x00090820L,0x00090830L,0x20090820L,0x20090830L,
+    0x00090020l, 0x00090030l, 0x20090020l, 0x20090030l,
-},{
+    0x00080820l, 0x00080830l, 0x20080820l, 0x20080830l,
-/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
+    0x00090820l, 0x00090830l, 0x20090820l, 0x20090830l,
-0x00000000L,0x02000000L,0x00002000L,0x02002000L,
+  },
-0x00200000L,0x02200000L,0x00202000L,0x02202000L,
+  {
-0x00000004L,0x02000004L,0x00002004L,0x02002004L,
+    /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
-0x00200004L,0x02200004L,0x00202004L,0x02202004L,
+
-0x00000400L,0x02000400L,0x00002400L,0x02002400L,
+    0x00000000l, 0x02000000l, 0x00002000l, 0x02002000l,
-0x00200400L,0x02200400L,0x00202400L,0x02202400L,
+    0x00200000l, 0x02200000l, 0x00202000l, 0x02202000l,
-0x00000404L,0x02000404L,0x00002404L,0x02002404L,
+    0x00000004l, 0x02000004l, 0x00002004l, 0x02002004l,
-0x00200404L,0x02200404L,0x00202404L,0x02202404L,
+    0x00200004l, 0x02200004l, 0x00202004l, 0x02202004l,
-0x10000000L,0x12000000L,0x10002000L,0x12002000L,
+    0x00000400l, 0x02000400l, 0x00002400l, 0x02002400l,
-0x10200000L,0x12200000L,0x10202000L,0x12202000L,
+    0x00200400l, 0x02200400l, 0x00202400l, 0x02202400l,
-0x10000004L,0x12000004L,0x10002004L,0x12002004L,
+    0x00000404l, 0x02000404l, 0x00002404l, 0x02002404l,
-0x10200004L,0x12200004L,0x10202004L,0x12202004L,
+    0x00200404l, 0x02200404l, 0x00202404l, 0x02202404l,
-0x10000400L,0x12000400L,0x10002400L,0x12002400L,
+    0x10000000l, 0x12000000l, 0x10002000l, 0x12002000l,
-0x10200400L,0x12200400L,0x10202400L,0x12202400L,
+    0x10200000l, 0x12200000l, 0x10202000l, 0x12202000l,
-0x10000404L,0x12000404L,0x10002404L,0x12002404L,
+    0x10000004l, 0x12000004l, 0x10002004l, 0x12002004l,
-0x10200404L,0x12200404L,0x10202404L,0x12202404L,
+    0x10200004l, 0x12200004l, 0x10202004l, 0x12202004l,
-},{
+    0x10000400l, 0x12000400l, 0x10002400l, 0x12002400l,
-/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
+    0x10200400l, 0x12200400l, 0x10202400l, 0x12202400l,
-0x00000000L,0x00000001L,0x00040000L,0x00040001L,
+    0x10000404l, 0x12000404l, 0x10002404l, 0x12002404l,
-0x01000000L,0x01000001L,0x01040000L,0x01040001L,
+    0x10200404l, 0x12200404l, 0x10202404l, 0x12202404l,
-0x00000002L,0x00000003L,0x00040002L,0x00040003L,
+  },
-0x01000002L,0x01000003L,0x01040002L,0x01040003L,
+  {
-0x00000200L,0x00000201L,0x00040200L,0x00040201L,
+    /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
-0x01000200L,0x01000201L,0x01040200L,0x01040201L,
+
-0x00000202L,0x00000203L,0x00040202L,0x00040203L,
+    0x00000000l, 0x00000001l, 0x00040000l, 0x00040001l,
-0x01000202L,0x01000203L,0x01040202L,0x01040203L,
+    0x01000000l, 0x01000001l, 0x01040000l, 0x01040001l,
-0x08000000L,0x08000001L,0x08040000L,0x08040001L,
+    0x00000002l, 0x00000003l, 0x00040002l, 0x00040003l,
-0x09000000L,0x09000001L,0x09040000L,0x09040001L,
+    0x01000002l, 0x01000003l, 0x01040002l, 0x01040003l,
-0x08000002L,0x08000003L,0x08040002L,0x08040003L,
+    0x00000200l, 0x00000201l, 0x00040200l, 0x00040201l,
-0x09000002L,0x09000003L,0x09040002L,0x09040003L,
+    0x01000200l, 0x01000201l, 0x01040200l, 0x01040201l,
-0x08000200L,0x08000201L,0x08040200L,0x08040201L,
+    0x00000202l, 0x00000203l, 0x00040202l, 0x00040203l,
-0x09000200L,0x09000201L,0x09040200L,0x09040201L,
+    0x01000202l, 0x01000203l, 0x01040202l, 0x01040203l,
-0x08000202L,0x08000203L,0x08040202L,0x08040203L,
+    0x08000000l, 0x08000001l, 0x08040000l, 0x08040001l,
-0x09000202L,0x09000203L,0x09040202L,0x09040203L,
+    0x09000000l, 0x09000001l, 0x09040000l, 0x09040001l,
-},{
+    0x08000002l, 0x08000003l, 0x08040002l, 0x08040003l,
-/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
+    0x09000002l, 0x09000003l, 0x09040002l, 0x09040003l,
-0x00000000L,0x00100000L,0x00000100L,0x00100100L,
+    0x08000200l, 0x08000201l, 0x08040200l, 0x08040201l,
-0x00000008L,0x00100008L,0x00000108L,0x00100108L,
+    0x09000200l, 0x09000201l, 0x09040200l, 0x09040201l,
-0x00001000L,0x00101000L,0x00001100L,0x00101100L,
+    0x08000202l, 0x08000203l, 0x08040202l, 0x08040203l,
-0x00001008L,0x00101008L,0x00001108L,0x00101108L,
+    0x09000202l, 0x09000203l, 0x09040202l, 0x09040203l,
-0x04000000L,0x04100000L,0x04000100L,0x04100100L,
+  },
-0x04000008L,0x04100008L,0x04000108L,0x04100108L,
+  {
-0x04001000L,0x04101000L,0x04001100L,0x04101100L,
+    /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
-0x04001008L,0x04101008L,0x04001108L,0x04101108L,
+
-0x00020000L,0x00120000L,0x00020100L,0x00120100L,
+    0x00000000l, 0x00100000l, 0x00000100l, 0x00100100l,
-0x00020008L,0x00120008L,0x00020108L,0x00120108L,
+    0x00000008l, 0x00100008l, 0x00000108l, 0x00100108l,
-0x00021000L,0x00121000L,0x00021100L,0x00121100L,
+    0x00001000l, 0x00101000l, 0x00001100l, 0x00101100l,
-0x00021008L,0x00121008L,0x00021108L,0x00121108L,
+    0x00001008l, 0x00101008l, 0x00001108l, 0x00101108l,
-0x04020000L,0x04120000L,0x04020100L,0x04120100L,
+    0x04000000l, 0x04100000l, 0x04000100l, 0x04100100l,
-0x04020008L,0x04120008L,0x04020108L,0x04120108L,
+    0x04000008l, 0x04100008l, 0x04000108l, 0x04100108l,
-0x04021000L,0x04121000L,0x04021100L,0x04121100L,
+    0x04001000l, 0x04101000l, 0x04001100l, 0x04101100l,
-0x04021008L,0x04121008L,0x04021108L,0x04121108L,
+    0x04001008l, 0x04101008l, 0x04001108l, 0x04101108l,
-},{
+    0x00020000l, 0x00120000l, 0x00020100l, 0x00120100l,
-/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+    0x00020008l, 0x00120008l, 0x00020108l, 0x00120108l,
-0x00000000L,0x10000000L,0x00010000L,0x10010000L,
+    0x00021000l, 0x00121000l, 0x00021100l, 0x00121100l,
-0x00000004L,0x10000004L,0x00010004L,0x10010004L,
+    0x00021008l, 0x00121008l, 0x00021108l, 0x00121108l,
-0x20000000L,0x30000000L,0x20010000L,0x30010000L,
+    0x04020000l, 0x04120000l, 0x04020100l, 0x04120100l,
-0x20000004L,0x30000004L,0x20010004L,0x30010004L,
+    0x04020008l, 0x04120008l, 0x04020108l, 0x04120108l,
-0x00100000L,0x10100000L,0x00110000L,0x10110000L,
+    0x04021000l, 0x04121000l, 0x04021100l, 0x04121100l,
-0x00100004L,0x10100004L,0x00110004L,0x10110004L,
+    0x04021008l, 0x04121008l, 0x04021108l, 0x04121108l,
-0x20100000L,0x30100000L,0x20110000L,0x30110000L,
+  },
-0x20100004L,0x30100004L,0x20110004L,0x30110004L,
+  {
-0x00001000L,0x10001000L,0x00011000L,0x10011000L,
+    /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
-0x00001004L,0x10001004L,0x00011004L,0x10011004L,
+
-0x20001000L,0x30001000L,0x20011000L,0x30011000L,
+    0x00000000l, 0x10000000l, 0x00010000l, 0x10010000l,
-0x20001004L,0x30001004L,0x20011004L,0x30011004L,
+    0x00000004l, 0x10000004l, 0x00010004l, 0x10010004l,
-0x00101000L,0x10101000L,0x00111000L,0x10111000L,
+    0x20000000l, 0x30000000l, 0x20010000l, 0x30010000l,
-0x00101004L,0x10101004L,0x00111004L,0x10111004L,
+    0x20000004l, 0x30000004l, 0x20010004l, 0x30010004l,
-0x20101000L,0x30101000L,0x20111000L,0x30111000L,
+    0x00100000l, 0x10100000l, 0x00110000l, 0x10110000l,
-0x20101004L,0x30101004L,0x20111004L,0x30111004L,
+    0x00100004l, 0x10100004l, 0x00110004l, 0x10110004l,
-},{
+    0x20100000l, 0x30100000l, 0x20110000l, 0x30110000l,
-/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
+    0x20100004l, 0x30100004l, 0x20110004l, 0x30110004l,
-0x00000000L,0x08000000L,0x00000008L,0x08000008L,
+    0x00001000l, 0x10001000l, 0x00011000l, 0x10011000l,
-0x00000400L,0x08000400L,0x00000408L,0x08000408L,
+    0x00001004l, 0x10001004l, 0x00011004l, 0x10011004l,
-0x00020000L,0x08020000L,0x00020008L,0x08020008L,
+    0x20001000l, 0x30001000l, 0x20011000l, 0x30011000l,
-0x00020400L,0x08020400L,0x00020408L,0x08020408L,
+    0x20001004l, 0x30001004l, 0x20011004l, 0x30011004l,
-0x00000001L,0x08000001L,0x00000009L,0x08000009L,
+    0x00101000l, 0x10101000l, 0x00111000l, 0x10111000l,
-0x00000401L,0x08000401L,0x00000409L,0x08000409L,
+    0x00101004l, 0x10101004l, 0x00111004l, 0x10111004l,
-0x00020001L,0x08020001L,0x00020009L,0x08020009L,
+    0x20101000l, 0x30101000l, 0x20111000l, 0x30111000l,
-0x00020401L,0x08020401L,0x00020409L,0x08020409L,
+    0x20101004l, 0x30101004l, 0x20111004l, 0x30111004l,
-0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,
+  },
-0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,
+  {
-0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,
+    /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
-0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,
+
-0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,
+    0x00000000l, 0x08000000l, 0x00000008l, 0x08000008l,
-0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,
+    0x00000400l, 0x08000400l, 0x00000408l, 0x08000408l,
-0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,
+    0x00020000l, 0x08020000l, 0x00020008l, 0x08020008l,
-0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,
+    0x00020400l, 0x08020400l, 0x00020408l, 0x08020408l,
-},{
+    0x00000001l, 0x08000001l, 0x00000009l, 0x08000009l,
-/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
+    0x00000401l, 0x08000401l, 0x00000409l, 0x08000409l,
-0x00000000L,0x00000100L,0x00080000L,0x00080100L,
+    0x00020001l, 0x08020001l, 0x00020009l, 0x08020009l,
-0x01000000L,0x01000100L,0x01080000L,0x01080100L,
+    0x00020401l, 0x08020401l, 0x00020409l, 0x08020409l,
-0x00000010L,0x00000110L,0x00080010L,0x00080110L,
+    0x02000000l, 0x0a000000l, 0x02000008l, 0x0a000008l,
-0x01000010L,0x01000110L,0x01080010L,0x01080110L,
+    0x02000400l, 0x0a000400l, 0x02000408l, 0x0a000408l,
-0x00200000L,0x00200100L,0x00280000L,0x00280100L,
+    0x02020000l, 0x0a020000l, 0x02020008l, 0x0a020008l,
-0x01200000L,0x01200100L,0x01280000L,0x01280100L,
+    0x02020400l, 0x0a020400l, 0x02020408l, 0x0a020408l,
-0x00200010L,0x00200110L,0x00280010L,0x00280110L,
+    0x02000001l, 0x0a000001l, 0x02000009l, 0x0a000009l,
-0x01200010L,0x01200110L,0x01280010L,0x01280110L,
+    0x02000401l, 0x0a000401l, 0x02000409l, 0x0a000409l,
-0x00000200L,0x00000300L,0x00080200L,0x00080300L,
+    0x02020001l, 0x0a020001l, 0x02020009l, 0x0a020009l,
-0x01000200L,0x01000300L,0x01080200L,0x01080300L,
+    0x02020401l, 0x0a020401l, 0x02020409l, 0x0a020409l,
-0x00000210L,0x00000310L,0x00080210L,0x00080310L,
+  },
-0x01000210L,0x01000310L,0x01080210L,0x01080310L,
+  {
-0x00200200L,0x00200300L,0x00280200L,0x00280300L,
+    /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
-0x01200200L,0x01200300L,0x01280200L,0x01280300L,
+
-0x00200210L,0x00200310L,0x00280210L,0x00280310L,
+    0x00000000l, 0x00000100l, 0x00080000l, 0x00080100l,
-0x01200210L,0x01200310L,0x01280210L,0x01280310L,
+    0x01000000l, 0x01000100l, 0x01080000l, 0x01080100l,
-},{
+    0x00000010l, 0x00000110l, 0x00080010l, 0x00080110l,
-/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
+    0x01000010l, 0x01000110l, 0x01080010l, 0x01080110l,
-0x00000000L,0x04000000L,0x00040000L,0x04040000L,
+    0x00200000l, 0x00200100l, 0x00280000l, 0x00280100l,
-0x00000002L,0x04000002L,0x00040002L,0x04040002L,
+    0x01200000l, 0x01200100l, 0x01280000l, 0x01280100l,
-0x00002000L,0x04002000L,0x00042000L,0x04042000L,
+    0x00200010l, 0x00200110l, 0x00280010l, 0x00280110l,
-0x00002002L,0x04002002L,0x00042002L,0x04042002L,
+    0x01200010l, 0x01200110l, 0x01280010l, 0x01280110l,
-0x00000020L,0x04000020L,0x00040020L,0x04040020L,
+    0x00000200l, 0x00000300l, 0x00080200l, 0x00080300l,
-0x00000022L,0x04000022L,0x00040022L,0x04040022L,
+    0x01000200l, 0x01000300l, 0x01080200l, 0x01080300l,
-0x00002020L,0x04002020L,0x00042020L,0x04042020L,
+    0x00000210l, 0x00000310l, 0x00080210l, 0x00080310l,
-0x00002022L,0x04002022L,0x00042022L,0x04042022L,
+    0x01000210l, 0x01000310l, 0x01080210l, 0x01080310l,
-0x00000800L,0x04000800L,0x00040800L,0x04040800L,
+    0x00200200l, 0x00200300l, 0x00280200l, 0x00280300l,
-0x00000802L,0x04000802L,0x00040802L,0x04040802L,
+    0x01200200l, 0x01200300l, 0x01280200l, 0x01280300l,
-0x00002800L,0x04002800L,0x00042800L,0x04042800L,
+    0x00200210l, 0x00200310l, 0x00280210l, 0x00280310l,
-0x00002802L,0x04002802L,0x00042802L,0x04042802L,
+    0x01200210l, 0x01200310l, 0x01280210l, 0x01280310l,
-0x00000820L,0x04000820L,0x00040820L,0x04040820L,
+  },
-0x00000822L,0x04000822L,0x00040822L,0x04040822L,
+  {
-0x00002820L,0x04002820L,0x00042820L,0x04042820L,
+    /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
-0x00002822L,0x04002822L,0x00042822L,0x04042822L,
+
-}};
+    0x00000000l, 0x04000000l, 0x00040000l, 0x04040000l,
    0x00000002l, 0x04000002l, 0x00040002l, 0x04040002l,
    0x00002000l, 0x04002000l, 0x00042000l, 0x04042000l,
    0x00002002l, 0x04002002l, 0x00042002l, 0x04042002l,
    0x00000020l, 0x04000020l, 0x00040020l, 0x04040020l,
    0x00000022l, 0x04000022l, 0x00040022l, 0x04040022l,
    0x00002020l, 0x04002020l, 0x00042020l, 0x04042020l,
    0x00002022l, 0x04002022l, 0x00042022l, 0x04042022l,
    0x00000800l, 0x04000800l, 0x00040800l, 0x04040800l,
    0x00000802l, 0x04000802l, 0x00040802l, 0x04040802l,
    0x00002800l, 0x04002800l, 0x00042800l, 0x04042800l,
    0x00002802l, 0x04002802l, 0x00042802l, 0x04042802l,
    0x00000820l, 0x04000820l, 0x00040820l, 0x04040820l,
    0x00000822l, 0x04000822l, 0x00040822l, 0x04040822l,
    0x00002820l, 0x04002820l, 0x00042820l, 0x04042820l,
    0x00002822l, 0x04002822l, 0x00042822l, 0x04042822l,
  }
 };
@@ -1,22 +1,23 @@
-/*	$OpenBSD: spr.h,v 1.2 2002/10/27 13:24:26 miod Exp $	*/
+/****************************************************************************
-
+ * crypto/spr.h
-/* lib/des/spr.h */
+ * $OpenBSD: spr.h,v 1.2 2002/10/27 13:24:26 miod Exp $
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+ * lib/des/spr.h
 * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
 * All rights reserved.
- * 
+ *
 * This file is part of an SSL implementation written
 * by Eric Young (eay@mincom.oz.au).
 * The implementation was written so as to conform with Netscapes SSL
 * specification.  This library and applications are
 * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
 * as long as the following conditions are aheared to.
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.  If this code is used in a product,
 * Eric Young should be given attribution as the author of the parts used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -27,8 +28,9 @@
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
+ *    This product includes software developed
- * 
+ *    by Eric Young (eay@mincom.oz.au)
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -40,156 +42,174 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * derivative of this code cannot be changed.
 * i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
- */
+ ****************************************************************************/
-static const u_int32_t des_SPtrans[8][64]={
+static const uint32_t des_sptrans[8][64] =
 {
-/* nibble 0 */
+  {
-0x00820200L, 0x00020000L, 0x80800000L, 0x80820200L,
+    /* nibble 0 */
-0x00800000L, 0x80020200L, 0x80020000L, 0x80800000L,
+
-0x80020200L, 0x00820200L, 0x00820000L, 0x80000200L,
+    0x00820200l, 0x00020000l, 0x80800000l, 0x80820200l,
-0x80800200L, 0x00800000L, 0x00000000L, 0x80020000L,
+    0x00800000l, 0x80020200l, 0x80020000l, 0x80800000l,
-0x00020000L, 0x80000000L, 0x00800200L, 0x00020200L,
+    0x80020200l, 0x00820200l, 0x00820000l, 0x80000200l,
-0x80820200L, 0x00820000L, 0x80000200L, 0x00800200L,
+    0x80800200l, 0x00800000l, 0x00000000l, 0x80020000l,
-0x80000000L, 0x00000200L, 0x00020200L, 0x80820000L,
+    0x00020000l, 0x80000000l, 0x00800200l, 0x00020200l,
-0x00000200L, 0x80800200L, 0x80820000L, 0x00000000L,
+    0x80820200l, 0x00820000l, 0x80000200l, 0x00800200l,
-0x00000000L, 0x80820200L, 0x00800200L, 0x80020000L,
+    0x80000000l, 0x00000200l, 0x00020200l, 0x80820000l,
-0x00820200L, 0x00020000L, 0x80000200L, 0x00800200L,
+    0x00000200l, 0x80800200l, 0x80820000l, 0x00000000l,
-0x80820000L, 0x00000200L, 0x00020200L, 0x80800000L,
+    0x00000000l, 0x80820200l, 0x00800200l, 0x80020000l,
-0x80020200L, 0x80000000L, 0x80800000L, 0x00820000L,
+    0x00820200l, 0x00020000l, 0x80000200l, 0x00800200l,
-0x80820200L, 0x00020200L, 0x00820000L, 0x80800200L,
+    0x80820000l, 0x00000200l, 0x00020200l, 0x80800000l,
-0x00800000L, 0x80000200L, 0x80020000L, 0x00000000L,
+    0x80020200l, 0x80000000l, 0x80800000l, 0x00820000l,
-0x00020000L, 0x00800000L, 0x80800200L, 0x00820200L,
+    0x80820200l, 0x00020200l, 0x00820000l, 0x80800200l,
-0x80000000L, 0x80820000L, 0x00000200L, 0x80020200L,
+    0x00800000l, 0x80000200l, 0x80020000l, 0x00000000l,
-},{
+    0x00020000l, 0x00800000l, 0x80800200l, 0x00820200l,
-/* nibble 1 */
+    0x80000000l, 0x80820000l, 0x00000200l, 0x80020200l,
-0x10042004L, 0x00000000L, 0x00042000L, 0x10040000L,
+  },
-0x10000004L, 0x00002004L, 0x10002000L, 0x00042000L,
+  {
-0x00002000L, 0x10040004L, 0x00000004L, 0x10002000L,
+    /* nibble 1 */
-0x00040004L, 0x10042000L, 0x10040000L, 0x00000004L,
+
-0x00040000L, 0x10002004L, 0x10040004L, 0x00002000L,
+    0x10042004l, 0x00000000l, 0x00042000l, 0x10040000l,
-0x00042004L, 0x10000000L, 0x00000000L, 0x00040004L,
+    0x10000004l, 0x00002004l, 0x10002000l, 0x00042000l,
-0x10002004L, 0x00042004L, 0x10042000L, 0x10000004L,
+    0x00002000l, 0x10040004l, 0x00000004l, 0x10002000l,
-0x10000000L, 0x00040000L, 0x00002004L, 0x10042004L,
+    0x00040004l, 0x10042000l, 0x10040000l, 0x00000004l,
-0x00040004L, 0x10042000L, 0x10002000L, 0x00042004L,
+    0x00040000l, 0x10002004l, 0x10040004l, 0x00002000l,
-0x10042004L, 0x00040004L, 0x10000004L, 0x00000000L,
+    0x00042004l, 0x10000000l, 0x00000000l, 0x00040004l,
-0x10000000L, 0x00002004L, 0x00040000L, 0x10040004L,
+    0x10002004l, 0x00042004l, 0x10042000l, 0x10000004l,
-0x00002000L, 0x10000000L, 0x00042004L, 0x10002004L,
+    0x10000000l, 0x00040000l, 0x00002004l, 0x10042004l,
-0x10042000L, 0x00002000L, 0x00000000L, 0x10000004L,
+    0x00040004l, 0x10042000l, 0x10002000l, 0x00042004l,
-0x00000004L, 0x10042004L, 0x00042000L, 0x10040000L,
+    0x10042004l, 0x00040004l, 0x10000004l, 0x00000000l,
-0x10040004L, 0x00040000L, 0x00002004L, 0x10002000L,
+    0x10000000l, 0x00002004l, 0x00040000l, 0x10040004l,
-0x10002004L, 0x00000004L, 0x10040000L, 0x00042000L,
+    0x00002000l, 0x10000000l, 0x00042004l, 0x10002004l,
-},{
+    0x10042000l, 0x00002000l, 0x00000000l, 0x10000004l,
-/* nibble 2 */
+    0x00000004l, 0x10042004l, 0x00042000l, 0x10040000l,
-0x41000000L, 0x01010040L, 0x00000040L, 0x41000040L,
+    0x10040004l, 0x00040000l, 0x00002004l, 0x10002000l,
-0x40010000L, 0x01000000L, 0x41000040L, 0x00010040L,
+    0x10002004l, 0x00000004l, 0x10040000l, 0x00042000l,
-0x01000040L, 0x00010000L, 0x01010000L, 0x40000000L,
+  },
-0x41010040L, 0x40000040L, 0x40000000L, 0x41010000L,
+  {
-0x00000000L, 0x40010000L, 0x01010040L, 0x00000040L,
+    /* nibble 2 */
-0x40000040L, 0x41010040L, 0x00010000L, 0x41000000L,
+
-0x41010000L, 0x01000040L, 0x40010040L, 0x01010000L,
+    0x41000000l, 0x01010040l, 0x00000040l, 0x41000040l,
-0x00010040L, 0x00000000L, 0x01000000L, 0x40010040L,
+    0x40010000l, 0x01000000l, 0x41000040l, 0x00010040l,
-0x01010040L, 0x00000040L, 0x40000000L, 0x00010000L,
+    0x01000040l, 0x00010000l, 0x01010000l, 0x40000000l,
-0x40000040L, 0x40010000L, 0x01010000L, 0x41000040L,
+    0x41010040l, 0x40000040l, 0x40000000l, 0x41010000l,
-0x00000000L, 0x01010040L, 0x00010040L, 0x41010000L,
+    0x00000000l, 0x40010000l, 0x01010040l, 0x00000040l,
-0x40010000L, 0x01000000L, 0x41010040L, 0x40000000L,
+    0x40000040l, 0x41010040l, 0x00010000l, 0x41000000l,
-0x40010040L, 0x41000000L, 0x01000000L, 0x41010040L,
+    0x41010000l, 0x01000040l, 0x40010040l, 0x01010000l,
-0x00010000L, 0x01000040L, 0x41000040L, 0x00010040L,
+    0x00010040l, 0x00000000l, 0x01000000l, 0x40010040l,
-0x01000040L, 0x00000000L, 0x41010000L, 0x40000040L,
+    0x01010040l, 0x00000040l, 0x40000000l, 0x00010000l,
-0x41000000L, 0x40010040L, 0x00000040L, 0x01010000L,
+    0x40000040l, 0x40010000l, 0x01010000l, 0x41000040l,
-},{
+    0x00000000l, 0x01010040l, 0x00010040l, 0x41010000l,
-/* nibble 3 */
+    0x40010000l, 0x01000000l, 0x41010040l, 0x40000000l,
-0x00100402L, 0x04000400L, 0x00000002L, 0x04100402L,
+    0x40010040l, 0x41000000l, 0x01000000l, 0x41010040l,
-0x00000000L, 0x04100000L, 0x04000402L, 0x00100002L,
+    0x00010000l, 0x01000040l, 0x41000040l, 0x00010040l,
-0x04100400L, 0x04000002L, 0x04000000L, 0x00000402L,
+    0x01000040l, 0x00000000l, 0x41010000l, 0x40000040l,
-0x04000002L, 0x00100402L, 0x00100000L, 0x04000000L,
+    0x41000000l, 0x40010040l, 0x00000040l, 0x01010000l,
-0x04100002L, 0x00100400L, 0x00000400L, 0x00000002L,
+  },
-0x00100400L, 0x04000402L, 0x04100000L, 0x00000400L,
+  {
-0x00000402L, 0x00000000L, 0x00100002L, 0x04100400L,
+    /* nibble 3 */
-0x04000400L, 0x04100002L, 0x04100402L, 0x00100000L,
+
-0x04100002L, 0x00000402L, 0x00100000L, 0x04000002L,
+    0x00100402l, 0x04000400l, 0x00000002l, 0x04100402l,
-0x00100400L, 0x04000400L, 0x00000002L, 0x04100000L,
+    0x00000000l, 0x04100000l, 0x04000402l, 0x00100002l,
-0x04000402L, 0x00000000L, 0x00000400L, 0x00100002L,
+    0x04100400l, 0x04000002l, 0x04000000l, 0x00000402l,
-0x00000000L, 0x04100002L, 0x04100400L, 0x00000400L,
+    0x04000002l, 0x00100402l, 0x00100000l, 0x04000000l,
-0x04000000L, 0x04100402L, 0x00100402L, 0x00100000L,
+    0x04100002l, 0x00100400l, 0x00000400l, 0x00000002l,
-0x04100402L, 0x00000002L, 0x04000400L, 0x00100402L,
+    0x00100400l, 0x04000402l, 0x04100000l, 0x00000400l,
-0x00100002L, 0x00100400L, 0x04100000L, 0x04000402L,
+    0x00000402l, 0x00000000l, 0x00100002l, 0x04100400l,
-0x00000402L, 0x04000000L, 0x04000002L, 0x04100400L,
+    0x04000400l, 0x04100002l, 0x04100402l, 0x00100000l,
-},{
+    0x04100002l, 0x00000402l, 0x00100000l, 0x04000002l,
-/* nibble 4 */
+    0x00100400l, 0x04000400l, 0x00000002l, 0x04100000l,
-0x02000000L, 0x00004000L, 0x00000100L, 0x02004108L,
+    0x04000402l, 0x00000000l, 0x00000400l, 0x00100002l,
-0x02004008L, 0x02000100L, 0x00004108L, 0x02004000L,
+    0x00000000l, 0x04100002l, 0x04100400l, 0x00000400l,
-0x00004000L, 0x00000008L, 0x02000008L, 0x00004100L,
+    0x04000000l, 0x04100402l, 0x00100402l, 0x00100000l,
-0x02000108L, 0x02004008L, 0x02004100L, 0x00000000L,
+    0x04100402l, 0x00000002l, 0x04000400l, 0x00100402l,
-0x00004100L, 0x02000000L, 0x00004008L, 0x00000108L,
+    0x00100002l, 0x00100400l, 0x04100000l, 0x04000402l,
-0x02000100L, 0x00004108L, 0x00000000L, 0x02000008L,
+    0x00000402l, 0x04000000l, 0x04000002l, 0x04100400l,
-0x00000008L, 0x02000108L, 0x02004108L, 0x00004008L,
+  },
-0x02004000L, 0x00000100L, 0x00000108L, 0x02004100L,
+  {
-0x02004100L, 0x02000108L, 0x00004008L, 0x02004000L,
+    /* nibble 4 */
-0x00004000L, 0x00000008L, 0x02000008L, 0x02000100L,
+
-0x02000000L, 0x00004100L, 0x02004108L, 0x00000000L,
+    0x02000000l, 0x00004000l, 0x00000100l, 0x02004108l,
-0x00004108L, 0x02000000L, 0x00000100L, 0x00004008L,
+    0x02004008l, 0x02000100l, 0x00004108l, 0x02004000l,
-0x02000108L, 0x00000100L, 0x00000000L, 0x02004108L,
+    0x00004000l, 0x00000008l, 0x02000008l, 0x00004100l,
-0x02004008L, 0x02004100L, 0x00000108L, 0x00004000L,
+    0x02000108l, 0x02004008l, 0x02004100l, 0x00000000l,
-0x00004100L, 0x02004008L, 0x02000100L, 0x00000108L,
+    0x00004100l, 0x02000000l, 0x00004008l, 0x00000108l,
-0x00000008L, 0x00004108L, 0x02004000L, 0x02000008L,
+    0x02000100l, 0x00004108l, 0x00000000l, 0x02000008l,
-},{
+    0x00000008l, 0x02000108l, 0x02004108l, 0x00004008l,
-/* nibble 5 */
+    0x02004000l, 0x00000100l, 0x00000108l, 0x02004100l,
-0x20000010L, 0x00080010L, 0x00000000L, 0x20080800L,
+    0x02004100l, 0x02000108l, 0x00004008l, 0x02004000l,
-0x00080010L, 0x00000800L, 0x20000810L, 0x00080000L,
+    0x00004000l, 0x00000008l, 0x02000008l, 0x02000100l,
-0x00000810L, 0x20080810L, 0x00080800L, 0x20000000L,
+    0x02000000l, 0x00004100l, 0x02004108l, 0x00000000l,
-0x20000800L, 0x20000010L, 0x20080000L, 0x00080810L,
+    0x00004108l, 0x02000000l, 0x00000100l, 0x00004008l,
-0x00080000L, 0x20000810L, 0x20080010L, 0x00000000L,
+    0x02000108l, 0x00000100l, 0x00000000l, 0x02004108l,
-0x00000800L, 0x00000010L, 0x20080800L, 0x20080010L,
+    0x02004008l, 0x02004100l, 0x00000108l, 0x00004000l,
-0x20080810L, 0x20080000L, 0x20000000L, 0x00000810L,
+    0x00004100l, 0x02004008l, 0x02000100l, 0x00000108l,
-0x00000010L, 0x00080800L, 0x00080810L, 0x20000800L,
+    0x00000008l, 0x00004108l, 0x02004000l, 0x02000008l,
-0x00000810L, 0x20000000L, 0x20000800L, 0x00080810L,
+  },
-0x20080800L, 0x00080010L, 0x00000000L, 0x20000800L,
+  {
-0x20000000L, 0x00000800L, 0x20080010L, 0x00080000L,
+    /* nibble 5 */
-0x00080010L, 0x20080810L, 0x00080800L, 0x00000010L,
+
-0x20080810L, 0x00080800L, 0x00080000L, 0x20000810L,
+    0x20000010l, 0x00080010l, 0x00000000l, 0x20080800l,
-0x20000010L, 0x20080000L, 0x00080810L, 0x00000000L,
+    0x00080010l, 0x00000800l, 0x20000810l, 0x00080000l,
-0x00000800L, 0x20000010L, 0x20000810L, 0x20080800L,
+    0x00000810l, 0x20080810l, 0x00080800l, 0x20000000l,
-0x20080000L, 0x00000810L, 0x00000010L, 0x20080010L,
+    0x20000800l, 0x20000010l, 0x20080000l, 0x00080810l,
-},{
+    0x00080000l, 0x20000810l, 0x20080010l, 0x00000000l,
-/* nibble 6 */
+    0x00000800l, 0x00000010l, 0x20080800l, 0x20080010l,
-0x00001000L, 0x00000080L, 0x00400080L, 0x00400001L,
+    0x20080810l, 0x20080000l, 0x20000000l, 0x00000810l,
-0x00401081L, 0x00001001L, 0x00001080L, 0x00000000L,
+    0x00000010l, 0x00080800l, 0x00080810l, 0x20000800l,
-0x00400000L, 0x00400081L, 0x00000081L, 0x00401000L,
+    0x00000810l, 0x20000000l, 0x20000800l, 0x00080810l,
-0x00000001L, 0x00401080L, 0x00401000L, 0x00000081L,
+    0x20080800l, 0x00080010l, 0x00000000l, 0x20000800l,
-0x00400081L, 0x00001000L, 0x00001001L, 0x00401081L,
+    0x20000000l, 0x00000800l, 0x20080010l, 0x00080000l,
-0x00000000L, 0x00400080L, 0x00400001L, 0x00001080L,
+    0x00080010l, 0x20080810l, 0x00080800l, 0x00000010l,
-0x00401001L, 0x00001081L, 0x00401080L, 0x00000001L,
+    0x20080810l, 0x00080800l, 0x00080000l, 0x20000810l,
-0x00001081L, 0x00401001L, 0x00000080L, 0x00400000L,
+    0x20000010l, 0x20080000l, 0x00080810l, 0x00000000l,
-0x00001081L, 0x00401000L, 0x00401001L, 0x00000081L,
+    0x00000800l, 0x20000010l, 0x20000810l, 0x20080800l,
-0x00001000L, 0x00000080L, 0x00400000L, 0x00401001L,
+    0x20080000l, 0x00000810l, 0x00000010l, 0x20080010l,
-0x00400081L, 0x00001081L, 0x00001080L, 0x00000000L,
+  },
-0x00000080L, 0x00400001L, 0x00000001L, 0x00400080L,
+  {
-0x00000000L, 0x00400081L, 0x00400080L, 0x00001080L,
+    /* nibble 6 */
-0x00000081L, 0x00001000L, 0x00401081L, 0x00400000L,
+
-0x00401080L, 0x00000001L, 0x00001001L, 0x00401081L,
+    0x00001000l, 0x00000080l, 0x00400080l, 0x00400001l,
-0x00400001L, 0x00401080L, 0x00401000L, 0x00001001L,
+    0x00401081l, 0x00001001l, 0x00001080l, 0x00000000l,
-},{
+    0x00400000l, 0x00400081l, 0x00000081l, 0x00401000l,
-/* nibble 7 */
+    0x00000001l, 0x00401080l, 0x00401000l, 0x00000081l,
-0x08200020L, 0x08208000L, 0x00008020L, 0x00000000L,
+    0x00400081l, 0x00001000l, 0x00001001l, 0x00401081l,
-0x08008000L, 0x00200020L, 0x08200000L, 0x08208020L,
+    0x00000000l, 0x00400080l, 0x00400001l, 0x00001080l,
-0x00000020L, 0x08000000L, 0x00208000L, 0x00008020L,
+    0x00401001l, 0x00001081l, 0x00401080l, 0x00000001l,
-0x00208020L, 0x08008020L, 0x08000020L, 0x08200000L,
+    0x00001081l, 0x00401001l, 0x00000080l, 0x00400000l,
-0x00008000L, 0x00208020L, 0x00200020L, 0x08008000L,
+    0x00001081l, 0x00401000l, 0x00401001l, 0x00000081l,
-0x08208020L, 0x08000020L, 0x00000000L, 0x00208000L,
+    0x00001000l, 0x00000080l, 0x00400000l, 0x00401001l,
-0x08000000L, 0x00200000L, 0x08008020L, 0x08200020L,
+    0x00400081l, 0x00001081l, 0x00001080l, 0x00000000l,
-0x00200000L, 0x00008000L, 0x08208000L, 0x00000020L,
+    0x00000080l, 0x00400001l, 0x00000001l, 0x00400080l,
-0x00200000L, 0x00008000L, 0x08000020L, 0x08208020L,
+    0x00000000l, 0x00400081l, 0x00400080l, 0x00001080l,
-0x00008020L, 0x08000000L, 0x00000000L, 0x00208000L,
+    0x00000081l, 0x00001000l, 0x00401081l, 0x00400000l,
-0x08200020L, 0x08008020L, 0x08008000L, 0x00200020L,
+    0x00401080l, 0x00000001l, 0x00001001l, 0x00401081l,
-0x08208000L, 0x00000020L, 0x00200020L, 0x08008000L,
+    0x00400001l, 0x00401080l, 0x00401000l, 0x00001001l,
-0x08208020L, 0x00200000L, 0x08200000L, 0x08000020L,
+  },
-0x00208000L, 0x00008020L, 0x08008020L, 0x08200000L,
+  {
-0x00000020L, 0x08208000L, 0x00208020L, 0x00000000L,
+    /* nibble 7 */
-0x08000000L, 0x08200020L, 0x00008000L, 0x00208020L,
+
-}};
+    0x08200020l, 0x08208000l, 0x00008020l, 0x00000000l,
    0x08008000l, 0x00200020l, 0x08200000l, 0x08208020l,
    0x00000020l, 0x08000000l, 0x00208000l, 0x00008020l,
    0x00208020l, 0x08008020l, 0x08000020l, 0x08200000l,
    0x00008000l, 0x00208020l, 0x00200020l, 0x08008000l,
    0x08208020l, 0x08000020l, 0x00000000l, 0x00208000l,
    0x08000000l, 0x00200000l, 0x08008020l, 0x08200020l,
    0x00200000l, 0x00008000l, 0x08208000l, 0x00000020l,
    0x00200000l, 0x00008000l, 0x08000020l, 0x08208020l,
    0x00008020l, 0x08000000l, 0x00000000l, 0x00208000l,
    0x08200020l, 0x08008020l, 0x08008000l, 0x00200020l,
    0x08208000l, 0x00000020l, 0x00200020l, 0x08008000l,
    0x08208020l, 0x00200000l, 0x08200000l, 0x08000020l,
    0x00208000l, 0x00008020l, 0x08008020l, 0x08200000l,
    0x00000020l, 0x08208000l, 0x00208020l, 0x00000000l,
    0x08000000l, 0x08200020l, 0x00008000l, 0x00208020l,
  }
 };
@@ -1,5 +1,7 @@
-/*	$OpenBSD: aes.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $	*/
+/****************************************************************************
-/*
+ * include/crypto/aes.h
 * $OpenBSD: aes.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $
 *
 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
 * Copyright (c) 2016 Mike Belopuhov
 *
@@ -22,29 +24,32 @@
 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
- */
+ ****************************************************************************/
-#ifndef _AES_H_
+#ifndef __INCLUDE_CRYPTO_AES_H
-#define _AES_H_
+#define __INCLUDE_CRYPTO_AES_H
 #ifndef AES_MAXROUNDS
-#define AES_MAXROUNDS	(14)
+#  define AES_MAXROUNDS (14)
 #endif
-typedef struct aes_ctx {
+typedef struct aes_ctx
-	uint32_t sk[60];
+{
-	uint32_t sk_exp[120];
+  uint32_t sk[60];
  uint32_t sk_exp[120];
-	unsigned num_rounds;
+  unsigned num_rounds;
 } AES_CTX;
-int	AES_Setkey(AES_CTX *, const uint8_t *, int);
+int aes_setkey(FAR AES_CTX *, FAR const uint8_t *, int);
-void	AES_Encrypt(AES_CTX *, const uint8_t *, uint8_t *);
+void aes_encrypt(FAR AES_CTX *, FAR const uint8_t *, FAR uint8_t *);
-void	AES_Decrypt(AES_CTX *, const uint8_t *, uint8_t *);
+void aes_decrypt(FAR AES_CTX *, FAR const uint8_t *, FAR uint8_t *);
-void	AES_Encrypt_ECB(AES_CTX *, const uint8_t *, uint8_t *, size_t);
+void aes_encrypt_ecb(FAR AES_CTX *, FAR const uint8_t *, FAR uint8_t *,
-void	AES_Decrypt_ECB(AES_CTX *, const uint8_t *, uint8_t *, size_t);
+                     size_t);
 void aes_decrypt_ecb(FAR AES_CTX *, FAR const uint8_t *, FAR uint8_t *,
                     size_t);
-int	AES_KeySetup_Encrypt(uint32_t *, const uint8_t *, int);
+int aes_keysetup_encrypt(FAR uint32_t *, FAR const uint8_t *, int);
-int	AES_KeySetup_Decrypt(uint32_t *, const uint8_t *, int);
+int aes_keysetup_decrypt(FAR uint32_t *, FAR const uint8_t *, int);
-#endif	/* _AES_H_ */
+#endif /* __INCLUDE_CRYPTO_AES_H */
@@ -1,6 +1,7 @@
-/*	$OpenBSD: blf.h,v 1.7 2021/11/29 01:04:45 djm Exp $	*/
+/****************************************************************************
-
+ * include/crypto/blf.h
-/*
+ * $OpenBSD: blf.h,v 1.7 2021/11/29 01:04:45 djm Exp $
 *
 * Blowfish - a fast block cipher designed by Bruce Schneier
 *
 * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
@@ -27,10 +28,10 @@
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
+ ****************************************************************************/
-#ifndef _BLF_H_
+#ifndef __INCLUDE_CRYPTO_BLF_H
-#define _BLF_H_
+#define __INCLUDE_CRYPTO_BLF_H
 /* Schneier states the maximum key length to be 56 bytes.
 * The way how the subkeys are initialized by the key up
@@ -39,41 +40,48 @@
 * of the key affect all cipherbits.
 */
-#define BLF_N	16			/* Number of Subkeys */
+#define BLF_N 16                          /* Number of Subkeys */
-#define BLF_MAXKEYLEN ((BLF_N-2)*4)	/* 448 bits */
+#define BLF_MAXKEYLEN ((BLF_N - 2) * 4)   /* 448 bits */
-#define BLF_MAXUTILIZED ((BLF_N+2)*4)	/* 576 bits */
+#define BLF_MAXUTILIZED ((BLF_N + 2) * 4) /* 576 bits */
 /* Blowfish context */
-typedef struct BlowfishContext {
+
-	u_int32_t S[4][256];	/* S-Boxes */
+typedef struct blowfishcontext
-	u_int32_t P[BLF_N + 2];	/* Subkeys */
+{
-} blf_ctx;
+  uint32_t S[4][256];     /* S-Boxes */
  uint32_t P[BLF_N + 2];  /* Subkeys */
 }
 blf_ctx;
 /* Raw access to customized Blowfish
- *	blf_key is just:
+ * blf_key is just:
- *	Blowfish_initstate( state )
+ * Blowfish_initstate( state )
- *	Blowfish_expand0state( state, key, keylen )
+ * Blowfish_expand0state( state, key, keylen )
 */
-void Blowfish_encipher(blf_ctx *, u_int32_t *);
+void blowfish_encipher(FAR blf_ctx *, FAR uint32_t *);
-void Blowfish_decipher(blf_ctx *, u_int32_t *);
+void blowfish_decipher(FAR blf_ctx *, FAR uint32_t *);
-void Blowfish_initstate(blf_ctx *);
+void blowfish_initstate(FAR blf_ctx *);
-void Blowfish_expand0state(blf_ctx *, const u_int8_t *, u_int16_t);
+void blowfish_expand0state(FAR blf_ctx *, FAR const uint8_t *, uint16_t);
-void Blowfish_expandstate(blf_ctx *, const u_int8_t *, u_int16_t, const u_int8_t *, u_int16_t);
+void blowfish_expandstate(FAR blf_ctx *, FAR const uint8_t *,
                          uint16_t, FAR const uint8_t *, uint16_t);
 /* Standard Blowfish */
-void blf_key(blf_ctx *, const u_int8_t *, u_int16_t);
+void blf_key(FAR blf_ctx *, FAR const uint8_t *, uint16_t);
-void blf_enc(blf_ctx *, u_int32_t *, u_int16_t);
+void blf_enc(FAR blf_ctx *, FAR uint32_t *, uint16_t);
-void blf_dec(blf_ctx *, u_int32_t *, u_int16_t);
+void blf_dec(FAR blf_ctx *, FAR uint32_t *, uint16_t);
-/* Converts u_int8_t to u_int32_t */
+/* Converts uint8_t to uint32_t */
 u_int32_t Blowfish_stream2word(const u_int8_t *, u_int16_t ,
 				    u_int16_t *);
-void blf_ecb_encrypt(blf_ctx *, u_int8_t *, u_int32_t);
+uint32_t blowfish_stream2word(FAR const uint8_t *, uint16_t,
-void blf_ecb_decrypt(blf_ctx *, u_int8_t *, u_int32_t);
+                              FAR uint16_t *);
-void blf_cbc_encrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t);
+void blf_ecb_encrypt(FAR blf_ctx *, FAR uint8_t *, uint32_t);
-void blf_cbc_decrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t);
+void blf_ecb_decrypt(FAR blf_ctx *, FAR uint8_t *, uint32_t);
-#endif
+
 void blf_cbc_encrypt(FAR blf_ctx *, FAR uint8_t *, FAR uint8_t *,
                     uint32_t);
 void blf_cbc_decrypt(FAR blf_ctx *, FAR uint8_t *, FAR uint8_t *,
                     uint32_t);
 #endif /* __INCLUDE_CRYPTO_BLF_H */
@@ -1,22 +1,28 @@
-/*      $OpenBSD: cast.h,v 1.2 2002/03/14 01:26:51 millert Exp $       */
+/****************************************************************************
 * include/crypto/cast.h
 * $OpenBSD: cast.h,v 1.2 2002/03/14 01:26:51 millert Exp $
 *
 * CAST-128 in C
 * Written by Steve Reid <sreid@sea-to-sky.net>
 * 100% Public Domain - no warranty
 * Released 1997.10.11
 ****************************************************************************/
-/*
+#ifndef __INCLUDE_CRYPTO_CAST_H
- *	CAST-128 in C
+#define __INCLUDE_CRYPTO_CAST_H
 *	Written by Steve Reid <sreid@sea-to-sky.net>
 *	100% Public Domain - no warranty
 *	Released 1997.10.11
 */
-#ifndef _CAST_H_
+typedef struct
-#define _CAST_H_
+{
-
+  uint32_t xkey[32]; /* Key, after expansion */
-typedef struct {
+  int rounds;        /* Number of rounds to use, 12 or 16 */
 	u_int32_t	xkey[32];	/* Key, after expansion */
 	int		rounds;		/* Number of rounds to use, 12 or 16 */
 } cast_key;
-void cast_setkey(cast_key * key, u_int8_t * rawkey, int keybytes);
+void cast_setkey(FAR cast_key *key, FAR uint8_t *rawkey, int keybytes);
-void cast_encrypt(cast_key * key, u_int8_t * inblock, u_int8_t * outblock);
+void cast_encrypt(FAR cast_key *key,
-void cast_decrypt(cast_key * key, u_int8_t * inblock, u_int8_t * outblock);
+                  FAR uint8_t *inblock,
                  FAR uint8_t *outblock);
 void cast_decrypt(FAR cast_key *key,
                  FAR uint8_t *inblock,
                  FAR uint8_t *outblock);
-#endif /* ifndef _CAST_H_ */
+#endif /* __INCLUDE_CRYPTO_CAST_H */
@@ -1,5 +1,6 @@
-/*	$OpenBSD: chachapoly.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $	*/
+/****************************************************************************
-/*
+ * include/crypto/chachapoly.h
 * $OpenBSD: chachapoly.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $
 * Copyright (c) 2015 Mike Belopuhov
 *
 * Permission to use, copy, modify, and distribute this software for any
@@ -13,74 +14,85 @@
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
+ ****************************************************************************/
-#ifndef _CHACHAPOLY_H_
+#ifndef __INCLUDE_CRYPTO_CHACHAPOLY_H
-#define _CHACHAPOLY_H_
+#define __INCLUDE_CRYPTO_CHACHAPOLY_H
-#define CHACHA20_KEYSIZE	32
+#define CHACHA20_KEYSIZE   32
-#define CHACHA20_CTR		4
+#define CHACHA20_CTR       4
-#define CHACHA20_SALT		4
+#define CHACHA20_SALT      4
-#define CHACHA20_NONCE		8
+#define CHACHA20_NONCE     8
-#define CHACHA20_BLOCK_LEN	64
+#define CHACHA20_BLOCK_LEN 64
-struct chacha20_ctx {
+struct chacha20_ctx
-	uint8_t			block[CHACHA20_BLOCK_LEN];
+{
-	uint8_t			nonce[CHACHA20_NONCE];
+  uint8_t block[CHACHA20_BLOCK_LEN];
  uint8_t nonce[CHACHA20_NONCE];
 };
-int	chacha20_setkey(void *, u_int8_t *, int);
+int chacha20_setkey(FAR void *, FAR uint8_t *, int);
-void	chacha20_reinit(caddr_t, u_int8_t *);
+void chacha20_reinit(caddr_t, FAR uint8_t *);
-void	chacha20_crypt(caddr_t, u_int8_t *);
+void chacha20_crypt(caddr_t, FAR uint8_t *);
 #define POLY1305_KEYLEN 32
 #define POLY1305_TAGLEN 16
 #define POLY1305_BLOCK_LEN 16
-#define POLY1305_KEYLEN		32
+struct poly1305_ctx
-#define POLY1305_TAGLEN		16
+{
-#define POLY1305_BLOCK_LEN	16
+  /* r, h, pad, leftover */
-struct poly1305_ctx {
+  unsigned long state[5 + 5 + 4];
-	/* r, h, pad, leftover */
+  size_t leftover;
-	unsigned long		state[5+5+4];
+  unsigned char buffer[POLY1305_BLOCK_LEN];
-	size_t			leftover;
+  unsigned char final;
 	unsigned char		buffer[POLY1305_BLOCK_LEN];
 	unsigned char		final;
 };
-typedef struct {
+typedef struct
-	uint8_t			key[POLY1305_KEYLEN];
+{
-	/* counter, salt */
+  uint8_t key[POLY1305_KEYLEN];
 	uint8_t			nonce[CHACHA20_NONCE];
 	struct chacha20_ctx	chacha;
 	struct poly1305_ctx	poly;
 } CHACHA20_POLY1305_CTX;
-void	Chacha20_Poly1305_Init(void *);
+  /* counter, salt */
-void	Chacha20_Poly1305_Setkey(void *, const uint8_t *, uint16_t);
+
-void	Chacha20_Poly1305_Reinit(void *, const uint8_t *, uint16_t);
+  uint8_t nonce[CHACHA20_NONCE];
-int	Chacha20_Poly1305_Update(void *, const uint8_t *, uint16_t);
+  struct chacha20_ctx chacha;
-void	Chacha20_Poly1305_Final(uint8_t[POLY1305_TAGLEN], void *);
+  struct poly1305_ctx poly;
 }
 CHACHA20_POLY1305_CTX;
 void chacha20_poly1305_init(FAR void *);
 void chacha20_poly1305_setkey(FAR void *, FAR const uint8_t *, uint16_t);
 void chacha20_poly1305_reinit(FAR void *, FAR const uint8_t *, uint16_t);
 int chacha20_poly1305_update(FAR void *, FAR const uint8_t *, uint16_t);
 void chacha20_poly1305_final(FAR uint8_t *, FAR void *);
 /* WireGuard crypto */
 #define CHACHA20POLY1305_KEY_SIZE	CHACHA20_KEYSIZE
 #define CHACHA20POLY1305_AUTHTAG_SIZE	POLY1305_TAGLEN
 #define XCHACHA20POLY1305_NONCE_SIZE	24
-void chacha20poly1305_encrypt(uint8_t *, const uint8_t *, const size_t,
+#define CHACHA20POLY1305_KEY_SIZE CHACHA20_KEYSIZE
-	const uint8_t *, const size_t,	const uint64_t,
+#define CHACHA20POLY1305_AUTHTAG_SIZE POLY1305_TAGLEN
-	const uint8_t[CHACHA20POLY1305_KEY_SIZE]);
+#define XCHACHA20POLY1305_NONCE_SIZE 24
-int chacha20poly1305_decrypt(uint8_t *, const uint8_t *, const size_t,
+void chacha20poly1305_encrypt(
-	const uint8_t *, const size_t, const uint64_t,
+  FAR uint8_t *, FAR const uint8_t *, const size_t,
-	const uint8_t[CHACHA20POLY1305_KEY_SIZE]);
+  FAR const uint8_t *, const size_t, const uint64_t,
  FAR const uint8_t *);
-void xchacha20poly1305_encrypt(uint8_t *, const uint8_t *, const size_t,
+int chacha20poly1305_decrypt(
-	const uint8_t *, const size_t,
+  FAR uint8_t *, FAR const uint8_t *, const size_t,
-	const uint8_t[XCHACHA20POLY1305_NONCE_SIZE],
+  FAR const uint8_t *, const size_t, const uint64_t,
-	const uint8_t[CHACHA20POLY1305_KEY_SIZE]);
+  FAR const uint8_t *);
-int xchacha20poly1305_decrypt(uint8_t *, const uint8_t *, const size_t,
+void xchacha20poly1305_encrypt(
-	const uint8_t *, const size_t,
+  FAR uint8_t *, FAR const uint8_t *, const size_t,
-	const uint8_t[XCHACHA20POLY1305_NONCE_SIZE],
+  FAR const uint8_t *, const size_t,
-	const uint8_t[CHACHA20POLY1305_KEY_SIZE]);
+  FAR const uint8_t *,
  FAR const uint8_t *);
-#endif	/* _CHACHAPOLY_H_ */
+int xchacha20poly1305_decrypt(
  FAR uint8_t *, FAR const uint8_t *, const size_t,
  FAR const uint8_t *, const size_t,
  FAR const uint8_t *,
  FAR const uint8_t *);
 #endif /* __INCLUDE_CRYPTO_CHACHAPOLY_H */
@@ -1,6 +1,7 @@
-/*	$OpenBSD: cmac.h,v 1.3 2017/05/02 17:07:06 mikeb Exp $	*/
+/****************************************************************************
-
+ * include/crypto/cmac.h
-/*-
+ * $OpenBSD: cmac.h,v 1.3 2017/05/02 17:07:06 mikeb Exp $
 *
 * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
 *
 * Permission to use, copy, modify, and distribute this software for any
@@ -14,28 +15,26 @@
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
+ *
 ****************************************************************************/
-#ifndef _CMAC_H_
+#ifndef __INCLUDE_CRYPTO_CMAC_H_
-#define _CMAC_H_
+#define __INCLUDE_CRYPTO_CMAC_H_
 #define AES_CMAC_KEY_LENGTH	16
 #define AES_CMAC_DIGEST_LENGTH	16
-typedef struct _AES_CMAC_CTX {
+typedef struct _AES_CMAC_CTX
-	AES_CTX		aesctx;
+{
-	u_int8_t	X[16];
+  AES_CTX aesctx;
-	u_int8_t	M_last[16];
+  u_int8_t X[16];
-	u_int		M_n;
+  u_int8_t m_last[16];
  u_int m_n;
 } AES_CMAC_CTX;
-__BEGIN_DECLS
+void aes_cmac_init(FAR AES_CMAC_CTX *);
-void	 AES_CMAC_Init(AES_CMAC_CTX *);
+void aes_cmac_setkey(FAR AES_CMAC_CTX *, FAR const u_int8_t *);
-void	 AES_CMAC_SetKey(AES_CMAC_CTX *, const u_int8_t [AES_CMAC_KEY_LENGTH]);
+void aes_cmac_update(FAR AES_CMAC_CTX *, FAR const u_int8_t *, u_int);
-void	 AES_CMAC_Update(AES_CMAC_CTX *, const u_int8_t *, u_int)
+void aes_cmac_final(FAR u_int8_t *, FAR AES_CMAC_CTX *);
 		__attribute__((__bounded__(__string__,2,3)));
 void	 AES_CMAC_Final(u_int8_t [AES_CMAC_DIGEST_LENGTH], AES_CMAC_CTX *)
 		__attribute__((__bounded__(__minbytes__,1,AES_CMAC_DIGEST_LENGTH)));
 __END_DECLS
-#endif /* _CMAC_H_ */
+#endif /* __INCLUDE_CRYPTO_CMAC_H_ */
@@ -1,6 +1,7 @@
-/*	$OpenBSD: cryptosoft.h,v 1.14 2012/12/07 17:03:22 mikeb Exp $	*/
+/****************************************************************************
-
+ * include/crypto/cryptosoft.h
-/*
+ * $OpenBSD: cryptosoft.h,v 1.14 2012/12/07 17:03:22 mikeb Exp $
 *
 * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
 *
 * This code was written by Angelos D. Keromytis in Athens, Greece, in
@@ -19,56 +20,71 @@
 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
 * PURPOSE.
- */
+ *
 ****************************************************************************/
-#ifndef _CRYPTO_CRYPTOSOFT_H_
+#ifndef __INCLUDE_CRYPTO_CRYPTOSOFT_H
-#define _CRYPTO_CRYPTOSOFT_H_
+#define __INCLUDE_CRYPTO_CRYPTOSOFT_H
 /****************************************************************************
 * Included Files
 ****************************************************************************/
 /* Software session entry */
 struct swcr_data {
 	int		sw_alg;		/* Algorithm */
 	union {
 		struct {
 			u_int8_t	 *SW_ictx;
 			u_int8_t	 *SW_octx;
 			u_int32_t	 SW_klen;
 			const struct auth_hash *SW_axf;
 		} SWCR_AUTH;
 		struct {
 			u_int8_t	 *SW_kschedule;
 			const struct enc_xform *SW_exf;
 		} SWCR_ENC;
 		struct {
 			u_int32_t	 SW_size;
 			const struct comp_algo *SW_cxf;
 		} SWCR_COMP;
 	} SWCR_UN;
-#define sw_ictx		SWCR_UN.SWCR_AUTH.SW_ictx
+struct swcr_data
-#define sw_octx		SWCR_UN.SWCR_AUTH.SW_octx
+{
-#define sw_klen		SWCR_UN.SWCR_AUTH.SW_klen
+  int sw_alg; /* Algorithm */
-#define sw_axf		SWCR_UN.SWCR_AUTH.SW_axf
+  union
-#define sw_kschedule	SWCR_UN.SWCR_ENC.SW_kschedule
+    {
-#define sw_exf		SWCR_UN.SWCR_ENC.SW_exf
+      struct
-#define sw_size		SWCR_UN.SWCR_COMP.SW_size
+      {
-#define sw_cxf		SWCR_UN.SWCR_COMP.SW_cxf
+        FAR uint8_t *ictx;
        FAR uint8_t *octx;
        uint32_t klen;
        FAR const struct auth_hash *axf;
      } SWCR_AUTH;
-	struct swcr_data *sw_next;
+      struct
      {
        FAR uint8_t *kschedule;
        FAR const struct enc_xform *exf;
      } SWCR_ENC;
      struct
      {
        uint32_t size;
        FAR const struct comp_algo *cxf;
      } SWCR_COMP;
    } SWCR_UN;
 #define sw_ictx   SWCR_UN.SWCR_AUTH.ictx
 #define sw_octx   SWCR_UN.SWCR_AUTH.octx
 #define sw_klen   SWCR_UN.SWCR_AUTH.klen
 #define sw_axf    SWCR_UN.SWCR_AUTH.axf
 #define sw_kschedule SWCR_UN.SWCR_ENC.kschedule
 #define sw_exf    SWCR_UN.SWCR_ENC.exf
 #define sw_size   SWCR_UN.SWCR_COMP.size
 #define sw_cxf    SWCR_UN.SWCR_COMP.cxf
  struct swcr_data *sw_next;
 };
 #ifdef _KERNEL
-extern const u_int8_t hmac_ipad_buffer[HMAC_MAX_BLOCK_LEN];
+extern const uint8_t hmac_ipad_buffer[HMAC_MAX_BLOCK_LEN];
-extern const u_int8_t hmac_opad_buffer[HMAC_MAX_BLOCK_LEN];
+extern const uint8_t hmac_opad_buffer[HMAC_MAX_BLOCK_LEN];
-int	swcr_encdec(struct cryptodesc *, struct swcr_data *, caddr_t, int);
+int swcr_encdec(FAR struct cryptodesc *,
-int	swcr_authcompute(struct cryptop *, struct cryptodesc *, struct swcr_data *,
+                FAR struct swcr_data *, caddr_t, int);
-	caddr_t, int);
+int swcr_authcompute(FAR struct cryptop *, FAR struct cryptodesc *,
-int	swcr_authenc(struct cryptop *);
+                     FAR struct swcr_data *, caddr_t, int);
-int	swcr_compdec(struct cryptodesc *, struct swcr_data *, caddr_t, int);
+int swcr_authenc(FAR struct cryptop *);
-int	swcr_process(struct cryptop *);
+int swcr_compdec(FAR struct cryptodesc *, FAR struct swcr_data *,
-int	swcr_newsession(u_int32_t *, struct cryptoini *);
+                 caddr_t, int);
-int	swcr_freesession(u_int64_t);
+int swcr_process(FAR struct cryptop *);
-void	swcr_init(void);
+int swcr_newsession(FAR uint32_t *, FAR struct cryptoini *);
 int swcr_freesession(uint64_t);
 void swcr_init(void);
 #endif /* _KERNEL */
-#endif /* _CRYPTO_CRYPTO_H_ */
+#endif /* __INCLUDE_CRYPTO_CRYPTOSOFT_H */
@@ -1,6 +1,7 @@
-/*	$OpenBSD: gmac.h,v 1.6 2017/05/02 11:44:32 mikeb Exp $	*/
+/****************************************************************************
-
+ * include/crypto/gmac.h
-/*
+ * $OpenBSD: gmac.h,v 1.6 2017/05/02 11:44:32 mikeb Exp $
 *
 * Copyright (c) 2010 Mike Belopuhov
 *
 * Permission to use, copy, modify, and distribute this software for any
@@ -14,36 +15,42 @@
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
+ ****************************************************************************/
-#ifndef _GMAC_H_
+#ifndef __INCLUDE_CRYPTO_GMAC_H
-#define _GMAC_H_
+#define __INCLUDE_CRYPTO_GMAC_H
 /****************************************************************************
 * Included Files
 ****************************************************************************/
 #include <crypto/aes.h>
-#define GMAC_BLOCK_LEN		16
+#define GMAC_BLOCK_LEN 16
-#define GMAC_DIGEST_LEN		16
+#define GMAC_DIGEST_LEN 16
-typedef struct _GHASH_CTX {
+typedef struct _GHASH_CTX
-	uint8_t		H[GMAC_BLOCK_LEN];		/* hash subkey */
+{
-	uint8_t		S[GMAC_BLOCK_LEN];		/* state */
+  uint8_t H[GMAC_BLOCK_LEN]; /* hash subkey */
-	uint8_t		Z[GMAC_BLOCK_LEN];		/* initial state */
+  uint8_t S[GMAC_BLOCK_LEN]; /* state */
-} GHASH_CTX;
+  uint8_t Z[GMAC_BLOCK_LEN]; /* initial state */
 }
 GHASH_CTX;
-typedef struct _AES_GMAC_CTX {
+typedef struct _AES_GMAC_CTX
-	GHASH_CTX	ghash;
+{
-	AES_CTX		K;
+  GHASH_CTX ghash;
-	uint8_t		J[GMAC_BLOCK_LEN];		/* counter block */
+  AES_CTX K;
-} AES_GMAC_CTX;
+  uint8_t J[GMAC_BLOCK_LEN]; /* counter block */
 }
 AES_GMAC_CTX;
-__BEGIN_DECLS
+extern void (*ghash_update)(FAR GHASH_CTX *, FAR uint8_t *, size_t);
 extern void (*ghash_update)(GHASH_CTX *, uint8_t *, size_t);
-void	AES_GMAC_Init(void *);
+void aes_gmac_init(FAR void *);
-void	AES_GMAC_Setkey(void *, const uint8_t *, uint16_t);
+void aes_gmac_setkey(FAR void *, FAR const uint8_t *, uint16_t);
-void	AES_GMAC_Reinit(void *, const uint8_t *, uint16_t);
+void aes_gmac_reinit(FAR void *, FAR const uint8_t *, uint16_t);
-int	AES_GMAC_Update(void *, const uint8_t *, uint16_t);
+int aes_gmac_update(FAR void *, FAR const uint8_t *, uint16_t);
-void	AES_GMAC_Final(uint8_t [GMAC_DIGEST_LEN], void *);
+void aes_gmac_final(FAR uint8_t *, FAR void *);
 __END_DECLS
-#endif /* _GMAC_H_ */
+#endif /* __INCLUDE_CRYPTO_GMAC_H */
@@ -1,6 +1,7 @@
-/*	$OpenBSD: hmac.h,v 1.3 2012/12/05 23:20:15 deraadt Exp $	*/
+/****************************************************************************
-
+ * include/crypto/hmac.h
-/*-
+ * $OpenBSD: hmac.h,v 1.3 2012/12/05 23:20:15 deraadt Exp $
 *
 * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
 *
 * Permission to use, copy, modify, and distribute this software for any
@@ -14,52 +15,42 @@
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
+ *
 ****************************************************************************/
-#ifndef _HMAC_H_
+#ifndef __INCLUDE_CRYPTO_HMAC_H_
-#define _HMAC_H_
+#define __INCLUDE_CRYPTO_HMAC_H_
-typedef struct _HMAC_MD5_CTX {
+typedef struct _HMAC_MD5_CTX
-	MD5_CTX		ctx;
+{
-	u_int8_t	key[MD5_BLOCK_LENGTH];
+  MD5_CTX ctx;
-	u_int		key_len;
+  u_int8_t key[MD5_BLOCK_LENGTH];
  u_int key_len;
 } HMAC_MD5_CTX;
-typedef struct _HMAC_SHA1_CTX {
+typedef struct _HMAC_SHA1_CTX
-	SHA1_CTX	ctx;
+{
-	u_int8_t	key[SHA1_BLOCK_LENGTH];
+  SHA1_CTX ctx;
-	u_int		key_len;
+  u_int8_t key[SHA1_BLOCK_LENGTH];
  u_int key_len;
 } HMAC_SHA1_CTX;
-typedef struct _HMAC_SHA256_CTX {
+typedef struct _HMAC_SHA256_CTX
-	SHA2_CTX	ctx;
+{
-	u_int8_t	key[SHA256_BLOCK_LENGTH];
+  SHA2_CTX ctx;
-	u_int		key_len;
+  u_int8_t key[SHA256_BLOCK_LENGTH];
  u_int key_len;
 } HMAC_SHA256_CTX;
-__BEGIN_DECLS
+void hmac_md5_init(FAR HMAC_MD5_CTX *, FAR const u_int8_t *, u_int);
 void hmac_md5_update(FAR HMAC_MD5_CTX *, FAR const u_int8_t *, u_int);
 void hmac_md5_final(FAR u_int8_t *, FAR HMAC_MD5_CTX *);
 void hmac_sha1_init(FAR HMAC_SHA1_CTX *, FAR const u_int8_t *, u_int);
 void hmac_sha1_update(FAR HMAC_SHA1_CTX *, FAR const u_int8_t *, u_int);
 void hmac_sha1_final(FAR u_int8_t *, FAR HMAC_SHA1_CTX *);
-void	 HMAC_MD5_Init(HMAC_MD5_CTX *, const u_int8_t *, u_int)
+void hmac_sha256_init(FAR HMAC_SHA256_CTX *, FAR const u_int8_t *, u_int);
-		__attribute__((__bounded__(__string__,2,3)));
+void hmac_sha256_update(FAR HMAC_SHA256_CTX *, FAR const u_int8_t *, u_int);
-void	 HMAC_MD5_Update(HMAC_MD5_CTX *, const u_int8_t *, u_int)
+void hmac_sha256_final(FAR u_int8_t *, FAR HMAC_SHA256_CTX *);
 		__attribute__((__bounded__(__string__,2,3)));
 void	 HMAC_MD5_Final(u_int8_t [MD5_DIGEST_LENGTH], HMAC_MD5_CTX *)
 		__attribute__((__bounded__(__minbytes__,1,MD5_DIGEST_LENGTH)));
-void	 HMAC_SHA1_Init(HMAC_SHA1_CTX *, const u_int8_t *, u_int)
+#endif /* __INCLUDE_CRYPTO_HMAC_H_ */
 		__attribute__((__bounded__(__string__,2,3)));
 void	 HMAC_SHA1_Update(HMAC_SHA1_CTX *, const u_int8_t *, u_int)
 		__attribute__((__bounded__(__string__,2,3)));
 void	 HMAC_SHA1_Final(u_int8_t [SHA1_DIGEST_LENGTH], HMAC_SHA1_CTX *)
 		__attribute__((__bounded__(__minbytes__,1,SHA1_DIGEST_LENGTH)));
 void	 HMAC_SHA256_Init(HMAC_SHA256_CTX *, const u_int8_t *, u_int)
 		__attribute__((__bounded__(__string__,2,3)));
 void	 HMAC_SHA256_Update(HMAC_SHA256_CTX *, const u_int8_t *, u_int)
 		__attribute__((__bounded__(__string__,2,3)));
 void	 HMAC_SHA256_Final(u_int8_t [SHA256_DIGEST_LENGTH], HMAC_SHA256_CTX *)
 		__attribute__((__bounded__(__minbytes__,1,SHA256_DIGEST_LENGTH)));
 __END_DECLS
 #endif	/* _HMAC_H_ */
@@ -1,5 +1,7 @@
-/*	$OpenBSD: idgen.h,v 1.3 2013/06/05 05:45:54 djm Exp $	*/
+/****************************************************************************
-/*
+ * include/crypto/idgen.h
 * $OpenBSD: idgen.h,v 1.3 2013/06/05 05:45:54 djm Exp $
 *
 * Copyright (c) 2008 Damien Miller <djm@mindrot.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
@@ -13,21 +15,27 @@
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
+ *
 ****************************************************************************/
-#define IDGEN32_ROUNDS		31
+#ifndef __INCLUDE_CRYPTO_IDGEN_H_
-#define IDGEN32_KEYLEN		32
+#define __INCLUDE_CRYPTO_IDGEN_H_
 #define IDGEN32_REKEY_LIMIT	0x60000000
 #define IDGEN32_REKEY_TIME	600
-struct idgen32_ctx {
+#define IDGEN32_ROUNDS 31
-	u_int32_t id32_counter;
+#define IDGEN32_KEYLEN 32
-	u_int32_t id32_offset;
+#define IDGEN32_REKEY_LIMIT 0x60000000
-	u_int32_t id32_hibit;
+#define IDGEN32_REKEY_TIME 600
-	u_int8_t id32_key[IDGEN32_KEYLEN];
+
-	time_t id32_rekey_time;
+struct idgen32_ctx
 {
  u_int32_t id32_counter;
  u_int32_t id32_offset;
  u_int32_t id32_hibit;
  u_int8_t id32_key[IDGEN32_KEYLEN];
  time_t id32_rekey_time;
 };
-void idgen32_init(struct idgen32_ctx *);
+void idgen32_init(FAR struct idgen32_ctx *);
-u_int32_t idgen32(struct idgen32_ctx *);
+u_int32_t idgen32(FAR struct idgen32_ctx *);
 #endif /* __INCLUDE_CRYPTO_IDGEN_H_ */
@@ -1,6 +1,6 @@
-/*	$OpenBSD: key_wrap.h,v 1.3 2017/05/02 17:07:06 mikeb Exp $	*/
+/****************************************************************************
-
+ * include/crypto/key_wrap.h
-/*-
+ *$OpenBSD: key_wrap.h,v 1.3 2017/05/02 17:07:06 mikeb Exp $
 * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
 *
 * Permission to use, copy, modify, and distribute this software for any
@@ -14,23 +14,26 @@
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
+ *
 ****************************************************************************/
-#ifndef _KEY_WRAP_H_
+#ifndef __INCLUDE_CRYPTO_KEY_WRAP_H_
-#define _KEY_WRAP_H_
+#define __INCLUDE_CRYPTO_KEY_WRAP_H_
-typedef struct _aes_key_wrap_ctx {
+typedef struct _aes_key_wrap_ctx
-	AES_CTX		ctx;
+{
  AES_CTX ctx;
 } aes_key_wrap_ctx;
-__BEGIN_DECLS
+void aes_key_wrap_set_key(FAR aes_key_wrap_ctx *,
                          FAR const u_int8_t *,
                          size_t);
 void aes_key_wrap_set_key_wrap_only(FAR aes_key_wrap_ctx *,
                                    FAR const u_int8_t *,
                                    size_t);
 void aes_key_wrap(FAR aes_key_wrap_ctx *,
                  FAR const u_int8_t *, size_t, FAR u_int8_t *);
 int aes_key_unwrap(FAR aes_key_wrap_ctx *,
                   FAR const u_int8_t *, FAR u_int8_t *, size_t);
-void	aes_key_wrap_set_key(aes_key_wrap_ctx *, const u_int8_t *, size_t);
+#endif /* __INCLUDE_CRYPTO_KEY_WRAP_H_ */
 void	aes_key_wrap_set_key_wrap_only(aes_key_wrap_ctx *, const u_int8_t *,
 	    size_t);
 void	aes_key_wrap(aes_key_wrap_ctx *, const u_int8_t *, size_t, u_int8_t *);
 int	aes_key_unwrap(aes_key_wrap_ctx *, const u_int8_t *, u_int8_t *,
 	    size_t);
 __END_DECLS
 #endif /* _KEY_WRAP_H_ */
@@ -1,6 +1,8 @@
-/*	$OpenBSD: md5.h,v 1.3 2014/11/16 17:39:09 tedu Exp $	*/
+/****************************************************************************
-
+ * include/crypto/md5.h
-/*
+ * $OpenBSD: md5.h,v 1.3 2014/11/16 17:39:09 tedu Exp $
 *
 *
 * This code implements the MD5 message-digest algorithm.
 * The algorithm is due to Ron Rivest.  This code was
 * written by Colin Plumb in 1993, no copyright is claimed.
@@ -10,29 +12,25 @@
 * This code has been tested against that, and is equivalent,
 * except that you don't need to include two pages of legalese
 * with every copy.
- */
+ *
 ****************************************************************************/
-#ifndef _MD5_H_
+#ifndef __INCLUDE_CRYPTO_MD5_H
-#define _MD5_H_
+#define __INCLUDE_CRYPTO_MD5_H
-#define	MD5_BLOCK_LENGTH		64
+#define MD5_BLOCK_LENGTH    64
-#define	MD5_DIGEST_LENGTH		16
+#define MD5_DIGEST_LENGTH   16
-typedef struct MD5Context {
+typedef struct MD5CONTEXT
-	u_int32_t state[4];			/* state */
+{
-	u_int64_t count;			/* number of bits, mod 2^64 */
+  uint32_t state[4];                 /* state */
-	u_int8_t buffer[MD5_BLOCK_LENGTH];	/* input buffer */
+  uint64_t count;                    /* number of bits, mod 2^64 */
  uint8_t buffer[MD5_BLOCK_LENGTH];  /* input buffer */
 } MD5_CTX;
-__BEGIN_DECLS
+void md5init(FAR MD5_CTX *);
-void	 MD5Init(MD5_CTX *);
+void md5update(FAR MD5_CTX *, FAR const void *, size_t);
-void	 MD5Update(MD5_CTX *, const void *, size_t)
+void md5final(FAR uint8_t *, FAR MD5_CTX *);
-		__attribute__((__bounded__(__string__,2,3)));
+void md5transform(FAR uint32_t *, FAR const uint8_t *);
 void	 MD5Final(u_int8_t [MD5_DIGEST_LENGTH], MD5_CTX *)
 		__attribute__((__bounded__(__minbytes__,1,MD5_DIGEST_LENGTH)));
 void	 MD5Transform(u_int32_t [4], const u_int8_t [MD5_BLOCK_LENGTH])
 		__attribute__((__bounded__(__minbytes__,1,4)))
 		__attribute__((__bounded__(__minbytes__,2,MD5_BLOCK_LENGTH)));
 __END_DECLS
-#endif /* _MD5_H_ */
+#endif /* __INCLUDE_CRYPTO_MD5_H */
@@ -1,27 +1,31 @@
-/*	$OpenBSD: poly1305.h,v 1.2 2020/07/22 13:54:30 tobhe Exp $	*/
+/****************************************************************************
-/*
+ * include/crypto/poly1305.h
 * $OpenBSD: poly1305.h,v 1.2 2020/07/22 13:54:30 tobhe Exp $
 *
 * Public Domain poly1305 from Andrew Moon
 *
 * poly1305 implementation using 32 bit * 32 bit = 64 bit multiplication
 * and 64 bit addition from https://github.com/floodyberry/poly1305-donna
- */
+ ****************************************************************************/
-#ifndef _POLY1305_H_
+#ifndef __INCLUDE_CRYPTO_POLY1305_H
-#define _POLY1305_H_
+#define __INCLUDE_CRYPTO_POLY1305_H
 #define poly1305_block_size 16
-typedef struct poly1305_state {
+typedef struct poly1305_state
-	unsigned long r[5];
+{
-	unsigned long h[5];
+  unsigned long r[5];
-	unsigned long pad[4];
+  unsigned long h[5];
-	size_t leftover;
+  unsigned long pad[4];
-	unsigned char buffer[poly1305_block_size];
+  size_t leftover;
-	unsigned char final;
+  unsigned char buffer[poly1305_block_size];
  unsigned char final;
 } poly1305_state;
-void	poly1305_init(poly1305_state *, const unsigned char[32]);
+void poly1305_init(FAR poly1305_state *, FAR const unsigned char *);
-void	poly1305_update(poly1305_state *, const unsigned char *, size_t);
+void poly1305_update(FAR poly1305_state *,
-void	poly1305_finish(poly1305_state *, unsigned char[16]);
+                     FAR const unsigned char *, size_t);
 void poly1305_finish(FAR poly1305_state *, FAR unsigned char *);
-#endif	/* _POLY1305_H_ */
+#endif /* __INCLUDE_CRYPTO_POLY1305_H */
@@ -1,6 +1,7 @@
-/*	$OpenBSD: rijndael.h,v 1.13 2008/06/09 07:49:45 djm Exp $ */
+/****************************************************************************
-
+ * include/crypto/rijndael.h
-/**
+ * $OpenBSD: rijndael.h,v 1.13 2008/06/09 07:49:45 djm Exp $
 *
 * rijndael-alg-fst.h
 *
 * @version 3.0 (December 2000)
@@ -24,35 +25,42 @@
 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
+ ****************************************************************************/
-#ifndef __RIJNDAEL_H
+
-#define __RIJNDAEL_H
+#ifndef __INCLUDE_CRYPTO_RIJNDAEL_H
 #define __INCLUDE_CRYPTO_RIJNDAEL_H
 #define AES_MAXKEYBITS  (256)
 #define AES_MAXKEYBYTES (AES_MAXKEYBITS / 8)
 #define AES_MAXKEYBITS	(256)
 #define AES_MAXKEYBYTES	(AES_MAXKEYBITS/8)
 /* for 256-bit keys, fewer for less */
 #define AES_MAXROUNDS	14
-typedef unsigned char	u8;
+#define AES_MAXROUNDS 14
 typedef unsigned short	u16;
 typedef unsigned int	u32;
 /*  The structure for key information */
-typedef struct {
+
-	int	enc_only;		/* context contains only encrypt schedule */
+typedef struct
-	int	Nr;			/* key-length-dependent number of rounds */
+{
-	u32	ek[4*(AES_MAXROUNDS + 1)];	/* encrypt key schedule */
+  int enc_only;                         /* context contains only encrypt schedule */
-	u32	dk[4*(AES_MAXROUNDS + 1)];	/* decrypt key schedule */
+  int nr;                               /* key-length-dependent number of rounds */
  uint32_t ek[4 * (AES_MAXROUNDS + 1)]; /* encrypt key schedule */
  uint32_t dk[4 * (AES_MAXROUNDS + 1)]; /* decrypt key schedule */
 } rijndael_ctx;
-int	 rijndael_set_key(rijndael_ctx *, const u_char *, int);
+int rijndael_set_key(FAR rijndael_ctx *, FAR const u_char *, int);
-int	 rijndael_set_key_enc_only(rijndael_ctx *, const u_char *, int);
+int rijndael_set_key_enc_only(FAR rijndael_ctx *, FAR const u_char *, int);
-void	 rijndael_decrypt(rijndael_ctx *, const u_char *, u_char *);
+void rijndael_decrypt(FAR rijndael_ctx *, FAR const u_char *, FAR u_char *);
-void	 rijndael_encrypt(rijndael_ctx *, const u_char *, u_char *);
+void rijndael_encrypt(FAR rijndael_ctx *, FAR const u_char *, FAR u_char *);
-int	rijndaelKeySetupEnc(unsigned int [], const unsigned char [], int);
+int rijndael_keysetupenc(unsigned int [],
-int	rijndaelKeySetupDec(unsigned int [], const unsigned char [], int);
+                         const unsigned char [],
-void	rijndaelEncrypt(const unsigned int [], int, const unsigned char [],
+                         int);
-	    unsigned char []);
+int rijndael_keysetupdec(unsigned int [],
                         const unsigned char [],
                         int);
 void rijndael_encrypt1(const unsigned int [],
                       int,
                       const unsigned char [],
                       unsigned char []);
-#endif /* __RIJNDAEL_H */
+#endif /* __INCLUDE_CRYPTO_RIJNDAEL_H */
@@ -1,5 +1,7 @@
-/*	$OpenBSD: rmd160.h,v 1.5 2009/07/05 19:33:46 millert Exp $	*/
+/****************************************************************************
-/*
+ * include/crypto/rmd160.h
 * $OpenBSD: rmd160.h,v 1.5 2009/07/05 19:33:46 millert Exp $
 *
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
@@ -21,29 +23,27 @@
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
+ ****************************************************************************/
 #ifndef  _RMD160_H
 #define  _RMD160_H
-#define RMD160_BLOCK_LENGTH		64
+#ifndef __INCLUDE_CRYPTO_RMD160_H
-#define RMD160_DIGEST_LENGTH		20
+#define __INCLUDE_CRYPTO_RMD160_H
 #define RMD160_BLOCK_LENGTH  64
 #define RMD160_DIGEST_LENGTH 20
 /* RMD160 context. */
-typedef struct RMD160Context {
+
-	u_int32_t state[5];			/* state */
+typedef struct RMD160CONTEXT
-	u_int64_t count;			/* number of bits, mod 2^64 */
+{
-	u_char buffer[RMD160_BLOCK_LENGTH];	/* input buffer */
+  uint32_t state[5];                  /* state */
  uint64_t count;                     /* number of bits, mod 2^64 */
  u_char buffer[RMD160_BLOCK_LENGTH]; /* input buffer */
 } RMD160_CTX;
-__BEGIN_DECLS
+void rmd160init(FAR RMD160_CTX *);
-void	 RMD160Init(RMD160_CTX *);
+void rmd160transform(FAR uint32_t *,
-void	 RMD160Transform(u_int32_t [5], const u_char [RMD160_BLOCK_LENGTH])
+                     FAR const u_char *);
-	     __attribute__((__bounded__(__minbytes__,1,5)))
+void rmd160update(FAR RMD160_CTX *, FAR const u_char *, uint32_t);
-	     __attribute__((__bounded__(__minbytes__,2,RMD160_BLOCK_LENGTH)));
+void rmd160final(FAR u_char *, FAR RMD160_CTX *);
 void	 RMD160Update(RMD160_CTX *, const u_char *, u_int32_t)
 	     __attribute__((__bounded__(__string__,2,3)));
 void	 RMD160Final(u_char [RMD160_DIGEST_LENGTH], RMD160_CTX *)
 	     __attribute__((__bounded__(__minbytes__,1,RMD160_DIGEST_LENGTH)));
 __END_DECLS
-#endif  /* _RMD160_H */
+#endif  /* __INCLUDE_CRYPTO_RMD160_H */
@@ -1,26 +1,31 @@
-/*	$OpenBSD: sha1.h,v 1.6 2014/11/16 17:39:09 tedu Exp $	*/
+/****************************************************************************
-
+ * include/crypto/sha1.h
-/*
+ * $OpenBSD: sha1.h,v 1.6 2014/11/16 17:39:09 tedu Exp $
 * SHA-1 in C
 * By Steve Reid <steve@edmweb.com>
 * 100% Public Domain
- */
+ ****************************************************************************/
-#ifndef _SHA1_H_
+#ifndef __INCLUDE_CRYPTO_SHA1_H
-#define _SHA1_H_
+#define __INCLUDE_CRYPTO_SHA1_H
-#define	SHA1_BLOCK_LENGTH		64
+#define SHA1_BLOCK_LENGTH  64
-#define	SHA1_DIGEST_LENGTH		20
+#define SHA1_DIGEST_LENGTH 20
-typedef struct {
+typedef struct
-	u_int32_t	state[5];
+{
-	u_int64_t	count;
+  uint32_t state[5];
-	unsigned char	buffer[SHA1_BLOCK_LENGTH];
+  uint64_t count;
  unsigned char buffer[SHA1_BLOCK_LENGTH];
 } SHA1_CTX;
 void SHA1Init(SHA1_CTX * context);
 void SHA1Transform(u_int32_t state[5], const unsigned char buffer[SHA1_BLOCK_LENGTH]);
 void SHA1Update(SHA1_CTX *context, const void *data, unsigned int len);
 void SHA1Final(unsigned char digest[SHA1_DIGEST_LENGTH], SHA1_CTX *context);
-#endif /* _SHA1_H_ */
+void sha1init(FAR SHA1_CTX * context);
 void sha1transform(FAR uint32_t *state,
                   FAR const unsigned char *buffer);
 void sha1update(FAR SHA1_CTX *context,
                FAR const void *data,
                unsigned int len);
 void sha1final(FAR unsigned char *digest,
               FAR SHA1_CTX *context);
 #endif /* __INCLUDE_CRYPTO_SHA1_H */
@@ -1,9 +1,10 @@
-/*	$OpenBSD: sha2.h,v 1.5 2014/11/16 17:39:09 tedu Exp $	*/
+/****************************************************************************
-
+ * include/crypto/sha2.h
-/*
+ * $OpenBSD: sha2.h,v 1.5 2014/11/16 17:39:09 tedu Exp $
- * FILE:	sha2.h
+ *
- * AUTHOR:	Aaron D. Gifford <me@aarongifford.com>
+ * FILE: sha2.h
- * 
+ * AUTHOR: Aaron D. Gifford <me@aarongifford.com>
 *
 * Copyright (c) 2000-2001, Aaron D. Gifford
 * All rights reserved.
 *
@@ -18,7 +19,7 @@
 * 3. Neither the name of the copyright holder nor the names of contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -32,52 +33,46 @@
 * SUCH DAMAGE.
 *
 * $From: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $
- */
+ ****************************************************************************/
-#ifndef _SHA2_H
+#ifndef __INCLUDE_CRYPTO_SHA2_H
-#define _SHA2_H
+#define __INCLUDE_CRYPTO_SHA2_H
 /* SHA-256/384/512 Various Length Definitions */
-/*** SHA-256/384/512 Various Length Definitions ***********************/
+#define SHA256_BLOCK_LENGTH         64
-#define SHA256_BLOCK_LENGTH		64
+#define SHA256_DIGEST_LENGTH        32
-#define SHA256_DIGEST_LENGTH		32
+#define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1)
-#define SHA256_DIGEST_STRING_LENGTH	(SHA256_DIGEST_LENGTH * 2 + 1)
+#define SHA384_BLOCK_LENGTH         128
-#define SHA384_BLOCK_LENGTH		128
+#define SHA384_DIGEST_LENGTH        48
-#define SHA384_DIGEST_LENGTH		48
+#define SHA384_DIGEST_STRING_LENGTH (SHA384_DIGEST_LENGTH * 2 + 1)
-#define SHA384_DIGEST_STRING_LENGTH	(SHA384_DIGEST_LENGTH * 2 + 1)
+#define SHA512_BLOCK_LENGTH         128
-#define SHA512_BLOCK_LENGTH		128
+#define SHA512_DIGEST_LENGTH        64
-#define SHA512_DIGEST_LENGTH		64
+#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1)
 #define SHA512_DIGEST_STRING_LENGTH	(SHA512_DIGEST_LENGTH * 2 + 1)
 /* SHA-256/384/512 Context Structure */
-/*** SHA-256/384/512 Context Structure *******************************/
+typedef struct _SHA2_CTX
-typedef struct _SHA2_CTX {
+{
-	union {
+  union
-		u_int32_t	st32[8];
+  {
-		u_int64_t	st64[8];
+    uint32_t st32[8];
-	} state;
+    uint64_t st64[8];
-	u_int64_t	bitcount[2];
+  } state;
-	u_int8_t	buffer[SHA512_BLOCK_LENGTH];
+  uint64_t bitcount[2];
  uint8_t buffer[SHA512_BLOCK_LENGTH];
 } SHA2_CTX;
-__BEGIN_DECLS
+void sha256init(FAR SHA2_CTX *);
-void SHA256Init(SHA2_CTX *);
+void sha256update(FAR SHA2_CTX *, FAR const void *, size_t);
-void SHA256Update(SHA2_CTX *, const void *, size_t)
+void sha256final(FAR uint8_t *, FAR SHA2_CTX *);
 	__attribute__((__bounded__(__string__,2,3)));
 void SHA256Final(u_int8_t[SHA256_DIGEST_LENGTH], SHA2_CTX *)
 	__attribute__((__bounded__(__minbytes__,1,SHA256_DIGEST_LENGTH)));
-void SHA384Init(SHA2_CTX *);
+void sha384init(FAR SHA2_CTX *);
-void SHA384Update(SHA2_CTX *, const void *, size_t)
+void sha384update(FAR SHA2_CTX *, FAR const void *, size_t);
-	__attribute__((__bounded__(__string__,2,3)));
+void sha384final(FAR uint8_t *, FAR SHA2_CTX *);
 void SHA384Final(u_int8_t[SHA384_DIGEST_LENGTH], SHA2_CTX *)
 	__attribute__((__bounded__(__minbytes__,1,SHA384_DIGEST_LENGTH)));
-void SHA512Init(SHA2_CTX *);
+void sha512init(FAR SHA2_CTX *);
-void SHA512Update(SHA2_CTX *, const void *, size_t)
+void sha512update(FAR SHA2_CTX *, FAR const void *, size_t);
-	__attribute__((__bounded__(__string__,2,3)));
+void sha512final(FAR uint8_t *, FAR SHA2_CTX *);
 void SHA512Final(u_int8_t[SHA512_DIGEST_LENGTH], SHA2_CTX *)
 	__attribute__((__bounded__(__minbytes__,1,SHA512_DIGEST_LENGTH)));
 __END_DECLS
-#endif /* _SHA2_H */
+#endif /* __INCLUDE_CRYPTO_SHA2_H */
@@ -1,5 +1,7 @@
-/* $OpenBSD: siphash.h,v 1.5 2015/02/20 11:51:03 tedu Exp $ */
+/****************************************************************************
-/*-
+ * include/crypto/siphash.h
 * $OpenBSD: siphash.h,v 1.5 2015/02/20 11:51:03 tedu Exp $
 *
 * Copyright (c) 2013 Andre Oppermann <andre@FreeBSD.org>
 * All rights reserved.
 *
@@ -28,60 +30,61 @@
 * SUCH DAMAGE.
 *
 * $FreeBSD$
- */
+ *
 ****************************************************************************/
-/*
+/* SipHash is a family of pseudorandom functions
- * SipHash is a family of pseudorandom functions (a.k.a. keyed hash functions)
+ * (a.k.a. keyed hash functions)
 * optimized for speed on short messages returning a 64bit hash/digest value.
 *
 * The number of rounds is defined during the initialization:
- *  SipHash24_Init() for the fast and resonable strong version
+ *  siphash24_init() for the fast and resonable strong version
- *  SipHash48_Init() for the strong version (half as fast)
+ *  siphash48_init() for the strong version (half as fast)
 *
 * struct SIPHASH_CTX ctx;
- * SipHash24_Init(&ctx);
+ * siphash24_init(&ctx);
- * SipHash_SetKey(&ctx, "16bytes long key");
+ * siphash_setkey(&ctx, "16bytes long key");
- * SipHash_Update(&ctx, pointer_to_string, length_of_string);
+ * siphash_update(&ctx, pointer_to_string, length_of_string);
- * SipHash_Final(output, &ctx);
+ * siphash_final(output, &ctx);
 */
-#ifndef _SIPHASH_H_
+#ifndef __INCLUDE_CRYPTO_SIPHASH_H_
-#define _SIPHASH_H_
+#define __INCLUDE_CRYPTO_SIPHASH_H_
-#define SIPHASH_BLOCK_LENGTH	 8
+#define SIPHASH_BLOCK_LENGTH  8
-#define SIPHASH_KEY_LENGTH	16
+#define SIPHASH_KEY_LENGTH    16
-#define SIPHASH_DIGEST_LENGTH	 8
+#define SIPHASH_DIGEST_LENGTH 8
-typedef struct _SIPHASH_CTX {
+typedef struct _SIPHASH_CTX
-	uint64_t	v[4];
+{
-	uint8_t	buf[SIPHASH_BLOCK_LENGTH];
+  uint64_t v[4];
-	uint32_t	bytes;
+  uint8_t buf[SIPHASH_BLOCK_LENGTH];
  uint32_t bytes;
 } SIPHASH_CTX;
-typedef struct {
+typedef struct
-	uint64_t	k0;
+{
-	uint64_t	k1;
+  uint64_t k0;
  uint64_t k1;
 } SIPHASH_KEY;
-void		SipHash_Init(SIPHASH_CTX *, const SIPHASH_KEY *);
+void siphash_init(FAR SIPHASH_CTX *, FAR const SIPHASH_KEY *);
-void		SipHash_Update(SIPHASH_CTX *, int, int, const void *, size_t)
+void siphash_update(FAR SIPHASH_CTX *, int, int, FAR const void *, size_t);
-		    __bounded((__buffer__, 4, 5));
+uint64_t siphash_end(FAR SIPHASH_CTX *, int, int);
-uint64_t	SipHash_End(SIPHASH_CTX *, int, int);
+void siphash_final(FAR void *, FAR SIPHASH_CTX *, int, int);
-void		SipHash_Final(void *, SIPHASH_CTX *, int, int)
+uint64_t siphash(FAR const SIPHASH_KEY *,
-		    __bounded((__minbytes__, 1, SIPHASH_DIGEST_LENGTH));
+                 int, int, FAR const void *, size_t);
 uint64_t	SipHash(const SIPHASH_KEY *, int, int, const void *, size_t)
 		    __bounded((__buffer__, 4, 5));
-#define SipHash24_Init(_c, _k)		SipHash_Init((_c), (_k))
+#define SipHash24_Init(_c, _k)        siphash_init((_c), (_k))
-#define SipHash24_Update(_c, _p, _l)	SipHash_Update((_c), 2, 4, (_p), (_l))
+#define SipHash24_Update(_c, _p, _l)  siphash_update((_c), 2, 4, (_p), (_l))
-#define SipHash24_End(_d)		SipHash_End((_d), 2, 4)
+#define SipHash24_End(_d)             siphash_end((_d), 2, 4)
-#define SipHash24_Final(_d, _c)		SipHash_Final((_d), (_c), 2, 4)
+#define SipHash24_Final(_d, _c)       siphash_final((_d), (_c), 2, 4)
-#define SipHash24(_k, _p, _l)		SipHash((_k), 2, 4, (_p), (_l))
+#define SipHash24(_k, _p, _l)         siphash((_k), 2, 4, (_p), (_l))
-#define SipHash48_Init(_c, _k)		SipHash_Init((_c), (_k))
+#define SipHash48_Init(_c, _k)        siphash_init((_c), (_k))
-#define SipHash48_Update(_c, _p, _l)	SipHash_Update((_c), 4, 8, (_p), (_l))
+#define SipHash48_Update(_c, _p, _l)  siphash_update((_c), 4, 8, (_p), (_l))
-#define SipHash48_End(_d)		SipHash_End((_d), 4, 8)
+#define SipHash48_End(_d)             siphash_end((_d), 4, 8)
-#define SipHash48_Final(_d, _c)		SipHash_Final((_d), (_c), 4, 8)
+#define SipHash48_Final(_d, _c)       siphash_final((_d), (_c), 4, 8)
-#define SipHash48(_k, _p, _l)		SipHash((_k), 4, 8, (_p), (_l))
+#define SipHash48(_k, _p, _l)         siphash((_k), 4, 8, (_p), (_l))
 #endif /* _SIPHASH_H_ */
@@ -1,6 +1,7 @@
-/*	$OpenBSD: xform.h,v 1.32 2021/10/22 12:30:53 bluhm Exp $	*/
+/****************************************************************************
-
+ * include/crypto/xform.h
-/*
+ * $OpenBSD: xform.h,v 1.32 2021/10/22 12:30:53 bluhm Exp $
 *
 * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
 *
 * This code was written by Angelos D. Keromytis in Athens, Greece, in
@@ -19,10 +20,14 @@
 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
 * PURPOSE.
- */
+ ****************************************************************************/
-#ifndef _CRYPTO_XFORM_H_
+#ifndef __INCLUDE_CRYPTO_XFORM_H
-#define _CRYPTO_XFORM_H_
+#define __INCLUDE_CRYPTO_XFORM_H
 /****************************************************************************
 * Included Files
 ****************************************************************************/
 #include <crypto/md5.h>
 #include <crypto/sha1.h>
@@ -30,58 +35,63 @@
 #include <crypto/sha2.h>
 #include <crypto/gmac.h>
-#define AESCTR_NONCESIZE	4
+#define AESCTR_NONCESIZE   4
-#define AESCTR_IVSIZE		8
+#define AESCTR_IVSIZE      8
-#define AESCTR_BLOCKSIZE	16
+#define AESCTR_BLOCKSIZE   16
-#define AES_XTS_BLOCKSIZE	16
+#define AES_XTS_BLOCKSIZE  16
-#define AES_XTS_IVSIZE		8
+#define AES_XTS_IVSIZE     8
-#define AES_XTS_ALPHA		0x87	/* GF(2^128) generator polynomial */
+#define AES_XTS_ALPHA      0x87 /* GF(2^128) generator polynomial */
 /* Declarations */
-struct auth_hash {
+
-	int type;
+struct auth_hash
-	char *name;
+{
-	u_int16_t keysize;
+  int type;
-	u_int16_t hashsize;
+  FAR char *name;
-	u_int16_t authsize;
+  uint16_t keysize;
-	u_int16_t ctxsize;
+  uint16_t hashsize;
-	u_int16_t blocksize;
+  uint16_t authsize;
-	void (*Init) (void *);
+  uint16_t ctxsize;
-	void (*Setkey) (void *, const u_int8_t *, u_int16_t);
+  uint16_t blocksize;
-	void (*Reinit) (void *, const u_int8_t *, u_int16_t);
+  CODE void (*init) (FAR void *);
-	int  (*Update) (void *, const u_int8_t *, u_int16_t);
+  CODE void (*setkey) (FAR void *, FAR const uint8_t *, uint16_t);
-	void (*Final) (u_int8_t *, void *);
+  CODE void (*reinit) (FAR void *, FAR const uint8_t *, uint16_t);
  CODE int  (*update) (FAR void *, FAR const uint8_t *, uint16_t);
  CODE void (*final) (FAR uint8_t *, FAR void *);
 };
-struct enc_xform {
+struct enc_xform
-	int type;
+{
-	char *name;
+  int type;
-	u_int16_t blocksize;
+  FAR char *name;
-	u_int16_t ivsize;
+  uint16_t blocksize;
-	u_int16_t minkey;
+  uint16_t ivsize;
-	u_int16_t maxkey;
+  uint16_t minkey;
-	u_int16_t ctxsize;
+  uint16_t maxkey;
-	void (*encrypt) (caddr_t, u_int8_t *);
+  uint16_t ctxsize;
-	void (*decrypt) (caddr_t, u_int8_t *);
+  CODE void (*encrypt) (caddr_t, FAR uint8_t *);
-	int  (*setkey) (void *, u_int8_t *, int len);
+  CODE void (*decrypt) (caddr_t, FAR uint8_t *);
-	void (*reinit) (caddr_t, u_int8_t *);
+  CODE int  (*setkey) (void *, FAR uint8_t *, int len);
  CODE void (*reinit) (caddr_t, FAR uint8_t *);
 };
-struct comp_algo {
+struct comp_algo
-	int type;
+{
-	char *name;
+  int type;
-	size_t minlen;
+  FAR char *name;
-	u_int32_t (*compress) (u_int8_t *, u_int32_t, u_int8_t **);
+  size_t minlen;
-	u_int32_t (*decompress) (u_int8_t *, u_int32_t, u_int8_t **);
+  CODE uint32_t (*compress) (FAR uint8_t *, uint32_t, FAR uint8_t **);
  CODE uint32_t (*decompress) (FAR uint8_t *, uint32_t, FAR uint8_t **);
 };
-union authctx {
+union authctx
-	MD5_CTX md5ctx;
+{
-	SHA1_CTX sha1ctx;
+  MD5_CTX md5ctx;
-	RMD160_CTX rmd160ctx;
+  SHA1_CTX sha1ctx;
-	SHA2_CTX sha2_ctx;
+  RMD160_CTX rmd160ctx;
-	AES_GMAC_CTX aes_gmac_ctx;
+  SHA2_CTX sha2_ctx;
  AES_GMAC_CTX aes_gmac_ctx;
 };
 extern const struct enc_xform enc_xform_3des;
@@ -108,4 +118,4 @@ extern const struct auth_hash auth_hash_chacha20_poly1305;
 extern const struct comp_algo comp_algo_deflate;
-#endif /* _CRYPTO_XFORM_H_ */
+#endif /* __INCLUDE_CRYPTO_XFORM_H */