libtom · sjaeckel · May 3, 2026 · May 3, 2026 · May 3, 2026 · May 3, 2026
diff --git a/demos/constants.c b/demos/constants.c
@@ -1,5 +1,7 @@
 /* LibTomCrypt, modular cryptographic library -- Tom St Denis */
 /* SPDX-License-Identifier: Unlicense */
+
+#define _POSIX_C_SOURCE 200809L /* otherwise PATH_MAX + strdup are not defined for build with -std=c99 */
 #include "tomcrypt.h"
 
 #include <string.h>

diff --git a/demos/gcm-file/gcm_file.c b/demos/gcm-file/gcm_file.c
@@ -34,7 +34,7 @@
   @param res               [out] Result of the operation, 1==valid, 0==invalid
   @return CRYPT_OK on success
  */
-int gcm_file(      int           cipher,
+static int gcm_file(int            cipher,
                const unsigned char *key,    unsigned long keylen,
                const unsigned char *IV,     unsigned long IVlen,
                const unsigned char *adata,  unsigned long adatalen,

diff --git a/demos/gcm-file/gcm_filehandle.c b/demos/gcm-file/gcm_filehandle.c
@@ -52,7 +52,7 @@
   @param res               [out] Result of the operation, 1==valid, 0==invalid
   @return CRYPT_OK on success
  */
-int gcm_filehandle(      int           cipher,
+static int gcm_filehandle(int          cipher,
                    const unsigned char *key,    unsigned long keylen,
                    const unsigned char *IV,     unsigned long IVlen,
                    const unsigned char *adata,  unsigned long adatalen,

diff --git a/demos/hashsum.c b/demos/hashsum.c
@@ -10,6 +10,7 @@
  * more functions ;)
 */
 
+#define _POSIX_C_SOURCE 200809L /* otherwise PATH_MAX + strdup are not defined for build with -std=c99 */
 #include <tomcrypt.h>
 
 #include <string.h>

diff --git a/demos/latex-tables.c b/demos/latex-tables.c
@@ -4,12 +4,6 @@
 #include "tomcrypt_private.h"
 
 #if defined(LTC_PEM_SSH)
-extern const struct blockcipher_info pem_dek_infos[];
-extern const unsigned long pem_dek_infos_num;
-
-extern const struct blockcipher_info ssh_ciphers[];
-extern const unsigned long ssh_ciphers_num;
-
 static const struct {
    const char *is, *should;
 } cipher_name_map[] = {

diff --git a/demos/openssl-enc.c b/demos/openssl-enc.c
@@ -109,7 +109,7 @@ static void LTC_NORETURN barf(const char *pname, const char *err)
  * Output:       CRYPT_OK if parsed OK, CRYPT_ERROR if not
  * Side Effects: infile's read pointer += 16
  */
-int parse_openssl_header(FILE *in, unsigned char *out)
+static int parse_openssl_header(FILE *in, unsigned char *out)
 {
    unsigned char tmp[SALT_LENGTH];
    if(fread(tmp, 1, sizeof(tmp), in) != sizeof(tmp))
@@ -129,7 +129,7 @@ int parse_openssl_header(FILE *in, unsigned char *out)
  * Output:       none
  * Side Effects: bytes printed as a hex blob, no lf at the end
  */
-void dump_bytes(unsigned char *in, unsigned long len)
+static void dump_bytes(unsigned char *in, unsigned long len)
 {
    unsigned long idx;
    for(idx=0; idx<len; idx++)
@@ -171,8 +171,8 @@ static size_t s_pkcs7_pad(union paddable *buf, size_t nb, int block_length,
  * Output:       CRYPT_OK if no error
  * Side Effects: bytes slurped from infile, pushed to outfile, fds updated.
  */
-int do_crypt(FILE *infd, FILE *outfd, unsigned char *key, unsigned char *iv,
-             int encrypt)
+static int do_crypt(FILE *infd, FILE *outfd, unsigned char *key, unsigned char *iv,
+                    int encrypt)
 {
    union paddable inbuf, outbuf;
    int cipher, ret;

diff --git a/demos/sizes.c b/demos/sizes.c
@@ -1,6 +1,7 @@
 /* LibTomCrypt, modular cryptographic library -- Tom St Denis */
 /* SPDX-License-Identifier: Unlicense */
 
+#define _POSIX_C_SOURCE 200809L /* otherwise PATH_MAX + strdup are not defined for build with -std=c99 */
 #include "tomcrypt.h"
 
 #include <string.h>

diff --git a/notes/rsa-testvectors/oaep-vect.c b/notes/rsa-testvectors/oaep-vect.c
@@ -42,7 +42,7 @@ typedef struct testcase {
 #endif /* LTC_TEST_EXT */
 } testcase_t;
 
-testcase_t testcases_oaep[] =
+static testcase_t testcases_oaep[] =
     {
 {
   "Example 1: A 1024-bit RSA Key Pair",

diff --git a/notes/rsa-testvectors/pkcs1v15crypt-vectors.c b/notes/rsa-testvectors/pkcs1v15crypt-vectors.c
@@ -42,7 +42,7 @@ typedef struct testcase {
 #endif /* LTC_TEST_EXT */
 } testcase_t;
 
-testcase_t testcases_eme[] =
+static testcase_t testcases_eme[] =
     {
 {
   "Example 1: A 1024-bit RSA key pair",

diff --git a/notes/rsa-testvectors/pkcs1v15sign-vectors.c b/notes/rsa-testvectors/pkcs1v15sign-vectors.c
@@ -40,7 +40,7 @@ typedef struct testcase {
 #endif /* LTC_TEST_EXT */
 } testcase_t;
 
-testcase_t testcases_emsa[] =
+static testcase_t testcases_emsa[] =
     {
 {
   "Example 1: A 1024-bit RSA key pair",

diff --git a/notes/rsa-testvectors/pss-vect.c b/notes/rsa-testvectors/pss-vect.c
@@ -42,7 +42,7 @@ typedef struct testcase {
 #endif /* LTC_TEST_EXT */
 } testcase_t;
 
-testcase_t testcases_pss[] =
+static testcase_t testcases_pss[] =
     {
 {
   "Example 1: A 1024-bit RSA Key Pair",

diff --git a/src/ciphers/aes/aes_desc.c b/src/ciphers/aes/aes_desc.c
@@ -22,7 +22,7 @@ static LTC_INLINE void s_x86_cpuid(int* regs, int leaf)
 
    a = leaf;
    b = c = d = 0;
-   asm volatile ("cpuid"
+   __asm__ volatile ("cpuid"
        :"=a"(a), "=b"(b), "=c"(c), "=d"(d)
        :"a"(a), "c"(c)
    );

diff --git a/src/ciphers/multi2.c b/src/ciphers/multi2.c
@@ -88,9 +88,9 @@ static void s_decrypt(ulong32 *p, int N, const ulong32 *uk)
    int n, t;
    for (t = 4*(((N-1)>>2)&1), n = N; ;  ) {
       switch (n<=4 ? n : ((n-1)%4)+1) {
-         case 4: s_pi4(p, uk+t); --n; /* FALLTHROUGH */
-         case 3: s_pi3(p, uk+t); --n; /* FALLTHROUGH */
-         case 2: s_pi2(p, uk+t); --n; /* FALLTHROUGH */
+         case 4: s_pi4(p, uk+t); --n; LTC_FALLTHROUGH; /* FALLTHROUGH */
+         case 3: s_pi3(p, uk+t); --n; LTC_FALLTHROUGH; /* FALLTHROUGH */
+         case 2: s_pi2(p, uk+t); --n; LTC_FALLTHROUGH; /* FALLTHROUGH */
          case 1: s_pi1(p); --n; break;
          case 0: return;
       }

diff --git a/src/ciphers/twofish/twofish.c b/src/ciphers/twofish/twofish.c
@@ -250,19 +250,19 @@ static void h_func(const unsigned char *in, unsigned char *out, const unsigned c
             y[1] = (unsigned char)(sbox(0, (ulong32)y[1]) ^ M[4 * (6 + offset) + 1]);
             y[2] = (unsigned char)(sbox(0, (ulong32)y[2]) ^ M[4 * (6 + offset) + 2]);
             y[3] = (unsigned char)(sbox(1, (ulong32)y[3]) ^ M[4 * (6 + offset) + 3]);
-            /* FALLTHROUGH */
+            LTC_FALLTHROUGH; /* FALLTHROUGH */
      case 3:
             y[0] = (unsigned char)(sbox(1, (ulong32)y[0]) ^ M[4 * (4 + offset) + 0]);
             y[1] = (unsigned char)(sbox(1, (ulong32)y[1]) ^ M[4 * (4 + offset) + 1]);
             y[2] = (unsigned char)(sbox(0, (ulong32)y[2]) ^ M[4 * (4 + offset) + 2]);
             y[3] = (unsigned char)(sbox(0, (ulong32)y[3]) ^ M[4 * (4 + offset) + 3]);
-            /* FALLTHROUGH */
+            LTC_FALLTHROUGH; /* FALLTHROUGH */
      case 2:
             y[0] = (unsigned char)(sbox(1, sbox(0, sbox(0, (ulong32)y[0]) ^ M[4 * (2 + offset) + 0]) ^ M[4 * (0 + offset) + 0]));
             y[1] = (unsigned char)(sbox(0, sbox(0, sbox(1, (ulong32)y[1]) ^ M[4 * (2 + offset) + 1]) ^ M[4 * (0 + offset) + 1]));
             y[2] = (unsigned char)(sbox(1, sbox(1, sbox(0, (ulong32)y[2]) ^ M[4 * (2 + offset) + 2]) ^ M[4 * (0 + offset) + 2]));
             y[3] = (unsigned char)(sbox(0, sbox(1, sbox(1, (ulong32)y[3]) ^ M[4 * (2 + offset) + 3]) ^ M[4 * (0 + offset) + 3]));
-            /* FALLTHROUGH */
+            break;
   }
   mds_mult(y, out);
 }

diff --git a/src/encauth/gcm/gcm_gf_mult.c b/src/encauth/gcm/gcm_gf_mult.c
@@ -40,7 +40,7 @@ static LTC_INLINE void s_x86_cpuid(int* regs, int leaf)
 
    a = leaf;
    b = c = d = 0;
-   asm volatile ("cpuid"
+   __asm__ volatile ("cpuid"
        :"=a"(a), "=b"(b), "=c"(c), "=d"(d)
        :"a"(a), "c"(c)
    );

diff --git a/src/encauth/siv/siv.c b/src/encauth/siv/siv.c
@@ -161,7 +161,7 @@ static LTC_INLINE int s_siv_S2V_T(siv_omac_ctx_t *ctx,
    } else {
       s_siv_dbl(D);
       XMEMSET(&T, 0, sizeof(T));
-      XMEMCPY(&T, in, inlen);
+      if (inlen != 0) XMEMCPY(&T, in, inlen);
       T.u.byte[inlen] = 0x80;
       s_siv_xor_buf(D, &T);
 

diff --git a/src/hashes/sha1_desc.c b/src/hashes/sha1_desc.c
@@ -35,7 +35,7 @@ static LTC_INLINE void s_x86_cpuid(int* regs, int leaf)
 
     a = leaf;
     b = c = d = 0;
-    asm volatile ("cpuid"
+    __asm__ volatile ("cpuid"
         :"=a"(a), "=b"(b), "=c"(c), "=d"(d)
         :"a"(a), "c"(c)
     );

diff --git a/src/hashes/sha2/sha224_desc.c b/src/hashes/sha2/sha224_desc.c
@@ -40,7 +40,7 @@ static LTC_INLINE void s_x86_cpuid(int* regs, int leaf)
 
     a = leaf;
     b = c = d = 0;
-    asm volatile ("cpuid"
+    __asm__ volatile ("cpuid"
         :"=a"(a), "=b"(b), "=c"(c), "=d"(d)
         :"a"(a), "c"(c)
     );

diff --git a/src/hashes/sha2/sha256_desc.c b/src/hashes/sha2/sha256_desc.c
@@ -15,7 +15,7 @@ static LTC_INLINE void s_x86_cpuid(int* regs, int leaf)
 
     a = leaf;
     b = c = d = 0;
-    asm volatile ("cpuid"
+    __asm__ volatile ("cpuid"
         :"=a"(a), "=b"(b), "=c"(c), "=d"(d)
         :"a"(a), "c"(c)
     );

diff --git a/src/headers/tomcrypt_cfg.h b/src/headers/tomcrypt_cfg.h
@@ -412,6 +412,9 @@ typedef unsigned long ltc_mp_digit;
 #  define LTC_ATTRIBUTE(x)
 #endif
 
+#if __has_attribute(fallthrough)
+#  define LTC_FALLTHROUGH LTC_ATTRIBUTE((fallthrough))
+#endif
 #if __has_attribute(target)
 #  define LTC_TARGET(x) LTC_ATTRIBUTE((target(x)))
 #endif

diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h
@@ -429,6 +429,20 @@ int pbes2_extract(const ltc_asn1_list *s, pbes_arg *res);
 #endif
 
 #ifdef LTC_PEM
+extern const struct pem_header_id pem_std_headers[];
+extern const unsigned long pem_std_headers_num;
+extern const struct str pem_proc_type_encrypted;
+#ifdef LTC_SSH
+extern const struct str pem_ssh_comment;
+#endif
+extern const struct str pem_dek_info_start;
+extern const struct blockcipher_info pem_dek_infos[];
+extern const unsigned long pem_dek_infos_num;
+#ifdef LTC_PEM_SSH
+extern const struct blockcipher_info ssh_ciphers[];
+extern const unsigned long ssh_ciphers_num;
+#endif
+
 int pem_decrypt(unsigned char *data, unsigned long *datalen,
                 unsigned char *key,  unsigned long keylen,
                 unsigned char *iv,   unsigned long ivlen,

diff --git a/src/misc/adler32.c b/src/misc/adler32.c
@@ -87,16 +87,16 @@ void adler32_finish(const adler32_state *ctx, void *hash, unsigned long size)
    switch (size) {
       default:
          h[3] = ctx->s[0] & 0x0ff;
-         /* FALLTHROUGH */
+         LTC_FALLTHROUGH; /* FALLTHROUGH */
       case 3:
          h[2] = (ctx->s[0] >> 8) & 0x0ff;
-         /* FALLTHROUGH */
+         LTC_FALLTHROUGH; /* FALLTHROUGH */
       case 2:
          h[1] = ctx->s[1] & 0x0ff;
-         /* FALLTHROUGH */
+         LTC_FALLTHROUGH; /* FALLTHROUGH */
       case 1:
          h[0] = (ctx->s[1] >> 8) & 0x0ff;
-         /* FALLTHROUGH */
+         LTC_FALLTHROUGH; /* FALLTHROUGH */
       case 0:
          ;
    }

diff --git a/src/misc/compare_testvector.c b/src/misc/compare_testvector.c
@@ -59,6 +59,8 @@ int ltc_compare_testvector(const void* is, const unsigned long is_len, const voi
    int res = 0;
    if(is_len != should_len) {
       res = is_len > should_len ? -1 : 1;
+   } else if (is_len == 0) {
+      res = 0;
    } else {
       res = XMEMCMP(is, should, is_len);
    }

diff --git a/src/misc/padding/padding_depad.c b/src/misc/padding/padding_depad.c
@@ -52,7 +52,7 @@ int padding_depad(const unsigned char *data, unsigned long *length, unsigned lon
    switch (type) {
       case LTC_PAD_ANSI_X923:
          pad = 0x0;
-         /* FALLTHROUGH */
+         LTC_FALLTHROUGH; /* FALLTHROUGH */
       case LTC_PAD_PKCS7:
          for (n = unpadded_length; n < padded_length - 1; ++n) {
             data_xor_pad |= data[n] ^ pad;

diff --git a/src/misc/padding/padding_pad.c b/src/misc/padding/padding_pad.c
@@ -28,7 +28,7 @@ static int s_padding_padded_length(unsigned long *length, unsigned long mode)
             t = 0;
             break;
          }
-         /* FALLTHROUGH */
+         LTC_FALLTHROUGH; /* FALLTHROUGH */
       case LTC_PAD_PKCS7:
       case LTC_PAD_ONE_AND_ZERO:
       case LTC_PAD_ZERO_ALWAYS:

diff --git a/src/misc/pem/pem_pkcs.c b/src/misc/pem/pem_pkcs.c
@@ -9,9 +9,6 @@
 
 #ifdef LTC_PEM
 
-extern const struct pem_header_id pem_std_headers[];
-extern const unsigned long pem_std_headers_num;
-
 static int s_decrypt_pem(unsigned char *asn1_cert, unsigned long *asn1_len, const struct pem_headers *hdr)
 {
    unsigned char iv[MAXBLOCKSIZE], key[MAXBLOCKSIZE];

diff --git a/src/misc/pem/pem_read.c b/src/misc/pem/pem_read.c
@@ -9,14 +9,6 @@
 
 #ifdef LTC_PEM
 
-extern const struct str pem_proc_type_encrypted;
-#ifdef LTC_SSH
-extern const struct str pem_ssh_comment;
-#endif
-extern const struct str pem_dek_info_start;
-extern const struct blockcipher_info pem_dek_infos[];
-extern const unsigned long pem_dek_infos_num;
-
 static LTC_INLINE unsigned long s_bufp_alloc_len(struct bufp *buf)
 {
    if (buf->start == NULL || buf->end == NULL)
@@ -56,8 +48,11 @@ static LTC_INLINE int s_bufp_fits(struct bufp *buf, unsigned long to_write)
 {
    char *d = buf->work;
    char *e = buf->end;
-   char *w = d + to_write;
-   if (d == NULL || w < d || w > e)
+   char *w;
+   if (d == NULL || e == NULL)
+      return 0;
+   w = d + to_write;
+   if (w < d || w > e)
       return 0;
    return 1;
 }

diff --git a/src/misc/pem/pem_ssh.c b/src/misc/pem/pem_ssh.c
@@ -324,7 +324,7 @@ struct ssh_pka {
    int (*decode)(const unsigned char*, unsigned long*, ltc_pka_key*, enum pem_flags);
 };
 
-struct ssh_pka ssh_pkas[] = {
+static struct ssh_pka ssh_pkas[] = {
 #ifdef LTC_CURVE25519
                              { SET_CSTR(.name, "ssh-ed25519"),
                                LTC_PKA_ED25519,
@@ -555,6 +555,7 @@ static int s_read_authorized_keys(const void *buf, unsigned long len, ssh_author
    }
    XMEMCPY(cpy, buf, len);
    s = cpy;
+   err = CRYPT_ERROR;
    while (clen && (err = s_parse_line(s, &clen, key, &comment)) == CRYPT_OK) {
       if (cb(key, comment, ctx)) {
          break;

diff --git a/src/misc/pkcs12/pkcs12_utf8_to_utf16.c b/src/misc/pkcs12/pkcs12_utf8_to_utf16.c
@@ -30,15 +30,15 @@ int pkcs12_utf8_to_utf16(const unsigned char *in,  unsigned long  inlen,
       if (in + extra >= in_end) goto ERROR;
       switch (extra) {
          case 5: ch += *in++; ch <<= 6;
-         /* FALLTHROUGH */
+         LTC_FALLTHROUGH; /* FALLTHROUGH */
          case 4: ch += *in++; ch <<= 6;
-         /* FALLTHROUGH */
+         LTC_FALLTHROUGH; /* FALLTHROUGH */
          case 3: ch += *in++; ch <<= 6;
-         /* FALLTHROUGH */
+         LTC_FALLTHROUGH; /* FALLTHROUGH */
          case 2: ch += *in++; ch <<= 6;
-         /* FALLTHROUGH */
+         LTC_FALLTHROUGH; /* FALLTHROUGH */
          case 1: ch += *in++; ch <<= 6;
-         /* FALLTHROUGH */
+         LTC_FALLTHROUGH; /* FALLTHROUGH */
          case 0: ch += *in++;
       }
       ch -= offset[extra];

diff --git a/src/pk/ec25519/tweetnacl.c b/src/pk/ec25519/tweetnacl.c
@@ -14,6 +14,9 @@ typedef ulong64 u64;
 typedef long64 i64;
 typedef i64 gf[16];
 
+#define GF25519_RADIX (((i64)1) << 16)  /* field limbs use base 2^16; multiplication avoids left-shifting negative carry values */
+#define MODL_RADIX    (((i64)1) << 8)   /* base used by modL carry reduction; multiplication avoids left-shifting negative carry values */
+
 static const u8
   nine[32] = {9};
 static const gf
@@ -50,10 +53,10 @@ sv car25519(gf o)
   int i;
   i64 c;
   FOR(i,16) {
-    o[i]+=(1LL<<16);
+    o[i]+=GF25519_RADIX;
     c=o[i]>>16;
     o[(i+1)*(i<15)]+=c-1+37*(c-1)*(i==15);
-    o[i]-=c<<16;
+    o[i]-=c*GF25519_RADIX;
   }
 }
 
@@ -366,7 +369,7 @@ sv modL(u8 *r,i64 x[64])
     for (j = i - 32;j < i - 12;++j) {
       x[j] += carry - 16 * x[i] * L[j - (i - 32)];
       carry = (x[j] + 128) >> 8;
-      x[j] -= carry << 8;
+      x[j] -= carry * MODL_RADIX;
     }
     x[j] += carry;
     x[i] = 0;