changeset 641:2b1bb792cd4d dropbear-tfm

- Update tfm changes to current default tip
author Matt Johnston <matt@ucc.asn.au>
date Mon, 21 Nov 2011 19:52:28 +0800
parents 76097ec1a29a (diff) 452bcf810e44 (current diff)
children 33fd2f3499d2
files bignum.c buffer.c buffer.h cli-kex.c common-kex.c configure.in dbutil.h dropbearkey.c dss.c dss.h gendss.c genrsa.c includes.h kex.h options.h random.c rsa.c rsa.h session.h svr-kex.c
diffstat 22 files changed, 484 insertions(+), 503 deletions(-) [+]
line wrap: on
line diff
--- a/bignum.c	Thu Nov 10 18:17:00 2011 +0800
+++ b/bignum.c	Mon Nov 21 19:52:28 2011 +0800
@@ -22,52 +22,61 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-/* Contains helper functions for mp_int handling */
+/* Contains helper functions for fp_int handling */
 
 #include "includes.h"
 #include "dbutil.h"
 
-/* wrapper for mp_init, failing fatally on errors (memory allocation) */
-void m_mp_init(mp_int *mp) {
+/* wrapper for fp_init, failing fatally on errors (memory allocation) */
+void m_fp_init(fp_int *fp) {
 
-	if (mp_init(mp) != MP_OKAY) {
-		dropbear_exit("Mem alloc error");
-	}
+	fp_init(fp);
 }
 
-/* simplified duplication of bn_mp_multi's mp_init_multi, but die fatally
+/* simplified duplication of bn_fp_multi's fp_init_multi, but die fatally
  * on error */
-void m_mp_init_multi(mp_int *mp, ...) 
+void m_fp_init_multi(fp_int *fp, ...) 
 {
-    mp_int* cur_arg = mp;
+    fp_int* cur_arg = fp;
     va_list args;
 
-    va_start(args, mp);        /* init args to next argument from caller */
+    va_start(args, fp);        /* init args to next argument from caller */
     while (cur_arg != NULL) {
-        if (mp_init(cur_arg) != MP_OKAY) {
-			dropbear_exit("Mem alloc error");
-        }
-        cur_arg = va_arg(args, mp_int*);
+        fp_init(cur_arg);
+        cur_arg = va_arg(args, fp_int*);
     }
     va_end(args);
 }
 
-void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len) {
+/* simplified duplication of bn_fp_multi's fp_init_multi, but die fatally
+ * on error */
+void m_fp_zero_multi(fp_int *fp, ...) 
+{
+    fp_int* cur_arg = fp;
+    va_list args;
 
-	if (mp_read_unsigned_bin(mp, (unsigned char*)bytes, len) != MP_OKAY) {
-		dropbear_exit("Mem alloc error");
-	}
+    va_start(args, fp);        /* init args to next argument from caller */
+    while (cur_arg != NULL) {
+        fp_zero(cur_arg);
+        cur_arg = va_arg(args, fp_int*);
+    }
+    va_end(args);
 }
 
-/* hash the ssh representation of the mp_int mp */
-void sha1_process_mp(hash_state *hs, mp_int *mp) {
+void bytes_to_fp(fp_int *fp, const unsigned char* bytes, unsigned int len) {
+
+	fp_read_unsigned_bin(fp, (unsigned char*)bytes, len);
+}
+
+/* hash the ssh representation of the fp_int fp */
+void sha1_process_fp(hash_state *hs, fp_int *fp) {
 
 	int i;
 	buffer * buf;
 
 	buf = buf_new(512 + 20); /* max buffer is a 4096 bit key, 
 								plus header + some leeway*/
-	buf_putmpint(buf, mp);
+	buf_putfpint(buf, fp);
 	i = buf->pos;
 	buf_setpos(buf, 0);
 	sha1_process(hs, buf_getptr(buf, i), i);
--- a/bignum.h	Thu Nov 10 18:17:00 2011 +0800
+++ b/bignum.h	Mon Nov 21 19:52:28 2011 +0800
@@ -27,9 +27,10 @@
 
 #include "includes.h"
 
-void m_mp_init(mp_int *mp);
-void m_mp_init_multi(mp_int *mp, ...);
-void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len);
-void sha1_process_mp(hash_state *hs, mp_int *mp);
+void m_fp_init(fp_int *fp);
+void m_fp_init_multi(fp_int *fp, ...);
+void m_fp_zero_multi(fp_int *fp, ...);
+void bytes_to_fp(fp_int *fp, const unsigned char* bytes, unsigned int len);
+void sha1_process_fp(hash_state *hs, fp_int *fp);
 
 #endif /* _BIGNUM_H_ */
--- a/buffer.c	Thu Nov 10 18:17:00 2011 +0800
+++ b/buffer.c	Mon Nov 21 19:52:28 2011 +0800
@@ -37,6 +37,8 @@
 /* avoid excessively large numbers, > ~8192 bits */
 #define BUF_MAX_MPINT (8240 / 8)
 
+#define BUF_MAX_FPINT (FP_MAX_SIZE / 8)
+
 /* Create (malloc) a new buffer of size */
 buffer* buf_new(unsigned int size) {
 
@@ -279,24 +281,24 @@
 
 /* for our purposes we only need positive (or 0) numbers, so will
  * fail if we get negative numbers */
-void buf_putmpint(buffer* buf, mp_int * mp) {
+void buf_putfpint(buffer* buf, fp_int * fp) {
 
 	unsigned int len, pad = 0;
-	TRACE(("enter buf_putmpint"))
+	TRACE(("enter buf_putfpint"))
 
-	dropbear_assert(mp != NULL);
+	dropbear_assert(fp != NULL);
 
-	if (SIGN(mp) == MP_NEG) {
+	if (SIGN(fp) == FP_NEG) {
 		dropbear_exit("negative bignum");
 	}
 
 	/* zero check */
-	if (USED(mp) == 1 && DIGIT(mp, 0) == 0) {
+	if (USED(fp) == 1 && DIGIT(fp, 0) == 0) {
 		len = 0;
 	} else {
-		/* SSH spec requires padding for mpints with the MSB set, this code
-		 * implements it */
-		len = mp_count_bits(mp);
+		/* SSH spec requires padding for fpints with the MSB set, this code
+		 * ifplements it */
+		len = fp_count_bits(fp);
 		/* if the top bit of MSB is set, we need to pad */
 		pad = (len%8 == 0) ? 1 : 0;
 		len = len / 8 + 1; /* don't worry about rounding, we need it for
@@ -312,29 +314,29 @@
 		if (pad) {
 			buf_putbyte(buf, 0x00);
 		}
-		if (mp_to_unsigned_bin(mp, buf_getwriteptr(buf, len-pad)) != MP_OKAY) {
-			dropbear_exit("mpint error");
-		}
+ 		/* Should always succseed */ 
+		fp_to_unsigned_bin(fp, buf_getwriteptr(buf, len-pad)) ;
+
 		buf_incrwritepos(buf, len-pad);
 	}
 
-	TRACE(("leave buf_putmpint"))
+	TRACE(("leave buf_putfpint"))
 }
 
-/* Retrieve an mp_int from the buffer.
+/* Retrieve an fp_int from the buffer.
  * Will fail for -ve since they shouldn't be required here.
  * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
-int buf_getmpint(buffer* buf, mp_int* mp) {
+int buf_getfpint(buffer* buf, fp_int* fp) {
 
 	unsigned int len;
 	len = buf_getint(buf);
 	
 	if (len == 0) {
-		mp_zero(mp);
+		fp_zero(fp);
 		return DROPBEAR_SUCCESS;
 	}
 
-	if (len > BUF_MAX_MPINT) {
+	if (len > BUF_MAX_FPINT) {
 		return DROPBEAR_FAILURE;
 	}
 
@@ -343,9 +345,8 @@
 		return DROPBEAR_FAILURE;
 	}
 
-	if (mp_read_unsigned_bin(mp, buf_getptr(buf, len), len) != MP_OKAY) {
-		return DROPBEAR_FAILURE;
-	}
+	/** Should always succseed */
+	fp_read_unsigned_bin(fp, buf_getptr(buf, len), len);
 
 	buf_incrpos(buf, len);
 	return DROPBEAR_SUCCESS;
--- a/buffer.h	Thu Nov 10 18:17:00 2011 +0800
+++ b/buffer.h	Mon Nov 21 19:52:28 2011 +0800
@@ -60,8 +60,8 @@
 void buf_putint(buffer* buf, unsigned int val);
 void buf_putstring(buffer* buf, const unsigned char* str, unsigned int len);
 void buf_putbytes(buffer *buf, const unsigned char *bytes, unsigned int len);
-void buf_putmpint(buffer* buf, mp_int * mp);
-int buf_getmpint(buffer* buf, mp_int* mp);
+void buf_putfpint(buffer* buf, fp_int * fp);
+int buf_getfpint(buffer* buf, fp_int* fp);
 unsigned int buf_getint(buffer* buf);
 
 #endif /* _BUFFER_H_ */
--- a/cli-kex.c	Thu Nov 10 18:17:00 2011 +0800
+++ b/cli-kex.c	Mon Nov 21 19:52:28 2011 +0800
@@ -43,15 +43,15 @@
 
 void send_msg_kexdh_init() {
 
-	cli_ses.dh_e = (mp_int*)m_malloc(sizeof(mp_int));
-	cli_ses.dh_x = (mp_int*)m_malloc(sizeof(mp_int));
-	m_mp_init_multi(cli_ses.dh_e, cli_ses.dh_x, NULL);
+	cli_ses.dh_e = (fp_int*)m_malloc(sizeof(fp_int));
+	cli_ses.dh_x = (fp_int*)m_malloc(sizeof(fp_int));
+	m_fp_init_multi(cli_ses.dh_e, cli_ses.dh_x, NULL);
 
 	gen_kexdh_vals(cli_ses.dh_e, cli_ses.dh_x);
 
 	CHECKCLEARTOWRITE();
 	buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT);
-	buf_putmpint(ses.writepayload, cli_ses.dh_e);
+	buf_putfpint(ses.writepayload, cli_ses.dh_e);
 	encrypt_packet();
 	ses.requirenext = SSH_MSG_KEXDH_REPLY;
 }
@@ -59,7 +59,7 @@
 /* Handle a diffie-hellman key exchange reply. */
 void recv_msg_kexdh_reply() {
 
-	DEF_MP_INT(dh_f);
+	DEF_FP_INT(dh_f);
 	sign_key *hostkey = NULL;
 	unsigned int type, keybloblen;
 	unsigned char* keyblob = NULL;
@@ -70,7 +70,7 @@
 	if (cli_ses.kex_state != KEXDH_INIT_SENT) {
 		dropbear_exit("Received out-of-order kexdhreply");
 	}
-	m_mp_init(&dh_f);
+	m_fp_init(&dh_f);
 	type = ses.newkeys->algo_hostkey;
 	TRACE(("type is %d", type))
 
@@ -88,14 +88,15 @@
 		dropbear_exit("Bad KEX packet");
 	}
 
-	if (buf_getmpint(ses.payload, &dh_f) != DROPBEAR_SUCCESS) {
-		TRACE(("failed getting mpint"))
+	if (buf_getfpint(ses.payload, &dh_f) != DROPBEAR_SUCCESS) {
+		TRACE(("failed getting fpint"))
 		dropbear_exit("Bad KEX packet");
 	}
 
 	kexdh_comb_key(cli_ses.dh_e, cli_ses.dh_x, &dh_f, hostkey);
-	mp_clear(&dh_f);
-	mp_clear_multi(cli_ses.dh_e, cli_ses.dh_x, NULL);
+	fp_zero(&dh_f);
+	fp_zero(cli_ses.dh_e);
+	fp_zero(cli_ses.dh_x);
 	m_free(cli_ses.dh_e);
 	m_free(cli_ses.dh_x);
 
--- a/common-kex.c	Thu Nov 10 18:17:00 2011 +0800
+++ b/common-kex.c	Mon Nov 21 19:52:28 2011 +0800
@@ -297,8 +297,8 @@
 	/* the dh_K and hash are the start of all hashes, we make use of that */
 
 	sha1_init(&hs);
-	sha1_process_mp(&hs, ses.dh_K);
-	mp_clear(ses.dh_K);
+	sha1_process_fp(&hs, ses.dh_K);
+	fp_zero(ses.dh_K);
 	m_free(ses.dh_K);
 	sha1_process(&hs, ses.hash, SHA1_HASH_SIZE);
 	m_burn(ses.hash, SHA1_HASH_SIZE);
@@ -523,10 +523,10 @@
 {
 	switch (ses.newkeys->algo_kex) {
 		case DROPBEAR_KEX_DH_GROUP1:
-			bytes_to_mp(dh_p, dh_p_1, DH_P_1_LEN);
+			bytes_to_fp(dh_p, dh_p_1, DH_P_1_LEN);
 			break;
 		case DROPBEAR_KEX_DH_GROUP14:
-			bytes_to_mp(dh_p, dh_p_14, DH_P_14_LEN);
+			bytes_to_fp(dh_p, dh_p_14, DH_P_14_LEN);
 			break;
 	}
 }
@@ -534,72 +534,67 @@
 /* Initialises and generate one side of the diffie-hellman key exchange values.
  * See the transport rfc 4253 section 8 for details */
 /* dh_pub and dh_priv MUST be already initialised */
-void gen_kexdh_vals(mp_int *dh_pub, mp_int *dh_priv) {
+void gen_kexdh_vals(fp_int *dh_pub, fp_int *dh_priv) {
 
-	DEF_MP_INT(dh_p);
-	DEF_MP_INT(dh_q);
-	DEF_MP_INT(dh_g);
+	DEF_FP_INT(dh_p);
+	DEF_FP_INT(dh_q);
+	DEF_FP_INT(dh_g);
 
 	TRACE(("enter send_msg_kexdh_reply"))
 	
-	m_mp_init_multi(&dh_g, &dh_p, &dh_q, NULL);
+	m_fp_init_multi(&dh_g, &dh_p, &dh_q, NULL);
 
 	/* read the prime and generator*/
 	load_dh_p(&dh_p);
 	
-	if (mp_set_int(&dh_g, DH_G_VAL) != MP_OKAY) {
-		dropbear_exit("Diffie-Hellman error");
-	}
+	fp_set(&dh_g, DH_G_VAL);
 
 	/* calculate q = (p-1)/2 */
 	/* dh_priv is just a temp var here */
-	if (mp_sub_d(&dh_p, 1, dh_priv) != MP_OKAY) { 
-		dropbear_exit("Diffie-Hellman error");
-	}
-	if (mp_div_2(dh_priv, &dh_q) != MP_OKAY) {
-		dropbear_exit("Diffie-Hellman error");
-	}
+	fp_sub_d(&dh_p, 1, dh_priv);
+
+	fp_div_2(dh_priv, &dh_q);
 
 	/* Generate a private portion 0 < dh_priv < dh_q */
-	gen_random_mpint(&dh_q, dh_priv);
+	gen_random_fpint(&dh_q, dh_priv);
 
 	/* f = g^y mod p */
-	if (mp_exptmod(&dh_g, dh_priv, &dh_p, dh_pub) != MP_OKAY) {
+	if (fp_exptmod(&dh_g, dh_priv, &dh_p, dh_pub) != FP_OKAY) {
 		dropbear_exit("Diffie-Hellman error");
 	}
-	mp_clear_multi(&dh_g, &dh_p, &dh_q, NULL);
+	m_fp_zero_multi(&dh_g, &dh_p, &dh_q, NULL);
 }
 
 /* This function is fairly common between client/server, with some substitution
  * of dh_e/dh_f etc. Hence these arguments:
  * dh_pub_us is 'e' for the client, 'f' for the server. dh_pub_them is 
  * vice-versa. dh_priv is the x/y value corresponding to dh_pub_us */
-void kexdh_comb_key(mp_int *dh_pub_us, mp_int *dh_priv, mp_int *dh_pub_them,
+void kexdh_comb_key(fp_int *dh_pub_us, fp_int *dh_priv, fp_int *dh_pub_them,
 		sign_key *hostkey) {
 
-	mp_int dh_p;
-	mp_int *dh_e = NULL, *dh_f = NULL;
+	fp_int dh_p;
+	fp_int *dh_e = NULL, *dh_f = NULL;
 	hash_state hs;
 
 	/* read the prime and generator*/
-	m_mp_init(&dh_p);
+	m_fp_init(&dh_p);
 	load_dh_p(&dh_p);
 
 	/* Check that dh_pub_them (dh_e or dh_f) is in the range [1, p-1] */
-	if (mp_cmp(dh_pub_them, &dh_p) != MP_LT 
-			|| mp_cmp_d(dh_pub_them, 0) != MP_GT) {
+	if (fp_cmp(dh_pub_them, &dh_p) != FP_LT 
+			|| fp_cmp_d(dh_pub_them, 0) != FP_GT) {
 		dropbear_exit("Diffie-Hellman error");
 	}
 	
 	/* K = e^y mod p = f^x mod p */
-	ses.dh_K = (mp_int*)m_malloc(sizeof(mp_int));
-	m_mp_init(ses.dh_K);
-	if (mp_exptmod(dh_pub_them, dh_priv, &dh_p, ses.dh_K) != MP_OKAY) {
+	ses.dh_K = (fp_int*)m_malloc(sizeof(fp_int));
+	m_fp_init(ses.dh_K);
+	if (fp_exptmod(dh_pub_them, dh_priv, &dh_p, ses.dh_K) != FP_OKAY) {
 		dropbear_exit("Diffie-Hellman error");
 	}
 
 	/* clear no longer needed vars */
-	mp_clear_multi(&dh_p, NULL);
+	m_fp_zero_multi(&dh_p, NULL);
 
 	/* From here on, the code needs to work with the _same_ vars on each side,
 	 * not vice-versaing for client/server */
@@ -615,11 +610,11 @@
 	/* K_S, the host key */
 	buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey);
 	/* e, exchange value sent by the client */
-	buf_putmpint(ses.kexhashbuf, dh_e);
+	buf_putfpint(ses.kexhashbuf, dh_e);
 	/* f, exchange value sent by the server */
-	buf_putmpint(ses.kexhashbuf, dh_f);
+	buf_putfpint(ses.kexhashbuf, dh_f);
 	/* K, the shared secret */
-	buf_putmpint(ses.kexhashbuf, ses.dh_K);
+	buf_putfpint(ses.kexhashbuf, ses.dh_K);
 
 	/* calculate the hash H to sign */
 	sha1_init(&hs);
@@ -649,8 +644,8 @@
 	algo_type * s2c_hash_algo = NULL;
 	algo_type * c2s_cipher_algo = NULL;
 	algo_type * s2c_cipher_algo = NULL;
-	algo_type * c2s_comp_algo = NULL;
-	algo_type * s2c_comp_algo = NULL;
+	algo_type * c2s_cofp_algo = NULL;
+	algo_type * s2c_cofp_algo = NULL;
 	/* the generic one */
 	algo_type * algo = NULL;
 
@@ -718,20 +713,30 @@
 	TRACE(("hash s2c is  %s", s2c_hash_algo->name))
 
 	/* compression_algorithms_client_to_server */
+<<<<<<< mine
+	c2s_cofp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess);
+	if (c2s_cofp_algo == NULL) {
+=======
 	c2s_comp_algo = ses.buf_match_algo(ses.payload, ses.compress_algos, &goodguess);
 	if (c2s_comp_algo == NULL) {
+>>>>>>> theirs
 		erralgo = "comp c->s";
 		goto error;
 	}
-	TRACE(("hash c2s is  %s", c2s_comp_algo->name))
+	TRACE(("hash c2s is  %s", c2s_cofp_algo->name))
 
 	/* compression_algorithms_server_to_client */
+<<<<<<< mine
+	s2c_cofp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess);
+	if (s2c_cofp_algo == NULL) {
+=======
 	s2c_comp_algo = ses.buf_match_algo(ses.payload, ses.compress_algos, &goodguess);
 	if (s2c_comp_algo == NULL) {
+>>>>>>> theirs
 		erralgo = "comp s->c";
 		goto error;
 	}
-	TRACE(("hash s2c is  %s", s2c_comp_algo->name))
+	TRACE(("hash s2c is  %s", s2c_cofp_algo->name))
 
 	/* languages_client_to_server */
 	buf_eatstring(ses.payload);
@@ -762,8 +767,13 @@
 			(struct dropbear_hash*)s2c_hash_algo->data;
 		ses.newkeys->trans.algo_mac = 
 			(struct dropbear_hash*)c2s_hash_algo->data;
+<<<<<<< mine
+		ses.newkeys->recv_algo_comp = s2c_cofp_algo->val;
+		ses.newkeys->trans_algo_comp = c2s_cofp_algo->val;
+=======
 		ses.newkeys->recv.algo_comp = s2c_comp_algo->val;
 		ses.newkeys->trans.algo_comp = c2s_comp_algo->val;
+>>>>>>> theirs
 	} else {
 		/* SERVER */
 		ses.newkeys->recv.algo_crypt = 
@@ -778,8 +788,13 @@
 			(struct dropbear_hash*)c2s_hash_algo->data;
 		ses.newkeys->trans.algo_mac = 
 			(struct dropbear_hash*)s2c_hash_algo->data;
+<<<<<<< mine
+		ses.newkeys->recv_algo_comp = c2s_cofp_algo->val;
+		ses.newkeys->trans_algo_comp = s2c_cofp_algo->val;
+=======
 		ses.newkeys->recv.algo_comp = c2s_comp_algo->val;
 		ses.newkeys->trans.algo_comp = s2c_comp_algo->val;
+>>>>>>> theirs
 	}
 
 	/* reserved for future extensions */
--- a/configure.in	Thu Nov 10 18:17:00 2011 +0800
+++ b/configure.in	Mon Nov 21 19:52:28 2011 +0800
@@ -82,8 +82,7 @@
 	],,,)
 
 # Checks for libraries.
-AC_CHECK_LIB(crypt, crypt, CRYPTLIB="-lcrypt")
-AC_SUBST(CRYPTLIB)	
+AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
 
 # Check if zlib is needed
 AC_ARG_WITH(zlib,
@@ -146,7 +145,6 @@
 		if test "x$enableval" = "xyes"; then
 			AC_CHECK_LIB(pam, pam_authenticate, , AC_MSG_ERROR([*** PAM missing - install first or check config.log ***]))
 			AC_MSG_NOTICE(Enabling PAM)
-			AC_CHECK_FUNCS(pam_fail_delay)
 		else
 			AC_DEFINE(DISABLE_PAM,, Use PAM)
 			AC_MSG_NOTICE(Disabling PAM)
@@ -363,25 +361,6 @@
 AC_CHECK_FUNCS(setutxent utmpxname)
 AC_CHECK_FUNCS(logout updwtmp logwtmp)
 
-AC_ARG_ENABLE(bundled-libtom,
-	[  --enable-bundled-libtom       Use bundled libtomcrypt/libtommath even if a system version exists],
-	[ 
-		BUNDLED_LIBTOM=1
-		AC_MSG_NOTICE(Forcing bundled libtom*)
-	],
-	[
-		BUNDLED_LIBTOM=0
-		AC_CHECK_LIB(tomcrypt, register_cipher, , BUNDLED_LIBTOM=1)
-		AC_CHECK_LIB(tommath, mp_exptmod, , BUNDLED_LIBTOM=1)
-	]
-)
-
-if test $BUNDLED_LIBTOM = 1 ; then
-	AC_DEFINE(BUNDLED_LIBTOM,,Use bundled libtom) 
-fi
-
-AC_SUBST(BUNDLED_LIBTOM)
-
 dnl Added from OpenSSH 3.6.1p2's configure.ac
 
 dnl allow user to disable some login recording features
@@ -689,14 +668,6 @@
 AC_CONFIG_HEADER(config.h)
 AC_OUTPUT(Makefile)
 AC_OUTPUT(libtomcrypt/Makefile)
-AC_OUTPUT(libtommath/Makefile)
-
-AC_MSG_NOTICE()
-if test $BUNDLED_LIBTOM = 1 ; then
-AC_MSG_NOTICE(Using bundled libtomcrypt and libtommath)
-else
-AC_MSG_NOTICE(Using system libtomcrypt and libtommath)
-fi
-
+#AC_OUTPUT(libtommath/Makefile)
 AC_MSG_NOTICE()
 AC_MSG_NOTICE(Now edit options.h to choose features.)
--- a/dbutil.h	Thu Nov 10 18:17:00 2011 +0800
+++ b/dbutil.h	Mon Nov 21 19:52:28 2011 +0800
@@ -90,8 +90,8 @@
 void disallow_core();
 int m_str_to_uint(const char* str, unsigned int *val);
 
-/* Used to force mp_ints to be initialised */
-#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL}
+/* Used to force fp_ints to be initialised */
+#define DEF_FP_INT(X) fp_int X = {{},0, 0}
 
 /* Dropbear assertion */
 #define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0)
--- a/dropbearkey.c	Thu Nov 10 18:17:00 2011 +0800
+++ b/dropbearkey.c	Mon Nov 21 19:52:28 2011 +0800
@@ -29,19 +29,19 @@
 
  * RSA:
  * string	"ssh-rsa"
- * mp_int	e
- * mp_int	n
- * mp_int	d
- * mp_int	p (newer versions only)
- * mp_int	q (newer versions only) 
+ * fp_int	e
+ * fp_int	n
+ * fp_int	d
+ * fp_int	p (newer versions only)
+ * fp_int	q (newer versions only) 
  *
  * DSS:
  * string	"ssh-dss"
- * mp_int	p
- * mp_int	q
- * mp_int	g
- * mp_int	y
- * mp_int	x
+ * fp_int	p
+ * fp_int	q
+ * fp_int	g
+ * fp_int	y
+ * fp_int	x
  *
  */
 #include "includes.h"
--- a/dss.c	Thu Nov 10 18:17:00 2011 +0800
+++ b/dss.c	Mon Nov 21 19:52:28 2011 +0800
@@ -43,27 +43,30 @@
  * The key will have the same format as buf_put_dss_key.
  * These should be freed with dss_key_free.
  * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
-int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key) {
+int buf_get_dss_pub_key(buffer* buf, dss_key *key) {
 
 	TRACE(("enter buf_get_dss_pub_key"))
 	dropbear_assert(key != NULL);
-	key->p = m_malloc(sizeof(mp_int));
-	key->q = m_malloc(sizeof(mp_int));
-	key->g = m_malloc(sizeof(mp_int));
-	key->y = m_malloc(sizeof(mp_int));
-	m_mp_init_multi(key->p, key->q, key->g, key->y, NULL);
+	key->p = m_malloc(sizeof(fp_int));
+	key->q = m_malloc(sizeof(fp_int));
+	key->g = m_malloc(sizeof(fp_int));
+	key->y = m_malloc(sizeof(fp_int));
+	fp_init(key->p);
+	fp_init(key->q);
+	fp_init(key->g);
+	fp_init(key->y);
 	key->x = NULL;
 
 	buf_incrpos(buf, 4+SSH_SIGNKEY_DSS_LEN); /* int + "ssh-dss" */
-	if (buf_getmpint(buf, key->p) == DROPBEAR_FAILURE
-	 || buf_getmpint(buf, key->q) == DROPBEAR_FAILURE
-	 || buf_getmpint(buf, key->g) == DROPBEAR_FAILURE
-	 || buf_getmpint(buf, key->y) == DROPBEAR_FAILURE) {
-		TRACE(("leave buf_get_dss_pub_key: failed reading mpints"))
+	if (buf_getfpint(buf, key->p) == DROPBEAR_FAILURE
+	 || buf_getfpint(buf, key->q) == DROPBEAR_FAILURE
+	 || buf_getfpint(buf, key->g) == DROPBEAR_FAILURE
+	 || buf_getfpint(buf, key->y) == DROPBEAR_FAILURE) {
+		TRACE(("leave buf_get_dss_pub_key: failed reading fpints"))
 		return DROPBEAR_FAILURE;
 	}
 
-	if (mp_count_bits(key->p) < MIN_DSS_KEYLEN) {
+	if (fp_count_bits(key->p) < MIN_DSS_KEYLEN) {
 		dropbear_log(LOG_WARNING, "DSS key too short");
 		TRACE(("leave buf_get_dss_pub_key: short key"))
 		return DROPBEAR_FAILURE;
@@ -76,7 +79,7 @@
 /* Same as buf_get_dss_pub_key, but reads a private "x" key at the end.
  * Loads a private dss key from a buffer
  * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
-int buf_get_dss_priv_key(buffer* buf, dropbear_dss_key *key) {
+int buf_get_dss_priv_key(buffer* buf, dss_key *key) {
 
 	int ret = DROPBEAR_FAILURE;
 
@@ -87,9 +90,9 @@
 		return DROPBEAR_FAILURE;
 	}
 
-	key->x = m_malloc(sizeof(mp_int));
-	m_mp_init(key->x);
-	ret = buf_getmpint(buf, key->x);
+	key->x = m_malloc(sizeof(fp_int));
+	m_fp_init(key->x);
+	ret = buf_getfpint(buf, key->x);
 	if (ret == DROPBEAR_FAILURE) {
 		m_free(key->x);
 	}
@@ -99,7 +102,7 @@
 	
 
 /* Clear and free the memory used by a public or private key */
-void dss_key_free(dropbear_dss_key *key) {
+void dss_key_free(dss_key *key) {
 
 	TRACE(("enter dsa_key_free"))
 	if (key == NULL) {
@@ -107,23 +110,23 @@
 		return;
 	}
 	if (key->p) {
-		mp_clear(key->p);
+		fp_zero(key->p);
 		m_free(key->p);
 	}
 	if (key->q) {
-		mp_clear(key->q);
+		fp_zero(key->q);
 		m_free(key->q);
 	}
 	if (key->g) {
-		mp_clear(key->g);
+		fp_zero(key->g);
 		m_free(key->g);
 	}
 	if (key->y) {
-		mp_clear(key->y);
+		fp_zero(key->y);
 		m_free(key->y);
 	}
 	if (key->x) {
-		mp_clear(key->x);
+		fp_zero(key->x);
 		m_free(key->x);
 	}
 	m_free(key);
@@ -133,51 +136,54 @@
 /* put the dss public key into the buffer in the required format:
  *
  * string	"ssh-dss"
- * mpint	p
- * mpint	q
- * mpint	g
- * mpint	y
+ * fpint	p
+ * fpint	q
+ * fpint	g
+ * fpint	y
  */
-void buf_put_dss_pub_key(buffer* buf, dropbear_dss_key *key) {
+void buf_put_dss_pub_key(buffer* buf, dss_key *key) {
 
 	dropbear_assert(key != NULL);
 	buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN);
-	buf_putmpint(buf, key->p);
-	buf_putmpint(buf, key->q);
-	buf_putmpint(buf, key->g);
-	buf_putmpint(buf, key->y);
+	buf_putfpint(buf, key->p);
+	buf_putfpint(buf, key->q);
+	buf_putfpint(buf, key->g);
+	buf_putfpint(buf, key->y);
 
 }
 
 /* Same as buf_put_dss_pub_key, but with the private "x" key appended */
-void buf_put_dss_priv_key(buffer* buf, dropbear_dss_key *key) {
+void buf_put_dss_priv_key(buffer* buf, dss_key *key) {
 
 	dropbear_assert(key != NULL);
 	buf_put_dss_pub_key(buf, key);
-	buf_putmpint(buf, key->x);
+	buf_putfpint(buf, key->x);
 
 }
 
 #ifdef DROPBEAR_SIGNKEY_VERIFY
 /* Verify a DSS signature (in buf) made on data by the key given. 
  * returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
-int buf_dss_verify(buffer* buf, dropbear_dss_key *key, const unsigned char* data,
+int buf_dss_verify(buffer* buf, dss_key *key, const unsigned char* data,
 		unsigned int len) {
 
 	unsigned char msghash[SHA1_HASH_SIZE];
 	hash_state hs;
 	int ret = DROPBEAR_FAILURE;
-	DEF_MP_INT(val1);
-	DEF_MP_INT(val2);
-	DEF_MP_INT(val3);
-	DEF_MP_INT(val4);
+	DEF_FP_INT(val1);
+	DEF_FP_INT(val2);
+	DEF_FP_INT(val3);
+	DEF_FP_INT(val4);
 	char * string = NULL;
 	int stringlen;
 
 	TRACE(("enter buf_dss_verify"))
 	dropbear_assert(key != NULL);
 
-	m_mp_init_multi(&val1, &val2, &val3, &val4, NULL);
+	fp_init(&val1);
+	fp_init(&val2);
+	fp_init(&val3);
+	fp_init(&val4);
 
 	/* get blob, check length */
 	string = buf_getstring(buf, &stringlen);
@@ -193,64 +199,64 @@
 	/* create the signature - s' and r' are the received signatures in buf */
 	/* w = (s')-1 mod q */
 	/* let val1 = s' */
-	bytes_to_mp(&val1, &string[SHA1_HASH_SIZE], SHA1_HASH_SIZE);
+	bytes_to_fp(&val1, &string[SHA1_HASH_SIZE], SHA1_HASH_SIZE);
 
-	if (mp_cmp(&val1, key->q) != MP_LT) {
+	if (fp_cmp(&val1, key->q) != FP_LT) {
 		TRACE(("verify failed, s' >= q"))
 		goto out;
 	}
 	/* let val2 = w = (s')^-1 mod q*/
-	if (mp_invmod(&val1, key->q, &val2) != MP_OKAY) {
+	if (fp_invmod(&val1, key->q, &val2) != FP_OKAY) {
 		goto out;
 	}
 
 	/* u1 = ((SHA(M')w) mod q */
 	/* let val1 = SHA(M') = msghash */
-	bytes_to_mp(&val1, msghash, SHA1_HASH_SIZE);
+	bytes_to_fp(&val1, msghash, SHA1_HASH_SIZE);
 
 	/* let val3 = u1 = ((SHA(M')w) mod q */
-	if (mp_mulmod(&val1, &val2, key->q, &val3) != MP_OKAY) {
+	if (fp_mulmod(&val1, &val2, key->q, &val3) != FP_OKAY) {
 		goto out;
 	}
 
 	/* u2 = ((r')w) mod q */
 	/* let val1 = r' */
-	bytes_to_mp(&val1, &string[0], SHA1_HASH_SIZE);
-	if (mp_cmp(&val1, key->q) != MP_LT) {
+	bytes_to_fp(&val1, &string[0], SHA1_HASH_SIZE);
+	if (fp_cmp(&val1, key->q) != FP_LT) {
 		TRACE(("verify failed, r' >= q"))
 		goto out;
 	}
 	/* let val4 = u2 = ((r')w) mod q */
-	if (mp_mulmod(&val1, &val2, key->q, &val4) != MP_OKAY) {
+	if (fp_mulmod(&val1, &val2, key->q, &val4) != FP_OKAY) {
 		goto out;
 	}
 
 	/* v = (((g)^u1 (y)^u2) mod p) mod q */
 	/* val2 = g^u1 mod p */
-	if (mp_exptmod(key->g, &val3, key->p, &val2) != MP_OKAY) {
+	if (fp_exptmod(key->g, &val3, key->p, &val2) != FP_OKAY) {
 		goto out;
 	}
 	/* val3 = y^u2 mod p */
-	if (mp_exptmod(key->y, &val4, key->p, &val3) != MP_OKAY) {
+	if (fp_exptmod(key->y, &val4, key->p, &val3) != FP_OKAY) {
 		goto out;
 	}
 	/* val4 = ((g)^u1 (y)^u2) mod p */
-	if (mp_mulmod(&val2, &val3, key->p, &val4) != MP_OKAY) {
+	if (fp_mulmod(&val2, &val3, key->p, &val4) != FP_OKAY) {
 		goto out;
 	}
 	/* val2 = v = (((g)^u1 (y)^u2) mod p) mod q */
-	if (mp_mod(&val4, key->q, &val2) != MP_OKAY) {
+	if (fp_mod(&val4, key->q, &val2) != FP_OKAY) {
 		goto out;
 	}
 	
 	/* check whether signatures verify */
-	if (mp_cmp(&val2, &val1) == MP_EQ) {
+	if (fp_cmp(&val2, &val1) == FP_EQ) {
 		/* good sig */
 		ret = DROPBEAR_SUCCESS;
 	}
 
 out:
-	mp_clear_multi(&val1, &val2, &val3, &val4, NULL);
+	m_fp_zero_multi(&val1, &val2, &val3, &val4, NULL);
 	m_free(string);
 
 	return ret;
@@ -262,16 +268,14 @@
 /* convert an unsigned mp into an array of bytes, malloced.
  * This array must be freed after use, len contains the length of the array,
  * if len != NULL */
-static unsigned char* mptobytes(mp_int *mp, int *len) {
+static unsigned char* fptobytes(fp_int *mp, int *len) {
 	
 	unsigned char* ret;
 	int size;
 
-	size = mp_unsigned_bin_size(mp);
+	size = fp_unsigned_bin_size(mp);
 	ret = m_malloc(size);
-	if (mp_to_unsigned_bin(mp, ret) != MP_OKAY) {
-		dropbear_exit("Mem alloc error");
-	}
+	fp_to_unsigned_bin(mp, ret);
 	if (len != NULL) {
 		*len = size;
 	}
@@ -292,7 +296,7 @@
  *
  * Now we aren't relying on the random number generation to protect the private
  * key x, which is a long term secret */
-void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, const unsigned char* data,
+void buf_put_dss_sign(buffer* buf, dss_key *key, const unsigned char* data,
 		unsigned int len) {
 
 	unsigned char msghash[SHA1_HASH_SIZE];
@@ -302,14 +306,14 @@
 	unsigned char privkeyhash[SHA512_HASH_SIZE];
 	unsigned char *privkeytmp;
 	unsigned char proto_k[SHA512_HASH_SIZE];
-	DEF_MP_INT(dss_protok);
+	DEF_FP_INT(dss_protok);
 #endif
-	DEF_MP_INT(dss_k);
-	DEF_MP_INT(dss_m);
-	DEF_MP_INT(dss_temp1);
-	DEF_MP_INT(dss_temp2);
-	DEF_MP_INT(dss_r);
-	DEF_MP_INT(dss_s);
+	DEF_FP_INT(dss_k);
+	DEF_FP_INT(dss_m);
+	DEF_FP_INT(dss_temp1);
+	DEF_FP_INT(dss_temp2);
+	DEF_FP_INT(dss_r);
+	DEF_FP_INT(dss_s);
 	hash_state hs;
 	
 	TRACE(("enter buf_put_dss_sign"))
@@ -320,11 +324,11 @@
 	sha1_process(&hs, data, len);
 	sha1_done(&hs, msghash);
 
-	m_mp_init_multi(&dss_k, &dss_temp1, &dss_temp2, &dss_r, &dss_s,
+	m_fp_init_multi(&dss_k, &dss_temp1, &dss_temp2, &dss_r, &dss_s,
 			&dss_m, NULL);
 #ifdef DSS_PROTOK	
 	/* hash the privkey */
-	privkeytmp = mptobytes(key->x, &i);
+	privkeytmp = fptobytes(key->x, &i);
 	sha512_init(&hs);
 	sha512_process(&hs, "the quick brown fox jumped over the lazy dog", 44);
 	sha512_process(&hs, privkeytmp, i);
@@ -339,78 +343,72 @@
 	sha512_done(&hs, proto_k);
 
 	/* generate k */
-	m_mp_init(&dss_protok);
-	bytes_to_mp(&dss_protok, proto_k, SHA512_HASH_SIZE);
-	if (mp_mod(&dss_protok, key->q, &dss_k) != MP_OKAY) {
+	m_fp_init(&dss_protok);
+	bytes_to_fp(&dss_protok, proto_k, SHA512_HASH_SIZE);
+	if (fp_mod(&dss_protok, key->q, &dss_k) != FP_OKAY) {
 		dropbear_exit("DSS error");
 	}
-	mp_clear(&dss_protok);
+	m_fp_zero(&dss_protok);
 	m_burn(proto_k, SHA512_HASH_SIZE);
 #else /* DSS_PROTOK not defined*/
-	gen_random_mpint(key->q, &dss_k);
+	gen_random_fpint(key->q, &dss_k);
 #endif
 
 	/* now generate the actual signature */
-	bytes_to_mp(&dss_m, msghash, SHA1_HASH_SIZE);
+	bytes_to_fp(&dss_m, msghash, SHA1_HASH_SIZE);
 
 	/* g^k mod p */
-	if (mp_exptmod(key->g, &dss_k, key->p, &dss_temp1) !=  MP_OKAY) {
+	if (fp_exptmod(key->g, &dss_k, key->p, &dss_temp1) !=  FP_OKAY) {
 		dropbear_exit("DSS error");
 	}
 	/* r = (g^k mod p) mod q */
-	if (mp_mod(&dss_temp1, key->q, &dss_r) != MP_OKAY) {
+	if (fp_mod(&dss_temp1, key->q, &dss_r) != FP_OKAY) {
 		dropbear_exit("DSS error");
 	}
 
 	/* x*r mod q */
-	if (mp_mulmod(&dss_r, key->x, key->q, &dss_temp1) != MP_OKAY) {
+	if (fp_mulmod(&dss_r, key->x, key->q, &dss_temp1) != FP_OKAY) {
 		dropbear_exit("DSS error");
 	}
 	/* (SHA1(M) + xr) mod q) */
-	if (mp_addmod(&dss_m, &dss_temp1, key->q, &dss_temp2) != MP_OKAY) {
+	if (fp_addmod(&dss_m, &dss_temp1, key->q, &dss_temp2) != FP_OKAY) {
 		dropbear_exit("DSS error");
 	}
 	
 	/* (k^-1) mod q */
-	if (mp_invmod(&dss_k, key->q, &dss_temp1) != MP_OKAY) {
+	if (fp_invmod(&dss_k, key->q, &dss_temp1) != FP_OKAY) {
 		dropbear_exit("DSS error");
 	}
 
 	/* s = (k^-1(SHA1(M) + xr)) mod q */
-	if (mp_mulmod(&dss_temp1, &dss_temp2, key->q, &dss_s) != MP_OKAY) {
+	if (fp_mulmod(&dss_temp1, &dss_temp2, key->q, &dss_s) != FP_OKAY) {
 		dropbear_exit("DSS error");
 	}
 
 	buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN);
 	buf_putint(buf, 2*SHA1_HASH_SIZE);
 
-	writelen = mp_unsigned_bin_size(&dss_r);
+	writelen = fp_unsigned_bin_size(&dss_r);
 	dropbear_assert(writelen <= SHA1_HASH_SIZE);
 	/* need to pad to 160 bits with leading zeros */
 	for (i = 0; i < SHA1_HASH_SIZE - writelen; i++) {
 		buf_putbyte(buf, 0);
 	}
-	if (mp_to_unsigned_bin(&dss_r, buf_getwriteptr(buf, writelen)) 
-			!= MP_OKAY) {
-		dropbear_exit("DSS error");
-	}
-	mp_clear(&dss_r);
+	fp_to_unsigned_bin(&dss_r, buf_getwriteptr(buf, writelen));
+	fp_zero(&dss_r);
 	buf_incrwritepos(buf, writelen);
 
-	writelen = mp_unsigned_bin_size(&dss_s);
+	writelen = fp_unsigned_bin_size(&dss_s);
 	dropbear_assert(writelen <= SHA1_HASH_SIZE);
 	/* need to pad to 160 bits with leading zeros */
 	for (i = 0; i < SHA1_HASH_SIZE - writelen; i++) {
 		buf_putbyte(buf, 0);
 	}
-	if (mp_to_unsigned_bin(&dss_s, buf_getwriteptr(buf, writelen)) 
-			!= MP_OKAY) {
-		dropbear_exit("DSS error");
-	}
-	mp_clear(&dss_s);
+	fp_to_unsigned_bin(&dss_s, buf_getwriteptr(buf, writelen));
+	fp_zero(&dss_s);
 	buf_incrwritepos(buf, writelen);
 
-	mp_clear_multi(&dss_k, &dss_temp1, &dss_temp2, &dss_r, &dss_s,
+	m_fp_zero_multi(&dss_k, &dss_temp1, &dss_temp2, &dss_r, &dss_s,
 			&dss_m, NULL);
 	
 	/* create the signature to return */
--- a/dss.h	Thu Nov 10 18:17:00 2011 +0800
+++ b/dss.h	Mon Nov 21 19:52:28 2011 +0800
@@ -34,12 +34,20 @@
 
 typedef struct {
 
+<<<<<<< mine
+	fp_int* p;
+	fp_int* q;
+	fp_int* g;
+	fp_int* y;
+	fp_int* x;
+=======
 	mp_int* p;
 	mp_int* q;
 	mp_int* g;
 	mp_int* y;
 	/* x is the private part */
 	mp_int* x;
+>>>>>>> theirs
 
 } dropbear_dss_key;
 
--- a/gendss.c	Thu Nov 10 18:17:00 2011 +0800
+++ b/gendss.c	Mon Nov 21 19:52:28 2011 +0800
@@ -49,12 +49,12 @@
 
 	key = m_malloc(sizeof(*key));
 
-	key->p = (mp_int*)m_malloc(sizeof(mp_int));
-	key->q = (mp_int*)m_malloc(sizeof(mp_int));
-	key->g = (mp_int*)m_malloc(sizeof(mp_int));
-	key->y = (mp_int*)m_malloc(sizeof(mp_int));
-	key->x = (mp_int*)m_malloc(sizeof(mp_int));
-	m_mp_init_multi(key->p, key->q, key->g, key->y, key->x, NULL);
+	key->p = (fp_int*)m_malloc(sizeof(fp_int));
+	key->q = (fp_int*)m_malloc(sizeof(fp_int));
+	key->g = (fp_int*)m_malloc(sizeof(fp_int));
+	key->y = (fp_int*)m_malloc(sizeof(fp_int));
+	key->x = (fp_int*)m_malloc(sizeof(fp_int));
+	m_fp_init_multi(key->p, key->q, key->g, key->y, key->x, NULL);
 	
 	seedrandom();
 	
@@ -77,10 +77,10 @@
 	buf[0] |= 0x80; /* top bit high */
 	buf[QSIZE-1] |= 0x01; /* bottom bit high */
 
-	bytes_to_mp(key->q, buf, QSIZE);
+	bytes_to_fp(key->q, buf, QSIZE);
 
 	/* 18 rounds are required according to HAC */
-	if (mp_prime_next_prime(key->q, 18, 0) != MP_OKAY) {
+	if (fp_prime_next_prime(key->q, 18, 0) != FP_OKAY) {
 		fprintf(stderr, "DSS key generation failed\n");
 		exit(1);
 	}
@@ -88,21 +88,18 @@
 
 static void getp(dropbear_dss_key *key, unsigned int size) {
 
-	DEF_MP_INT(tempX);
-	DEF_MP_INT(tempC);
-	DEF_MP_INT(tempP);
-	DEF_MP_INT(temp2q);
+	DEF_FP_INT(tempX);
+	DEF_FP_INT(tempC);
+	DEF_FP_INT(tempP);
+	DEF_FP_INT(temp2q);
 	int result;
 	unsigned char *buf;
 
-	m_mp_init_multi(&tempX, &tempC, &tempP, &temp2q, NULL);
+	m_fp_init_multi(&tempX, &tempC, &tempP, &temp2q, NULL);
 
 
 	/* 2*q */
-	if (mp_mul_d(key->q, 2, &temp2q) != MP_OKAY) {
-		fprintf(stderr, "DSS key generation failed\n");
-		exit(1);
-	}
+	fp_mul_d(key->q, 2, &temp2q);
 	
 	buf = (unsigned char*)m_malloc(size);
 
@@ -112,84 +109,74 @@
 		genrandom(buf, size);
 		buf[0] |= 0x80; /* set the top bit high */
 
-		/* X is a random mp_int */
-		bytes_to_mp(&tempX, buf, size);
+		/* X is a random fp_int */
+		bytes_to_fp(&tempX, buf, size);
 
 		/* C = X mod 2q */
-		if (mp_mod(&tempX, &temp2q, &tempC) != MP_OKAY) {
+		if (fp_mod(&tempX, &temp2q, &tempC) != FP_OKAY) {
 			fprintf(stderr, "DSS key generation failed\n");
 			exit(1);
 		}
 
 		/* P = X - (C - 1) = X - C + 1*/
-		if (mp_sub(&tempX, &tempC, &tempP) != MP_OKAY) {
-			fprintf(stderr, "DSS key generation failed\n");
-			exit(1);
-		}
+		fp_sub(&tempX, &tempC, &tempP);
 		
-		if (mp_add_d(&tempP, 1, key->p) != MP_OKAY) {
-			fprintf(stderr, "DSS key generation failed\n");
-			exit(1);
-		}
+		fp_add_d(&tempP, 1, key->p);
 
 		/* now check for prime, 5 rounds is enough according to HAC */
 		/* result == 1  =>  p is prime */
-		if (mp_prime_is_prime(key->p, 5, &result) != MP_OKAY) {
+		if (fp_prime_is_prime(key->p, 5, &result) != FP_OKAY) {
 			fprintf(stderr, "DSS key generation failed\n");
 			exit(1);
 		}
 	} while (!result);
 
-	mp_clear_multi(&tempX, &tempC, &tempP, &temp2q, NULL);
+	fp_zero(&tempX);
+	fp_zero(&tempC);
+        fp_zero(&tempP);
+        fp_zero(&temp2q);
 	m_burn(buf, size);
 	m_free(buf);
 }
 
 static void getg(dropbear_dss_key * key) {
 
-	DEF_MP_INT(div);
-	DEF_MP_INT(h);
-	DEF_MP_INT(val);
+	DEF_FP_INT(div);
+	DEF_FP_INT(h);
+	DEF_FP_INT(val);
 
-	m_mp_init_multi(&div, &h, &val, NULL);
+	m_fp_init_multi(&div, &h, &val, NULL);
 
 	/* get div=(p-1)/q */
-	if (mp_sub_d(key->p, 1, &val) != MP_OKAY) {
-		fprintf(stderr, "DSS key generation failed\n");
-		exit(1);
-	}
-	if (mp_div(&val, key->q, &div, NULL) != MP_OKAY) {
-		fprintf(stderr, "DSS key generation failed\n");
-		exit(1);
-	}
+	fp_sub_d(key->p, 1, &val);
+	fp_div(&val, key->q, &div, NULL);
 
 	/* initialise h=1 */
-	mp_set(&h, 1);
+	fp_set(&h, 1);
 	do {
 		/* now keep going with g=h^div mod p, until g > 1 */
-		if (mp_exptmod(&h, &div, key->p, key->g) != MP_OKAY) {
+		if (fp_exptmod(&h, &div, key->p, key->g) != FP_OKAY) {
 			fprintf(stderr, "DSS key generation failed\n");
 			exit(1);
 		}
 
-		if (mp_add_d(&h, 1, &h) != MP_OKAY) {
-			fprintf(stderr, "DSS key generation failed\n");
-			exit(1);
-		}
+		fp_add_d(&h, 1, &h);
 	
-	} while (mp_cmp_d(key->g, 1) != MP_GT);
+	} while (fp_cmp_d(key->g, 1) != FP_GT);
 
-	mp_clear_multi(&div, &h, &val, NULL);
+	fp_zero(&div);
+	fp_zero(&h);
+	fp_zero(&val);
 }
 
 static void getx(dropbear_dss_key *key) {
 
-	gen_random_mpint(key->q, key->x);
+	gen_random_fpint(key->q, key->x);
 }
 
 static void gety(dropbear_dss_key *key) {
 
-	if (mp_exptmod(key->g, key->x, key->p, key->y) != MP_OKAY) {
+	if (fp_exptmod(key->g, key->x, key->p, key->y) != FP_OKAY) {
 		fprintf(stderr, "DSS key generation failed\n");
 		exit(1);
 	}
--- a/genrsa.c	Thu Nov 10 18:17:00 2011 +0800
+++ b/genrsa.c	Mon Nov 21 19:52:28 2011 +0800
@@ -33,99 +33,84 @@
 
 #ifdef DROPBEAR_RSA
 
-static void getrsaprime(mp_int* prime, mp_int *primeminus, 
-		mp_int* rsa_e, unsigned int size);
+static void getrsaprime(fp_int* prime, fp_int *primeminus, 
+		fp_int* rsa_e, unsigned int size);
 
 /* mostly taken from libtomcrypt's rsa key generation routine */
 dropbear_rsa_key * gen_rsa_priv_key(unsigned int size) {
 
 	dropbear_rsa_key * key;
-	DEF_MP_INT(pminus);
-	DEF_MP_INT(qminus);
-	DEF_MP_INT(lcm);
+	DEF_FP_INT(pminus);
+	DEF_FP_INT(qminus);
+	DEF_FP_INT(lcm);
 
 	key = m_malloc(sizeof(*key));
 
-	key->e = (mp_int*)m_malloc(sizeof(mp_int));
-	key->n = (mp_int*)m_malloc(sizeof(mp_int));
-	key->d = (mp_int*)m_malloc(sizeof(mp_int));
-	key->p = (mp_int*)m_malloc(sizeof(mp_int));
-	key->q = (mp_int*)m_malloc(sizeof(mp_int));
+	key->e = (fp_int*)m_malloc(sizeof(fp_int));
+	key->n = (fp_int*)m_malloc(sizeof(fp_int));
+	key->d = (fp_int*)m_malloc(sizeof(fp_int));
+	key->p = (fp_int*)m_malloc(sizeof(fp_int));
+	key->q = (fp_int*)m_malloc(sizeof(fp_int));
 
-	m_mp_init_multi(key->e, key->n, key->d, key->p, key->q,
+	m_fp_init_multi(key->e, key->n, key->d, key->p, key->q,
 			&pminus, &lcm, &qminus, NULL);
 
 	seedrandom();
 
-	if (mp_set_int(key->e, RSA_E) != MP_OKAY) {
-		fprintf(stderr, "RSA generation failed\n");
-		exit(1);
-	}
+	fp_set(key->e, RSA_E);
 
 	getrsaprime(key->p, &pminus, key->e, size/2);
 	getrsaprime(key->q, &qminus, key->e, size/2);
 
-	if (mp_mul(key->p, key->q, key->n) != MP_OKAY) {
-		fprintf(stderr, "RSA generation failed\n");
+	fp_mul(key->p, key->q, key->n);
+
+	/* lcm(p-1, q-1) */
+	fp_lcm(&pminus, &qminus, &lcm);
+
+	/* de = 1 mod lcm(p-1,q-1) */
+	/* therefore d = (e^-1) mod lcm(p-1,q-1) */
+	if (fp_invmod(key->e, &lcm, key->d) != FP_OKAY) {
+		fprintf(stderr, "rsa generation failed\n");
 		exit(1);
 	}
 
-	/* lcm(p-1, q-1) */
-	if (mp_lcm(&pminus, &qminus, &lcm) != MP_OKAY) {
-		fprintf(stderr, "RSA generation failed\n");
-		exit(1);
-	}
-
-	/* de = 1 mod lcm(p-1,q-1) */
-	/* therefore d = (e^-1) mod lcm(p-1,q-1) */
-	if (mp_invmod(key->e, &lcm, key->d) != MP_OKAY) {
-		fprintf(stderr, "RSA generation failed\n");
-		exit(1);
-	}
-
-	mp_clear_multi(&pminus, &qminus, &lcm, NULL);
+	m_fp_zero_multi(&pminus, &qminus, &lcm, NULL);
 
 	return key;
 }	
 
 /* return a prime suitable for p or q */
-static void getrsaprime(mp_int* prime, mp_int *primeminus, 
-		mp_int* rsa_e, unsigned int size) {
+static void getrsaprime(fp_int* prime, fp_int *primeminus, 
+		fp_int* rsa_e, unsigned int size) {
 
 	unsigned char *buf;
-	DEF_MP_INT(temp_gcd);
+	DEF_FP_INT(temp_gcd);
 
 	buf = (unsigned char*)m_malloc(size+1);
 
-	m_mp_init(&temp_gcd);
+	m_fp_init(&temp_gcd);
 	do {
 		/* generate a random odd number with MSB set, then find the
 		   the next prime above it */
 		genrandom(buf, size+1);
 		buf[0] |= 0x80; /* MSB set */
 
-		bytes_to_mp(prime, buf, size+1);
+		bytes_to_fp(prime, buf, size+1);
 
 		/* find the next integer which is prime, 8 round of miller-rabin */
-		if (mp_prime_next_prime(prime, 8, 0) != MP_OKAY) {
+		if (fp_prime_next_prime(prime, 8, 0) != FP_OKAY) {
 			fprintf(stderr, "RSA generation failed\n");
 			exit(1);
 		}
 
 		/* subtract one to get p-1 */
-		if (mp_sub_d(prime, 1, primeminus) != MP_OKAY) {
-			fprintf(stderr, "RSA generation failed\n");
-			exit(1);
-		}
+		fp_sub_d(prime, 1, primeminus);
 		/* check relative primality to e */
-		if (mp_gcd(primeminus, rsa_e, &temp_gcd) != MP_OKAY) {
-			fprintf(stderr, "RSA generation failed\n");
-			exit(1);
-		}
-	} while (mp_cmp_d(&temp_gcd, 1) != MP_EQ); /* while gcd(p-1, e) != 1 */
+		fp_gcd(primeminus, rsa_e, &temp_gcd);
+	} while (fp_cmp_d(&temp_gcd, 1) != FP_EQ); /* while gcd(p-1, e) != 1 */
 
 	/* now we have a good value for result */
-	mp_clear(&temp_gcd);
+	fp_zero(&temp_gcd);
 	m_burn(buf, size+1);
 	m_free(buf);
 }
--- a/kex.h	Thu Nov 10 18:17:00 2011 +0800
+++ b/kex.h	Mon Nov 21 19:52:28 2011 +0800
@@ -33,8 +33,8 @@
 void send_msg_newkeys();
 void recv_msg_newkeys();
 void kexfirstinitialise();
-void gen_kexdh_vals(mp_int *dh_pub, mp_int *dh_priv);
-void kexdh_comb_key(mp_int *dh_pub_us, mp_int *dh_priv, mp_int *dh_pub_them,
+void gen_kexdh_vals(fp_int *dh_pub, fp_int *dh_priv);
+void kexdh_comb_key(fp_int *dh_pub_us, fp_int *dh_priv, fp_int *dh_pub_them,
 		sign_key *hostkey);
 
 #ifndef DISABLE_ZLIB
--- a/keyimport.c	Thu Nov 10 18:17:00 2011 +0800
+++ b/keyimport.c	Mon Nov 21 19:52:28 2011 +0800
@@ -343,7 +343,7 @@
 
 
 /* Simple structure to point to an mp-int within a blob. */
-struct mpint_pos { void *start; int bytes; };
+struct fpint_pos { void *start; int bytes; };
 
 /* ----------------------------------------------------------------------
  * Code to read and write OpenSSH private keys.
@@ -697,7 +697,7 @@
 	buffer * extrablob = NULL; /* used for calculated values to write */
 	unsigned char *outblob = NULL;
 	int outlen = -9999;
-	struct mpint_pos numbers[9];
+	struct fpint_pos numbers[9];
 	int nnumbers = -1, pos, len, seqlen, i;
 	char *header = NULL, *footer = NULL;
 	char zero[1];
@@ -706,7 +706,7 @@
 	int keytype = -1;
 
 #ifdef DROPBEAR_RSA
-	mp_int dmp1, dmq1, iqmp, tmpval; /* for rsa */
+	fp_int dmp1, dmq1, iqmp, tmpval; /* for rsa */
 
 	if (key->rsakey != NULL) {
 		keytype = DROPBEAR_SIGNKEY_RSA;
@@ -770,46 +770,42 @@
 		buf_incrpos(keyblob, numbers[5].bytes);
 
 		/* now calculate some extra parameters: */
-		m_mp_init(&tmpval);
-		m_mp_init(&dmp1);
-		m_mp_init(&dmq1);
-		m_mp_init(&iqmp);
+		m_fp_init(&tmpval);
+		m_fp_init(&dmp1);
+		m_fp_init(&dmq1);
+		m_fp_init(&iqmp);
 
 		/* dmp1 = d mod (p-1) */
-		if (mp_sub_d(key->rsakey->p, 1, &tmpval) != MP_OKAY) {
-			fprintf(stderr, "Bignum error for p-1\n");
-			goto error;
-		}
-		if (mp_mod(key->rsakey->d, &tmpval, &dmp1) != MP_OKAY) {
+		fp_sub_d(key->rsakey->p, 1, &tmpval);
+
+		if (fp_mod(key->rsakey->d, &tmpval, &dmp1) != FP_OKAY) {
 			fprintf(stderr, "Bignum error for dmp1\n");
 			goto error;
 		}
 
 		/* dmq1 = d mod (q-1) */
-		if (mp_sub_d(key->rsakey->q, 1, &tmpval) != MP_OKAY) {
-			fprintf(stderr, "Bignum error for q-1\n");
-			goto error;
-		}
-		if (mp_mod(key->rsakey->d, &tmpval, &dmq1) != MP_OKAY) {
+		fp_sub_d(key->rsakey->q, 1, &tmpval);
+
+		if (fp_mod(key->rsakey->d, &tmpval, &dmq1) != FP_OKAY) {
 			fprintf(stderr, "Bignum error for dmq1\n");
 			goto error;
 		}
 
 		/* iqmp = (q^-1) mod p */
-		if (mp_invmod(key->rsakey->q, key->rsakey->p, &iqmp) != MP_OKAY) {
+		if (fp_invmod(key->rsakey->q, key->rsakey->p, &iqmp) != FP_OKAY) {
 			fprintf(stderr, "Bignum error for iqmp\n");
 			goto error;
 		}
 
 		extrablob = buf_new(2000);
-		buf_putmpint(extrablob, &dmp1);
-		buf_putmpint(extrablob, &dmq1);
-		buf_putmpint(extrablob, &iqmp);
+		buf_putfpint(extrablob, &dmp1);
+		buf_putfpint(extrablob, &dmq1);
+		buf_putfpint(extrablob, &iqmp);
 		buf_setpos(extrablob, 0);
-		mp_clear(&dmp1);
-		mp_clear(&dmq1);
-		mp_clear(&iqmp);
-		mp_clear(&tmpval);
+		fp_zero(&dmp1);
+		fp_zero(&dmq1);
+		fp_zero(&iqmp);
+		fp_zero(&tmpval);
 		
 		/* dmp1 */
 		numbers[6].bytes = buf_getint(extrablob);
@@ -974,8 +970,8 @@
 
 /*
  * The format of the base64 blob is largely ssh2-packet-formatted,
- * except that mpints are a bit different: they're more like the
- * old ssh1 mpint. You have a 32-bit bit count N, followed by
+ * except that fpints are a bit different: they're more like the
+ * old ssh1 fpint. You have a 32-bit bit count N, followed by
  * (N+7)/8 bytes of data.
  * 
  * So. The blob contains:
@@ -998,20 +994,20 @@
  * decryption check.)
  * 
  * The payload blob, for an RSA key, contains:
- *  - mpint e
- *  - mpint d
- *  - mpint n  (yes, the public and private stuff is intermixed)
- *  - mpint u  (presumably inverse of p mod q)
- *  - mpint p  (p is the smaller prime)
- *  - mpint q  (q is the larger)
+ *  - fpint e
+ *  - fpint d
+ *  - fpint n  (yes, the public and private stuff is intermixed)
+ *  - fpint u  (presumably inverse of p mod q)
+ *  - fpint p  (p is the smaller prime)
+ *  - fpint q  (q is the larger)
  * 
  * For a DSA key, the payload blob contains:
  *  - uint32 0
- *  - mpint p
- *  - mpint g
- *  - mpint q
- *  - mpint y
- *  - mpint x
+ *  - fpint p
+ *  - fpint g
+ *  - fpint q
+ *  - fpint y
+ *  - fpint x
  * 
  * Alternatively, if the parameters are `predefined', that
  * (0,p,g,q) sequence can be replaced by a uint32 1 and a string
@@ -1209,7 +1205,7 @@
 	return answer;
 }
 
-static int sshcom_read_mpint(void *data, int len, struct mpint_pos *ret)
+static int sshcom_read_fpint(void *data, int len, struct fpint_pos *ret)
 {
 	int bits;
 	int bytes;
@@ -1233,7 +1229,7 @@
 	return len;						/* ensure further calls fail as well */
 }
 
-static int sshcom_put_mpint(void *target, void *data, int len)
+static int sshcom_put_fpint(void *target, void *data, int len)
 {
 	unsigned char *d = (unsigned char *)target;
 	unsigned char *i = (unsigned char *)data;
@@ -1402,14 +1398,14 @@
 	blob = snewn(blobsize, unsigned char);
 	privlen = 0;
 	if (type == RSA) {
-		struct mpint_pos n, e, d, u, p, q;
+		struct fpint_pos n, e, d, u, p, q;
 		int pos = 0;
-		pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &e);
-		pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &d);
-		pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &n);
-		pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &u);
-		pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &p);
-		pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &q);
+		pos += sshcom_read_fpint(ciphertext+pos, cipherlen-pos, &e);
+		pos += sshcom_read_fpint(ciphertext+pos, cipherlen-pos, &d);
+		pos += sshcom_read_fpint(ciphertext+pos, cipherlen-pos, &n);
+		pos += sshcom_read_fpint(ciphertext+pos, cipherlen-pos, &u);
+		pos += sshcom_read_fpint(ciphertext+pos, cipherlen-pos, &p);
+		pos += sshcom_read_fpint(ciphertext+pos, cipherlen-pos, &q);
 		if (!q.start) {
 			errmsg = "key data did not contain six integers";
 			goto error;
@@ -1427,17 +1423,17 @@
 		pos += put_mp(blob+pos, u.start, u.bytes);
 		privlen = pos - publen;
 	} else if (type == DSA) {
-		struct mpint_pos p, q, g, x, y;
+		struct fpint_pos p, q, g, x, y;
 		int pos = 4;
 		if (GET_32BIT(ciphertext) != 0) {
 			errmsg = "predefined DSA parameters not supported";
 			goto error;
 		}
-		pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &p);
-		pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &g);
-		pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &q);
-		pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &y);
-		pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &x);
+		pos += sshcom_read_fpint(ciphertext+pos, cipherlen-pos, &p);
+		pos += sshcom_read_fpint(ciphertext+pos, cipherlen-pos, &g);
+		pos += sshcom_read_fpint(ciphertext+pos, cipherlen-pos, &q);
+		pos += sshcom_read_fpint(ciphertext+pos, cipherlen-pos, &y);
+		pos += sshcom_read_fpint(ciphertext+pos, cipherlen-pos, &x);
 		if (!x.start) {
 			errmsg = "key data did not contain five integers";
 			goto error;
@@ -1489,7 +1485,7 @@
 	int publen, privlen;
 	unsigned char *outblob;
 	int outlen;
-	struct mpint_pos numbers[6];
+	struct fpint_pos numbers[6];
 	int nnumbers, initial_zero, pos, lenpos, i;
 	char *type;
 	char *ciphertext;
@@ -1510,16 +1506,16 @@
 	 */
 	if (key->alg == &ssh_rsa) {
 		int pos;
-		struct mpint_pos n, e, d, p, q, iqmp;
+		struct fpint_pos n, e, d, p, q, iqmp;
 
 		pos = 4 + GET_32BIT(pubblob);
-		pos += ssh2_read_mpint(pubblob+pos, publen-pos, &e);
-		pos += ssh2_read_mpint(pubblob+pos, publen-pos, &n);
+		pos += ssh2_read_fpint(pubblob+pos, publen-pos, &e);
+		pos += ssh2_read_fpint(pubblob+pos, publen-pos, &n);
 		pos = 0;
-		pos += ssh2_read_mpint(privblob+pos, privlen-pos, &d);
-		pos += ssh2_read_mpint(privblob+pos, privlen-pos, &p);
-		pos += ssh2_read_mpint(privblob+pos, privlen-pos, &q);
-		pos += ssh2_read_mpint(privblob+pos, privlen-pos, &iqmp);
+		pos += ssh2_read_fpint(privblob+pos, privlen-pos, &d);
+		pos += ssh2_read_fpint(privblob+pos, privlen-pos, &p);
+		pos += ssh2_read_fpint(privblob+pos, privlen-pos, &q);
+		pos += ssh2_read_fpint(privblob+pos, privlen-pos, &iqmp);
 
 		dropbear_assert(e.start && iqmp.start); /* can't go wrong */
 
@@ -1535,15 +1531,15 @@
 		type = "if-modn{sign{rsa-pkcs1-sha1},encrypt{rsa-pkcs1v2-oaep}}";
 	} else if (key->alg == &ssh_dss) {
 		int pos;
-		struct mpint_pos p, q, g, y, x;
+		struct fpint_pos p, q, g, y, x;
 
 		pos = 4 + GET_32BIT(pubblob);
-		pos += ssh2_read_mpint(pubblob+pos, publen-pos, &p);
-		pos += ssh2_read_mpint(pubblob+pos, publen-pos, &q);
-		pos += ssh2_read_mpint(pubblob+pos, publen-pos, &g);
-		pos += ssh2_read_mpint(pubblob+pos, publen-pos, &y);
+		pos += ssh2_read_fpint(pubblob+pos, publen-pos, &p);
+		pos += ssh2_read_fpint(pubblob+pos, publen-pos, &q);
+		pos += ssh2_read_fpint(pubblob+pos, publen-pos, &g);
+		pos += ssh2_read_fpint(pubblob+pos, publen-pos, &y);
 		pos = 0;
-		pos += ssh2_read_mpint(privblob+pos, privlen-pos, &x);
+		pos += ssh2_read_fpint(privblob+pos, privlen-pos, &x);
 
 		dropbear_assert(y.start && x.start); /* can't go wrong */
 
@@ -1589,7 +1585,7 @@
 		pos += 4;
 	}
 	for (i = 0; i < nnumbers; i++)
-		pos += sshcom_put_mpint(outblob+pos,
+		pos += sshcom_put_fpint(outblob+pos,
 								numbers[i].start, numbers[i].bytes);
 	/* Now wrap up the encrypted payload. */
 	PUT_32BIT(outblob+lenpos+4, pos - (lenpos+8));
--- a/options.h	Thu Nov 10 18:17:00 2011 +0800
+++ b/options.h	Mon Nov 21 19:52:28 2011 +0800
@@ -52,7 +52,7 @@
 /*#define DROPBEAR_SMALL_CODE*/
 
 /* Enable X11 Forwarding - server only */
-#define ENABLE_X11FWD
+/* #define ENABLE_X11FWD */
 
 /* Enable TCP Fowarding */
 /* 'Local' is "-L" style (client listening port forwarded via server)
--- a/random.c	Thu Nov 10 18:17:00 2011 +0800
+++ b/random.c	Mon Nov 21 19:52:28 2011 +0800
@@ -196,18 +196,18 @@
 	m_burn(hash, sizeof(hash));
 }
 
-/* Generates a random mp_int. 
- * max is a *mp_int specifying an upper bound.
- * rand must be an initialised *mp_int for the result.
+/* Generates a random fp_int. 
+ * max is a *fp_int specifying an upper bound.
+ * rand must be an initialised *fp_int for the result.
  * the result rand satisfies:  0 < rand < max 
  * */
-void gen_random_mpint(mp_int *max, mp_int *rand) {
+void gen_random_fpint(fp_int *max, fp_int *rand) {
 
 	unsigned char *randbuf = NULL;
 	unsigned int len = 0;
 	const unsigned char masks[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
 
-	const int size_bits = mp_count_bits(max);
+	const int size_bits = fp_count_bits(max);
 
 	len = size_bits / 8;
 	if ((size_bits % 8) != 0) {
@@ -217,15 +217,15 @@
 	randbuf = (unsigned char*)m_malloc(len);
 	do {
 		genrandom(randbuf, len);
-		/* Mask out the unrequired bits - mp_read_unsigned_bin expects
+		/* Mask out the unrequired bits - fp_read_unsigned_bin expects
 		 * MSB first.*/
 		randbuf[0] &= masks[size_bits % 8];
 
-		bytes_to_mp(rand, randbuf, len);
+		bytes_to_fp(rand, randbuf, len);
 
 		/* keep regenerating until we get one satisfying
 		 * 0 < rand < max    */
-	} while (mp_cmp(rand, max) != MP_LT);
+	} while (fp_cmp(rand, max) != FP_LT);
 	m_burn(randbuf, len);
 	m_free(randbuf);
 }
--- a/random.h	Thu Nov 10 18:17:00 2011 +0800
+++ b/random.h	Mon Nov 21 19:52:28 2011 +0800
@@ -25,12 +25,12 @@
 #ifndef _RANDOM_H_
 #define _RANDOM_H_
 
-struct mp_int;
+struct fp_int;
 
 void seedrandom();
 void reseedrandom();
 void genrandom(unsigned char* buf, int len);
 void addrandom(unsigned char* buf, int len);
-void gen_random_mpint(mp_int *max, mp_int *rand);
+void gen_random_mpint(fp_int *max, fp_int *rand);
 
 #endif /* _RANDOM_H_ */
--- a/rsa.c	Thu Nov 10 18:17:00 2011 +0800
+++ b/rsa.c	Mon Nov 21 19:52:28 2011 +0800
@@ -38,35 +38,37 @@
 
 #ifdef DROPBEAR_RSA 
 
-static void rsa_pad_em(dropbear_rsa_key * key,
+static void rsa_pad_em(rsa_key * key,
 		const unsigned char * data, unsigned int len,
-		mp_int * rsa_em);
+		fp_int * rsa_em);
+
 
 /* Load a public rsa key from a buffer, initialising the values.
  * The key will have the same format as buf_put_rsa_key.
  * These should be freed with rsa_key_free.
  * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
-int buf_get_rsa_pub_key(buffer* buf, dropbear_rsa_key *key) {
+int buf_get_rsa_pub_key(buffer* buf, rsa_key *key) {
 
     int ret = DROPBEAR_FAILURE;
 	TRACE(("enter buf_get_rsa_pub_key"))
 	dropbear_assert(key != NULL);
-	key->e = m_malloc(sizeof(mp_int));
-	key->n = m_malloc(sizeof(mp_int));
-	m_mp_init_multi(key->e, key->n, NULL);
+	key->e = m_malloc(sizeof(fp_int));
+	key->n = m_malloc(sizeof(fp_int));
+	fp_init(key->e);
+	fp_init(key->n);
 	key->d = NULL;
 	key->p = NULL;
 	key->q = NULL;
 
 	buf_incrpos(buf, 4+SSH_SIGNKEY_RSA_LEN); /* int + "ssh-rsa" */
 
-	if (buf_getmpint(buf, key->e) == DROPBEAR_FAILURE
-	 || buf_getmpint(buf, key->n) == DROPBEAR_FAILURE) {
+	if (buf_getfpint(buf, key->e) == DROPBEAR_FAILURE
+	 || buf_getfpint(buf, key->n) == DROPBEAR_FAILURE) {
 		TRACE(("leave buf_get_rsa_pub_key: failure"))
 	    goto out;
 	}
 
-	if (mp_count_bits(key->n) < MIN_RSA_KEYLEN) {
+	if (fp_count_bits(key->n) < MIN_RSA_KEYLEN) {
 		dropbear_log(LOG_WARNING, "RSA key too short");
 	    goto out;
 	}
@@ -84,7 +86,7 @@
 /* Same as buf_get_rsa_pub_key, but reads private bits at the end.
  * Loads a private rsa key from a buffer
  * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
-int buf_get_rsa_priv_key(buffer* buf, dropbear_rsa_key *key) {
+int buf_get_rsa_priv_key(buffer* buf, rsa_key *key) {
     int ret = DROPBEAR_FAILURE;
 
 	TRACE(("enter buf_get_rsa_priv_key"))
@@ -99,9 +101,9 @@
 	key->p = NULL;
 	key->q = NULL;
 
-	key->d = m_malloc(sizeof(mp_int));
-	m_mp_init(key->d);
-	if (buf_getmpint(buf, key->d) == DROPBEAR_FAILURE) {
+	key->d = m_malloc(sizeof(fp_int));
+	fp_init(key->d);
+	if (buf_getfpint(buf, key->d) == DROPBEAR_FAILURE) {
 		TRACE(("leave buf_get_rsa_priv_key: d: ret == DROPBEAR_FAILURE"))
 	    goto out;
 	}
@@ -109,16 +111,17 @@
 	if (buf->pos == buf->len) {
     	/* old Dropbear private keys didn't keep p and q, so we will ignore them*/
 	} else {
-		key->p = m_malloc(sizeof(mp_int));
-		key->q = m_malloc(sizeof(mp_int));
-		m_mp_init_multi(key->p, key->q, NULL);
+		key->p = m_malloc(sizeof(fp_int));
+		key->q = m_malloc(sizeof(fp_int));
+		fp_init(key->p);
+		fp_init(key->q);
 
-		if (buf_getmpint(buf, key->p) == DROPBEAR_FAILURE) {
+		if (buf_getfpint(buf, key->p) == DROPBEAR_FAILURE) {
 			TRACE(("leave buf_get_rsa_priv_key: p: ret == DROPBEAR_FAILURE"))
 		    goto out;
 		}
 
-		if (buf_getmpint(buf, key->q) == DROPBEAR_FAILURE) {
+		if (buf_getfpint(buf, key->q) == DROPBEAR_FAILURE) {
 			TRACE(("leave buf_get_rsa_priv_key: q: ret == DROPBEAR_FAILURE"))
 		    goto out;
 		}
@@ -137,7 +140,7 @@
 	
 
 /* Clear and free the memory used by a public or private key */
-void rsa_key_free(dropbear_rsa_key *key) {
+void rsa_key_free(rsa_key *key) {
 
 	TRACE(("enter rsa_key_free"))
 
@@ -146,23 +149,23 @@
 		return;
 	}
 	if (key->d) {
-		mp_clear(key->d);
+		fp_zero(key->d);
 		m_free(key->d);
 	}
 	if (key->e) {
-		mp_clear(key->e);
+		fp_zero(key->e);
 		m_free(key->e);
 	}
 	if (key->n) {
-		 mp_clear(key->n);
+		 fp_zero(key->n);
 		 m_free(key->n);
 	}
 	if (key->p) {
-		mp_clear(key->p);
+		fp_zero(key->p);
 		m_free(key->p);
 	}
 	if (key->q) {
-		mp_clear(key->q);
+		fp_zero(key->q);
 		m_free(key->q);
 	}
 	m_free(key);
@@ -172,37 +175,37 @@
 /* Put the public rsa key into the buffer in the required format:
  *
  * string	"ssh-rsa"
- * mp_int	e
- * mp_int	n
+ * fp_int	e
+ * fp_int	n
  */
-void buf_put_rsa_pub_key(buffer* buf, dropbear_rsa_key *key) {
+void buf_put_rsa_pub_key(buffer* buf, rsa_key *key) {
 
 	TRACE(("enter buf_put_rsa_pub_key"))
 	dropbear_assert(key != NULL);
 
 	buf_putstring(buf, SSH_SIGNKEY_RSA, SSH_SIGNKEY_RSA_LEN);
-	buf_putmpint(buf, key->e);
-	buf_putmpint(buf, key->n);
+	buf_putfpint(buf, key->e);
+	buf_putfpint(buf, key->n);
 
 	TRACE(("leave buf_put_rsa_pub_key"))
 
 }
 
 /* Same as buf_put_rsa_pub_key, but with the private "x" key appended */
-void buf_put_rsa_priv_key(buffer* buf, dropbear_rsa_key *key) {
+void buf_put_rsa_priv_key(buffer* buf, rsa_key *key) {
 
 	TRACE(("enter buf_put_rsa_priv_key"))
 
 	dropbear_assert(key != NULL);
 	buf_put_rsa_pub_key(buf, key);
-	buf_putmpint(buf, key->d);
+	buf_putfpint(buf, key->d);
 
 	/* new versions have p and q, old versions don't */
 	if (key->p) {
-		buf_putmpint(buf, key->p);
+		buf_putfpint(buf, key->p);
 	}
 	if (key->q) {
-		buf_putmpint(buf, key->q);
+		buf_putfpint(buf, key->q);
 	}
 
 
@@ -213,35 +216,34 @@
 #ifdef DROPBEAR_SIGNKEY_VERIFY
 /* Verify a signature in buf, made on data by the key given.
  * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
-int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, const unsigned char* data,
+int buf_rsa_verify(buffer * buf, rsa_key *key, const unsigned char* data,
 		unsigned int len) {
 
 	unsigned int slen;
-	DEF_MP_INT(rsa_s);
-	DEF_MP_INT(rsa_mdash);
-	DEF_MP_INT(rsa_em);
+	DEF_FP_INT(rsa_s);
+	DEF_FP_INT(rsa_mdash);
+	DEF_FP_INT(rsa_em);
 	int ret = DROPBEAR_FAILURE;
 
 	TRACE(("enter buf_rsa_verify"))
 
 	dropbear_assert(key != NULL);
 
-	m_mp_init_multi(&rsa_mdash, &rsa_s, &rsa_em, NULL);
+	fp_init(&rsa_mdash);
+	fp_init(&rsa_s);
+	fp_init(&rsa_em);
 
 	slen = buf_getint(buf);
-	if (slen != (unsigned int)mp_unsigned_bin_size(key->n)) {
+	if (slen != (unsigned int)fp_unsigned_bin_size(key->n)) {
 		TRACE(("bad size"))
 		goto out;
 	}
 
-	if (mp_read_unsigned_bin(&rsa_s, buf_getptr(buf, buf->len - buf->pos),
-				buf->len - buf->pos) != MP_OKAY) {
-		TRACE(("failed reading rsa_s"))
-		goto out;
-	}
+	fp_read_unsigned_bin(&rsa_s, buf_getptr(buf, buf->len - buf->pos),
+				buf->len - buf->pos);
 
 	/* check that s <= n-1 */
-	if (mp_cmp(&rsa_s, key->n) != MP_LT) {
+	if (fp_cmp(&rsa_s, key->n) != FP_LT) {
 		TRACE(("s > n-1"))
 		goto out;
 	}
@@ -249,19 +251,22 @@
 	/* create the magic PKCS padded value */
 	rsa_pad_em(key, data, len, &rsa_em);
 
-	if (mp_exptmod(&rsa_s, key->e, key->n, &rsa_mdash) != MP_OKAY) {
+	if (fp_exptmod(&rsa_s, key->e, key->n, &rsa_mdash) != FP_OKAY) {
 		TRACE(("failed exptmod rsa_s"))
 		goto out;
 	}
 
-	if (mp_cmp(&rsa_em, &rsa_mdash) == MP_EQ) {
+	if (fp_cmp(&rsa_em, &rsa_mdash) == FP_EQ) {
 		/* signature is valid */
 		TRACE(("success!"))
 		ret = DROPBEAR_SUCCESS;
 	}
 
 out:
-	mp_clear_multi(&rsa_mdash, &rsa_s, &rsa_em, NULL);
+	fp_zero(&rsa_mdash);
+	fp_zero(&rsa_s);
+	fp_zero(&rsa_em);
+
 	TRACE(("leave buf_rsa_verify: ret %d", ret))
 	return ret;
 }
@@ -270,20 +275,23 @@
 
 /* Sign the data presented with key, writing the signature contents
  * to the buffer */
-void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, const unsigned char* data,
+void buf_put_rsa_sign(buffer* buf, rsa_key *key, const unsigned char* data,
 		unsigned int len) {
 
 	unsigned int nsize, ssize;
 	unsigned int i;
-	DEF_MP_INT(rsa_s);
-	DEF_MP_INT(rsa_tmp1);
-	DEF_MP_INT(rsa_tmp2);
-	DEF_MP_INT(rsa_tmp3);
+	DEF_FP_INT(rsa_s);
+	DEF_FP_INT(rsa_tmp1);
+	DEF_FP_INT(rsa_tmp2);
+	DEF_FP_INT(rsa_tmp3);
 	
 	TRACE(("enter buf_put_rsa_sign"))
 	dropbear_assert(key != NULL);
 
-	m_mp_init_multi(&rsa_s, &rsa_tmp1, &rsa_tmp2, &rsa_tmp3, NULL);
+	fp_init(&rsa_s);
+	fp_init(&rsa_tmp1);
+	fp_init(&rsa_tmp2);
+	fp_init(&rsa_tmp3);
 
 	rsa_pad_em(key, data, len, &rsa_tmp1);
 
@@ -295,32 +303,32 @@
 
 	/* generate the r blinding value */
 	/* rsa_tmp2 is r */
-	gen_random_mpint(key->n, &rsa_tmp2);
+	gen_random_fpint(key->n, &rsa_tmp2);
 
 	/* rsa_tmp1 is em */
 	/* em' = em * r^e mod n */
 
 	/* rsa_s used as a temp var*/
-	if (mp_exptmod(&rsa_tmp2, key->e, key->n, &rsa_s) != MP_OKAY) {
+	if (fp_exptmod(&rsa_tmp2, key->e, key->n, &rsa_s) != FP_OKAY) {
 		dropbear_exit("RSA error");
 	}
-	if (mp_invmod(&rsa_tmp2, key->n, &rsa_tmp3) != MP_OKAY) {
+	if (fp_invmod(&rsa_tmp2, key->n, &rsa_tmp3) != FP_OKAY) {
 		dropbear_exit("RSA error");
 	}
-	if (mp_mulmod(&rsa_tmp1, &rsa_s, key->n, &rsa_tmp2) != MP_OKAY) {
+	if (fp_mulmod(&rsa_tmp1, &rsa_s, key->n, &rsa_tmp2) != FP_OKAY) {
 		dropbear_exit("RSA error");
 	}
 
 	/* rsa_tmp2 is em' */
 	/* s' = (em')^d mod n */
-	if (mp_exptmod(&rsa_tmp2, key->d, key->n, &rsa_tmp1) != MP_OKAY) {
+	if (fp_exptmod(&rsa_tmp2, key->d, key->n, &rsa_tmp1) != FP_OKAY) {
 		dropbear_exit("RSA error");
 	}
 
 	/* rsa_tmp1 is s' */
 	/* rsa_tmp3 is r^(-1) mod n */
 	/* s = (s')r^(-1) mod n */
-	if (mp_mulmod(&rsa_tmp1, &rsa_tmp3, key->n, &rsa_s) != MP_OKAY) {
+	if (fp_mulmod(&rsa_tmp1, &rsa_tmp3, key->n, &rsa_s) != FP_OKAY) {
 		dropbear_exit("RSA error");
 	}
 
@@ -328,33 +336,34 @@
 
 	/* s = em^d mod n */
 	/* rsa_tmp1 is em */
-	if (mp_exptmod(&rsa_tmp1, key->d, key->n, &rsa_s) != MP_OKAY) {
+	if (fp_exptmod(&rsa_tmp1, key->d, key->n, &rsa_s) != FP_OKAY) {
 		dropbear_exit("RSA error");
 	}
 
 #endif /* RSA_BLINDING */
 
-	mp_clear_multi(&rsa_tmp1, &rsa_tmp2, &rsa_tmp3, NULL);
+	fp_zero(&rsa_tmp1);
+	fp_zero(&rsa_tmp2);
+	fp_zero(&rsa_tmp3);
 	
 	/* create the signature to return */
 	buf_putstring(buf, SSH_SIGNKEY_RSA, SSH_SIGNKEY_RSA_LEN);
 
-	nsize = mp_unsigned_bin_size(key->n);
+	nsize = fp_unsigned_bin_size(key->n);
 
 	/* string rsa_signature_blob length */
 	buf_putint(buf, nsize);
 	/* pad out s to same length as n */
-	ssize = mp_unsigned_bin_size(&rsa_s);
+	ssize = fp_unsigned_bin_size(&rsa_s);
 	dropbear_assert(ssize <= nsize);
 	for (i = 0; i < nsize-ssize; i++) {
 		buf_putbyte(buf, 0x00);
 	}
 
-	if (mp_to_unsigned_bin(&rsa_s, buf_getwriteptr(buf, ssize)) != MP_OKAY) {
-		dropbear_exit("RSA error");
-	}
+	fp_to_unsigned_bin(&rsa_s, buf_getwriteptr(buf, ssize));
+
 	buf_incrwritepos(buf, ssize);
-	mp_clear(&rsa_s);
+	fp_zero(&rsa_s);
 
 #if defined(DEBUG_RSA) && defined(DEBUG_TRACE)
 	printhex("RSA sig", buf->data, buf->len);
@@ -374,11 +383,11 @@
  * prefix is the ASN1 designator prefix,
  * hex 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14
  *
- * rsa_em must be a pointer to an initialised mp_int.
+ * rsa_em must be a pointer to an initialised fp_int.
  */
-static void rsa_pad_em(dropbear_rsa_key * key,
+static void rsa_pad_em(rsa_key * key,
 		const unsigned char * data, unsigned int len, 
-		mp_int * rsa_em) {
+		fp_int * rsa_em) {
 
 	/* ASN1 designator (including the 0x00 preceding) */
 	const unsigned char rsa_asn1_magic[] = 
@@ -392,7 +401,7 @@
 	
 	dropbear_assert(key != NULL);
 	dropbear_assert(data != NULL);
-	nsize = mp_unsigned_bin_size(key->n);
+	nsize = fp_unsigned_bin_size(key->n);
 
 	rsa_EM = buf_new(nsize-1);
 	/* type byte */
@@ -414,9 +423,9 @@
 
 	dropbear_assert(rsa_EM->pos == rsa_EM->size);
 
-	/* Create the mp_int from the encoded bytes */
+	/* Create the fp_int from the encoded bytes */
 	buf_setpos(rsa_EM, 0);
-	bytes_to_mp(rsa_em, buf_getptr(rsa_EM, rsa_EM->size),
+	bytes_to_fp(rsa_em, buf_getptr(rsa_EM, rsa_EM->size),
 			rsa_EM->size);
 	buf_free(rsa_EM);
 }
--- a/rsa.h	Thu Nov 10 18:17:00 2011 +0800
+++ b/rsa.h	Mon Nov 21 19:52:28 2011 +0800
@@ -34,12 +34,12 @@
 
 typedef struct {
 
-	mp_int* n;
-	mp_int* e;
+	fp_int* n;
+	fp_int* e;
 	/* d, p, and q are private parts */
-	mp_int* d;
-	mp_int* p;
-	mp_int* q;
+	fp_int* d;
+	fp_int* p;
+	fp_int* q;
 
 } dropbear_rsa_key;
 
--- a/session.h	Thu Nov 10 18:17:00 2011 +0800
+++ b/session.h	Mon Nov 21 19:52:28 2011 +0800
@@ -156,7 +156,7 @@
 	struct key_context *newkeys;
 	unsigned char *session_id; /* this is the hash from the first kex */
 	/* The below are used temorarily during kex, are freed after use */
-	mp_int * dh_K; /* SSH_MSG_KEXDH_REPLY and sending SSH_MSH_NEWKEYS */
+	fp_int * dh_K; /* SSH_MSG_KEXDH_REPLY and sending SSH_MSH_NEWKEYS */
 	unsigned char hash[SHA1_HASH_SIZE]; /* the hash*/
 	buffer* kexhashbuf; /* session hash buffer calculated from various packets*/
 	buffer* transkexinit; /* the kexinit packet we send should be kept so we
@@ -245,7 +245,7 @@
 
 struct clientsession {
 
-	mp_int *dh_e, *dh_x; /* Used during KEX */
+	fp_int *dh_e, *dh_x; /* Used during KEX */
 	cli_kex_state kex_state; /* Used for progressing KEX */
 	cli_state state; /* Used to progress auth/channelsession etc */
 	unsigned donefirstkex : 1; /* Set when we set sentnewkeys, never reset */
--- a/svr-kex.c	Thu Nov 10 18:17:00 2011 +0800
+++ b/svr-kex.c	Mon Nov 21 19:52:28 2011 +0800
@@ -36,7 +36,7 @@
 #include "runopts.h"
 
 
-static void send_msg_kexdh_reply(mp_int *dh_e);
+static void send_msg_kexdh_reply(fp_int *dh_e);
 
 /* Handle a diffie-hellman key exchange initialisation. This involves
  * calculating a session key reply value, and corresponding hash. These
@@ -44,21 +44,21 @@
  * that function, then brings the new keys into use */
 void recv_msg_kexdh_init() {
 
-	DEF_MP_INT(dh_e);
+	DEF_FP_INT(dh_e);
 
 	TRACE(("enter recv_msg_kexdh_init"))
 	if (!ses.kexstate.recvkexinit) {
 		dropbear_exit("Premature kexdh_init message received");
 	}
 
-	m_mp_init(&dh_e);
-	if (buf_getmpint(ses.payload, &dh_e) != DROPBEAR_SUCCESS) {
+	m_fp_init(&dh_e);
+	if (buf_getfpint(ses.payload, &dh_e) != DROPBEAR_SUCCESS) {
 		dropbear_exit("Failed to get kex value");
 	}
 
 	send_msg_kexdh_reply(&dh_e);
 
-	mp_clear(&dh_e);
+	fp_zero(&dh_e);
 
 	send_msg_newkeys();
 	ses.requirenext = SSH_MSG_NEWKEYS;
@@ -71,18 +71,18 @@
  * result is sent to the client. 
  *
  * See the transport rfc 4253 section 8 for details */
-static void send_msg_kexdh_reply(mp_int *dh_e) {
+static void send_msg_kexdh_reply(fp_int *dh_e) {
 
-	DEF_MP_INT(dh_y);
-	DEF_MP_INT(dh_f);
+	DEF_FP_INT(dh_y);
+	DEF_FP_INT(dh_f);
 
 	TRACE(("enter send_msg_kexdh_reply"))
-	m_mp_init_multi(&dh_y, &dh_f, NULL);
+	m_fp_init_multi(&dh_y, &dh_f, NULL);
 	
 	gen_kexdh_vals(&dh_f, &dh_y);
 
 	kexdh_comb_key(&dh_f, &dh_y, dh_e, svr_opts.hostkey);
-	mp_clear(&dh_y);
+	fp_zero(&dh_y);
 
 	/* we can start creating the kexdh_reply packet */
 	CHECKCLEARTOWRITE();
@@ -91,8 +91,8 @@
 			ses.newkeys->algo_hostkey);
 
 	/* put f */
-	buf_putmpint(ses.writepayload, &dh_f);
-	mp_clear(&dh_f);
+	buf_putfpint(ses.writepayload, &dh_f);
+	fp_zero(&dh_f);
 
 	/* calc the signature */
 	buf_put_sign(ses.writepayload, svr_opts.hostkey,