Imported Upstream version 0.058

2018-03-22 15:54:03 +01:00 · 2018-03-22 15:54:03 +01:00 · 5222ed64e8
commit 5222ed64e8
parent 8a5223aec1
817 changed files with 54952 additions and 19422 deletions
--- a/150
+++ b/150
@ -1,15 +1,57 @@
 Changes for CryptX
-TODO:
+0.059   2018-03-XX
-        - add support for PKCS#8 encrypted RSA+ECC private keys  "-----BEGIN ENCRYPTED PRIVATE KEY-----"
+        - new Crypt::Digest::Keccak(224|256|384|512)
-        - RSA|DSA|ECC: verify_key($level) (basic check + extented primality test)
+        - new sign_hash_rfc7518 + verify_hash_rfc7518 (Crypt::PK::ECC)
-        - better primality testing: http://questhub.io/realm/perl/quest/519032ee1088c76505000035 (idea: mp_prime_lucas)
+        - improved import of pkcs#8 private keys (Crypt::PK::ECC)
-        - DSA: generate_key($p, $q, $g), generate_key(\$dsa_params_der), generate_key($dsa_params_file)
+        - fix #28 Apple's APNS pkcs8 auth key import fails (Crypt::PK::ECC)
-        - XS croaks should report the "real caller" (Crypt::Mac::*, Crypt::Mode::*, ...)
+        - fix cpantesters failure (5.8.1 related)
        - maybe: add CCM interface for new-add-add-done mode
        - maybe: add encode_b32/decode_b32
-0.048   2017/05/31
+0.058   2018-02-27
        - fix: decode_b58b + invalid input
 0.057   2018-01-31
        - significant speed-up (more stuff handled on XS level)
        - Crypt::Checksum is deprecated in favour of Crypt::Checksum::Adler32|CRC32
 0.056   2017-12-22
        - new Crypt::Stream::Rabbit
 0.055   2017-11-28
        - new Crypt::Cipher::IDEA
        - new Crypt::Cipher::Serpent
        - new Crypt::Stream::Salsa20
        - new Crypt::Stream::Sosemanuk
        - added CCM object oriented interface: new-add-add-done
        - fix #39 accept CFLAGS and CPPFLAGS from the environment
        - fix #40 typos in POD
        - fix HMAC+SHA3 (now compliant with NIST test vectors)
 0.054   2017-10-12
        - fix Crypt::PK::DSA verify
        - libtomcrypt updated to 1.18 (+ some extra patches)
        - documentation fixes
 0.053   2017-09-15
        - fix Crypt::PK::DSA generate_key
 0.051   2017-08-08
        - INCOMPATIBLE CHANGE: Crypt::AuthEnc::OCB is now compliant with RFC 7253
 0.050   2017-07-18
        - fix cpantesters failures/warnings
 0.049   2017-07-18
        - libtomcrypt updated to 1.18-rc2 (+ some extra patches)
        - REMOVED: Crypt::PK::DH encrypt decrypt sign_message verify_message sign_hash verify_hash
        - NEW: Crypt::Misc - encode_b32*, decode_b32*, encode_b58*, decode_b58*
        - Crypt::PK::RSA: import public key from X509 certificate
        - Crypt::PK::DSA: improved generate_key()
        - Crypt::PK::DH: improved generate_key()
        - fix #36 aad_add is obsolete for all EncAuth algs (correct is adata_add)
        - fix #37 GCM - Encryption of the empty string
 0.048   2017-05-31
        - NEW: Crypt::Digest::SHA3_224
        - NEW: Crypt::Digest::SHA3_256
        - NEW: Crypt::Digest::SHA3_384
@ -34,43 +76,43 @@ TODO:
        - NEW: functions in Crypt::Misc - increment_octets_be, increment_octets_le
        - Crypt::PRNG now uses chacha20 prng by default
-0.047   2017/04/05
+0.047   2017-04-05
        - fix #32 Compile "ar" step fails when Perl built with -flto (better version)
        - fix #33 build fails on freebsd 9.2 and 10.0 (ar: fatal: Numeric group ID too large)
-0.046   2017/04/04
+0.046   2017-04-04
        - fix #32 Compile "ar" step fails when Perl built with -flto
-0.045   2017/03/31
+0.045   2017-03-31
        - sync with libtomcrypt/develop
        - fix #30 fix on SPARC+SolarisStudio
        - fix #31 Fails tests without '.' in @INC
        - polish compiler warnings
-0.044   2016/11/28
+0.044   2016-11-28
        - fix #27 Math::BigInt::LTM compatibility with older Math::BigInt
-0.043   2016/11/27
+0.043   2016-11-27
        - fix #26 Math::BigInt::LTM compatibility with Math::BigInt 1.999801+
-0.042   2016/11/12
+0.042   2016-11-12
        - RSA: sign/verify functions now support 'none' padding (INSECURE!)
        - RC2: min keylen 40bit, used to be 64bit (INSECURE!)
-0.041   2016/10/12
+0.041   2016-10-12
        - ECC: ltc_ecc_is_point memory leak
        - DSA: properly handle FIPS 186-4 (4.6 + 4.7)
        - GCM: counter incrementation isn't stopped at 2^32 blocks, which breaks GCM
        - fix issue #24 Crypt::PK::ECC needs $VERSION (all *.pm have $VERSION)
-0.040   2016/09/12
+0.040   2016-09-12
        - fix file permissions
        - fix compiler warnings
-0.039   2016/08/02
+0.039   2016-08-02
        - fix build troubles for MacOS / PPC
-0.038   2016/07/06
+0.038   2016-07-06
        - fix issue #20 DSA/RSA/ECC/DH key2hash - hexadecimal numbers are missing leading zero
        - Math::BigInt::LTM fixed mp_invmod(a,b,c) for b == 1
        - Math::BigInt::LTM fixed _log_int()
@ -78,30 +120,30 @@ TODO:
        - fix 'Please specify prototyping behavior for CryptX.xs'
        - libtomcrypt (renaming *tab.c > *tab.c.inc not needed anymore)
-0.037   2016/06/16
+0.037   2016-06-16
        - fix issue #18 Minor issue with comment syntax
        - fix issue #19 t/checksum.t fails on AIX-5.3
-0.036   2016/06/07
+0.036   2016-06-07
        - fix issue #17 ability to export ecc keys in short/oid form
-0.035   2016/06/03
+0.035   2016-06-03
        - fix issue #14 Ensure Crypt::PK::ECC->key2hash()->{curve_name} is lowercase
        - fix issue #15 OpenSSL interoperability broken
-0.034   2016/05/11
+0.034   2016-05-11
        - Prevent RSA import_key() from altering a JWK hash reference
-0.033   2016/05/09
+0.033   2016-05-09
        - MSVC6 related fixes (needed for older ActivePerl@MSWin32)
-0.032   2016/05/04
+0.032   2016-05-04
        - Crypt::PK::DH - accept base/prime values
        - new: DH methods export_key_raw, import_key_raw, params2hash
        - enhanced: DH method generate_key
        - new: Crypt::Checksum, Crypt::Checksum::CRC32, Crypt::Checksum::Adler32
-0.031   2016/05/01
+0.031   2016-05-01
        - new: RSA+ECC method export_key_jwk_thumbprint()
        - new: Crypt::Misc functions random_v4uuid + is_v4uuid
        - fix: RSA+ECC export_key_jwk produces canonical JSON
@ -109,18 +151,18 @@ TODO:
                  public keys exported be previous version can still be imported
        - fix: ECC import_key now accepts non-standard JWK curve names e.g. "secp112r1", "secp521r1"
-0.030   2016/04/13
+0.030   2016-04-13
        - fix: 0.029 + 0.028 by mistake installed *.inc files to perl/(lib|site|vendor)
-0.029   2016/04/13
+0.029   2016-04-13
        - NEW module: Math::BigInt::LTM
        - NEW module: Crypt::Misc
-0.028   2016/03/23
+0.028   2016-03-23
        - IMPORTANT: switch from Module::Build to ExtUtils::MakeMaker
        - fix for broken DSA key (ssh format) loading
-0.027   2016/01/25
+0.027   2016-01-25
        - sync with https://github.com/libtom/libtomcrypt (branch develop)
        - sync with https://github.com/libtom/libtommath (branch develop)
        - HP-UX related fixes
@ -128,26 +170,26 @@ TODO:
        - skip jwk.t if no JSON::* module available
        - does not require MIME::Base64 (we use base64 routines from libtomcrypt)
-0.026   2015/11/28
+0.026   2015-11-28
        - switch to JSON::MaybeXS
        - Crypt::PRNG - rand/irand related cosmetics
        - consistently using UNIX newlines
-0.025   2015/07/07
+0.025   2015-07-07
        - Crypt::PK::ECC+RSA export_key_jwk() allows to export a perl HASH with JWK structure
-0.024   2015/06/29
+0.024   2015-06-29
        - new Crypt::PK::ECC methods
            verify_message_rfc7518()
            sign_message_rfc7518()
            curve2hash()
        - fix for Crypt::PK::RSA - bug in loading private key in JWK format
-0.023   2015/06/10
+0.023   2015-06-10
        - support for older compilers (gcc3, vc6)
        - typo in documentation (by tomhukins)
-0.022   2015/05/22
+0.022   2015-05-22
        - new: Crypt::PK::ECC+RSA export_key_jwk() - exporting JWK format
        - new: Crypt::Digest::SHA512_224
        - new: Crypt::Digest::SHA512_256
@ -161,12 +203,12 @@ TODO:
        - libtommath  updated to the latest develop branch, commit 0fd5e6c17f Dec 11 14:59:35 2014 +0100
        - documentation fixes
-0.021   2014/01/23
+0.021   2014-01-23
        - fixed asm(...) related compiler failures
        - dsa_encrypt_key small correction
        - optimized ecc_encrypt_key
-0.020   2014/01/18
+0.020   2014-01-18
        - INCOMPATIBLE CHANGE: huge redesign of Crypt::PK::ECC
        - ECC now supports curves y^2 = x^3 + a*x + b
        - ECC you can use custom curves
@ -174,13 +216,13 @@ TODO:
        - enabling compile options ASM + ECC_TIMING_RESISTANT
        - added many test vectors (RSA, DSA, EC) for interoperability with openssl
-0.019   2013/10/20
+0.019   2013-10-20
        - fixed broken CAMELLIA implementation
-0.018   2013/10/18
+0.018   2013-10-18
        - DSA: make_key + sign_hash fixes
-0.017   2013/09/24
+0.017   2013-09-24
        - lowering MIME::Base64 version requirement
        - support for import/export of password protected RSA/DSA keys
        - RSA: added - export_key_pem('public_x509')
@ -188,62 +230,62 @@ TODO:
        - added openssl test vectors
        - fixed compiler warnings (RSA/DSA/ECC/DH)
-0.016   2013/09/15
+0.016   2013-09-15
        - added missing test for key2hash, sign_hash, verify_hash
        - fixed build failures on VC6
-0.015   2013/09/12
+0.015   2013-09-12
        - only documentation fixes
-0.014   2013/09/11
+0.014   2013-09-11
        - Crypt::Digest::NNN + Crypt::Mac::NNN - can produce Base64-URL-Safe encoded digest/mac
        - Crypt::PRNG + Crypt::PRNG::NNN - Base64-URL-Safe encoded random bytes (random_bytes_b64u/bytes_b64u)
        - Crypt::PK::RSA/DSA/DH/ECC - sign/verify replaced by sign_message/verify_message + sign_hash/verify_hash
        - Crypt::PK::RSA/DSA/DH/ECC - new method key2hash
        - documentation fixes
-0.013   2013/08/28
+0.013   2013-08-28
        - DSA/RSA/ECC/DH - importing keys from string changed - now: $pk->import_key(\$buffer_with_key)
        - DSA/RSA/ECC/DH - size() and is_private() now return undef if no key loaded
        - improved RSA doc
-0.012   2013/06/17
+0.012   2013-06-17
        - README, LICENSE etc. to improve CPANTS score
        - somehow works with perl 5.6.2
-0.011   2013/06/15
+0.011   2013-06-15
        - fixing various compiler warnings
-0.009   2013/05/19
+0.009   2013-05-19
        - doc fixes
        - requires perl 5.8.8 or higher
        - INCOMPATIBILITY: all digest related 'xxx_base64' functions renamed to 'xxx_b64'
-0.008   2013/05/02
+0.008   2013-05-02
        - fixed prng test failures
        - Crypt::Digest::* croaks with the "real caller" (not a nice solution)
-0.007   2013/04/23
+0.007   2013-04-23
        - Crypt::PRNG supports add_entropy() - without params
        - Crypt::PRNG fork-safe & thread-safe
        - random_string has default $len = 20
        - doc fixes
        - cpan tester failure fix for pk_dsa.t
-0.006   2013/04/19
+0.006   2013-04-19
        - added Crypt::KeyDerivation
        - Win64 compatibility
-0.005   2013/04/18
+0.005   2013-04-18
        - added Crypt::PRNG::Fortuna|RC4|Sober128|Yarrow
        - added Crypt::PK::RSA|DSA|ECC|DH
-0.004   2013/04/16
+0.004   2013-04-16
        - removing illegal Crypt::Random
-0.003   2013/04/16
+0.003   2013-04-16
        - added Crypt::Mode::CBC|CFB|CTR|ECB|OFB
        - added Crypt::AuthEnc::CCM|EAX|GCM|OCB
-0.002   2013/04/11
+0.002   2013-04-11
        - first release on CPAN
--- a/CryptX.xs
+++ b/CryptX.xs
--- a/117
+++ b/117
@ -32,8 +32,11 @@ inc/CryptX_PK_ECC.xs.inc
 inc/CryptX_PK_RSA.xs.inc
 inc/CryptX_PRNG.xs.inc
 inc/CryptX_Stream_ChaCha.xs.inc
 inc/CryptX_Stream_Rabbit.xs.inc
 inc/CryptX_Stream_RC4.xs.inc
 inc/CryptX_Stream_Salsa20.xs.inc
 inc/CryptX_Stream_Sober128.xs.inc
 inc/CryptX_Stream_Sosemanuk.xs.inc
 lib/Crypt/AuthEnc.pm
 lib/Crypt/AuthEnc/CCM.pm
 lib/Crypt/AuthEnc/ChaCha20Poly1305.pm
@ -51,6 +54,7 @@ lib/Crypt/Cipher/Camellia.pm
 lib/Crypt/Cipher/CAST5.pm
 lib/Crypt/Cipher/DES.pm
 lib/Crypt/Cipher/DES_EDE.pm
 lib/Crypt/Cipher/IDEA.pm
 lib/Crypt/Cipher/KASUMI.pm
 lib/Crypt/Cipher/Khazad.pm
 lib/Crypt/Cipher/MULTI2.pm
@ -64,6 +68,7 @@ lib/Crypt/Cipher/SAFER_SK128.pm
 lib/Crypt/Cipher/SAFER_SK64.pm
 lib/Crypt/Cipher/SAFERP.pm
 lib/Crypt/Cipher/SEED.pm
 lib/Crypt/Cipher/Serpent.pm
 lib/Crypt/Cipher/Skipjack.pm
 lib/Crypt/Cipher/Twofish.pm
 lib/Crypt/Cipher/XTEA.pm
@ -77,6 +82,10 @@ lib/Crypt/Digest/BLAKE2s_160.pm
 lib/Crypt/Digest/BLAKE2s_224.pm
 lib/Crypt/Digest/BLAKE2s_256.pm
 lib/Crypt/Digest/CHAES.pm
 lib/Crypt/Digest/Keccak224.pm
 lib/Crypt/Digest/Keccak256.pm
 lib/Crypt/Digest/Keccak384.pm
 lib/Crypt/Digest/Keccak512.pm
 lib/Crypt/Digest/MD2.pm
 lib/Crypt/Digest/MD4.pm
 lib/Crypt/Digest/MD5.pm
@ -128,8 +137,11 @@ lib/Crypt/PRNG/RC4.pm
 lib/Crypt/PRNG/Sober128.pm
 lib/Crypt/PRNG/Yarrow.pm
 lib/Crypt/Stream/ChaCha.pm
 lib/Crypt/Stream/Rabbit.pm
 lib/Crypt/Stream/RC4.pm
 lib/Crypt/Stream/Salsa20.pm
 lib/Crypt/Stream/Sober128.pm
 lib/Crypt/Stream/Sosemanuk.pm
 lib/CryptX.pm
 lib/Math/BigInt/LTM.pm
 LICENSE
@ -138,7 +150,7 @@ MANIFEST			This list of files
 META.json
 META.yml
 ppport.h
-README
+README.md
 src/ltc/ciphers/aes/aes.c
 src/ltc/ciphers/aes/aes_tab.c
 src/ltc/ciphers/anubis.c
@ -146,6 +158,7 @@ src/ltc/ciphers/blowfish.c
 src/ltc/ciphers/camellia.c
 src/ltc/ciphers/cast5.c
 src/ltc/ciphers/des.c
 src/ltc/ciphers/idea.c
 src/ltc/ciphers/kasumi.c
 src/ltc/ciphers/khazad.c
 src/ltc/ciphers/kseed.c
@ -157,6 +170,7 @@ src/ltc/ciphers/rc6.c
 src/ltc/ciphers/safer/safer.c
 src/ltc/ciphers/safer/safer_tab.c
 src/ltc/ciphers/safer/saferp.c
 src/ltc/ciphers/serpent.c
 src/ltc/ciphers/skipjack.c
 src/ltc/ciphers/twofish/twofish.c
 src/ltc/ciphers/twofish/twofish_tab.c
@ -201,8 +215,6 @@ src/ltc/encauth/ocb3/ocb3_encrypt.c
 src/ltc/encauth/ocb3/ocb3_encrypt_authenticate_memory.c
 src/ltc/encauth/ocb3/ocb3_encrypt_last.c
 src/ltc/encauth/ocb3/ocb3_init.c
 src/ltc/encauth/ocb3/ocb3_int_aad_add_block.c
 src/ltc/encauth/ocb3/ocb3_int_calc_offset_zero.c
 src/ltc/encauth/ocb3/ocb3_int_ntz.c
 src/ltc/encauth/ocb3/ocb3_int_xor_blocks.c
 src/ltc/hashes/blake2b.c
@ -293,18 +305,24 @@ src/ltc/mac/xcbc/xcbc_process.c
 src/ltc/math/fp/ltc_ecc_fp_mulmod.c
 src/ltc/math/ltm_desc.c
 src/ltc/math/multi.c
 src/ltc/math/radix_to_bin.c
 src/ltc/math/rand_bn.c
 src/ltc/math/rand_prime.c
 src/ltc/math/tfm_desc.c
 src/ltc/misc/adler32.c
 src/ltc/misc/base32/base32_decode.c
 src/ltc/misc/base32/base32_encode.c
 src/ltc/misc/base64/base64_decode.c
 src/ltc/misc/base64/base64_encode.c
 src/ltc/misc/burn_stack.c
 src/ltc/misc/compare_testvector.c
 src/ltc/misc/copy_or_zeromem.c
 src/ltc/misc/crc32.c
 src/ltc/misc/crypt/crypt.c
 src/ltc/misc/crypt/crypt_argchk.c
 src/ltc/misc/crypt/crypt_cipher_descriptor.c
 src/ltc/misc/crypt/crypt_cipher_is_valid.c
 src/ltc/misc/crypt/crypt_constants.c
 src/ltc/misc/crypt/crypt_find_cipher.c
 src/ltc/misc/crypt/crypt_find_cipher_any.c
 src/ltc/misc/crypt/crypt_find_cipher_id.c
@ -320,9 +338,14 @@ src/ltc/misc/crypt/crypt_inits.c
 src/ltc/misc/crypt/crypt_ltc_mp_descriptor.c
 src/ltc/misc/crypt/crypt_prng_descriptor.c
 src/ltc/misc/crypt/crypt_prng_is_valid.c
 src/ltc/misc/crypt/crypt_prng_rng_descriptor.c
 src/ltc/misc/crypt/crypt_register_all_ciphers.c
 src/ltc/misc/crypt/crypt_register_all_hashes.c
 src/ltc/misc/crypt/crypt_register_all_prngs.c
 src/ltc/misc/crypt/crypt_register_cipher.c
 src/ltc/misc/crypt/crypt_register_hash.c
 src/ltc/misc/crypt/crypt_register_prng.c
 src/ltc/misc/crypt/crypt_sizes.c
 src/ltc/misc/crypt/crypt_unregister_cipher.c
 src/ltc/misc/crypt/crypt_unregister_hash.c
 src/ltc/misc/crypt/crypt_unregister_prng.c
@ -370,6 +393,16 @@ src/ltc/pk/asn1/der/boolean/der_decode_boolean.c
 src/ltc/pk/asn1/der/boolean/der_encode_boolean.c
 src/ltc/pk/asn1/der/boolean/der_length_boolean.c
 src/ltc/pk/asn1/der/choice/der_decode_choice.c
 src/ltc/pk/asn1/der/custom_type/der_decode_custom_type.c
 src/ltc/pk/asn1/der/custom_type/der_encode_custom_type.c
 src/ltc/pk/asn1/der/custom_type/der_length_custom_type.c
 src/ltc/pk/asn1/der/general/der_asn1_maps.c
 src/ltc/pk/asn1/der/general/der_decode_asn1_identifier.c
 src/ltc/pk/asn1/der/general/der_decode_asn1_length.c
 src/ltc/pk/asn1/der/general/der_encode_asn1_identifier.c
 src/ltc/pk/asn1/der/general/der_encode_asn1_length.c
 src/ltc/pk/asn1/der/general/der_length_asn1_identifier.c
 src/ltc/pk/asn1/der/general/der_length_asn1_length.c
 src/ltc/pk/asn1/der/generalizedtime/der_decode_generalizedtime.c
 src/ltc/pk/asn1/der/generalizedtime/der_encode_generalizedtime.c
 src/ltc/pk/asn1/der/generalizedtime/der_length_generalizedtime.c
@ -391,12 +424,11 @@ src/ltc/pk/asn1/der/printable_string/der_length_printable_string.c
 src/ltc/pk/asn1/der/sequence/der_decode_sequence_ex.c
 src/ltc/pk/asn1/der/sequence/der_decode_sequence_flexi.c
 src/ltc/pk/asn1/der/sequence/der_decode_sequence_multi.c
 src/ltc/pk/asn1/der/sequence/der_decode_subject_public_key_info.c
 src/ltc/pk/asn1/der/sequence/der_encode_sequence_ex.c
 src/ltc/pk/asn1/der/sequence/der_encode_sequence_multi.c
 src/ltc/pk/asn1/der/sequence/der_encode_subject_public_key_info.c
 src/ltc/pk/asn1/der/sequence/der_length_sequence.c
 src/ltc/pk/asn1/der/sequence/der_sequence_free.c
 src/ltc/pk/asn1/der/sequence/der_sequence_shrink.c
 src/ltc/pk/asn1/der/set/der_encode_set.c
 src/ltc/pk/asn1/der/set/der_encode_setof.c
 src/ltc/pk/asn1/der/short_integer/der_decode_short_integer.c
@ -410,17 +442,28 @@ src/ltc/pk/asn1/der/utctime/der_length_utctime.c
 src/ltc/pk/asn1/der/utf8/der_decode_utf8_string.c
 src/ltc/pk/asn1/der/utf8/der_encode_utf8_string.c
 src/ltc/pk/asn1/der/utf8/der_length_utf8_string.c
 src/ltc/pk/asn1/x509/x509_decode_subject_public_key_info.c
 src/ltc/pk/asn1/x509/x509_encode_subject_public_key_info.c
 src/ltc/pk/dh/dh.c
-src/ltc/pk/dh/dh_static.c
+src/ltc/pk/dh/dh_check_pubkey.c
-src/ltc/pk/dh/dh_static.h
+src/ltc/pk/dh/dh_export.c
-src/ltc/pk/dh/dh_sys.c
+src/ltc/pk/dh/dh_export_key.c
 src/ltc/pk/dh/dh_free.c
 src/ltc/pk/dh/dh_generate_key.c
 src/ltc/pk/dh/dh_import.c
 src/ltc/pk/dh/dh_set.c
 src/ltc/pk/dh/dh_set_pg_dhparam.c
 src/ltc/pk/dh/dh_shared_secret.c
 src/ltc/pk/dsa/dsa_decrypt_key.c
 src/ltc/pk/dsa/dsa_encrypt_key.c
 src/ltc/pk/dsa/dsa_export.c
 src/ltc/pk/dsa/dsa_free.c
 src/ltc/pk/dsa/dsa_generate_key.c
 src/ltc/pk/dsa/dsa_generate_pqg.c
 src/ltc/pk/dsa/dsa_import.c
 src/ltc/pk/dsa/dsa_import_radix.c
 src/ltc/pk/dsa/dsa_make_key.c
 src/ltc/pk/dsa/dsa_set.c
 src/ltc/pk/dsa/dsa_set_pqg_dsaparam.c
 src/ltc/pk/dsa/dsa_shared_secret.c
 src/ltc/pk/dsa/dsa_sign_hash.c
 src/ltc/pk/dsa/dsa_verify_hash.c
@ -429,33 +472,29 @@ src/ltc/pk/ecc/ecc.c
 src/ltc/pk/ecc/ecc_ansi_x963_export.c
 src/ltc/pk/ecc/ecc_ansi_x963_import.c
 src/ltc/pk/ecc/ecc_decrypt_key.c
 src/ltc/pk/ecc/ecc_dp_clear.c
 src/ltc/pk/ecc/ecc_dp_fill_from_sets.c
 src/ltc/pk/ecc/ecc_dp_from_oid.c
 src/ltc/pk/ecc/ecc_dp_from_params.c
 src/ltc/pk/ecc/ecc_dp_init.c
 src/ltc/pk/ecc/ecc_dp_set.c
 src/ltc/pk/ecc/ecc_encrypt_key.c
 src/ltc/pk/ecc/ecc_export.c
-src/ltc/pk/ecc/ecc_export_full.c
+src/ltc/pk/ecc/ecc_export_openssl.c
 src/ltc/pk/ecc/ecc_export_raw.c
 src/ltc/pk/ecc/ecc_free.c
 src/ltc/pk/ecc/ecc_get_key.c
 src/ltc/pk/ecc/ecc_get_set.c
 src/ltc/pk/ecc/ecc_get_size.c
 src/ltc/pk/ecc/ecc_import.c
-src/ltc/pk/ecc/ecc_import_full.c
+src/ltc/pk/ecc/ecc_import_openssl.c
 src/ltc/pk/ecc/ecc_import_pkcs8.c
-src/ltc/pk/ecc/ecc_import_raw.c
+src/ltc/pk/ecc/ecc_import_x509.c
 src/ltc/pk/ecc/ecc_make_key.c
 src/ltc/pk/ecc/ecc_set_dp.c
 src/ltc/pk/ecc/ecc_set_dp_internal.c
 src/ltc/pk/ecc/ecc_set_key.c
 src/ltc/pk/ecc/ecc_shared_secret.c
 src/ltc/pk/ecc/ecc_sign_hash.c
 src/ltc/pk/ecc/ecc_sizes.c
 src/ltc/pk/ecc/ecc_verify_hash.c
 src/ltc/pk/ecc/ecc_verify_key.c
 src/ltc/pk/ecc/ltc_ecc_export_point.c
 src/ltc/pk/ecc/ltc_ecc_import_point.c
 src/ltc/pk/ecc/ltc_ecc_is_point.c
 src/ltc/pk/ecc/ltc_ecc_is_point_at_infinity.c
 src/ltc/pk/ecc/ltc_ecc_is_valid_idx.c
 src/ltc/pk/ecc/ltc_ecc_map.c
 src/ltc/pk/ecc/ltc_ecc_mul2add.c
 src/ltc/pk/ecc/ltc_ecc_mulmod.c
@ -463,6 +502,7 @@ src/ltc/pk/ecc/ltc_ecc_mulmod_timing.c
 src/ltc/pk/ecc/ltc_ecc_points.c
 src/ltc/pk/ecc/ltc_ecc_projective_add_point.c
 src/ltc/pk/ecc/ltc_ecc_projective_dbl_point.c
 src/ltc/pk/ecc/ltc_ecc_verify_key.c
 src/ltc/pk/pkcs1/pkcs_1_i2osp.c
 src/ltc/pk/pkcs1/pkcs_1_mgf1.c
 src/ltc/pk/pkcs1/pkcs_1_oaep_decode.c
@ -480,9 +520,9 @@ src/ltc/pk/rsa/rsa_free.c
 src/ltc/pk/rsa/rsa_get_size.c
 src/ltc/pk/rsa/rsa_import.c
 src/ltc/pk/rsa/rsa_import_pkcs8.c
 src/ltc/pk/rsa/rsa_import_radix.c
 src/ltc/pk/rsa/rsa_import_x509.c
 src/ltc/pk/rsa/rsa_make_key.c
 src/ltc/pk/rsa/rsa_set.c
 src/ltc/pk/rsa/rsa_sign_hash.c
 src/ltc/pk/rsa/rsa_sign_saltlen_get.c
 src/ltc/pk/rsa/rsa_verify_hash.c
@ -500,9 +540,16 @@ src/ltc/stream/chacha/chacha_ivctr32.c
 src/ltc/stream/chacha/chacha_ivctr64.c
 src/ltc/stream/chacha/chacha_keystream.c
 src/ltc/stream/chacha/chacha_setup.c
-src/ltc/stream/rc4/rc4.c
+src/ltc/stream/rabbit/rabbit.c
-src/ltc/stream/sober128/sober128.c
+src/ltc/stream/rc4/rc4_stream.c
 src/ltc/stream/salsa20/salsa20_crypt.c
 src/ltc/stream/salsa20/salsa20_done.c
 src/ltc/stream/salsa20/salsa20_ivctr64.c
 src/ltc/stream/salsa20/salsa20_keystream.c
 src/ltc/stream/salsa20/salsa20_setup.c
 src/ltc/stream/sober128/sober128_stream.c
 src/ltc/stream/sober128/sober128tab.c
 src/ltc/stream/sosemanuk/sosemanuk.c
 src/ltm/bn_error.c
 src/ltm/bn_fast_mp_invmod.c
 src/ltm/bn_fast_mp_montgomery_reduce.c
@ -640,6 +687,8 @@ src/Makefile.nmake
 t/001_compile.t
 t/002_all_pm.t
 t/003_all_pm_pod.t
 t/004_all_pm_pod_spelling.t
 t/005_all_pm_pod_coverage.t
 t/auth_enc_ccm.t
 t/auth_enc_ccm_test_vector_ltc.t
 t/auth_enc_chacha20poly1305.t
@ -658,6 +707,8 @@ t/cipher_camellia.t
 t/cipher_cast5.t
 t/cipher_des.t
 t/cipher_des_ede.t
 t/cipher_idea.t
 t/cipher_idea_compat.t
 t/cipher_kasumi.t
 t/cipher_khazad.t
 t/cipher_multi2.t
@ -673,8 +724,12 @@ t/cipher_safer_sk64.t
 t/cipher_saferp.t
 t/cipher_seed.t
 t/cipher_seed_test_vectors_bc.t
 t/cipher_serpent.t
 t/cipher_serpent_compat.t
 t/cipher_skipjack.t
 t/cipher_stream.t
 t/cipher_stream_rabbit.t
 t/cipher_stream_salsa20.t
 t/cipher_test_vectors_ltc.t
 t/cipher_test_vectors_openssl.t
 t/cipher_twofish.t
@ -765,6 +820,8 @@ t/data/openssl_ec1.pub.der
 t/data/openssl_ec1.pub.pem
 t/data/openssl_ec1.pubc.der
 t/data/openssl_ec1.pubc.pem
 t/data/openssl_rsa-x509.der
 t/data/openssl_rsa-x509.pem
 t/data/openssl_rsa1.der
 t/data/openssl_rsa1.pem
 t/data/openssl_rsa1.pubonly.der
@ -858,6 +915,10 @@ t/digest_blake2s_160.t
 t/digest_blake2s_224.t
 t/digest_blake2s_256.t
 t/digest_chaes.t
 t/digest_keccak224.t
 t/digest_keccak256.t
 t/digest_keccak384.t
 t/digest_keccak512.t
 t/digest_md2.t
 t/digest_md4.t
 t/digest_md5.t
@ -886,6 +947,7 @@ t/mac_blake2b.t
 t/mac_blake2s.t
 t/mac_f9.t
 t/mac_hmac.t
 t/mac_hmac_nist.t
 t/mac_hmac_test_vectors_ltc.t
 t/mac_omac.t
 t/mac_omac_test_vectors_ltc.t
@ -926,4 +988,11 @@ t/prng_rc4.t
 t/prng_sober128.t
 t/prng_yarrow.t
 t/sshkey.t
 t/wycheproof.t
 t/wycheproof/aes_gcm_test.json
 t/wycheproof/dsa_test.json
 t/wycheproof/ecdh_webcrypto_test.json
 t/wycheproof/ecdsa_test.json
 t/wycheproof/ecdsa_webcrypto_test.json
 t/wycheproof/rsa_signature_test.json
 typemap
--- a/META.json
+++ b/META.json
@ -4,13 +4,13 @@
      "Karel Miko"
   ],
   "dynamic_config" : 1,
-   "generated_by" : "ExtUtils::MakeMaker version 7.24, CPAN::Meta::Converter version 2.150010",
+   "generated_by" : "ExtUtils::MakeMaker version 7.3, CPAN::Meta::Converter version 2.150010",
   "license" : [
      "perl_5"
   ],
   "meta-spec" : {
      "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec",
-      "version" : "2"
+      "version" : 2
   },
   "name" : "CryptX",
   "no_index" : {
@ -36,7 +36,7 @@
         }
      }
   },
-   "release_status" : "stable",
+   "release_status" : "unstable",
   "resources" : {
      "bugtracker" : {
         "web" : "https://github.com/DCIT/perl-CryptX/issues"
@ -45,6 +45,6 @@
         "url" : "https://github.com/DCIT/perl-CryptX"
      }
   },
-   "version" : "0.048",
+   "version" : "0.058_002",
-   "x_serialization_backend" : "JSON::PP version 2.27400"
+   "x_serialization_backend" : "JSON::PP version 2.94"
 }
--- a/META.yml
+++ b/META.yml
@ -7,7 +7,7 @@ build_requires:
 configure_requires:
  ExtUtils::MakeMaker: '0'
 dynamic_config: 1
-generated_by: 'ExtUtils::MakeMaker version 7.24, CPAN::Meta::Converter version 2.150010'
+generated_by: 'ExtUtils::MakeMaker version 7.3, CPAN::Meta::Converter version 2.150010'
 license: perl
 meta-spec:
  url: http://module-build.sourceforge.net/META-spec-v1.4.html
@ -22,5 +22,5 @@ requires:
 resources:
  bugtracker: https://github.com/DCIT/perl-CryptX/issues
  repository: https://github.com/DCIT/perl-CryptX
-version: '0.048'
+version: 0.058_002
 x_serialization_backend: 'CPAN::Meta::YAML version 0.018'
--- a/Makefile.PL
+++ b/Makefile.PL
@ -3,26 +3,58 @@ use warnings;
 use ExtUtils::MakeMaker;
 use Config;
-my @myobjs = map { s|.c$|$Config{obj_ext}|; $_ } grep { $_ !~ m|^src/ltc/\.*tab\.c$| } (
+my (@EUMM_INC_LIB, $myarflags, $mycflags);
    glob('src/ltm/*.c'),
    glob('src/ltc/*/*.c'),
    glob('src/ltc/*/*/*.c'),
    glob('src/ltc/*/*/*/*.c'),
    glob('src/ltc/*/*/*/*/*.c'),
 );
 my $myextlib = "src/liballinone$Config{lib_ext}";
 my $mycflags = "$Config{cccdlflags} $Config{ccflags} $Config{optimize} -Iltm -Iltc/headers -DLTC_SOURCE -DLTC_NO_TEST -DLTC_NO_PROTOTYPES -DLTM_DESC";
-#FIX: gcc with -flto is a trouble maker see https://github.com/DCIT/perl-CryptX/issues/32
+if ($ENV{CRYPTX_CFLAGS} || $ENV{CRYPTX_LDFLAGS}) {
-$mycflags =~ s/-flto\b//g;
+  # EXPERIMENTAL: use system libraries libtomcrypt + libtommath
  # e.g.
  # CRYPTX_LDFLAGS='-L/usr/local/lib -ltommath -ltomcrypt' CRYPTX_CFLAGS='-DLTM_DESC -I/usr/local/include' perl Makefile.PL
  print "CRYPTX_CFLAGS  = $ENV{CRYPTX_CFLAGS}\n"  if $ENV{CRYPTX_CFLAGS};
  print "CRYPTX_LDFLAGS = $ENV{CRYPTX_LDFLAGS}\n" if $ENV{CRYPTX_LDFLAGS};
  @EUMM_INC_LIB = (
    INC      => $ENV{CRYPTX_CFLAGS},
    LIBS     => [ $ENV{CRYPTX_LDFLAGS} ],
  );
 }
 else {
  # PREFERRED: use bundled libtomcrypt + libtommath (from ./src subdir)
  my @myobjs = map { s|.c$|$Config{obj_ext}|; $_ } grep { $_ !~ m|^src/ltc/\.*tab\.c$| } (
      glob('src/ltm/*.c'),
      glob('src/ltc/*/*.c'),
      glob('src/ltc/*/*/*.c'),
      glob('src/ltc/*/*/*/*.c'),
      glob('src/ltc/*/*/*/*/*.c'),
  );
  $mycflags = "$Config{ccflags} $Config{cccdlflags} $Config{optimize}";
-#FIX: avoid "ar: fatal: Numeric group ID too large" see https://github.com/DCIT/perl-CryptX/issues/33
+  #FIX: this is particularly useful for Debian https://github.com/DCIT/perl-CryptX/pull/39
-my $myarflags = '$(AR_STATIC_ARGS)';
+  $mycflags .= " $ENV{CFLAGS}"   if $ENV{CFLAGS};
-if ($^O ne 'MSWin32' && $Config{ar}) {
+  $mycflags .= " $ENV{CPPFLAGS}" if $ENV{CPPFLAGS};
-  # for ar's "deterministic mode" we need GNU binutils 2.20+ (2009-10-16)
+
-  my $arver = `$Config{ar} --version`;
+  #FIX: gcc with -flto is a trouble maker see https://github.com/DCIT/perl-CryptX/issues/32
-  my ($maj, $min) = $arver =~ /^GNU ar [^\d]*(\d)\.(\d+)\.\d+/s;
+  $mycflags =~ s/-flto\b//g;
-  $myarflags = 'rcD' if ($maj && $min && $maj >= 2 && $min >= 20) || $arver=~ /^BSD ar /;
+
  #FIX: avoid -Wwrite-strings -Wcast-qual -pedantic -pedantic-errors -ansi -std=c89
  $mycflags =~ s/-pedantic\b//g;
  $mycflags =~ s/-pedantic-errors\b//g;
  $mycflags =~ s/-std=c89\b//g;
  $mycflags =~ s/-ansi\b//g;
  $mycflags =~ s/-Wwrite-strings\b//g;
  $mycflags =~ s/-Wcast-qual\b//g;
  #FIX: avoid "ar: fatal: Numeric group ID too large" see https://github.com/DCIT/perl-CryptX/issues/33
  $myarflags = '$(AR_STATIC_ARGS)';
  if ($^O ne 'MSWin32' && $Config{ar}) {
    # for ar's "deterministic mode" we need GNU binutils 2.20+ (2009-10-16)
    my $arver = `$Config{ar} --version 2>/dev/null`;
    my ($maj, $min) = $arver =~ /^GNU ar [^\d]*(\d)\.(\d+)\.\d+/s;
    $myarflags = 'rcD' if ($maj && $min && $maj >= 2 && $min >= 20) || $arver=~ /^BSD ar /;
  }
  @EUMM_INC_LIB = (
    INC      => '-DLTM_DESC -Isrc/ltc/headers -Isrc/ltm',
    MYEXTLIB => "src/liballinone$Config{lib_ext}",
    clean    => { 'FILES' => join(' ', @myobjs, "src/liballinone$Config{lib_ext}") },
  );
 }
 my %eumm_args = (
@ -33,14 +65,11 @@ my %eumm_args = (
  MIN_PERL_VERSION => '5.006',
  LICENSE          => 'perl_5',
  META_MERGE       => { resources  => { repository => 'https://github.com/DCIT/perl-CryptX', bugtracker => 'https://github.com/DCIT/perl-CryptX/issues' } },
-  DEFINE           => '-DLTC_SOURCE -DLTC_NO_TEST -DLTC_NO_PROTOTYPES -DLTM_DESC',
+  dist             => { 'PREOP' => 'perldoc -u lib/CryptX.pm | pod2markdown > README.md' },
-  INC              => '-Isrc/ltc/headers -Isrc/ltm',
+  @EUMM_INC_LIB
  LIBS             => [''],
  MYEXTLIB         => $myextlib,
  clean            => { 'FILES' => join(' ', @myobjs, $myextlib) },
 );
-my $eumm_ver  = eval $ExtUtils::MakeMaker::VERSION;
+my $eumm_ver = eval $ExtUtils::MakeMaker::VERSION;
 delete $eumm_args{MIN_PERL_VERSION} if $eumm_ver < 6.48;
 delete $eumm_args{META_ADD}         if $eumm_ver < 6.46;
 delete $eumm_args{META_MERGE}       if $eumm_ver < 6.46;
@ -48,40 +77,49 @@ delete $eumm_args{LICENSE}          if $eumm_ver < 6.31;
 WriteMakefile(%eumm_args);
 # ARFLAGS=\$(AR_STATIC_ARGS) RANLIB=\$(RANLIB) AR=\$(AR)
 sub MY::postamble {
-  my $myextlib = qq{
+  return "" unless $mycflags && $myarflags;
  my $extra_targets = qq{
 \$(MYEXTLIB): src/Makefile
 	cd src && \$(MAKE) ARFLAGS="$myarflags" RANLIB="\$(RANLIB)" AR="\$(AR)" CC="\$(CC)" LIB_EXT=\$(LIB_EXT) OBJ_EXT=\$(OBJ_EXT) CFLAGS="$mycflags"
 };
-  $myextlib = qq{
+  $extra_targets = qq{
 \$(MYEXTLIB): src/Makefile
 	cd src && \$(MAKE) -f Makefile.nmake CFLAGS="$mycflags"
 } if $^O eq 'MSWin32' && $Config{make} =~ /nmake/ && $Config{cc} =~ /cl/;
-  $myextlib = qq{
+  $extra_targets = qq{
 \$(MYEXTLIB): src/Makefile
 	cd src && \$(MAKE) CC="$Config{cc}" CFLAGS="$mycflags"
 } if $^O eq 'MSWin32' && $Config{cc} =~ /gcc/;
-  my $version_patch = q{
+  $extra_targets .= q{
 versionsync:
 	$(NOECHO) perl _generators/version_patch.pl sync
 versioninc:
 	$(NOECHO) perl _generators/version_patch.pl inc
 versionincdev:
 	$(NOECHO) perl _generators/version_patch.pl incdev
 versiondec:
 	$(NOECHO) perl _generators/version_patch.pl dec
 versiondecdev:
 	$(NOECHO) perl _generators/version_patch.pl decdev
 gencode:
 	$(NOECHO) perl _generators/gen.pl gencode
 gentest: all
 	$(NOECHO) perl _generators/gen.pl gentest
 openssltest: all
 	$(NOECHO) perl -Mblib t/openssl/dsa-test.pl
 	$(NOECHO) perl -Mblib t/openssl/ecc-test.pl
 	$(NOECHO) perl -Mblib t/openssl/rsa-test.pl
 rebuild-pre:
 	$(RM_F) src/liballinone.a
 	$(TOUCH) CryptX.xs
 rebuild: rebuild-pre all
 };
-  return "$myextlib\n$version_patch";
+  return $extra_targets;
 }
--- a/68
+++ b/68
@ -1,68 +0,0 @@
 NAME
    CryptX - Crypto toolkit (self-contained no external libraries needed)
 DESCRIPTION
    Cryptography in CryptX is based on
    <https://github.com/libtom/libtomcrypt>
    Currently available modules:
    *   Ciphers - see Crypt::Cipher and related modules
        Crypt::Cipher::AES, Crypt::Cipher::Anubis, Crypt::Cipher::Blowfish,
        Crypt::Cipher::Camellia, Crypt::Cipher::CAST5, Crypt::Cipher::DES,
        Crypt::Cipher::DES_EDE, Crypt::Cipher::KASUMI,
        Crypt::Cipher::Khazad, Crypt::Cipher::MULTI2,
        Crypt::Cipher::Noekeon, Crypt::Cipher::RC2, Crypt::Cipher::RC5,
        Crypt::Cipher::RC6, Crypt::Cipher::SAFERP,
        Crypt::Cipher::SAFER_K128, Crypt::Cipher::SAFER_K64,
        Crypt::Cipher::SAFER_SK128, Crypt::Cipher::SAFER_SK64,
        Crypt::Cipher::SEED, Crypt::Cipher::Skipjack,
        Crypt::Cipher::Twofish, Crypt::Cipher::XTEA
    *   Block cipher modes
        Crypt::Mode::CBC, Crypt::Mode::CFB, Crypt::Mode::CTR,
        Crypt::Mode::ECB, Crypt::Mode::OFB
    *   Authenticated encryption modes
        Crypt::AuthEnc::CCM, Crypt::AuthEnc::EAX, Crypt::AuthEnc::GCM,
        Crypt::AuthEnc::OCB
    *   Hash Functions - see Crypt::Digest and related modules
        Crypt::Digest::CHAES, Crypt::Digest::MD2, Crypt::Digest::MD4,
        Crypt::Digest::MD5, Crypt::Digest::RIPEMD128,
        Crypt::Digest::RIPEMD160, Crypt::Digest::RIPEMD256,
        Crypt::Digest::RIPEMD320, Crypt::Digest::SHA1,
        Crypt::Digest::SHA224, Crypt::Digest::SHA256, Crypt::Digest::SHA384,
        Crypt::Digest::SHA512, Crypt::Digest::SHA512_224,
        Crypt::Digest::SHA512_256, Crypt::Digest::Tiger192,
        Crypt::Digest::Whirlpool
    *   Message Authentication Codes
        Crypt::Mac::F9, Crypt::Mac::HMAC, Crypt::Mac::OMAC,
        Crypt::Mac::Pelican, Crypt::Mac::PMAC, Crypt::Mac::XCBC
    *   Public key cryptography
        Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::ECC, Crypt::PK::DH
    *   Cryptographically secure random number generators
        Crypt::PRNG, Crypt::PRNG::Fortuna, Crypt::PRNG::Yarrow,
        Crypt::PRNG::RC4, Crypt::PRNG::Sober128
    *   Key derivation functions - PBKDF1, PBKFD2 and HKDF
        Crypt::KeyDerivation
 LICENSE
    This program is free software; you can redistribute it and/or modify it
    under the same terms as Perl itself.
 COPYRIGHT
    Copyright (c) 2013-2015 DCIT, a.s. <http://www.dcit.cz> / Karel Miko
--- a/README.md
+++ b/README.md
@ -0,0 +1,73 @@
 # NAME
 CryptX - Cryptographic toolkit (self-contained, no external libraries needed)
 # DESCRIPTION
 Cryptography in CryptX is based on [https://github.com/libtom/libtomcrypt](https://github.com/libtom/libtomcrypt)
 Available modules:
 - Symmetric ciphers - see [Crypt::Cipher](https://metacpan.org/pod/Crypt::Cipher) and related modules
    [Crypt::Cipher::AES](https://metacpan.org/pod/Crypt::Cipher::AES), [Crypt::Cipher::Anubis](https://metacpan.org/pod/Crypt::Cipher::Anubis), [Crypt::Cipher::Blowfish](https://metacpan.org/pod/Crypt::Cipher::Blowfish), [Crypt::Cipher::Camellia](https://metacpan.org/pod/Crypt::Cipher::Camellia), [Crypt::Cipher::CAST5](https://metacpan.org/pod/Crypt::Cipher::CAST5), [Crypt::Cipher::DES](https://metacpan.org/pod/Crypt::Cipher::DES),
    [Crypt::Cipher::DES\_EDE](https://metacpan.org/pod/Crypt::Cipher::DES_EDE), [Crypt::Cipher::IDEA](https://metacpan.org/pod/Crypt::Cipher::IDEA), [Crypt::Cipher::KASUMI](https://metacpan.org/pod/Crypt::Cipher::KASUMI), [Crypt::Cipher::Khazad](https://metacpan.org/pod/Crypt::Cipher::Khazad), [Crypt::Cipher::MULTI2](https://metacpan.org/pod/Crypt::Cipher::MULTI2), [Crypt::Cipher::Noekeon](https://metacpan.org/pod/Crypt::Cipher::Noekeon),
    [Crypt::Cipher::RC2](https://metacpan.org/pod/Crypt::Cipher::RC2), [Crypt::Cipher::RC5](https://metacpan.org/pod/Crypt::Cipher::RC5), [Crypt::Cipher::RC6](https://metacpan.org/pod/Crypt::Cipher::RC6), [Crypt::Cipher::SAFERP](https://metacpan.org/pod/Crypt::Cipher::SAFERP), [Crypt::Cipher::SAFER\_K128](https://metacpan.org/pod/Crypt::Cipher::SAFER_K128), [Crypt::Cipher::SAFER\_K64](https://metacpan.org/pod/Crypt::Cipher::SAFER_K64),
    [Crypt::Cipher::SAFER\_SK128](https://metacpan.org/pod/Crypt::Cipher::SAFER_SK128), [Crypt::Cipher::SAFER\_SK64](https://metacpan.org/pod/Crypt::Cipher::SAFER_SK64), [Crypt::Cipher::SEED](https://metacpan.org/pod/Crypt::Cipher::SEED), [Crypt::Cipher::Serpent](https://metacpan.org/pod/Crypt::Cipher::Serpent), [Crypt::Cipher::Skipjack](https://metacpan.org/pod/Crypt::Cipher::Skipjack),
    [Crypt::Cipher::Twofish](https://metacpan.org/pod/Crypt::Cipher::Twofish), [Crypt::Cipher::XTEA](https://metacpan.org/pod/Crypt::Cipher::XTEA)
 - Block cipher modes
    [Crypt::Mode::CBC](https://metacpan.org/pod/Crypt::Mode::CBC), [Crypt::Mode::CFB](https://metacpan.org/pod/Crypt::Mode::CFB), [Crypt::Mode::CTR](https://metacpan.org/pod/Crypt::Mode::CTR), [Crypt::Mode::ECB](https://metacpan.org/pod/Crypt::Mode::ECB), [Crypt::Mode::OFB](https://metacpan.org/pod/Crypt::Mode::OFB)
 - Stream ciphers
    [Crypt::Stream::RC4](https://metacpan.org/pod/Crypt::Stream::RC4), [Crypt::Stream::ChaCha](https://metacpan.org/pod/Crypt::Stream::ChaCha), [Crypt::Stream::Salsa20](https://metacpan.org/pod/Crypt::Stream::Salsa20), [Crypt::Stream::Sober128](https://metacpan.org/pod/Crypt::Stream::Sober128),
    [Crypt::Stream::Sosemanuk](https://metacpan.org/pod/Crypt::Stream::Sosemanuk), [Crypt::Stream::Rabbit](https://metacpan.org/pod/Crypt::Stream::Rabbit)
 - Authenticated encryption modes
    [Crypt::AuthEnc::CCM](https://metacpan.org/pod/Crypt::AuthEnc::CCM), [Crypt::AuthEnc::EAX](https://metacpan.org/pod/Crypt::AuthEnc::EAX), [Crypt::AuthEnc::GCM](https://metacpan.org/pod/Crypt::AuthEnc::GCM), [Crypt::AuthEnc::OCB](https://metacpan.org/pod/Crypt::AuthEnc::OCB), [Crypt::AuthEnc::ChaCha20Poly1305](https://metacpan.org/pod/Crypt::AuthEnc::ChaCha20Poly1305)
 - Hash Functions - see [Crypt::Digest](https://metacpan.org/pod/Crypt::Digest) and related modules
    [Crypt::Digest::BLAKE2b\_160](https://metacpan.org/pod/Crypt::Digest::BLAKE2b_160), [Crypt::Digest::BLAKE2b\_256](https://metacpan.org/pod/Crypt::Digest::BLAKE2b_256), [Crypt::Digest::BLAKE2b\_384](https://metacpan.org/pod/Crypt::Digest::BLAKE2b_384), [Crypt::Digest::BLAKE2b\_512](https://metacpan.org/pod/Crypt::Digest::BLAKE2b_512),
    [Crypt::Digest::BLAKE2s\_128](https://metacpan.org/pod/Crypt::Digest::BLAKE2s_128), [Crypt::Digest::BLAKE2s\_160](https://metacpan.org/pod/Crypt::Digest::BLAKE2s_160), [Crypt::Digest::BLAKE2s\_224](https://metacpan.org/pod/Crypt::Digest::BLAKE2s_224), [Crypt::Digest::BLAKE2s\_256](https://metacpan.org/pod/Crypt::Digest::BLAKE2s_256),
    [Crypt::Digest::CHAES](https://metacpan.org/pod/Crypt::Digest::CHAES), [Crypt::Digest::MD2](https://metacpan.org/pod/Crypt::Digest::MD2), [Crypt::Digest::MD4](https://metacpan.org/pod/Crypt::Digest::MD4), [Crypt::Digest::MD5](https://metacpan.org/pod/Crypt::Digest::MD5), [Crypt::Digest::RIPEMD128](https://metacpan.org/pod/Crypt::Digest::RIPEMD128), [Crypt::Digest::RIPEMD160](https://metacpan.org/pod/Crypt::Digest::RIPEMD160),
    [Crypt::Digest::RIPEMD256](https://metacpan.org/pod/Crypt::Digest::RIPEMD256), [Crypt::Digest::RIPEMD320](https://metacpan.org/pod/Crypt::Digest::RIPEMD320), [Crypt::Digest::SHA1](https://metacpan.org/pod/Crypt::Digest::SHA1), [Crypt::Digest::SHA224](https://metacpan.org/pod/Crypt::Digest::SHA224), [Crypt::Digest::SHA256](https://metacpan.org/pod/Crypt::Digest::SHA256), [Crypt::Digest::SHA384](https://metacpan.org/pod/Crypt::Digest::SHA384),
    [Crypt::Digest::SHA512](https://metacpan.org/pod/Crypt::Digest::SHA512), [Crypt::Digest::SHA512\_224](https://metacpan.org/pod/Crypt::Digest::SHA512_224), [Crypt::Digest::SHA512\_256](https://metacpan.org/pod/Crypt::Digest::SHA512_256), [Crypt::Digest::Tiger192](https://metacpan.org/pod/Crypt::Digest::Tiger192), [Crypt::Digest::Whirlpool](https://metacpan.org/pod/Crypt::Digest::Whirlpool),
    [Crypt::Digest::Keccak224](https://metacpan.org/pod/Crypt::Digest::Keccak224), [Crypt::Digest::Keccak256](https://metacpan.org/pod/Crypt::Digest::Keccak256), [Crypt::Digest::Keccak384](https://metacpan.org/pod/Crypt::Digest::Keccak384), [Crypt::Digest::Keccak512](https://metacpan.org/pod/Crypt::Digest::Keccak512),
    [Crypt::Digest::SHA3\_224](https://metacpan.org/pod/Crypt::Digest::SHA3_224), [Crypt::Digest::SHA3\_256](https://metacpan.org/pod/Crypt::Digest::SHA3_256), [Crypt::Digest::SHA3\_384](https://metacpan.org/pod/Crypt::Digest::SHA3_384), [Crypt::Digest::SHA3\_512](https://metacpan.org/pod/Crypt::Digest::SHA3_512), [Crypt::Digest::SHAKE](https://metacpan.org/pod/Crypt::Digest::SHAKE)
 - Checksums
    [Crypt::Checksum::Adler32](https://metacpan.org/pod/Crypt::Checksum::Adler32), [Crypt::Checksum::CRC32](https://metacpan.org/pod/Crypt::Checksum::CRC32)
 - Message Authentication Codes
    [Crypt::Mac::BLAKE2b](https://metacpan.org/pod/Crypt::Mac::BLAKE2b), [Crypt::Mac::BLAKE2s](https://metacpan.org/pod/Crypt::Mac::BLAKE2s), [Crypt::Mac::F9](https://metacpan.org/pod/Crypt::Mac::F9), [Crypt::Mac::HMAC](https://metacpan.org/pod/Crypt::Mac::HMAC), [Crypt::Mac::OMAC](https://metacpan.org/pod/Crypt::Mac::OMAC),
    [Crypt::Mac::Pelican](https://metacpan.org/pod/Crypt::Mac::Pelican), [Crypt::Mac::PMAC](https://metacpan.org/pod/Crypt::Mac::PMAC), [Crypt::Mac::XCBC](https://metacpan.org/pod/Crypt::Mac::XCBC), [Crypt::Mac::Poly1305](https://metacpan.org/pod/Crypt::Mac::Poly1305)
 - Public key cryptography
    [Crypt::PK::RSA](https://metacpan.org/pod/Crypt::PK::RSA), [Crypt::PK::DSA](https://metacpan.org/pod/Crypt::PK::DSA), [Crypt::PK::ECC](https://metacpan.org/pod/Crypt::PK::ECC), [Crypt::PK::DH](https://metacpan.org/pod/Crypt::PK::DH)
 - Cryptographically secure random number generators - see [Crypt::PRNG](https://metacpan.org/pod/Crypt::PRNG) and related modules
    [Crypt::PRNG::Fortuna](https://metacpan.org/pod/Crypt::PRNG::Fortuna), [Crypt::PRNG::Yarrow](https://metacpan.org/pod/Crypt::PRNG::Yarrow), [Crypt::PRNG::RC4](https://metacpan.org/pod/Crypt::PRNG::RC4), [Crypt::PRNG::Sober128](https://metacpan.org/pod/Crypt::PRNG::Sober128), [Crypt::PRNG::ChaCha20](https://metacpan.org/pod/Crypt::PRNG::ChaCha20)
 - Key derivation functions - PBKDF1, PBKDF2 and HKDF
    [Crypt::KeyDerivation](https://metacpan.org/pod/Crypt::KeyDerivation)
 - Other handy functions related to cryptography
    [Crypt::Misc](https://metacpan.org/pod/Crypt::Misc)
 # LICENSE
 This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
 # COPYRIGHT
 Copyright (c) 2013+ DCIT, a.s. [https://www.dcit.cz](https://www.dcit.cz) / Karel Miko
--- a/inc/CryptX_AuthEnc_CCM.xs.inc
+++ b/inc/CryptX_AuthEnc_CCM.xs.inc
@ -1,90 +1,230 @@
 MODULE = CryptX       PACKAGE = Crypt::AuthEnc::CCM
 PROTOTYPES: DISABLE
 Crypt::AuthEnc::CCM
 new(Class, char * cipher_name, SV * key, SV * nonce, SV * adata, int tag_len, int pt_len)
    CODE:
    {
        unsigned char *k=NULL;
        STRLEN k_len=0;
        unsigned char *n=NULL;
        STRLEN n_len=0;
        unsigned char *h=NULL;
        STRLEN h_len=0;
        int rv, id;
        if (tag_len < 1 || tag_len > MAXBLOCKSIZE) croak("FATAL: invalid tag_len %d", tag_len);
        if (pt_len < 0)    croak("FATAL: invalid pt_len");
        if (!SvPOK(key))   croak("FATAL: key must be string/buffer scalar");
        k = (unsigned char *) SvPVbyte(key, k_len);
        if (!SvPOK(nonce)) croak("FATAL: nonce must be string/buffer scalar");
        n = (unsigned char *) SvPVbyte(nonce, n_len);
        if (!SvPOK(adata)) croak("FATAL: adata must be string/buffer scalar");
        h = (unsigned char *) SvPVbyte(adata, h_len);
        id = _find_cipher(cipher_name);
        if (id == -1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
        Newz(0, RETVAL, 1, ccm_state);
        if (!RETVAL) croak("FATAL: Newz failed");
        rv = ccm_init(RETVAL, id, k, (int)k_len, (int)pt_len, (int)tag_len, (int)h_len); /* XXX-TODO why int? */
        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: ccm_init failed: %s", error_to_string(rv));
        }
        rv = ccm_add_nonce(RETVAL, n, (unsigned long)n_len);
        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: ccm_add_nonce failed: %s", error_to_string(rv));
        }
        rv = ccm_add_aad(RETVAL, h, (unsigned long)h_len);
        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: ccm_add_aad failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
        RETVAL
 void
-_memory_encrypt(char *cipher_name, SV *key, SV *nonce, SV *header, unsigned long tag_len, SV *plaintext)
+DESTROY(Crypt::AuthEnc::CCM self)
    CODE:
        Safefree(self);
 Crypt::AuthEnc::CCM
 clone(Crypt::AuthEnc::CCM self)
    CODE:
        Newz(0, RETVAL, 1, ccm_state);
        if (!RETVAL) croak("FATAL: Newz failed");
        Copy(self, RETVAL, 1, ccm_state);
    OUTPUT:
        RETVAL
 SV *
 encrypt_add(Crypt::AuthEnc::CCM self, SV * data)
    CODE:
    {
        int rv;
        STRLEN in_data_len;
        unsigned char *in_data, *out_data;
        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
        if (in_data_len == 0) {
          RETVAL = newSVpvn("", 0);
        }
        else {
          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, in_data_len);
          out_data = (unsigned char *)SvPVX(RETVAL);
          rv = ccm_process(self, in_data, (unsigned long)in_data_len, out_data, CCM_ENCRYPT);
          if (rv != CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: ccm_process failed: %s", error_to_string(rv));
          }
        }
    }
    OUTPUT:
        RETVAL
 SV *
 decrypt_add(Crypt::AuthEnc::CCM self, SV * data)
    CODE:
    {
        int rv;
        STRLEN in_data_len;
        unsigned char *in_data, *out_data;
        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
        if (in_data_len == 0) {
          RETVAL = newSVpvn("", 0);
        }
        else {
          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, in_data_len);
          out_data = (unsigned char *)SvPVX(RETVAL);
          rv = ccm_process(self, out_data, (unsigned long)in_data_len, in_data, CCM_DECRYPT);
          if (rv != CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: ccm_process failed: %s", error_to_string(rv));
          }
        }
    }
    OUTPUT:
        RETVAL
 void
 encrypt_done(Crypt::AuthEnc::CCM self)
    PPCODE:
    {
-        STRLEN k_len, n_len, h_len, pt_len;
+        int rv;
        unsigned char *k, *n, *h, *pt;
        int rv, id;
        unsigned char tag[MAXBLOCKSIZE];
-        SV *ct;
+        unsigned long tag_len = MAXBLOCKSIZE;
        if (!SvPOK(key))       croak("FATAL: key must be string/buffer scalar");
        if (!SvPOK(nonce))     croak("FATAL: nonce must be string/buffer scalar");
        if (!SvPOK(header))    croak("FATAL: header must be string/buffer scalar");
        if (!SvPOK(plaintext)) croak("FATAL: plaintext must be string/buffer scalar");
        k  = (unsigned char *) SvPVbyte(key, k_len);
        n  = (unsigned char *) SvPVbyte(nonce, n_len);
        h  = (unsigned char *) SvPVbyte(header, h_len);
        pt = (unsigned char *) SvPVbyte(plaintext, pt_len);
        id = find_cipher(cipher_name);
        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
        ct = NEWSV(0, pt_len);
        SvPOK_only(ct);
        SvCUR_set(ct, pt_len);
        if(tag_len<4 || tag_len>16) tag_len = 16;
        rv = ccm_memory(id, k, (unsigned long)k_len, NULL, n, (unsigned long)n_len, h, (unsigned long)h_len,
                        pt, (unsigned long)pt_len, (unsigned char *)SvPV_nolen(ct), tag, &tag_len, CCM_ENCRYPT);
        if (rv != CRYPT_OK) croak("FATAL: ccm_memory failed: %s", error_to_string(rv));
        XPUSHs(sv_2mortal(ct));
        XPUSHs(sv_2mortal(newSVpvn((char*)tag,tag_len)));
        /* int ccm_memory( int cipher,
                           const unsigned char *key,       unsigned long keylen,
                           symmetric_key *uskey,
                           const unsigned char *nonce,     unsigned long noncelen,
                           const unsigned char *header,    unsigned long headerlen,
                           unsigned char *pt,              unsigned long ptlen,
                           unsigned char *ct,
                           unsigned char *tag,             unsigned long *taglen,
                           int direction); */
        rv = ccm_done(self, tag, &tag_len);
        if (rv != CRYPT_OK) croak("FATAL: ccm_done failed: %s", error_to_string(rv));
        XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
    }
 void
-_memory_decrypt(char *cipher_name, SV *key, SV *nonce, SV *header, SV *ciphertext, SV *tag)
+decrypt_done(Crypt::AuthEnc::CCM self, ...)
    PPCODE:
    {
-        STRLEN k_len, n_len, h_len, ct_len, t_len;
+        int rv;
-        unsigned char *k, *n, *h, *ct, *t;
+        unsigned char tag[MAXBLOCKSIZE];
        unsigned long tag_len = MAXBLOCKSIZE;
        STRLEN expected_tag_len;
        unsigned char *expected_tag;
        rv = ccm_done(self, tag, &tag_len);
        if (rv != CRYPT_OK) croak("FATAL: ccm_done failed: %s", error_to_string(rv));
        if (items == 1) {
          XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
        }
        else {
          if (!SvPOK(ST(1))) croak("FATAL: expected_tag must be string/buffer scalar");
          expected_tag = (unsigned char *) SvPVbyte(ST(1), expected_tag_len);
          if (expected_tag_len!=tag_len) {
            XPUSHs(sv_2mortal(newSViv(0))); /* false */
          }
          else if (memNE(expected_tag, tag, tag_len)) {
            XPUSHs(sv_2mortal(newSViv(0))); /* false */
          }
          else {
            XPUSHs(sv_2mortal(newSViv(1))); /* true */
          }
        }
    }
 void
 ccm_encrypt_authenticate(char *cipher_name, SV *key, SV *nonce, SV *header, unsigned long tag_len, SV *plaintext)
    PPCODE:
    {
        STRLEN k_len = 0, n_len = 0, h_len = 0, pt_len = 0;
        unsigned char *k = NULL, *n = NULL, *h = NULL, *pt = NULL;
        int rv, id;
-        unsigned char xtag[MAXBLOCKSIZE];
+        unsigned char tag[MAXBLOCKSIZE];
-        unsigned long xtag_len;
+        SV *output;
        SV *pt;
-        if (!SvPOK(key))        croak("FATAL: key must be string/buffer scalar");
+        if (SvPOK(key))       k  = (unsigned char *) SvPVbyte(key, k_len);
-        if (!SvPOK(nonce))      croak("FATAL: nonce must be string/buffer scalar");
+        if (SvPOK(nonce))     n  = (unsigned char *) SvPVbyte(nonce, n_len);
-        if (!SvPOK(header))     croak("FATAL: header must be string/buffer scalar");
+        if (SvPOK(plaintext)) pt = (unsigned char *) SvPVbyte(plaintext, pt_len);
-        if (!SvPOK(ciphertext)) croak("FATAL: ciphertext must be string/buffer scalar");
+        if (SvPOK(header))    h  = (unsigned char *) SvPVbyte(header, h_len);
        if (!SvPOK(tag))        croak("FATAL: tag must be string/buffer scalar");
        k  = (unsigned char *) SvPVbyte(key, k_len);
        n  = (unsigned char *) SvPVbyte(nonce, n_len);
        h  = (unsigned char *) SvPVbyte(header, h_len);
        ct = (unsigned char *) SvPVbyte(ciphertext, ct_len);
        t  = (unsigned char *) SvPVbyte(tag, t_len);
-        id = find_cipher(cipher_name);
+        id = _find_cipher(cipher_name);
        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
-
+        output = NEWSV(0, pt_len > 0 ? pt_len : 1); /* avoid zero! */
-        pt = NEWSV(0, ct_len);
+        SvPOK_only(output);
-        SvPOK_only(pt);
+        SvCUR_set(output, pt_len);
-        SvCUR_set(pt, ct_len);
+        if(tag_len < 4 || tag_len > 16) tag_len = 16;
        xtag_len = (unsigned long)t_len;
        Copy(t, xtag, t_len, unsigned char);
        rv = ccm_memory(id, k, (unsigned long)k_len, NULL, n, (unsigned long)n_len, h, (unsigned long)h_len,
-                        (unsigned char *)SvPV_nolen(pt), (unsigned long)ct_len, ct, xtag, &xtag_len, CCM_DECRYPT);
+                        pt, (unsigned long)pt_len, (unsigned char *)SvPVX(output), tag, &tag_len, CCM_ENCRYPT);
        if (rv != CRYPT_OK) {
          SvREFCNT_dec(output);
          croak("FATAL: ccm_memory failed: %s", error_to_string(rv));
        }
        XPUSHs(sv_2mortal(output));
        XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
    }
 void
 ccm_decrypt_verify(char *cipher_name, SV *key, SV *nonce, SV *header, SV *ciphertext, SV *tagsv)
    PPCODE:
    {
        STRLEN k_len = 0, n_len = 0, h_len = 0, ct_len = 0, t_len = 0;
        unsigned char *k = NULL, *n = NULL, *h = NULL, *ct = NULL, *t = NULL;
        int rv, id;
        unsigned char tag[MAXBLOCKSIZE];
        unsigned long tag_len;
        SV *output;
        if (SvPOK(key))        k  = (unsigned char *) SvPVbyte(key, k_len);
        if (SvPOK(nonce))      n  = (unsigned char *) SvPVbyte(nonce, n_len);
        if (SvPOK(ciphertext)) ct = (unsigned char *) SvPVbyte(ciphertext, ct_len);
        if (SvPOK(tagsv))      t  = (unsigned char *) SvPVbyte(tagsv, t_len);
        if (SvPOK(header))     h  = (unsigned char *) SvPVbyte(header, h_len);
        id = _find_cipher(cipher_name);
        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
        output = NEWSV(0, ct_len > 0 ? ct_len : 1); /* avoid zero! */
        SvPOK_only(output);
        SvCUR_set(output, ct_len);
        tag_len = (unsigned long)t_len;
        Copy(t, tag, t_len, unsigned char);
        rv = ccm_memory(id, k, (unsigned long)k_len, NULL, n, (unsigned long)n_len, h, (unsigned long)h_len,
                        (unsigned char *)SvPVX(output), (unsigned long)ct_len, ct, tag, &tag_len, CCM_DECRYPT);
        if (rv != CRYPT_OK) {
          SvREFCNT_dec(output);
          XPUSHs(sv_2mortal(newSVpvn(NULL,0))); /* undef */
        }
        else {
-          XPUSHs(sv_2mortal(pt));
+          XPUSHs(sv_2mortal(output));
        }
    }
--- a/inc/CryptX_AuthEnc_ChaCha20Poly1305.xs.inc
+++ b/inc/CryptX_AuthEnc_ChaCha20Poly1305.xs.inc
@ -1,7 +1,9 @@
 MODULE = CryptX       PACKAGE = Crypt::AuthEnc::ChaCha20Poly1305
 PROTOTYPES: DISABLE
 Crypt::AuthEnc::ChaCha20Poly1305
-_new(SV * key, SV * nonce = NULL)
+new(Class, SV * key, SV * nonce = NULL)
    CODE:
    {
        int rv;
@ -15,15 +17,21 @@ _new(SV * key, SV * nonce = NULL)
          iv = (unsigned char *) SvPVbyte(nonce, iv_len);
        }
-        Newz(0, RETVAL, 1, struct chacha20poly1305_struct);
+        Newz(0, RETVAL, 1, chacha20poly1305_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        rv = chacha20poly1305_init(&RETVAL->state, k, (unsigned long)k_len);
+        rv = chacha20poly1305_init(RETVAL, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: chacha20poly1305_init failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: chacha20poly1305_init failed: %s", error_to_string(rv));
        }
        if (iv && iv_len > 0) {
-          rv = chacha20poly1305_setiv(&RETVAL->state, iv, (unsigned long)iv_len);
+          rv = chacha20poly1305_setiv(RETVAL, iv, (unsigned long)iv_len);
-          if (rv != CRYPT_OK) croak("FATAL: chacha20poly1305_setiv failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
            Safefree(RETVAL);
            croak("FATAL: chacha20poly1305_setiv failed: %s", error_to_string(rv));
          }
        }
    }
    OUTPUT:
@ -37,15 +45,15 @@ DESTROY(Crypt::AuthEnc::ChaCha20Poly1305 self)
 Crypt::AuthEnc::ChaCha20Poly1305
 clone(Crypt::AuthEnc::ChaCha20Poly1305 self)
    CODE:
-        Newz(0, RETVAL, 1, struct chacha20poly1305_struct);
+        Newz(0, RETVAL, 1, chacha20poly1305_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct chacha20poly1305_struct);
+        Copy(self, RETVAL, 1, chacha20poly1305_state);
    OUTPUT:
        RETVAL
-int
+void
 set_iv(Crypt::AuthEnc::ChaCha20Poly1305 self, SV * nonce)
-    CODE:
+    PPCODE:
    {
        int rv;
        STRLEN iv_len=0;
@ -53,16 +61,14 @@ set_iv(Crypt::AuthEnc::ChaCha20Poly1305 self, SV * nonce)
        if (!SvPOK(nonce)) croak("FATAL: nonce must be string/buffer scalar");
        iv = (unsigned char *) SvPVbyte(nonce, iv_len);
-        rv = chacha20poly1305_setiv(&self->state, iv, (unsigned long)iv_len);
+        rv = chacha20poly1305_setiv(self, iv, (unsigned long)iv_len);
        if (rv != CRYPT_OK) croak("FATAL: chacha20poly1305_setiv failed: %s", error_to_string(rv));
-        RETVAL = rv;
+        XPUSHs(ST(0)); /* return self */;
    }
    OUTPUT:
        RETVAL
-int
+void
 set_iv_rfc7905(Crypt::AuthEnc::ChaCha20Poly1305 self, SV * nonce, UV seqnum)
-    CODE:
+    PPCODE:
    {
        int rv;
        STRLEN iv_len=0;
@ -70,28 +76,24 @@ set_iv_rfc7905(Crypt::AuthEnc::ChaCha20Poly1305 self, SV * nonce, UV seqnum)
        if (!SvPOK(nonce)) croak("FATAL: nonce must be string/buffer scalar");
        iv = (unsigned char *) SvPVbyte(nonce, iv_len);
-        rv = chacha20poly1305_setiv_rfc7905(&self->state, iv, (unsigned long)iv_len, (ulong64)seqnum);
+        rv = chacha20poly1305_setiv_rfc7905(self, iv, (unsigned long)iv_len, (ulong64)seqnum);
        if (rv != CRYPT_OK) croak("FATAL: chacha20poly1305_setiv_rfc7905 failed: %s", error_to_string(rv));
-        RETVAL = rv;
+        XPUSHs(ST(0)); /* return self */
    }
    OUTPUT:
        RETVAL
-int
+void
 adata_add(Crypt::AuthEnc::ChaCha20Poly1305 self, SV * data)
-    CODE:
+    PPCODE:
    {
        int rv;
        STRLEN in_data_len;
        unsigned char *in_data;
        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        rv = chacha20poly1305_add_aad(&self->state, in_data, (unsigned long)in_data_len);
+        rv = chacha20poly1305_add_aad(self, in_data, (unsigned long)in_data_len);
        if (rv != CRYPT_OK) croak("FATAL: chacha20poly1305_add_aad failed: %s", error_to_string(rv));
-        RETVAL = rv;
+        XPUSHs(ST(0)); /* return self */
    }
    OUTPUT:
        RETVAL
 SV *
 decrypt_add(Crypt::AuthEnc::ChaCha20Poly1305 self, SV * data)
@ -102,16 +104,19 @@ decrypt_add(Crypt::AuthEnc::ChaCha20Poly1305 self, SV * data)
        unsigned char *in_data, *out_data;
        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
+        if (in_data_len == 0) {
          RETVAL = newSVpvn("", 0);
        }
        else {
-          RETVAL = NEWSV(0, in_data_len);
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, in_data_len);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-          rv = chacha20poly1305_decrypt(&self->state, in_data, (unsigned long)in_data_len, out_data);
+          rv = chacha20poly1305_decrypt(self, in_data, (unsigned long)in_data_len, out_data);
-          if (rv != CRYPT_OK) croak("FATAL: chacha20poly1305_decrypt failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: chacha20poly1305_decrypt failed: %s", error_to_string(rv));
          }
        }
    }
    OUTPUT:
@ -126,16 +131,19 @@ encrypt_add(Crypt::AuthEnc::ChaCha20Poly1305 self, SV * data)
        unsigned char *in_data, *out_data;
        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
+        if (in_data_len == 0) {
          RETVAL = newSVpvn("", 0);
        }
        else {
-          RETVAL = NEWSV(0, in_data_len);
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, in_data_len);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-          rv = chacha20poly1305_encrypt(&self->state, in_data, (unsigned long)in_data_len, out_data);
+          rv = chacha20poly1305_encrypt(self, in_data, (unsigned long)in_data_len, out_data);
-          if (rv != CRYPT_OK) croak("FATAL: chacha20poly1305_encrypt failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: chacha20poly1305_encrypt failed: %s", error_to_string(rv));
          }
        }
    }
    OUTPUT:
@ -149,7 +157,7 @@ encrypt_done(Crypt::AuthEnc::ChaCha20Poly1305 self)
        unsigned char tag[MAXBLOCKSIZE];
        unsigned long tag_len = sizeof(tag);
-        rv = chacha20poly1305_done(&self->state, tag, &tag_len);
+        rv = chacha20poly1305_done(self, tag, &tag_len);
        if (rv != CRYPT_OK) croak("FATAL: chacha20poly1305_done failed: %s", error_to_string(rv));
        XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
    }
@ -164,13 +172,13 @@ decrypt_done(Crypt::AuthEnc::ChaCha20Poly1305 self, ...)
        STRLEN expected_tag_len;
        unsigned char *expected_tag;
-        rv = chacha20poly1305_done(&self->state, tag, &tag_len);
+        rv = chacha20poly1305_done(self, tag, &tag_len);
        if (rv != CRYPT_OK) croak("FATAL: chacha20poly1305_done failed: %s", error_to_string(rv));
        if (items == 1) {
          XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
        }
        else {
-          if(!SvPOK(ST(1))) croak("FATAL: expected_tag must be string/buffer scalar");
+          if (!SvPOK(ST(1))) croak("FATAL: expected_tag must be string/buffer scalar");
          expected_tag = (unsigned char *) SvPVbyte(ST(1), expected_tag_len);
          if (expected_tag_len!=tag_len) {
            XPUSHs(sv_2mortal(newSViv(0))); /* false */
@ -183,3 +191,71 @@ decrypt_done(Crypt::AuthEnc::ChaCha20Poly1305 self, ...)
          }
        }
    }
 void
 chacha20poly1305_encrypt_authenticate(SV *key, SV *nonce, SV *header, SV *plaintext)
    PPCODE:
    {
        STRLEN k_len = 0, n_len = 0, h_len = 0, pt_len = 0;
        unsigned char *k = NULL, *n = NULL, *h = NULL, *pt = NULL;
        int rv;
        unsigned char tag[MAXBLOCKSIZE];
        unsigned long tag_len = sizeof(tag);
        SV *output;
        if (SvPOK(key))       k  = (unsigned char *) SvPVbyte(key, k_len);
        if (SvPOK(nonce))     n  = (unsigned char *) SvPVbyte(nonce, n_len);
        if (SvPOK(plaintext)) pt = (unsigned char *) SvPVbyte(plaintext, pt_len);
        if (SvPOK(header))    h  = (unsigned char *) SvPVbyte(header, h_len);
        output = NEWSV(0, pt_len > 0 ? pt_len : 1); /* avoid zero! */
        SvPOK_only(output);
        SvCUR_set(output, pt_len);
        rv = chacha20poly1305_memory(k, (unsigned long)k_len, n, (unsigned long)n_len, h, (unsigned long)h_len,
                                     pt, (unsigned long)pt_len, (unsigned char *)SvPVX(output), tag, &tag_len,
                                     CHACHA20POLY1305_ENCRYPT);
        if (rv != CRYPT_OK) {
          SvREFCNT_dec(output);
          croak("FATAL: ccm_memory failed: %s", error_to_string(rv));
        }
        XPUSHs(sv_2mortal(output));
        XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
    }
 void
 chacha20poly1305_decrypt_verify(SV *key, SV *nonce, SV *header, SV *ciphertext, SV *tagsv)
    PPCODE:
    {
        STRLEN k_len = 0, n_len = 0, h_len = 0, ct_len = 0, t_len = 0;
        unsigned char *k = NULL, *n = NULL, *h = NULL, *ct = NULL, *t = NULL;
        int rv;
        unsigned char tag[MAXBLOCKSIZE];
        unsigned long tag_len;
        SV *output;
        if (SvPOK(key))        k  = (unsigned char *) SvPVbyte(key, k_len);
        if (SvPOK(nonce))      n  = (unsigned char *) SvPVbyte(nonce, n_len);
        if (SvPOK(ciphertext)) ct = (unsigned char *) SvPVbyte(ciphertext, ct_len);
        if (SvPOK(tagsv))      t  = (unsigned char *) SvPVbyte(tagsv, t_len);
        if (SvPOK(header))     h  = (unsigned char *) SvPVbyte(header, h_len);
        output = NEWSV(0, ct_len > 0 ? ct_len : 1); /* avoid zero! */
        SvPOK_only(output);
        SvCUR_set(output, ct_len);
        tag_len = (unsigned long)t_len;
        Copy(t, tag, t_len, unsigned char);
        rv = chacha20poly1305_memory(k, (unsigned long)k_len, n, (unsigned long)n_len, h, (unsigned long)h_len,
                                     ct, (unsigned long)ct_len, (unsigned char *)SvPVX(output), tag, &tag_len,
                                     CHACHA20POLY1305_DECRYPT);
        if (rv != CRYPT_OK) {
          SvREFCNT_dec(output);
          XPUSHs(sv_2mortal(newSVpvn(NULL,0))); /* undef */
        }
        else {
          XPUSHs(sv_2mortal(output));
        }
    }
--- a/inc/CryptX_AuthEnc_EAX.xs.inc
+++ b/inc/CryptX_AuthEnc_EAX.xs.inc
@ -1,7 +1,9 @@
 MODULE = CryptX         PACKAGE = Crypt::AuthEnc::EAX
 PROTOTYPES: DISABLE
 Crypt::AuthEnc::EAX
-_new(char * cipher_name, SV * key, SV * nonce, SV * adata=&PL_sv_undef)
+new(Class, char * cipher_name, SV * key, SV * nonce, SV * adata=&PL_sv_undef)
    CODE:
    {
        STRLEN k_len=0;
@ -10,25 +12,27 @@ _new(char * cipher_name, SV * key, SV * nonce, SV * adata=&PL_sv_undef)
        STRLEN n_len=0;
        unsigned char *h=NULL;
        STRLEN h_len=0;
-        int id;
+        int rv, id;
        if (!SvPOK(key))   croak("FATAL: key must be string/buffer scalar");
        k = (unsigned char *) SvPVbyte(key, k_len);
        if (!SvPOK(nonce)) croak("FATAL: nonce must be string/buffer scalar");
        n = (unsigned char *) SvPVbyte(nonce, n_len);
-        if(SvOK(adata)) { /* adata is optional param */
+        if (SvOK(adata)) { /* adata is optional param */
-          if(!SvPOK(adata)) croak("FATAL: adata must be string/buffer scalar");
+          if (!SvPOK(adata)) croak("FATAL: adata must be string/buffer scalar");
          h = (unsigned char *) SvPVbyte(adata, h_len);
        }
-        id = find_cipher(cipher_name);
+        id = _find_cipher(cipher_name);
-        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        if (id == -1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
-        Newz(0, RETVAL, 1, struct eax_struct);
+        Newz(0, RETVAL, 1, eax_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        if (eax_init(&RETVAL->state, id, k, (unsigned long)k_len, n, (unsigned long)n_len, h, (unsigned long)h_len) != CRYPT_OK) {
+        rv = eax_init(RETVAL, id, k, (unsigned long)k_len, n, (unsigned long)n_len, h, (unsigned long)h_len);
-          croak("FATAL: eax setup failed");
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: eax setup failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
@ -42,9 +46,9 @@ DESTROY(Crypt::AuthEnc::EAX self)
 Crypt::AuthEnc::EAX
 clone(Crypt::AuthEnc::EAX self)
    CODE:
-        Newz(0, RETVAL, 1, struct eax_struct);
+        Newz(0, RETVAL, 1, eax_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct eax_struct);
+        Copy(self, RETVAL, 1, eax_state);
    OUTPUT:
        RETVAL
@ -57,16 +61,19 @@ encrypt_add(Crypt::AuthEnc::EAX self, SV * data)
        unsigned char *in_data, *out_data;
        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
+        if (in_data_len == 0) {
          RETVAL = newSVpvn("", 0);
        }
        else {
-          RETVAL = NEWSV(0, in_data_len);
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, in_data_len);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-          rv = eax_encrypt(&self->state, in_data, out_data, (unsigned long)in_data_len);
+          rv = eax_encrypt(self, in_data, out_data, (unsigned long)in_data_len);
-          if (rv != CRYPT_OK) croak("FATAL: eax_encrypt failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: eax_encrypt failed: %s", error_to_string(rv));
          }
        }
    }
    OUTPUT:
@ -81,16 +88,19 @@ decrypt_add(Crypt::AuthEnc::EAX self, SV * data)
        unsigned char *in_data, *out_data;
        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
+        if (in_data_len == 0) {
          RETVAL = newSVpvn("", 0);
        }
        else {
-          RETVAL = NEWSV(0, in_data_len);
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, in_data_len);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-          rv = eax_decrypt(&self->state, in_data, out_data, (unsigned long)in_data_len);
+          rv = eax_decrypt(self, in_data, out_data, (unsigned long)in_data_len);
-          if (rv != CRYPT_OK) croak("FATAL: eax_decrypt failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: eax_decrypt failed: %s", error_to_string(rv));
          }
        }
    }
    OUTPUT:
@ -104,7 +114,7 @@ encrypt_done(Crypt::AuthEnc::EAX self)
        unsigned char tag[MAXBLOCKSIZE];
        unsigned long tag_len = sizeof(tag);
-        rv = eax_done(&self->state, tag, &tag_len);
+        rv = eax_done(self, tag, &tag_len);
        if (rv != CRYPT_OK) croak("FATAL: eax_done failed: %s", error_to_string(rv));
        XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
    }
@ -119,13 +129,13 @@ decrypt_done(Crypt::AuthEnc::EAX self, ...)
        STRLEN expected_tag_len;
        unsigned char *expected_tag;
-        rv = eax_done(&self->state, tag, &tag_len);
+        rv = eax_done(self, tag, &tag_len);
        if (rv != CRYPT_OK) croak("FATAL: eax_done failed: %s", error_to_string(rv));
        if (items == 1) {
          XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
        }
        else {
-          if(!SvPOK(ST(1))) croak("FATAL: expected_tag must be string/buffer scalar");
+          if (!SvPOK(ST(1))) croak("FATAL: expected_tag must be string/buffer scalar");
          expected_tag = (unsigned char *) SvPVbyte(ST(1), expected_tag_len);
          if (expected_tag_len!=tag_len) {
            XPUSHs(sv_2mortal(newSViv(0))); /* false */
@ -139,14 +149,86 @@ decrypt_done(Crypt::AuthEnc::EAX self, ...)
        }
    }
-int
+void
-aad_add(Crypt::AuthEnc::EAX self, SV * adata)
+adata_add(Crypt::AuthEnc::EAX self, SV * adata)
-    CODE:
+    PPCODE:
    {
        STRLEN h_len;
        int rv;
        unsigned char *h;
        h = (unsigned char *)SvPVbyte(adata, h_len);
-        RETVAL = eax_addheader(&self->state, h, (unsigned long)h_len);
+        rv = eax_addheader(self, h, (unsigned long)h_len);
        if (rv != CRYPT_OK) croak("FATAL: eax_addheader failed: %s", error_to_string(rv));
        XPUSHs(ST(0)); /* return self */
    }
 void
 eax_encrypt_authenticate(char *cipher_name, SV *key, SV *nonce, SV *header, SV *plaintext)
    PPCODE:
    {
        STRLEN k_len = 0, n_len = 0, h_len = 0, pt_len = 0;
        unsigned char *k = NULL, *n = NULL, *h = NULL, *pt = NULL;
        int rv, id;
        unsigned char tag[MAXBLOCKSIZE];
        unsigned long tag_len = sizeof(tag);
        SV *output;
        if (SvPOK(key))       k  = (unsigned char *) SvPVbyte(key, k_len);
        if (SvPOK(nonce))     n  = (unsigned char *) SvPVbyte(nonce, n_len);
        if (SvPOK(plaintext)) pt = (unsigned char *) SvPVbyte(plaintext, pt_len);
        if (SvPOK(header))    h  = (unsigned char *) SvPVbyte(header, h_len);
        id = _find_cipher(cipher_name);
        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
        output = NEWSV(0, pt_len > 0 ? pt_len : 1); /* avoid zero! */
        SvPOK_only(output);
        SvCUR_set(output, pt_len);
        rv = eax_encrypt_authenticate_memory(id, k, (unsigned long)k_len, n, (unsigned long)n_len,
                                             h, (unsigned long)h_len, pt, (unsigned long)pt_len,
                                             (unsigned char *)SvPVX(output), tag, &tag_len);
        if (rv != CRYPT_OK) {
          SvREFCNT_dec(output);
          croak("FATAL: ccm_memory failed: %s", error_to_string(rv));
        }
        XPUSHs(sv_2mortal(output));
        XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
    }
 void
 eax_decrypt_verify(char *cipher_name, SV *key, SV *nonce, SV *header, SV *ciphertext, SV *tagsv)
    PPCODE:
    {
        STRLEN k_len = 0, n_len = 0, h_len = 0, ct_len = 0, t_len = 0;
        unsigned char *k = NULL, *n = NULL, *h = NULL, *ct = NULL, *t = NULL;
        int rv, id, stat = 0;
        unsigned char tag[MAXBLOCKSIZE];
        unsigned long tag_len;
        SV *output;
        if (SvPOK(key))        k  = (unsigned char *) SvPVbyte(key, k_len);
        if (SvPOK(nonce))      n  = (unsigned char *) SvPVbyte(nonce, n_len);
        if (SvPOK(ciphertext)) ct = (unsigned char *) SvPVbyte(ciphertext, ct_len);
        if (SvPOK(tagsv))      t  = (unsigned char *) SvPVbyte(tagsv, t_len);
        if (SvPOK(header))     h  = (unsigned char *) SvPVbyte(header, h_len);
        id = _find_cipher(cipher_name);
        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
        output = NEWSV(0, ct_len > 0 ? ct_len : 1); /* avoid zero! */
        SvPOK_only(output);
        SvCUR_set(output, ct_len);
        tag_len = (unsigned long)t_len;
        Copy(t, tag, t_len, unsigned char);
        rv = eax_decrypt_verify_memory(id, k, (unsigned long)k_len, n, (unsigned long)n_len, h, (unsigned long)h_len,
                                       ct, (unsigned long)ct_len, (unsigned char *)SvPVX(output), tag, tag_len, &stat);
        if (rv != CRYPT_OK || stat != 1) {
          SvREFCNT_dec(output);
          XPUSHs(sv_2mortal(newSVpvn(NULL,0))); /* undef */
        }
        else {
          XPUSHs(sv_2mortal(output));
        }
    }
    OUTPUT:
        RETVAL
--- a/inc/CryptX_AuthEnc_GCM.xs.inc
+++ b/inc/CryptX_AuthEnc_GCM.xs.inc
@ -1,7 +1,9 @@
 MODULE = CryptX       PACKAGE = Crypt::AuthEnc::GCM
 PROTOTYPES: DISABLE
 Crypt::AuthEnc::GCM
-_new(char * cipher_name, SV * key, SV * nonce = NULL)
+new(Class, char * cipher_name, SV * key, SV * nonce = NULL)
    CODE:
    {
        STRLEN k_len = 0, iv_len = 0;
@ -15,18 +17,24 @@ _new(char * cipher_name, SV * key, SV * nonce = NULL)
          iv = (unsigned char *)SvPVbyte(nonce, iv_len);
        }
-        id = find_cipher(cipher_name);
+        id = _find_cipher(cipher_name);
        if (id == -1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
-        Newz(0, RETVAL, 1, struct gcm_struct);
+        Newz(0, RETVAL, 1, gcm_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        rv = gcm_init(&RETVAL->state, id, k, (unsigned long)k_len);
+        rv = gcm_init(RETVAL, id, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: gcm_init failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: gcm_init failed: %s", error_to_string(rv));
        }
        if (iv && iv_len > 0) {
-          rv = gcm_add_iv(&RETVAL->state, iv, (unsigned long)iv_len);
+          rv = gcm_add_iv(RETVAL, iv, (unsigned long)iv_len);
-          if (rv != CRYPT_OK) croak("FATAL: gcm_add_iv failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
            Safefree(RETVAL);
            croak("FATAL: gcm_add_iv failed: %s", error_to_string(rv));
          }
        }
    }
    OUTPUT:
@ -40,23 +48,21 @@ DESTROY(Crypt::AuthEnc::GCM self)
 Crypt::AuthEnc::GCM
 clone(Crypt::AuthEnc::GCM self)
    CODE:
-        Newz(0, RETVAL, 1, struct gcm_struct);
+        Newz(0, RETVAL, 1, gcm_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct gcm_struct);
+        Copy(self, RETVAL, 1, gcm_state);
    OUTPUT:
        RETVAL
-int
+void
 reset(Crypt::AuthEnc::GCM self)
-    CODE:
+    PPCODE:
    {
        int rv;
-        rv = gcm_reset(&self->state);
+        rv = gcm_reset(self);
        if (rv != CRYPT_OK) croak("FATAL: gcm_reset failed: %s", error_to_string(rv));
-        RETVAL = rv;
+        XPUSHs(ST(0)); /* return self */
    }
    OUTPUT:
        RETVAL
 SV *
 encrypt_add(Crypt::AuthEnc::GCM self, SV * data)
@ -67,53 +73,52 @@ encrypt_add(Crypt::AuthEnc::GCM self, SV * data)
        unsigned char *in_data, *out_data;
        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
+        if (in_data_len == 0) {
          RETVAL = newSVpvn("", 0);
        }
        else
        {
-          RETVAL = NEWSV(0, in_data_len);
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, in_data_len);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-          rv = gcm_process(&self->state, in_data, (unsigned long)in_data_len, out_data, GCM_ENCRYPT);
+          rv = gcm_process(self, in_data, (unsigned long)in_data_len, out_data, GCM_ENCRYPT);
-          if (rv != CRYPT_OK) croak("FATAL: encrypt_add/gcm_process failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: encrypt_add/gcm_process failed: %s", error_to_string(rv));
          }
        }
    }
    OUTPUT:
        RETVAL
-int
+void
 iv_add(Crypt::AuthEnc::GCM self, SV * data)
-    CODE:
+    PPCODE:
    {
        int rv;
        STRLEN in_data_len;
        unsigned char *in_data;
        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        rv = gcm_add_iv(&self->state, in_data, (unsigned long)in_data_len);
+        rv = gcm_add_iv(self, in_data, (unsigned long)in_data_len);
        if (rv != CRYPT_OK) croak("FATAL: gcm_add_iv failed: %s", error_to_string(rv));
-        RETVAL = rv;
+        XPUSHs(ST(0)); /* return self */
    }
    OUTPUT:
        RETVAL
-int
+void
 adata_add(Crypt::AuthEnc::GCM self, SV * data)
-    CODE:
+    PPCODE:
    {
        int rv;
        STRLEN in_data_len;
        unsigned char *in_data;
        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        rv = gcm_add_aad(&self->state, in_data, (unsigned long)in_data_len);
+        rv = gcm_add_aad(self, in_data, (unsigned long)in_data_len);
        if (rv != CRYPT_OK) croak("FATAL: gcm_add_aad failed: %s", error_to_string(rv));
-        RETVAL = rv;
+        XPUSHs(ST(0)); /* return self */
    }
    OUTPUT:
        RETVAL
 SV *
 decrypt_add(Crypt::AuthEnc::GCM self, SV * data)
@ -124,16 +129,19 @@ decrypt_add(Crypt::AuthEnc::GCM self, SV * data)
        unsigned char *in_data, *out_data;
        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
+        if (in_data_len == 0) {
          RETVAL = newSVpvn("", 0);
        }
        else {
-          RETVAL = NEWSV(0, in_data_len);
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, in_data_len);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-          rv = gcm_process(&self->state, out_data, (unsigned long)in_data_len, in_data, GCM_DECRYPT);
+          rv = gcm_process(self, out_data, (unsigned long)in_data_len, in_data, GCM_DECRYPT);
-          if (rv != CRYPT_OK) croak("FATAL: encrypt_add/gcm_process failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: encrypt_add/gcm_process failed: %s", error_to_string(rv));
          }
        }
    }
    OUTPUT:
@ -148,7 +156,7 @@ encrypt_done(Crypt::AuthEnc::GCM self)
        unsigned char tag[MAXBLOCKSIZE];
        unsigned long tag_len = sizeof(tag);
-        rv = gcm_done(&self->state, tag, &tag_len);
+        rv = gcm_done(self, tag, &tag_len);
        if (rv != CRYPT_OK) croak("FATAL: gcm_done failed: %s", error_to_string(rv));
        XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
    }
@ -163,13 +171,13 @@ decrypt_done(Crypt::AuthEnc::GCM self, ...)
        STRLEN expected_tag_len;
        unsigned char *expected_tag;
-        rv = gcm_done(&self->state, tag, &tag_len);
+        rv = gcm_done(self, tag, &tag_len);
        if (rv != CRYPT_OK) croak("FATAL: gcm_done failed: %s", error_to_string(rv));
        if (items == 1) {
          XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
        }
        else {
-          if(!SvPOK(ST(1))) croak("FATAL: expected_tag must be string/buffer scalar");
+          if (!SvPOK(ST(1))) croak("FATAL: expected_tag must be string/buffer scalar");
          expected_tag = (unsigned char *) SvPVbyte(ST(1), expected_tag_len);
          if (expected_tag_len!=tag_len) {
            XPUSHs(sv_2mortal(newSViv(0))); /* false */
@ -182,3 +190,73 @@ decrypt_done(Crypt::AuthEnc::GCM self, ...)
          }
        }
    }
 void
 gcm_encrypt_authenticate(char *cipher_name, SV *key, SV *nonce, SV *header = NULL, SV *plaintext)
    PPCODE:
    {
        STRLEN k_len = 0, n_len = 0, h_len = 0, pt_len = 0;
        unsigned char *k = NULL, *n = NULL, *h = NULL, *pt = NULL;
        int rv, id;
        unsigned char tag[MAXBLOCKSIZE];
        unsigned long tag_len = sizeof(tag);
        SV *output;
        if (SvPOK(key))       k  = (unsigned char *) SvPVbyte(key, k_len);
        if (SvPOK(nonce))     n  = (unsigned char *) SvPVbyte(nonce, n_len);
        if (SvPOK(plaintext)) pt = (unsigned char *) SvPVbyte(plaintext, pt_len);
        if (SvPOK(header))    h  = (unsigned char *) SvPVbyte(header, h_len);
        id = _find_cipher(cipher_name);
        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
        output = NEWSV(0, pt_len > 0 ? pt_len : 1); /* avoid zero! */
        SvPOK_only(output);
        SvCUR_set(output, pt_len);
        rv = gcm_memory(id, k, (unsigned long)k_len, n, (unsigned long)n_len, h, (unsigned long)h_len,
                        pt, (unsigned long)pt_len, (unsigned char *)SvPVX(output), tag, &tag_len, GCM_ENCRYPT);
        if (rv != CRYPT_OK) {
          SvREFCNT_dec(output);
          croak("FATAL: ccm_memory failed: %s", error_to_string(rv));
        }
        XPUSHs(sv_2mortal(output));
        XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
    }
 void
 gcm_decrypt_verify(char *cipher_name, SV *key, SV *nonce, SV *header, SV *ciphertext, SV *tagsv)
    PPCODE:
    {
        STRLEN k_len = 0, n_len = 0, h_len = 0, ct_len = 0, t_len = 0;
        unsigned char *k = NULL, *n = NULL, *h = NULL, *ct = NULL, *t = NULL;
        int rv, id;
        unsigned char tag[MAXBLOCKSIZE];
        unsigned long tag_len;
        SV *output;
        if (SvPOK(key))        k  = (unsigned char *) SvPVbyte(key, k_len);
        if (SvPOK(nonce))      n  = (unsigned char *) SvPVbyte(nonce, n_len);
        if (SvPOK(ciphertext)) ct = (unsigned char *) SvPVbyte(ciphertext, ct_len);
        if (SvPOK(tagsv))      t  = (unsigned char *) SvPVbyte(tagsv, t_len);
        if (SvPOK(header))     h  = (unsigned char *) SvPVbyte(header, h_len);
        id = _find_cipher(cipher_name);
        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
        output = NEWSV(0, ct_len > 0 ? ct_len : 1); /* avoid zero! */
        SvPOK_only(output);
        SvCUR_set(output, ct_len);
        tag_len = (unsigned long)t_len;
        Copy(t, tag, t_len, unsigned char);
        rv = gcm_memory(id, k, (unsigned long)k_len, n, (unsigned long)n_len, h, (unsigned long)h_len,
                        (unsigned char *)SvPVX(output), (unsigned long)ct_len, ct, tag, &tag_len, GCM_DECRYPT);
        if (rv != CRYPT_OK) {
          SvREFCNT_dec(output);
          XPUSHs(sv_2mortal(newSVpvn(NULL,0))); /* undef */
        }
        else {
          XPUSHs(sv_2mortal(output));
        }
    }
--- a/inc/CryptX_AuthEnc_OCB.xs.inc
+++ b/inc/CryptX_AuthEnc_OCB.xs.inc
@ -1,28 +1,32 @@
 MODULE = CryptX       PACKAGE = Crypt::AuthEnc::OCB
 PROTOTYPES: DISABLE
 Crypt::AuthEnc::OCB
-_new(char * cipher_name, SV * key, SV * nonce)
+new(Class, char * cipher_name, SV * key, SV * nonce, unsigned long taglen)
    CODE:
    {
        STRLEN k_len=0;
        unsigned char *k=NULL;
        unsigned char *n=NULL;
        STRLEN n_len=0;
-        int id;
+        int rv, id;
        if (!SvPOK(key))   croak("FATAL: key must be string/buffer scalar");
        k = (unsigned char *) SvPVbyte(key, k_len);
        if (!SvPOK(nonce)) croak("FATAL: nonce must be string/buffer scalar");
        n = (unsigned char *) SvPVbyte(nonce, n_len);
-        id = find_cipher(cipher_name);
+        id = _find_cipher(cipher_name);
-        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        if (id == -1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
-        Newz(0, RETVAL, 1, struct ocb_struct);
+        Newz(0, RETVAL, 1, ocb3_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        if (ocb3_init(&RETVAL->state, id, k, (unsigned long)k_len, n, (unsigned long)n_len) != CRYPT_OK) {
+        rv = ocb3_init(RETVAL, id, k, (unsigned long)k_len, n, (unsigned long)n_len, taglen);
-          croak("FATAL: ocb setup failed");
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: ocb setup failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
@ -36,15 +40,15 @@ DESTROY(Crypt::AuthEnc::OCB self)
 Crypt::AuthEnc::OCB
 clone(Crypt::AuthEnc::OCB self)
    CODE:
-        Newz(0, RETVAL, 1, struct ocb_struct);
+        Newz(0, RETVAL, 1, ocb3_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct ocb_struct);
+        Copy(self, RETVAL, 1, ocb3_state);
    OUTPUT:
        RETVAL
 void
-aad_add(Crypt::AuthEnc::OCB self, SV * data)
+adata_add(Crypt::AuthEnc::OCB self, SV * data)
-    CODE:
+    PPCODE:
    {
        int rv;
        STRLEN in_data_len;
@ -53,9 +57,10 @@ aad_add(Crypt::AuthEnc::OCB self, SV * data)
        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
        if (in_data_len>0) {
-          rv = ocb3_add_aad(&self->state, in_data, (unsigned long)in_data_len);
+          rv = ocb3_add_aad(self, in_data, (unsigned long)in_data_len);
          if (rv != CRYPT_OK) croak("FATAL: ocb3_add_aad failed: %s", error_to_string(rv));
        }
        XPUSHs(ST(0)); /* return self */
    }
 SV *
@ -67,20 +72,22 @@ encrypt_add(Crypt::AuthEnc::OCB self, SV * data)
        unsigned char *in_data, *out_data;
        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
+        if (in_data_len == 0) {
          RETVAL = newSVpvn("", 0);
        }
        else {
-          RETVAL = NEWSV(0, in_data_len);
+          if (in_data_len % 16) {
            croak ("FATAL: sizeof(data) should be multiple of 16");
          }
          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, in_data_len);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-
+          rv = ocb3_encrypt(self, in_data, (unsigned long)in_data_len, out_data);
-          if (in_data_len % (&self->state)->block_len)
+          if (rv != CRYPT_OK) {
-            croak ("FATAL: sizeof(data) should be multiple of blocksize (%d)", (&self->state)->block_len);
+            SvREFCNT_dec(RETVAL);
-
+            croak("FATAL: ocb3_encrypt failed: %s", error_to_string(rv));
-          rv = ocb3_encrypt(&self->state, in_data, (unsigned long)in_data_len, out_data);
+          }
          if (rv != CRYPT_OK) croak("FATAL: ocb3_encrypt failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
@ -95,18 +102,24 @@ encrypt_last(Crypt::AuthEnc::OCB self, SV * data)
        unsigned char *in_data, *out_data;
        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len>0) {
+        if (in_data_len == 0) {
-          RETVAL = NEWSV(0, in_data_len);
+          rv = ocb3_encrypt_last(self, in_data, 0, NULL);
-          SvPOK_only(RETVAL);
+          if (rv != CRYPT_OK) {
-          SvCUR_set(RETVAL, in_data_len);
+            croak("FATAL: ocb3_encrypt_last failed: %s", error_to_string(rv));
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          }
          RETVAL = newSVpvn("", 0);
        }
        else {
-          RETVAL = newSVpvn("", 0);
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
-          out_data = NULL;
+          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, in_data_len);
          out_data = (unsigned char *)SvPVX(RETVAL);
          rv = ocb3_encrypt_last(self, in_data, (unsigned long)in_data_len, out_data);
          if (rv != CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: ocb3_encrypt_last failed: %s", error_to_string(rv));
          }
        }
        rv = ocb3_encrypt_last(&self->state, in_data, (unsigned long)in_data_len, out_data);
        if (rv != CRYPT_OK) croak("FATAL: ocb3_encrypt_last failed: %s", error_to_string(rv));
    }
    OUTPUT:
        RETVAL
@ -120,20 +133,22 @@ decrypt_add(Crypt::AuthEnc::OCB self, SV * data)
        unsigned char *in_data, *out_data;
        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
+        if (in_data_len == 0) {
          RETVAL = newSVpvn("", 0);
        }
        else {
-          RETVAL = NEWSV(0, in_data_len);
+          if (in_data_len % 16) {
            croak ("FATAL: sizeof(data) should be multiple of 16");
          }
          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, in_data_len);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-
+          rv = ocb3_decrypt(self, in_data, (unsigned long)in_data_len, out_data);
-          if (in_data_len % (&self->state)->block_len)
+          if (rv != CRYPT_OK) {
-            croak ("FATAL: sizeof(data) should be multiple of blocksize (%d)", (&self->state)->block_len);
+            SvREFCNT_dec(RETVAL);
-
+            croak("FATAL: ocb3_decrypt failed: %s", error_to_string(rv));
-          rv = ocb3_decrypt(&self->state, in_data, (unsigned long)in_data_len, out_data);
+          }
          if (rv != CRYPT_OK) croak("FATAL: ocb3_decrypt failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
@ -148,18 +163,24 @@ decrypt_last(Crypt::AuthEnc::OCB self, SV * data)
        unsigned char *in_data, *out_data;
        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len>0) {
+        if (in_data_len == 0) {
-          RETVAL = NEWSV(0, in_data_len);
+          rv = ocb3_decrypt_last(self, in_data, 0, NULL);
-          SvPOK_only(RETVAL);
+          if (rv != CRYPT_OK) {
-          SvCUR_set(RETVAL, in_data_len);
+            croak("FATAL: ocb3_encrypt_last failed: %s", error_to_string(rv));
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          }
          RETVAL = newSVpvn("", 0);
        }
        else {
-          RETVAL = newSVpvn("", 0);
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
-          out_data = NULL;
+          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, in_data_len);
          out_data = (unsigned char *)SvPVX(RETVAL);
          rv = ocb3_decrypt_last(self, in_data, (unsigned long)in_data_len, out_data);
          if (rv != CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: ocb3_encrypt_last failed: %s", error_to_string(rv));
          }
        }
        rv = ocb3_decrypt_last(&self->state, in_data, (unsigned long)in_data_len, out_data);
        if (rv != CRYPT_OK) croak("FATAL: ocb3_encrypt_last failed: %s", error_to_string(rv));
    }
    OUTPUT:
        RETVAL
@ -172,7 +193,7 @@ encrypt_done(Crypt::AuthEnc::OCB self)
        unsigned char tag[MAXBLOCKSIZE];
        unsigned long tag_len = sizeof(tag);
-        rv = ocb3_done(&self->state, tag, &tag_len);
+        rv = ocb3_done(self, tag, &tag_len);
        if (rv != CRYPT_OK) croak("FATAL: ocb3_done_encrypt failed: %s", error_to_string(rv));
        XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
@ -188,13 +209,13 @@ decrypt_done(Crypt::AuthEnc::OCB self, ...)
        STRLEN expected_tag_len;
        unsigned char *expected_tag;
-        rv = ocb3_done(&self->state, tag, &tag_len);
+        rv = ocb3_done(self, tag, &tag_len);
        if (rv != CRYPT_OK) croak("FATAL: ocb3_done_decrypt failed: %s", error_to_string(rv));
        if (items == 1) {
          XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
        }
        else {
-          if(!SvPOK(ST(1))) croak("FATAL: expected_tag must be string/buffer scalar");
+          if (!SvPOK(ST(1))) croak("FATAL: expected_tag must be string/buffer scalar");
          expected_tag = (unsigned char *) SvPVbyte(ST(1), expected_tag_len);
          if (expected_tag_len!=tag_len) {
            XPUSHs(sv_2mortal(newSViv(0))); /* false */
@ -208,11 +229,70 @@ decrypt_done(Crypt::AuthEnc::OCB self, ...)
        }
    }
-int
+void
-blocksize(Crypt::AuthEnc::OCB self)
+ocb_encrypt_authenticate(char *cipher_name, SV *key, SV *nonce, SV *header, unsigned long tag_len, SV *plaintext)
-    CODE:
+    PPCODE:
    {
-        RETVAL = (&self->state)->block_len;
+        STRLEN k_len = 0, n_len = 0, h_len = 0, pt_len = 0;
        unsigned char *k = NULL, *n = NULL, *h = NULL, *pt = NULL;
        int rv, id;
        unsigned char tag[MAXBLOCKSIZE];
        SV *output;
        if (SvPOK(key))       k  = (unsigned char *) SvPVbyte(key, k_len);
        if (SvPOK(nonce))     n  = (unsigned char *) SvPVbyte(nonce, n_len);
        if (SvPOK(plaintext)) pt = (unsigned char *) SvPVbyte(plaintext, pt_len);
        if (SvPOK(header))    h  = (unsigned char *) SvPVbyte(header, h_len);
        id = _find_cipher(cipher_name);
        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
        output = NEWSV(0, pt_len > 0 ? pt_len : 1); /* avoid zero! */
        SvPOK_only(output);
        SvCUR_set(output, pt_len);
        if(tag_len < 4 || tag_len > 16) tag_len = 16;
        rv = ocb3_encrypt_authenticate_memory(id, k, (unsigned long)k_len, n, (unsigned long)n_len,
                                              h, (unsigned long)h_len, pt, (unsigned long)pt_len,
                                              (unsigned char *)SvPVX(output), tag, &tag_len);
        if (rv != CRYPT_OK) {
          SvREFCNT_dec(output);
          croak("FATAL: ccm_memory failed: %s", error_to_string(rv));
        }
        XPUSHs(sv_2mortal(output));
        XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
    }
 void
 ocb_decrypt_verify(char *cipher_name, SV *key, SV *nonce, SV *header, SV *ciphertext, SV *tagsv)
    PPCODE:
    {
        STRLEN k_len = 0, n_len = 0, h_len = 0, ct_len = 0, t_len = 0;
        unsigned char *k = NULL, *n = NULL, *h = NULL, *ct = NULL, *t = NULL;
        int rv, id, stat = 0;
        SV *output;
        if (SvPOK(key))        k  = (unsigned char *) SvPVbyte(key, k_len);
        if (SvPOK(nonce))      n  = (unsigned char *) SvPVbyte(nonce, n_len);
        if (SvPOK(ciphertext)) ct = (unsigned char *) SvPVbyte(ciphertext, ct_len);
        if (SvPOK(tagsv))      t  = (unsigned char *) SvPVbyte(tagsv, t_len);
        if (SvPOK(header))     h  = (unsigned char *) SvPVbyte(header, h_len);
        id = _find_cipher(cipher_name);
        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
        output = NEWSV(0, ct_len > 0 ? ct_len : 1); /* avoid zero! */
        SvPOK_only(output);
        SvCUR_set(output, ct_len);
        rv = ocb3_decrypt_verify_memory(id, k, (unsigned long)k_len, n, (unsigned long)n_len,
                                        h, (unsigned long)h_len, ct, (unsigned long)ct_len,
                                        (unsigned char *)SvPVX(output), t, (unsigned long)t_len, &stat);
        if (rv != CRYPT_OK || stat != 1) {
          SvREFCNT_dec(output);
          XPUSHs(sv_2mortal(newSVpvn(NULL,0))); /* undef */
        }
        else {
          XPUSHs(sv_2mortal(output));
        }
    }
    OUTPUT:
        RETVAL
--- a/inc/CryptX_BigInt_LTM.xs.inc
+++ b/inc/CryptX_BigInt_LTM.xs.inc
@ -1,5 +1,6 @@
 MODULE = CryptX         PACKAGE = Math::BigInt::LTM
 PROTOTYPES: DISABLE
 ##############################################################################
 # _new()
--- a/inc/CryptX_Checksum_Adler32.xs.inc
+++ b/inc/CryptX_Checksum_Adler32.xs.inc
@ -1,11 +1,15 @@
 MODULE = CryptX         PACKAGE = Crypt::Checksum::Adler32
 PROTOTYPES: DISABLE
 Crypt::Checksum::Adler32
 new(Class)
    CODE:
    {
        Newz(0, RETVAL, 1, adler32_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        adler32_init(RETVAL);
+        adler32_init(RETVAL); /* returns void */
    }
    OUTPUT:
        RETVAL
@ -16,8 +20,11 @@ DESTROY(Crypt::Checksum::Adler32 self)
 void
 reset(Crypt::Checksum::Adler32 self)
-    CODE:
+    PPCODE:
-        adler32_init(self);
+    {
        adler32_init(self); /* returns void */
        XPUSHs(ST(0)); /* return self */
    }
 Crypt::Checksum::Adler32
 clone(Crypt::Checksum::Adler32 self)
@ -37,34 +44,76 @@ add(Crypt::Checksum::Adler32 self, ...)
        unsigned char *in;
        for(i=1; i<items; i++) {
          in = (unsigned char *)SvPVbyte(ST(i), inlen);
-          if (inlen>0) adler32_update(self, in, (unsigned long)inlen);
+          if (inlen > 0) {
            adler32_update(self, in, (unsigned long)inlen); /* returns void */
          }
        }
        XPUSHs(ST(0)); /* return self */
    }
 SV *
 digest(Crypt::Checksum::Adler32 self)
    ALIAS:
        hexdigest = 1
        intdigest = 2
    CODE:
    {
-        unsigned char hash[4];
+        int rv;
-        adler32_finish(self, hash, 4);
+        unsigned char hash[4], out[8];
-        RETVAL = newSVpvn((char *) hash, 4);
+        unsigned long outlen = 8;
        unsigned int ui32;
        adler32_finish(self, hash, 4); /* returns void */
        if (ix == 1) {
          rv = _base16_encode(hash, 4, out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn((char *)out, outlen);
        }
        else if (ix == 2) {
          LOAD32H(ui32, hash);
          RETVAL = newSVuv(ui32);
        }
        else {
          RETVAL = newSVpvn((char *) hash, 4);
        }
    }
    OUTPUT:
        RETVAL
 SV *
-hexdigest(Crypt::Checksum::Adler32 self)
+adler32_data(...)
    ALIAS:
        adler32_data_hex = 1
        adler32_data_int = 2
    CODE:
    {
-        unsigned long i;
+        adler32_state st;
-        unsigned char hash[4];
+        int rv, j;
-        char hash_hex[4*2 + 1];
+        unsigned char hash[4], out[8], *in;
-        adler32_finish(self, hash, 4);
+        unsigned long outlen = 8;
-        hash_hex[0] = '\0';
+        unsigned int ui32;
-        for(i=0; i<4; i++) sprintf(&hash_hex[2*i], "%02x", hash[i]);
+        STRLEN inlen;
-        RETVAL = newSVpvn(hash_hex, strlen(hash_hex));
+
        adler32_init(&st);
        for(j = 0; j < items; j++) {
          in = (unsigned char *)SvPVbyte(ST(j), inlen);
          if (inlen > 0) {
            adler32_update(&st, in, (unsigned long)inlen); /* returns void */
          }
        }
        adler32_finish(&st, hash, 4); /* returns void */
        if (ix == 1) {
          rv = _base16_encode(hash, 4, out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn((char *)out, outlen);
        }
        else if (ix == 2) {
          LOAD32H(ui32, hash);
          RETVAL = newSVuv(ui32);
        }
        else {
          RETVAL = newSVpvn((char *) hash, 4);
        }
    }
    OUTPUT:
        RETVAL
--- a/inc/CryptX_Checksum_CRC32.xs.inc
+++ b/inc/CryptX_Checksum_CRC32.xs.inc
@ -1,11 +1,15 @@
 MODULE = CryptX         PACKAGE = Crypt::Checksum::CRC32
 PROTOTYPES: DISABLE
 Crypt::Checksum::CRC32
 new(Class)
    CODE:
    {
        Newz(0, RETVAL, 1, crc32_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        crc32_init(RETVAL);
+        crc32_init(RETVAL); /* returns void */
    }
    OUTPUT:
        RETVAL
@ -16,8 +20,11 @@ DESTROY(Crypt::Checksum::CRC32 self)
 void
 reset(Crypt::Checksum::CRC32 self)
-    CODE:
+    PPCODE:
-        crc32_init(self);
+    {
        crc32_init(self); /* returns void */
        XPUSHs(ST(0)); /* return self */
    }
 Crypt::Checksum::CRC32
 clone(Crypt::Checksum::CRC32 self)
@ -37,34 +44,76 @@ add(Crypt::Checksum::CRC32 self, ...)
        unsigned char *in;
        for(i=1; i<items; i++) {
          in = (unsigned char *)SvPVbyte(ST(i), inlen);
-          if (inlen>0) crc32_update(self, in, (unsigned long)inlen);
+          if (inlen > 0) {
            crc32_update(self, in, (unsigned long)inlen); /* returns void */
          }
        }
        XPUSHs(ST(0)); /* return self */
    }
 SV *
 digest(Crypt::Checksum::CRC32 self)
    ALIAS:
        hexdigest = 1
        intdigest = 2
    CODE:
    {
-        unsigned char hash[4];
+        int rv;
-        crc32_finish(self, hash, 4);
+        unsigned char hash[4], out[8];
-        RETVAL = newSVpvn((char *) hash, 4);
+        unsigned long outlen = 8;
        unsigned int ui32;
        crc32_finish(self, hash, 4); /* returns void */
        if (ix == 1) {
          rv = _base16_encode(hash, 4, out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn((char *)out, outlen);
        }
        else if (ix == 2) {
          LOAD32H(ui32, hash);
          RETVAL = newSVuv(ui32);
        }
        else {
          RETVAL = newSVpvn((char *) hash, 4);
        }
    }
    OUTPUT:
        RETVAL
 SV *
-hexdigest(Crypt::Checksum::CRC32 self)
+crc32_data(...)
    ALIAS:
        crc32_data_hex = 1
        crc32_data_int = 2
    CODE:
    {
-        unsigned long i;
+        crc32_state st;
-        unsigned char hash[4];
+        int rv, j;
-        char hash_hex[4*2 + 1];
+        unsigned char hash[4], out[8], *in;
-        crc32_finish(self, hash, 4);
+        unsigned long outlen = 8;
-        hash_hex[0] = '\0';
+        unsigned int ui32;
-        for(i=0; i<4; i++) sprintf(&hash_hex[2*i], "%02x", hash[i]);
+        STRLEN inlen;
-        RETVAL = newSVpvn(hash_hex, strlen(hash_hex));
+
        crc32_init(&st);
        for(j = 0; j < items; j++) {
          in = (unsigned char *)SvPVbyte(ST(j), inlen);
          if (inlen > 0) {
            crc32_update(&st, in, (unsigned long)inlen); /* returns void */
          }
        }
        crc32_finish(&st, hash, 4); /* returns void */
        if (ix == 1) {
          rv = _base16_encode(hash, 4, out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn((char *)out, outlen);
        }
        else if (ix == 2) {
          LOAD32H(ui32, hash);
          RETVAL = newSVuv(ui32);
        }
        else {
          RETVAL = newSVpvn((char *) hash, 4);
        }
    }
    OUTPUT:
        RETVAL
--- a/inc/CryptX_Cipher.xs.inc
+++ b/inc/CryptX_Cipher.xs.inc
@ -1,188 +1,187 @@
 MODULE = CryptX         PACKAGE = Crypt::Cipher
 PROTOTYPES: DISABLE
 Crypt::Cipher
-_new(cipher_name, key, rounds=0)
+new(char * class, ...)
        char * cipher_name
        SV * key
        int rounds
    CODE:
    {
        STRLEN key_len;
-        unsigned char *key_data=NULL;
+        unsigned char *key_data = NULL;
-        int rv;
+        SV *key;
-        int id;
+        char *cipher_name;
        int rv, id, rounds = 0, idx;
        /* we need to handle:
           Crypt::Cipher->new('AES');
           Crypt::Cipher::AES->new();
         */
        idx = strcmp("Crypt::Cipher", class) == 0 ? 1 : 0;
        if (idx + 1 > items) croak("FATAL: missing argument");
        cipher_name = SvPVX(ST(idx));
        key = ST(idx + 1);
        if (idx + 3 <= items) rounds = (int)SvIV(ST(idx + 2));
        if (!SvPOK (key)) croak("FATAL: key must be string scalar");
        key_data = (unsigned char *)SvPVbyte(key, key_len);
-        id = find_cipher(cipher_name);
+        id = _find_cipher(cipher_name);
-        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        if (id == -1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
        Newz(0, RETVAL, 1, struct cipher_struct);
        if (!RETVAL) croak("FATAL: Newz failed");
        RETVAL->id = id;
        RETVAL->desc = &cipher_descriptor[id];
        rv = RETVAL->desc->setup(key_data, (int)key_len, rounds, &RETVAL->skey);
-        if(rv!=CRYPT_OK) croak("FATAL: cipher setup failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: cipher setup failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
        RETVAL
 void
-DESTROY(self)
+DESTROY(Crypt::Cipher self)
        Crypt::Cipher self
    CODE:
        Safefree(self);
 int
 _max_keysize(self, ...)
        Crypt::Cipher self
    CODE:
        RETVAL = self->desc->max_key_length;
    OUTPUT:
        RETVAL
 int
 _min_keysize(self, ...)
        Crypt::Cipher self
    CODE:
        RETVAL = self->desc->min_key_length;
    OUTPUT:
        RETVAL
 int
 _blocksize(self, ...)
        Crypt::Cipher self
    CODE:
        RETVAL = self->desc->block_length;
    OUTPUT:
        RETVAL
 int
 _default_rounds(self, ...)
        Crypt::Cipher self
    CODE:
        RETVAL = self->desc->default_rounds;
    OUTPUT:
        RETVAL
 SV *
-encrypt(self, data)
+encrypt(Crypt::Cipher self, SV * data)
        Crypt::Cipher self
        SV * data
    CODE:
    {
        int rv;
        STRLEN len;
        void *plaintext = SvPVbyte(data, len);
-        if (len==0)
+        if (len == 0) {
          RETVAL = newSVpvn("", 0);
-        else if (len % self->desc->block_length)
+        }
-          croak ("FATAL: sizeof(data) should be multiple of blocksize (%d)", self->desc->block_length);
+        else if (len == (STRLEN)self->desc->block_length) {
-        else {
+          RETVAL = NEWSV(0, len); /* avoid zero! */
          /* idea from Crypt::Rijndael */
          RETVAL = NEWSV(0, len);
          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, len);
-          rv = self->desc->ecb_encrypt((unsigned char *)plaintext, (unsigned char *)SvPV_nolen(RETVAL), &self->skey);
+          rv = self->desc->ecb_encrypt((unsigned char *)plaintext, (unsigned char *)SvPVX(RETVAL), &self->skey);
-          if (rv!=CRYPT_OK) croak("FATAL: encrypt failed: %s", error_to_string(rv));
+          if (rv!=CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: encrypt failed: %s", error_to_string(rv));
          }
        }
        else {
          croak ("FATAL: input size not equal to blocksize (%d)", self->desc->block_length);
        }
    }
    OUTPUT:
        RETVAL
 SV *
-decrypt(self, data)
+decrypt(Crypt::Cipher self, SV * data)
        Crypt::Cipher self
        SV * data
    CODE:
    {
        int rv;
        STRLEN len;
        void *ciphertext = SvPVbyte(data, len);
-        if (len==0)
+        if (len == 0) {
          RETVAL = newSVpvn("", 0);
-        else if (len % self->desc->block_length)
+        }
-          croak ("FATAL: sizeof(data) should be multiple of blocksize (%d)", self->desc->block_length);
+        else if (len == (STRLEN)self->desc->block_length) {
-        else {
+          RETVAL = NEWSV(0, len); /* avoid zero! */
          /* idea from Crypt::Rijndael */
          RETVAL = NEWSV(0, len);
          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, len);
-          rv = self->desc->ecb_decrypt((unsigned char *)ciphertext, (unsigned char *)SvPV_nolen(RETVAL), &self->skey);
+          rv = self->desc->ecb_decrypt((unsigned char *)ciphertext, (unsigned char *)SvPVX(RETVAL), &self->skey);
-          if (rv!=CRYPT_OK) croak("FATAL: decrypt failed: %s", error_to_string(rv));
+          if (rv!=CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: decrypt failed: %s", error_to_string(rv));
          }
        }
        else {
          croak ("FATAL: input size not equal to blocksize (%d)", self->desc->block_length);
        }
    }
    OUTPUT:
        RETVAL
 int
-_block_length_by_name(cipher_name)
+blocksize(SV * param, char * extra = NULL)
        char * cipher_name
    CODE:
    {
-        int rv, id;
+        if (sv_isobject(param) && sv_derived_from(param, "Crypt::Cipher")) {
-
+          IV tmp = SvIV((SV*)SvRV(param));
-        id = find_cipher(cipher_name);
+          Crypt__Cipher obj = INT2PTR(Crypt__Cipher, tmp);
-        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+          RETVAL = obj->desc->block_length;
-
+        }
-        rv = cipher_descriptor[id].block_length;
+        else {
-        if (!rv) XSRETURN_UNDEF;
+          char *name = SvPOK(param) && strcmp(SvPVX(param), "Crypt::Cipher") ? SvPVX(param) : extra;
-        RETVAL = rv;
+          int rv, id = _find_cipher(name);
          if (id == -1) croak("FATAL: find_cipher failed for '%s'", name);
          rv = cipher_descriptor[id].block_length;
          if (!rv) croak("FATAL: invalid block_length for '%s'", name);
          RETVAL = rv;
        }
    }
    OUTPUT:
        RETVAL
 int
-_min_key_length_by_name(cipher_name)
+max_keysize(SV * param, char * extra = NULL)
        char * cipher_name
    CODE:
    {
-        int rv, id;
+        if (sv_isobject(param) && sv_derived_from(param, "Crypt::Cipher")) {
-
+          IV tmp = SvIV((SV*)SvRV(param));
-        id = find_cipher(cipher_name);
+          Crypt__Cipher obj = INT2PTR(Crypt__Cipher, tmp);
-        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+          RETVAL = obj->desc->max_key_length;
-
+        }
-        rv = cipher_descriptor[id].min_key_length;
+        else {
-        if (!rv) XSRETURN_UNDEF;
+          char *name = SvPOK(param) && strcmp(SvPVX(param), "Crypt::Cipher") ? SvPVX(param) : extra;
-        RETVAL = rv;
+          int rv, id = _find_cipher(name);
          if (id == -1) croak("FATAL: find_cipher failed for '%s'", name);
          rv = cipher_descriptor[id].max_key_length;
          if (!rv) croak("FATAL: invalid max_key_length for '%s'", name);
          RETVAL = rv;
        }
    }
    OUTPUT:
        RETVAL
 int
-_max_key_length_by_name(cipher_name)
+min_keysize(SV * param, char * extra = NULL)
        char * cipher_name
    CODE:
    {
-        int rv, id;
+        if (sv_isobject(param) && sv_derived_from(param, "Crypt::Cipher")) {
-
+          IV tmp = SvIV((SV*)SvRV(param));
-        id = find_cipher(cipher_name);
+          Crypt__Cipher obj = INT2PTR(Crypt__Cipher, tmp);
-        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+          RETVAL = obj->desc->min_key_length;
-
+        }
-        rv = cipher_descriptor[id].max_key_length;
+        else {
-        if (!rv) XSRETURN_UNDEF;
+          char *name = SvPOK(param) && strcmp(SvPVX(param), "Crypt::Cipher") ? SvPVX(param) : extra;
-        RETVAL = rv;
+          int rv, id = _find_cipher(name);
          if (id == -1) croak("FATAL: find_cipher failed for '%s'", name);
          rv = cipher_descriptor[id].min_key_length;
          if (!rv) croak("FATAL: invalid min_key_length for '%s'", name);
          RETVAL = rv;
        }
    }
    OUTPUT:
        RETVAL
 int
-_default_rounds_by_name(cipher_name)
+default_rounds(SV * param, char * extra = NULL)
        char * cipher_name
    CODE:
    {
-        int rv, id;
+        if (sv_isobject(param) && sv_derived_from(param, "Crypt::Cipher")) {
-
+          IV tmp = SvIV((SV*)SvRV(param));
-        id = find_cipher(cipher_name);
+          Crypt__Cipher obj = INT2PTR(Crypt__Cipher, tmp);
-        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+          RETVAL = obj->desc->default_rounds;
-
+        }
-        rv = cipher_descriptor[id].default_rounds;
+        else {
-        if (!rv) XSRETURN_UNDEF;
+          char *name = SvPOK(param) && strcmp(SvPVX(param), "Crypt::Cipher") ? SvPVX(param) : extra;
-        RETVAL = rv;
+          int rv, id = _find_cipher(name);
          if (id == -1) croak("FATAL: find_cipher failed for '%s'", name);
          rv = cipher_descriptor[id].default_rounds;
          if (!rv) XSRETURN_UNDEF;
          RETVAL = rv;
        }
    }
    OUTPUT:
        RETVAL
--- a/inc/CryptX_Digest.xs.inc
+++ b/inc/CryptX_Digest.xs.inc
@ -1,48 +1,51 @@
 MODULE = CryptX         PACKAGE = Crypt::Digest
 PROTOTYPES: DISABLE
 Crypt::Digest
-_new(digest_name)
+new(char * cname, char * pname = NULL)
        char * digest_name
    CODE:
    {
        int rv;
        int id;
        char *digest_name = strcmp(cname, "Crypt::Digest") == 0 ? pname : cname;
-        id = find_hash(digest_name);
+        id = _find_hash(digest_name);
-        if(id==-1) croak("FATAL: find_hash failed for '%s'", digest_name);
+        if (id == -1) croak("FATAL: find_hash failed for '%s'", digest_name);
        Newz(0, RETVAL, 1, struct digest_struct);
        if (!RETVAL) croak("FATAL: Newz failed");
        RETVAL->id = id;
        RETVAL->desc = &hash_descriptor[id];
        rv = RETVAL->desc->init(&RETVAL->state);
-        if(rv!=CRYPT_OK) croak("FATAL: digest setup failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: digest setup failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
        RETVAL
 void
-DESTROY(self)
+DESTROY(Crypt::Digest self)
        Crypt::Digest self
    CODE:
        Safefree(self);
 void
-reset(self)
+reset(Crypt::Digest self)
-    Crypt::Digest self
+    PPCODE:
    CODE:
    {
        int rv;
        rv = self->desc->init(&self->state);
        if (rv != CRYPT_OK) croak("FATAL: digest init failed: %s", error_to_string(rv));
        XPUSHs(ST(0)); /* return self */
    }
 Crypt::Digest
-clone(self)
+clone(Crypt::Digest self)
    Crypt::Digest self
    CODE:
        Newz(0, RETVAL, 1, struct digest_struct);
        if (!RETVAL) croak("FATAL: Newz failed");
        Copy(&self->state, &RETVAL->state, 1, struct digest_struct);
    OUTPUT:
        RETVAL
@ -55,9 +58,9 @@ add(Crypt::Digest self, ...)
        int rv, i;
        unsigned char *in;
-        for(i=1; i<items; i++) {
+        for(i = 1; i < items; i++) {
          in = (unsigned char *)SvPVbyte(ST(i), inlen);
-          if (inlen>0) {
+          if (inlen > 0) {
            rv = self->desc->process(&self->state, in, (unsigned long)inlen);
            if (rv != CRYPT_OK) croak("FATAL: digest process failed: %s", error_to_string(rv));
          }
@ -66,104 +69,118 @@ add(Crypt::Digest self, ...)
    }
 SV *
-digest(self)
+digest(Crypt::Digest self)
-        Crypt::Digest self
+    ALIAS:
-    CODE:
+        hexdigest  = 1
-    {
+        b64digest  = 2
-        unsigned char hash[MAXBLOCKSIZE];
+        b64udigest = 3
        int rv;
        rv = self->desc->done(&self->state, hash);
        if (rv != CRYPT_OK) croak("FATAL: digest done failed: %s", error_to_string(rv));
        RETVAL = newSVpvn((char *) hash, self->desc->hashsize);
    }
    OUTPUT:
        RETVAL
 SV *
 hexdigest(self)
        Crypt::Digest self
    CODE:
    {
        int rv;
        unsigned long i;
        unsigned char hash[MAXBLOCKSIZE];
        char hash_hex[MAXBLOCKSIZE*2 + 1];
        rv = self->desc->done(&self->state, hash);
        if (rv != CRYPT_OK) croak("FATAL: digest done failed: %s", error_to_string(rv));
        hash_hex[0] = '\0';
        for(i=0; i<self->desc->hashsize; i++)
            sprintf(&hash_hex[2*i], "%02x", hash[i]);
        RETVAL = newSVpvn(hash_hex, strlen(hash_hex));
    }
    OUTPUT:
        RETVAL
 SV *
 b64digest(self)
        Crypt::Digest self
    CODE:
    {
        int rv;
        unsigned long outlen;
        unsigned char hash[MAXBLOCKSIZE];
-        char hash_base64[MAXBLOCKSIZE*2 + 1];
+        char out[MAXBLOCKSIZE*2];
        rv = self->desc->done(&self->state, hash);
        if (rv != CRYPT_OK) croak("FATAL: digest done failed: %s", error_to_string(rv));
-        outlen = sizeof(hash_base64);
+        outlen = sizeof(out);
-        rv = base64_encode(hash, self->desc->hashsize, (unsigned char *)hash_base64, &outlen);
+        if (ix == 3) {
-        if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          rv = base64url_encode(hash, self->desc->hashsize, (unsigned char *)out, &outlen);
-        RETVAL = newSVpvn(hash_base64, outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        else if (ix == 2) {
          rv = base64_encode(hash, self->desc->hashsize, (unsigned char *)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        else if (ix == 1) {
          rv = _base16_encode(hash, self->desc->hashsize, (unsigned char *)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        else {
          RETVAL = newSVpvn((char *) hash, self->desc->hashsize);
        }
    }
    OUTPUT:
        RETVAL
 SV *
-b64udigest(self)
+digest_data(char * digest_name, ...)
-        Crypt::Digest self
+    ALIAS:
        digest_data_hex  = 1
        digest_data_b64  = 2
        digest_data_b64u = 3
    CODE:
    {
-        int rv;
+        STRLEN inlen;
-        unsigned long outlen;
+        int rv, id, i;
-        unsigned char hash[MAXBLOCKSIZE];
+        unsigned char *in, hash[MAXBLOCKSIZE];
-        char hash_base64[MAXBLOCKSIZE*2 + 1];
+        unsigned long len = sizeof(hash), outlen;
        char out[MAXBLOCKSIZE*2];
        hash_state md;
-        rv = self->desc->done(&self->state, hash);
+        id = _find_hash(digest_name);
        if (id == -1) croak("FATAL: find_digest failed for '%s'", digest_name);
        /* digest_data("SHA1", $data1, $data2, $data3); */
        len = hash_descriptor[id].hashsize;
        rv = hash_descriptor[id].init(&md);
        if (rv != CRYPT_OK) croak("FATAL: digest init failed: %s", error_to_string(rv));
        for (i = 1; i < items; i++) {
          in = (unsigned char *)SvPVbyte(ST(i), inlen);
          if (inlen > 0) {
            rv = hash_descriptor[id].process(&md, in, (unsigned long)inlen);
            if (rv != CRYPT_OK) croak("FATAL: digest process failed: %s", error_to_string(rv));
          }
        }
        rv = hash_descriptor[id].done(&md, hash);
        if (rv != CRYPT_OK) croak("FATAL: digest done failed: %s", error_to_string(rv));
-        outlen = sizeof(hash_base64);
+        outlen = sizeof(out);
-        rv = base64url_encode(hash, self->desc->hashsize, (unsigned char *)hash_base64, &outlen);
+        if (ix == 3) {
-        if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
+          rv = base64url_encode(hash, len, (unsigned char *)out, &outlen);
-        RETVAL = newSVpvn(hash_base64, outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn((char *) out, outlen);
        }
        else if (ix == 2) {
          rv = base64_encode(hash, len, (unsigned char *)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn((char *) out, outlen);
        }
        else if (ix == 1) {
          rv = _base16_encode(hash, len, (unsigned char *)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn((char *) out, outlen);
        }
        else {
          RETVAL = newSVpvn((char *) hash, len);
        }
    }
    OUTPUT:
        RETVAL
 int
-_hashsize(self)
+hashsize(SV * param, char * extra = NULL)
        Crypt::Digest self
    CODE:
        RETVAL = self->desc->hashsize;
    OUTPUT:
        RETVAL
 int
 _hashsize_by_name(digest_name)
        char * digest_name
    CODE:
    {
-        int rv, id;
+        if (sv_isobject(param) && sv_derived_from(param, "Crypt::Digest")) {
-
+          IV tmp = SvIV((SV*)SvRV(param));
-        id = find_hash(digest_name);
+          Crypt__Digest obj = INT2PTR(Crypt__Digest, tmp);
-        if(id==-1) croak("FATAL: find_digest failed for '%s'", digest_name);
+          RETVAL = obj->desc->hashsize;
-
+        }
-        rv = hash_descriptor[id].hashsize;
+        else {
-        if (!rv) croak("FATAL: invalid hashsize for '%s'", digest_name);;
+          char *digest_name;
-        RETVAL = rv;
+          int rv, id;
          digest_name = SvPOK(param) && strcmp(SvPVX(param), "Crypt::Digest") ? SvPVX(param) : extra;
          id = _find_hash(digest_name);
          if (id == -1) croak("FATAL: find_hash failed for '%s'", digest_name);
          rv = hash_descriptor[id].hashsize;
          if (!rv) croak("FATAL: invalid hashsize for '%s'", digest_name);;
          RETVAL = rv;
        }
    }
    OUTPUT:
        RETVAL
--- a/inc/CryptX_Digest_SHAKE.xs.inc
+++ b/inc/CryptX_Digest_SHAKE.xs.inc
@ -1,7 +1,9 @@
 MODULE = CryptX         PACKAGE = Crypt::Digest::SHAKE
 PROTOTYPES: DISABLE
 Crypt::Digest::SHAKE
-_new(int num)
+new(Class, int num)
    CODE:
    {
        int rv;
@ -11,7 +13,10 @@ _new(int num)
        RETVAL->num = num;
        rv = sha3_shake_init(&RETVAL->state, RETVAL->num);
-        if (rv != CRYPT_OK) croak("FATAL: sha3_shake_init failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: sha3_shake_init failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
        RETVAL
@ -23,17 +28,19 @@ DESTROY(Crypt::Digest::SHAKE self)
 void
 reset(Crypt::Digest::SHAKE self)
-    CODE:
+    PPCODE:
    {
        int rv;
        rv = sha3_shake_init(&self->state, self->num);
        if (rv != CRYPT_OK) croak("FATAL: sha3_shake_init failed: %s", error_to_string(rv));
        XPUSHs(ST(0)); /* return self */
    }
 Crypt::Digest::SHAKE
 clone(Crypt::Digest::SHAKE self)
    CODE:
        Newz(0, RETVAL, 1, struct digest_shake_struct);
        if (!RETVAL) croak("FATAL: Newz failed");
        Copy(&self->state, &RETVAL->state, 1, struct digest_shake_struct);
    OUTPUT:
        RETVAL
@ -63,12 +70,20 @@ done(Crypt::Digest::SHAKE self, STRLEN out_len)
        int rv;
        unsigned char *out_data;
-        RETVAL = NEWSV(0, out_len);
+        if (out_len == 0) {
-        SvPOK_only(RETVAL);
+          RETVAL = newSVpvn("", 0);
-        SvCUR_set(RETVAL, out_len);
+        }
-        out_data = (unsigned char *)SvPV_nolen(RETVAL);
+        else {
-        rv = sha3_shake_done(&self->state, out_data, out_len);
+          RETVAL = NEWSV(0, out_len); /* avoid zero! */
-        if (rv != CRYPT_OK) croak("FATAL: sha3_shake_done failed: %s", error_to_string(rv));
+          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, out_len);
          out_data = (unsigned char *)SvPVX(RETVAL);
          rv = sha3_shake_done(&self->state, out_data, (unsigned long)out_len);
          if (rv != CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: sha3_shake_done failed: %s", error_to_string(rv));
          }
        }
    }
    OUTPUT:
        RETVAL
--- a/inc/CryptX_KeyDerivation.xs.inc
+++ b/inc/CryptX_KeyDerivation.xs.inc
@ -1,102 +1,97 @@
 MODULE = CryptX         PACKAGE = Crypt::KeyDerivation
 PROTOTYPES: DISABLE
 SV *
-_pkcs_5_alg1(SV * password, SV * salt, int iteration_count, char * hash_name, int len)
+pbkdf1(SV * password, SV * salt, int iteration_count = 5000, const char * hash_name = "SHA256", unsigned long output_len = 32)
    CODE:
    {
        /*
        int pkcs_5_alg1(const unsigned char *password, unsigned long password_len,
                        const unsigned char *salt,
                        int iteration_count,  int hash_idx,
                        unsigned char *out,   unsigned long *outlen)
        */
        int rv, id;
        unsigned long output_len;
        unsigned char *output;
        unsigned char *password_ptr=NULL;
        STRLEN password_len=0;
        unsigned char *salt_ptr=NULL;
        STRLEN salt_len=0;
-        id = find_hash(hash_name);
+        if (output_len == 0) {
-        if(id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
+          RETVAL = newSVpvn("", 0);
        }
        else {
          id = _find_hash(hash_name);
          if (id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
-        password_ptr = (unsigned char *)SvPVbyte(password, password_len);
+          password_ptr = (unsigned char *)SvPVbyte(password, password_len);
-        salt_ptr = (unsigned char *)SvPVbyte(salt, salt_len);
+          salt_ptr = (unsigned char *)SvPVbyte(salt, salt_len);
-        if (salt_len < 8) croak("FATAL: salt_len has to be 8");
+          if (salt_len < 8) croak("FATAL: salt_len has to be 8");
-        output_len = len;
+          RETVAL = NEWSV(0, output_len); /* avoid zero! */
-        Newz(0, output, output_len, unsigned char);
+          SvPOK_only(RETVAL);
-        if (!output) croak("FATAL: Newz failed [%ld]", output_len);
+          SvCUR_set(RETVAL, output_len);
          output = (unsigned char *)SvPVX(RETVAL);
-        rv = pkcs_5_alg1(password_ptr, (unsigned long)password_len, salt_ptr, iteration_count, id, output, &output_len);
+          rv = pkcs_5_alg1(password_ptr, (unsigned long)password_len, salt_ptr, iteration_count, id, output, &output_len);
-        if (rv != CRYPT_OK) croak("FATAL: pkcs_5_alg1 process failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
-
+            SvREFCNT_dec(RETVAL);
-        RETVAL = newSVpvn((char *)output, output_len);
+            croak("FATAL: pkcs_5_alg1 process failed: %s", error_to_string(rv));
-        Safefree(output);
+          }
          SvCUR_set(RETVAL, output_len);
        }
    }
    OUTPUT:
        RETVAL
 SV *
-_pkcs_5_alg2(SV * password, SV * salt, int iteration_count, char * hash_name, int len)
+pbkdf2(SV * password, SV * salt, int iteration_count = 5000, const char * hash_name = "SHA256", unsigned long output_len = 32)
    CODE:
    {
        /*
        int pkcs_5_alg2(const unsigned char *password, unsigned long password_len,
                        const unsigned char *salt,     unsigned long salt_len,
                        int iteration_count,           int hash_idx,
                        unsigned char *out,            unsigned long *outlen)
        */
        int rv, id;
        unsigned long output_len;
        unsigned char *output;
        unsigned char *password_ptr=NULL;
        STRLEN password_len=0;
        unsigned char *salt_ptr=NULL;
        STRLEN salt_len=0;
-        id = find_hash(hash_name);
+        if (output_len == 0) {
-        if(id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
+          RETVAL = newSVpvn("", 0);
        }
        else {
          id = _find_hash(hash_name);
          if (id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
-        password_ptr = (unsigned char *)SvPVbyte(password, password_len);
+          password_ptr = (unsigned char *)SvPVbyte(password, password_len);
-        salt_ptr = (unsigned char *)SvPVbyte(salt, salt_len);
+          salt_ptr = (unsigned char *)SvPVbyte(salt, salt_len);
-        output_len = len;
+          RETVAL = NEWSV(0, output_len); /* avoid zero! */
-        Newz(0, output, output_len, unsigned char);
+          SvPOK_only(RETVAL);
-        if (!output) croak("FATAL: Newz failed [%ld]", output_len);
+          SvCUR_set(RETVAL, output_len);
          output = (unsigned char *)SvPVX(RETVAL);
-        rv = pkcs_5_alg2(password_ptr, (unsigned long)password_len, salt_ptr, (unsigned long)salt_len, iteration_count, id, output, &output_len);
+          rv = pkcs_5_alg2(password_ptr, (unsigned long)password_len, salt_ptr, (unsigned long)salt_len, iteration_count, id, output, &output_len);
-        if (rv != CRYPT_OK) croak("FATAL: pkcs_5_alg2 process failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
-
+            SvREFCNT_dec(RETVAL);
-        RETVAL = newSVpvn((char *)output, output_len);
+            croak("FATAL: pkcs_5_alg2 process failed: %s", error_to_string(rv));
-        Safefree(output);
+          }
          SvCUR_set(RETVAL, output_len);
        }
    }
    OUTPUT:
        RETVAL
 SV *
-_hkdf_extract(char * hash_name, SV * salt, SV * in)
+hkdf_extract(SV * in, SV * salt = &PL_sv_undef, const char * hash_name = "SHA256")
    CODE:
    {
        /*
        int hkdf_extract(int hash_idx, const unsigned char *salt, unsigned long  saltlen,
                                       const unsigned char *in,   unsigned long  inlen,
                                       unsigned char *out,  unsigned long *outlen)
        */
        int rv, id;
        unsigned char output[MAXBLOCKSIZE];
        unsigned long output_len;
-        unsigned char *in_ptr=NULL;
+        unsigned char *in_ptr = NULL, *salt_ptr = NULL;
-        STRLEN in_len=0;
+        STRLEN in_len = 0, salt_len = 0;
        unsigned char *salt_ptr=NULL;
        STRLEN salt_len=0;
-        id = find_hash(hash_name);
+        id = _find_hash(hash_name);
-        if(id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
+        if (id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
-        in_ptr = (unsigned char *)SvPVbyte(in, in_len);
+        if (SvPOK(in))   in_ptr = (unsigned char *)SvPVbyte(in, in_len);
-        salt_ptr = (unsigned char *)SvPVbyte(salt, salt_len);
+        if (SvPOK(salt)) salt_ptr = (unsigned char *)SvPVbyte(salt, salt_len);
        output_len = sizeof(output);
        rv = hkdf_extract(id, salt_ptr, (unsigned long)salt_len, in_ptr, (unsigned long)in_len, output, &output_len);
@ -108,74 +103,72 @@ _hkdf_extract(char * hash_name, SV * salt, SV * in)
        RETVAL
 SV *
-_hkdf_expand(char * hash_name, SV * info, SV * in, unsigned long output_len)
+hkdf_expand(SV * in, const char * hash_name = "SHA256", unsigned long output_len = 32, SV * info = &PL_sv_undef)
    CODE:
    {
        /*
        int hkdf_expand(int hash_idx, const unsigned char *info, unsigned long infolen,
                                      const unsigned char *in,   unsigned long inlen,
                                      unsigned char *out,  unsigned long outlen)
        */
        int rv, id;
        unsigned char *output;
-        unsigned char *in_ptr=NULL;
+        unsigned char *in_ptr = NULL, *info_ptr = NULL;
-        STRLEN in_len=0;
+        STRLEN in_len = 0, info_len = 0;
        unsigned char *info_ptr=NULL;
        STRLEN info_len=0;
-        id = find_hash(hash_name);
+        if (output_len == 0) {
-        if(id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
+          RETVAL = newSVpvn("", 0);
        }
        else {
          id = _find_hash(hash_name);
          if (id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
-        in_ptr = (unsigned char *)SvPVbyte(in, in_len);
+          if (SvPOK(in))   in_ptr = (unsigned char *)SvPVbyte(in, in_len);
-        info_ptr = (unsigned char *)SvPVbyte(info, info_len);
+          if (SvPOK(info)) info_ptr = (unsigned char *)SvPVbyte(info, info_len);
-        Newz(0, output, output_len, unsigned char);
+          RETVAL = NEWSV(0, output_len); /* avoid zero! */
-        if (!output) croak("FATAL: Newz failed [%ld]", output_len);
+          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, output_len);
          output = (unsigned char *)SvPVX(RETVAL);
-        rv = hkdf_expand(id, info_ptr, (unsigned long)info_len, in_ptr, (unsigned long)in_len, output, output_len);
+          rv = hkdf_expand(id, info_ptr, (unsigned long)info_len, in_ptr, (unsigned long)in_len, output, output_len);
-        if (rv != CRYPT_OK) croak("FATAL: hkdf_expand process failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
-
+            SvREFCNT_dec(RETVAL);
-        RETVAL = newSVpvn((char *)output, output_len);
+            croak("FATAL: hkdf_expand process failed: %s", error_to_string(rv));
-        Safefree(output);
+          }
          SvCUR_set(RETVAL, output_len);
        }
    }
    OUTPUT:
        RETVAL
 SV *
-_hkdf(char * hash_name, SV * salt, SV * info, SV * in, unsigned long output_len)
+hkdf(SV * in, SV * salt, const char * hash_name = "SHA256", unsigned long output_len = 32, SV * info = &PL_sv_undef)
    CODE:
    {
        /*
        int hkdf(int hash_idx, const unsigned char *salt, unsigned long saltlen,
                               const unsigned char *info, unsigned long infolen,
                               const unsigned char *in,   unsigned long inlen,
                               unsigned char *out,  unsigned long outlen)
        */
        int rv, id;
        unsigned char *output;
-        unsigned char *in_ptr=NULL;
+        unsigned char *in_ptr = NULL, *info_ptr = NULL, *salt_ptr = NULL;
-        STRLEN in_len=0;
+        STRLEN in_len = 0, info_len = 0, salt_len = 0;
        unsigned char *info_ptr=NULL;
        STRLEN info_len=0;
        unsigned char *salt_ptr=NULL;
        STRLEN salt_len=0;
-        id = find_hash(hash_name);
+        if (output_len == 0) {
-        if(id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
+          RETVAL = newSVpvn("", 0);
        }
        else {
          id = _find_hash(hash_name);
          if (id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
-        in_ptr = (unsigned char *)SvPVbyte(in, in_len);
+          if (SvPOK(in))   in_ptr   = (unsigned char *)SvPVbyte(in, in_len);
-        info_ptr = (unsigned char *)SvPVbyte(info, info_len);
+          if (SvPOK(info)) info_ptr = (unsigned char *)SvPVbyte(info, info_len);
-        salt_ptr = (unsigned char *)SvPVbyte(salt, salt_len);
+          if (SvPOK(salt)) salt_ptr = (unsigned char *)SvPVbyte(salt, salt_len);
-        Newz(0, output, output_len, unsigned char);
+          RETVAL = NEWSV(0, output_len); /* avoid zero! */
-        if (!output) croak("FATAL: Newz failed [%ld]", output_len);
+          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, output_len);
          output = (unsigned char *)SvPVX(RETVAL);
-        rv = hkdf(id, salt_ptr, (unsigned long)salt_len, info_ptr, (unsigned long)info_len, in_ptr, (unsigned long)in_len, output, output_len);
+          rv = hkdf(id, salt_ptr, (unsigned long)salt_len, info_ptr, (unsigned long)info_len, in_ptr, (unsigned long)in_len, output, output_len);
-        if (rv != CRYPT_OK) croak("FATAL: hkdf_expand process failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
-
+            SvREFCNT_dec(RETVAL);
-        RETVAL = newSVpvn((char *)output, output_len);
+            croak("FATAL: hkdf_expand process failed: %s", error_to_string(rv));
-        Safefree(output);
+          }
          SvCUR_set(RETVAL, output_len);
        }
    }
    OUTPUT:
        RETVAL
--- a/inc/CryptX_Mac_BLAKE2b.xs.inc
+++ b/inc/CryptX_Mac_BLAKE2b.xs.inc
@ -1,9 +1,11 @@
 MODULE = CryptX         PACKAGE = Crypt::Mac::BLAKE2b
 PROTOTYPES: DISABLE
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 Crypt::Mac::BLAKE2b
-_new(int size, SV * key)
+new(Class, unsigned long size, SV * key)
    CODE:
    {
        STRLEN k_len=0;
@ -13,11 +15,14 @@ _new(int size, SV * key)
        if (!SvPOK(key)) croak("FATAL: key must be string/buffer scalar");
        k = (unsigned char *) SvPVbyte(key, k_len);
-        Newz(0, RETVAL, 1, struct blake2b_struct);
+        Newz(0, RETVAL, 1, blake2bmac_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        rv = blake2bmac_init(&RETVAL->state, size, k, (unsigned long)k_len);
+        rv = blake2bmac_init(RETVAL, size, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: blake2b_init failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: blake2b_init failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
        RETVAL
@ -30,101 +35,118 @@ DESTROY(Crypt::Mac::BLAKE2b self)
 Crypt::Mac::BLAKE2b
 clone(Crypt::Mac::BLAKE2b self)
    CODE:
-        Newz(0, RETVAL, 1, struct blake2b_struct);
+        Newz(0, RETVAL, 1, blake2bmac_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct blake2b_struct);
+        Copy(self, RETVAL, 1, blake2bmac_state);
    OUTPUT:
        RETVAL
 void
-_add_single(Crypt::Mac::BLAKE2b self, SV * data)
+add(Crypt::Mac::BLAKE2b self, ...)
-    CODE:
+    PPCODE:
    {
-        int rv;
+        int rv, i;
        STRLEN in_data_len;
        unsigned char *in_data;
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        for(i = 1; i < items; i++) {
-        if (in_data_len>0) {
+          in_data = (unsigned char *)SvPVbyte(ST(i), in_data_len);
-          rv = blake2bmac_process(&self->state, in_data, (unsigned long)in_data_len);
+          if (in_data_len > 0) {
-          if (rv != CRYPT_OK) croak("FATAL: blake2b_process failed: %s", error_to_string(rv));
+            rv = blake2bmac_process(self, in_data, (unsigned long)in_data_len);
            if (rv != CRYPT_OK) croak("FATAL: blake2b_process failed: %s", error_to_string(rv));
          }
        }
        XPUSHs(ST(0)); /* return self */
    }
 SV *
 mac(Crypt::Mac::BLAKE2b self)
    ALIAS:
        hexmac  = 1
        b64mac  = 2
        b64umac = 3
    CODE:
    {
-        char mac[MAXBLOCKSIZE];
+        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long maclen, outlen;
        int rv;
        char out[MAXBLOCKSIZE*2];
-        mac_len = sizeof(mac);
+        maclen = sizeof(mac);
-        rv = blake2bmac_done(&self->state, (unsigned char*)mac, &mac_len);
+        rv = blake2bmac_done(self, mac, &maclen);
        if (rv != CRYPT_OK) croak("FATAL: blake2bmac_done failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac, mac_len);
+        outlen = sizeof(out);
        if (ix == 3) {
          rv = base64url_encode(mac, maclen, (unsigned char*)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        if (ix == 2) {
          rv = base64_encode(mac, maclen, (unsigned char*)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        if (ix == 1) {
          rv = _base16_encode(mac, maclen, (unsigned char *)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        else {
          RETVAL = newSVpvn((char * )mac, maclen);
        }
    }
    OUTPUT:
        RETVAL
 SV *
-b64mac(Crypt::Mac::BLAKE2b self)
+blake2b(unsigned long size, SV * key, ...)
    ALIAS:
        blake2b_hex  = 1
        blake2b_b64  = 2
        blake2b_b64u = 3
    CODE:
    {
        STRLEN inlen, klen;
        unsigned char *in;
        unsigned char *k = (unsigned char *)SvPVbyte(key, klen);
        int rv, i;
        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long len = sizeof(mac), outlen;
-        int rv;
+        char out[MAXBLOCKSIZE*2];
-        unsigned long outlen;
+        blake2bmac_state st;
        char mac_base64[MAXBLOCKSIZE*2 + 1];
-        mac_len = sizeof(mac);
+        if (size < len) len = size;
-        rv = blake2bmac_done(&self->state, mac, &mac_len);
+        rv = blake2bmac_init(&st, len, k, (unsigned long)klen);
        if (rv != CRYPT_OK) croak("FATAL: blake2bmac_init failed: %s", error_to_string(rv));
        for (i = 2; i < items; i++) {
          in = (unsigned char *)SvPVbyte(ST(i), inlen);
          if (inlen > 0) {
            rv = blake2bmac_process(&st, in, (unsigned long)inlen);
            if (rv != CRYPT_OK) croak("FATAL: blake2bmac_process failed: %s", error_to_string(rv));
          }
        }
        rv = blake2bmac_done(&st, mac, &len);
        if (rv != CRYPT_OK) croak("FATAL: blake2bmac_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
+
-        rv = base64_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
+        outlen = sizeof(out);
-        if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+        if (ix == 3) {
-        RETVAL = newSVpvn(mac_base64, outlen);
+          rv = base64url_encode(mac, len, (unsigned char *)out, &outlen);
-    }
+          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
-    OUTPUT:
+          RETVAL = newSVpvn((char *) out, outlen);
-        RETVAL
+        }
-
+        else if (ix == 2) {
-SV *
+          rv = base64_encode(mac, len, (unsigned char *)out, &outlen);
-b64umac(Crypt::Mac::BLAKE2b self)
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
-    CODE:
+          RETVAL = newSVpvn((char *) out, outlen);
-    {
+        }
-        unsigned char mac[MAXBLOCKSIZE];
+        else if (ix == 1) {
-        unsigned long mac_len;
+          rv = _base16_encode(mac, len, (unsigned char *)out, &outlen);
-        int rv;
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
-        unsigned long outlen;
+          RETVAL = newSVpvn((char *) out, outlen);
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
+        }
-
+        else {
-        mac_len = sizeof(mac);
+          RETVAL = newSVpvn((char *) mac, len);
-        rv = blake2bmac_done(&self->state, mac, &mac_len);
+        }
        if (rv != CRYPT_OK) croak("FATAL: blake2bmac_done failed: %s", error_to_string(rv));
        outlen = sizeof(mac_base64);
        rv = base64url_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
        if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
        RETVAL = newSVpvn(mac_base64, outlen);
    }
    OUTPUT:
        RETVAL
 SV *
 hexmac(Crypt::Mac::BLAKE2b self)
    CODE:
    {
        unsigned char mac[MAXBLOCKSIZE];
        unsigned long mac_len, i;
        int rv;
        char mac_hex[MAXBLOCKSIZE*2 + 1];
        mac_len = sizeof(mac);
        rv = blake2bmac_done(&self->state, mac, &mac_len);
        if (rv != CRYPT_OK) croak("FATAL: blake2bmac_done failed: %s", error_to_string(rv));
        mac_hex[0] = '\0';
        for(i=0; i<mac_len; i++)
            sprintf(&mac_hex[2*i], "%02x", mac[i]);
        RETVAL = newSVpvn(mac_hex, strlen(mac_hex));
    }
    OUTPUT:
        RETVAL
--- a/inc/CryptX_Mac_BLAKE2s.xs.inc
+++ b/inc/CryptX_Mac_BLAKE2s.xs.inc
@ -1,9 +1,11 @@
 MODULE = CryptX         PACKAGE = Crypt::Mac::BLAKE2s
 PROTOTYPES: DISABLE
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 Crypt::Mac::BLAKE2s
-_new(int size, SV * key)
+new(Class, unsigned long size, SV * key)
    CODE:
    {
        STRLEN k_len=0;
@ -13,11 +15,14 @@ _new(int size, SV * key)
        if (!SvPOK(key)) croak("FATAL: key must be string/buffer scalar");
        k = (unsigned char *) SvPVbyte(key, k_len);
-        Newz(0, RETVAL, 1, struct blake2s_struct);
+        Newz(0, RETVAL, 1, blake2smac_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        rv = blake2smac_init(&RETVAL->state, size, k, (unsigned long)k_len);
+        rv = blake2smac_init(RETVAL, size, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: blake2s_init failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: blake2s_init failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
        RETVAL
@ -30,101 +35,118 @@ DESTROY(Crypt::Mac::BLAKE2s self)
 Crypt::Mac::BLAKE2s
 clone(Crypt::Mac::BLAKE2s self)
    CODE:
-        Newz(0, RETVAL, 1, struct blake2s_struct);
+        Newz(0, RETVAL, 1, blake2smac_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct blake2s_struct);
+        Copy(self, RETVAL, 1, blake2smac_state);
    OUTPUT:
        RETVAL
 void
-_add_single(Crypt::Mac::BLAKE2s self, SV * data)
+add(Crypt::Mac::BLAKE2s self, ...)
-    CODE:
+    PPCODE:
    {
-        int rv;
+        int rv, i;
        STRLEN in_data_len;
        unsigned char *in_data;
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        for(i = 1; i < items; i++) {
-        if (in_data_len>0) {
+          in_data = (unsigned char *)SvPVbyte(ST(i), in_data_len);
-          rv = blake2smac_process(&self->state, in_data, (unsigned long)in_data_len);
+          if (in_data_len > 0) {
-          if (rv != CRYPT_OK) croak("FATAL: blake2s_process failed: %s", error_to_string(rv));
+            rv = blake2smac_process(self, in_data, (unsigned long)in_data_len);
            if (rv != CRYPT_OK) croak("FATAL: blake2s_process failed: %s", error_to_string(rv));
          }
        }
        XPUSHs(ST(0)); /* return self */
    }
 SV *
 mac(Crypt::Mac::BLAKE2s self)
    ALIAS:
        hexmac  = 1
        b64mac  = 2
        b64umac = 3
    CODE:
    {
-        char mac[MAXBLOCKSIZE];
+        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long maclen, outlen;
        int rv;
        char out[MAXBLOCKSIZE*2];
-        mac_len = sizeof(mac);
+        maclen = sizeof(mac);
-        rv = blake2smac_done(&self->state, (unsigned char*)mac, &mac_len);
+        rv = blake2smac_done(self, mac, &maclen);
        if (rv != CRYPT_OK) croak("FATAL: blake2smac_done failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac, mac_len);
+        outlen = sizeof(out);
        if (ix == 3) {
          rv = base64url_encode(mac, maclen, (unsigned char*)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        if (ix == 2) {
          rv = base64_encode(mac, maclen, (unsigned char*)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        if (ix == 1) {
          rv = _base16_encode(mac, maclen, (unsigned char *)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        else {
          RETVAL = newSVpvn((char * )mac, maclen);
        }
    }
    OUTPUT:
        RETVAL
 SV *
-b64mac(Crypt::Mac::BLAKE2s self)
+blake2s(unsigned long size, SV * key, ...)
    ALIAS:
        blake2s_hex  = 1
        blake2s_b64  = 2
        blake2s_b64u = 3
    CODE:
    {
        STRLEN inlen, klen;
        unsigned char *in;
        unsigned char *k = (unsigned char *)SvPVbyte(key, klen);
        int rv, i;
        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long len = sizeof(mac), outlen;
-        int rv;
+        char out[MAXBLOCKSIZE*2];
-        unsigned long outlen;
+        blake2smac_state st;
        char mac_base64[MAXBLOCKSIZE*2 + 1];
-        mac_len = sizeof(mac);
+        if (size < len) len = size;
-        rv = blake2smac_done(&self->state, mac, &mac_len);
+        rv = blake2smac_init(&st, len, k, (unsigned long)klen);
        if (rv != CRYPT_OK) croak("FATAL: blake2smac_init failed: %s", error_to_string(rv));
        for (i = 2; i < items; i++) {
          in = (unsigned char *)SvPVbyte(ST(i), inlen);
          if (inlen > 0) {
            rv = blake2smac_process(&st, in, (unsigned long)inlen);
            if (rv != CRYPT_OK) croak("FATAL: blake2smac_process failed: %s", error_to_string(rv));
          }
        }
        rv = blake2smac_done(&st, mac, &len);
        if (rv != CRYPT_OK) croak("FATAL: blake2smac_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
+
-        rv = base64_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
+        outlen = sizeof(out);
-        if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+        if (ix == 3) {
-        RETVAL = newSVpvn(mac_base64, outlen);
+          rv = base64url_encode(mac, len, (unsigned char *)out, &outlen);
-    }
+          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
-    OUTPUT:
+          RETVAL = newSVpvn((char *) out, outlen);
-        RETVAL
+        }
-
+        else if (ix == 2) {
-SV *
+          rv = base64_encode(mac, len, (unsigned char *)out, &outlen);
-b64umac(Crypt::Mac::BLAKE2s self)
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
-    CODE:
+          RETVAL = newSVpvn((char *) out, outlen);
-    {
+        }
-        unsigned char mac[MAXBLOCKSIZE];
+        else if (ix == 1) {
-        unsigned long mac_len;
+          rv = _base16_encode(mac, len, (unsigned char *)out, &outlen);
-        int rv;
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
-        unsigned long outlen;
+          RETVAL = newSVpvn((char *) out, outlen);
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
+        }
-
+        else {
-        mac_len = sizeof(mac);
+          RETVAL = newSVpvn((char *) mac, len);
-        rv = blake2smac_done(&self->state, mac, &mac_len);
+        }
        if (rv != CRYPT_OK) croak("FATAL: blake2smac_done failed: %s", error_to_string(rv));
        outlen = sizeof(mac_base64);
        rv = base64url_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
        if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
        RETVAL = newSVpvn(mac_base64, outlen);
    }
    OUTPUT:
        RETVAL
 SV *
 hexmac(Crypt::Mac::BLAKE2s self)
    CODE:
    {
        unsigned char mac[MAXBLOCKSIZE];
        unsigned long mac_len, i;
        int rv;
        char mac_hex[MAXBLOCKSIZE*2 + 1];
        mac_len = sizeof(mac);
        rv = blake2smac_done(&self->state, mac, &mac_len);
        if (rv != CRYPT_OK) croak("FATAL: blake2smac_done failed: %s", error_to_string(rv));
        mac_hex[0] = '\0';
        for(i=0; i<mac_len; i++)
            sprintf(&mac_hex[2*i], "%02x", mac[i]);
        RETVAL = newSVpvn(mac_hex, strlen(mac_hex));
    }
    OUTPUT:
        RETVAL
--- a/inc/CryptX_Mac_F9.xs.inc
+++ b/inc/CryptX_Mac_F9.xs.inc
@ -1,9 +1,11 @@
 MODULE = CryptX         PACKAGE = Crypt::Mac::F9
 PROTOTYPES: DISABLE
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 Crypt::Mac::F9
-_new(char * cipher_name, SV * key)
+new(Class, char * cipher_name, SV * key)
    CODE:
    {
        STRLEN k_len=0;
@ -11,17 +13,20 @@ _new(char * cipher_name, SV * key)
        int rv;
        int id;
-        id = find_cipher(cipher_name);
+        id = _find_cipher(cipher_name);
-        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        if (id == -1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
        if (!SvPOK(key)) croak("FATAL: key must be string/buffer scalar");
        k = (unsigned char *) SvPVbyte(key, k_len);
-        Newz(0, RETVAL, 1, struct f9_struct);
+        Newz(0, RETVAL, 1, f9_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        rv = f9_init(&RETVAL->state, id, k, (unsigned long)k_len);
+        rv = f9_init(RETVAL, id, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: f9_init failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: f9_init failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
        RETVAL
@ -34,101 +39,119 @@ DESTROY(Crypt::Mac::F9 self)
 Crypt::Mac::F9
 clone(Crypt::Mac::F9 self)
    CODE:
-        Newz(0, RETVAL, 1, struct f9_struct);
+        Newz(0, RETVAL, 1, f9_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct f9_struct);
+        Copy(self, RETVAL, 1, f9_state);
    OUTPUT:
        RETVAL
 void
-_add_single(Crypt::Mac::F9 self, SV * data)
+add(Crypt::Mac::F9 self, ...)
-    CODE:
+    PPCODE:
    {
-        int rv;
+        int rv, i;
        STRLEN in_data_len;
        unsigned char *in_data;
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        for(i = 1; i < items; i++) {
-        if (in_data_len>0) {
+          in_data = (unsigned char *)SvPVbyte(ST(i), in_data_len);
-          rv = f9_process(&self->state, in_data, (unsigned long)in_data_len);
+          if (in_data_len > 0) {
-          if (rv != CRYPT_OK) croak("FATAL: f9_process failed: %s", error_to_string(rv));
+            rv = f9_process(self, in_data, (unsigned long)in_data_len);
            if (rv != CRYPT_OK) croak("FATAL: f9_process failed: %s", error_to_string(rv));
          }
        }
        XPUSHs(ST(0)); /* return self */
    }
 SV *
 mac(Crypt::Mac::F9 self)
    ALIAS:
        hexmac  = 1
        b64mac  = 2
        b64umac = 3
    CODE:
    {
-        char mac[MAXBLOCKSIZE];
+        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long maclen, outlen;
        int rv;
        char out[MAXBLOCKSIZE*2];
-        mac_len = sizeof(mac);
+        maclen = sizeof(mac);
-        rv = f9_done(&self->state, (unsigned char*)mac, &mac_len);
+        rv = f9_done(self, mac, &maclen);
        if (rv != CRYPT_OK) croak("FATAL: f9_done failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac, mac_len);
+        outlen = sizeof(out);
        if (ix == 3) {
          rv = base64url_encode(mac, maclen, (unsigned char*)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        if (ix == 2) {
          rv = base64_encode(mac, maclen, (unsigned char*)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        if (ix == 1) {
          rv = _base16_encode(mac, maclen, (unsigned char *)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        else {
          RETVAL = newSVpvn((char * )mac, maclen);
        }
    }
    OUTPUT:
        RETVAL
 SV *
-b64mac(Crypt::Mac::F9 self)
+f9(char * cipher_name, SV * key, ...)
    ALIAS:
        f9_hex  = 1
        f9_b64  = 2
        f9_b64u = 3
    CODE:
    {
        STRLEN inlen, klen;
        unsigned char *in;
        unsigned char *k = (unsigned char *)SvPVbyte(key, klen);
        int rv, i;
        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long len = sizeof(mac), outlen;
-        int rv;
+        char out[MAXBLOCKSIZE*2];
-        unsigned long outlen;
+        f9_state st;
        char mac_base64[MAXBLOCKSIZE*2 + 1];
-        mac_len = sizeof(mac);
+        int id = _find_cipher(cipher_name);
-        rv = f9_done(&self->state, mac, &mac_len);
+        if (id == -1) croak("FATAL: find_cipher failed for '%s'", cipher_name);
        rv = f9_init(&st, id, k, (unsigned long)klen);
        if (rv != CRYPT_OK) croak("FATAL: f9_init failed: %s", error_to_string(rv));
        for (i = 2; i < items; i++) {
          in = (unsigned char *)SvPVbyte(ST(i), inlen);
          if (inlen > 0) {
            rv = f9_process(&st, in, (unsigned long)inlen);
            if (rv != CRYPT_OK) croak("FATAL: f9_process failed: %s", error_to_string(rv));
          }
        }
        rv = f9_done(&st, mac, &len);
        if (rv != CRYPT_OK) croak("FATAL: f9_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
+
-        rv = base64_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
+        outlen = sizeof(out);
-        if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+        if (ix == 3) {
-        RETVAL = newSVpvn(mac_base64, outlen);
+          rv = base64url_encode(mac, len, (unsigned char *)out, &outlen);
-    }
+          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
-    OUTPUT:
+          RETVAL = newSVpvn((char *) out, outlen);
-        RETVAL
+        }
-
+        else if (ix == 2) {
-SV *
+          rv = base64_encode(mac, len, (unsigned char *)out, &outlen);
-b64umac(Crypt::Mac::F9 self)
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
-    CODE:
+          RETVAL = newSVpvn((char *) out, outlen);
-    {
+        }
-        unsigned char mac[MAXBLOCKSIZE];
+        else if (ix == 1) {
-        unsigned long mac_len;
+          rv = _base16_encode(mac, len, (unsigned char *)out, &outlen);
-        int rv;
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
-        unsigned long outlen;
+          RETVAL = newSVpvn((char *) out, outlen);
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
+        }
-
+        else {
-        mac_len = sizeof(mac);
+          RETVAL = newSVpvn((char *) mac, len);
-        rv = f9_done(&self->state, mac, &mac_len);
+        }
        if (rv != CRYPT_OK) croak("FATAL: f9_done failed: %s", error_to_string(rv));
        outlen = sizeof(mac_base64);
        rv = base64url_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
        if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
        RETVAL = newSVpvn(mac_base64, outlen);
    }
    OUTPUT:
        RETVAL
 SV *
 hexmac(Crypt::Mac::F9 self)
    CODE:
    {
        unsigned char mac[MAXBLOCKSIZE];
        unsigned long mac_len, i;
        int rv;
        char mac_hex[MAXBLOCKSIZE*2 + 1];
        mac_len = sizeof(mac);
        rv = f9_done(&self->state, mac, &mac_len);
        if (rv != CRYPT_OK) croak("FATAL: f9_done failed: %s", error_to_string(rv));
        mac_hex[0] = '\0';
        for(i=0; i<mac_len; i++)
            sprintf(&mac_hex[2*i], "%02x", mac[i]);
        RETVAL = newSVpvn(mac_hex, strlen(mac_hex));
    }
    OUTPUT:
        RETVAL
--- a/inc/CryptX_Mac_HMAC.xs.inc
+++ b/inc/CryptX_Mac_HMAC.xs.inc
@ -1,9 +1,11 @@
 MODULE = CryptX         PACKAGE = Crypt::Mac::HMAC
 PROTOTYPES: DISABLE
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 Crypt::Mac::HMAC
-_new(char * hash_name, SV * key)
+new(Class, char * hash_name, SV * key)
    CODE:
    {
        STRLEN k_len=0;
@ -11,17 +13,20 @@ _new(char * hash_name, SV * key)
        int rv;
        int id;
-        id = find_hash(hash_name);
+        id = _find_hash(hash_name);
-        if(id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
+        if (id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
        if (!SvPOK(key)) croak("FATAL: key must be string/buffer scalar");
        k = (unsigned char *) SvPVbyte(key, k_len);
-        Newz(0, RETVAL, 1, struct hmac_struct);
+        Newz(0, RETVAL, 1, hmac_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        rv = hmac_init(&RETVAL->state, id, k, (unsigned long)k_len);
+        rv = hmac_init(RETVAL, id, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: hmac_init failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: hmac_init failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
        RETVAL
@ -34,101 +39,119 @@ DESTROY(Crypt::Mac::HMAC self)
 Crypt::Mac::HMAC
 clone(Crypt::Mac::HMAC self)
    CODE:
-        Newz(0, RETVAL, 1, struct hmac_struct);
+        Newz(0, RETVAL, 1, hmac_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct hmac_struct);
+        Copy(self, RETVAL, 1, hmac_state);
    OUTPUT:
        RETVAL
 void
-_add_single(Crypt::Mac::HMAC self, SV * data)
+add(Crypt::Mac::HMAC self, ...)
-    CODE:
+    PPCODE:
    {
-        int rv;
+        int rv, i;
        STRLEN in_data_len;
        unsigned char *in_data;
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        for(i = 1; i < items; i++) {
-        if (in_data_len>0) {
+          in_data = (unsigned char *)SvPVbyte(ST(i), in_data_len);
-          rv = hmac_process(&self->state, in_data, (unsigned long)in_data_len);
+          if (in_data_len > 0) {
-          if (rv != CRYPT_OK) croak("FATAL: hmac_process failed: %s", error_to_string(rv));
+            rv = hmac_process(self, in_data, (unsigned long)in_data_len);
            if (rv != CRYPT_OK) croak("FATAL: hmac_process failed: %s", error_to_string(rv));
          }
        }
        XPUSHs(ST(0)); /* return self */
    }
 SV *
 mac(Crypt::Mac::HMAC self)
    ALIAS:
        hexmac  = 1
        b64mac  = 2
        b64umac = 3
    CODE:
    {
-        char mac[MAXBLOCKSIZE];
+        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long maclen, outlen;
        int rv;
        char out[MAXBLOCKSIZE*2];
-        mac_len = sizeof(mac);
+        maclen = sizeof(mac);
-        rv = hmac_done(&self->state, (unsigned char*)mac, &mac_len);
+        rv = hmac_done(self, mac, &maclen);
        if (rv != CRYPT_OK) croak("FATAL: hmac_done failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac, mac_len);
+        outlen = sizeof(out);
        if (ix == 3) {
          rv = base64url_encode(mac, maclen, (unsigned char*)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        if (ix == 2) {
          rv = base64_encode(mac, maclen, (unsigned char*)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        if (ix == 1) {
          rv = _base16_encode(mac, maclen, (unsigned char *)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        else {
          RETVAL = newSVpvn((char * )mac, maclen);
        }
    }
    OUTPUT:
        RETVAL
 SV *
-b64mac(Crypt::Mac::HMAC self)
+hmac(char * hash_name, SV * key, ...)
    ALIAS:
        hmac_hex  = 1
        hmac_b64  = 2
        hmac_b64u = 3
    CODE:
    {
        STRLEN inlen, klen;
        unsigned char *in;
        unsigned char *k = (unsigned char *)SvPVbyte(key, klen);
        int rv, i;
        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long len = sizeof(mac), outlen;
-        int rv;
+        char out[MAXBLOCKSIZE*2];
-        unsigned long outlen;
+        hmac_state st;
        char mac_base64[MAXBLOCKSIZE*2 + 1];
-        mac_len = sizeof(mac);
+        int id = _find_hash(hash_name);
-        rv = hmac_done(&self->state, mac, &mac_len);
+        if (id == -1) croak("FATAL: find_digest failed for '%s'", hash_name);
        rv = hmac_init(&st, id, k, (unsigned long)klen);
        if (rv != CRYPT_OK) croak("FATAL: hmac_init failed: %s", error_to_string(rv));
        for (i = 2; i < items; i++) {
          in = (unsigned char *)SvPVbyte(ST(i), inlen);
          if (inlen > 0) {
            rv = hmac_process(&st, in, (unsigned long)inlen);
            if (rv != CRYPT_OK) croak("FATAL: hmac_process failed: %s", error_to_string(rv));
          }
        }
        rv = hmac_done(&st, mac, &len);
        if (rv != CRYPT_OK) croak("FATAL: hmac_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
+
-        rv = base64_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
+        outlen = sizeof(out);
-        if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+        if (ix == 3) {
-        RETVAL = newSVpvn(mac_base64, outlen);
+          rv = base64url_encode(mac, len, (unsigned char *)out, &outlen);
-    }
+          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
-    OUTPUT:
+          RETVAL = newSVpvn((char *) out, outlen);
-        RETVAL
+        }
-
+        else if (ix == 2) {
-SV *
+          rv = base64_encode(mac, len, (unsigned char *)out, &outlen);
-b64umac(Crypt::Mac::HMAC self)
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
-    CODE:
+          RETVAL = newSVpvn((char *) out, outlen);
-    {
+        }
-        unsigned char mac[MAXBLOCKSIZE];
+        else if (ix == 1) {
-        unsigned long mac_len;
+          rv = _base16_encode(mac, len, (unsigned char *)out, &outlen);
-        int rv;
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
-        unsigned long outlen;
+          RETVAL = newSVpvn((char *) out, outlen);
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
+        }
-
+        else {
-        mac_len = sizeof(mac);
+          RETVAL = newSVpvn((char *) mac, len);
-        rv = hmac_done(&self->state, mac, &mac_len);
+        }
        if (rv != CRYPT_OK) croak("FATAL: hmac_done failed: %s", error_to_string(rv));
        outlen = sizeof(mac_base64);
        rv = base64url_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
        if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
        RETVAL = newSVpvn(mac_base64, outlen);
    }
    OUTPUT:
        RETVAL
 SV *
 hexmac(Crypt::Mac::HMAC self)
    CODE:
    {
        unsigned char mac[MAXBLOCKSIZE];
        unsigned long mac_len, i;
        int rv;
        char mac_hex[MAXBLOCKSIZE*2 + 1];
        mac_len = sizeof(mac);
        rv = hmac_done(&self->state, mac, &mac_len);
        if (rv != CRYPT_OK) croak("FATAL: hmac_done failed: %s", error_to_string(rv));
        mac_hex[0] = '\0';
        for(i=0; i<mac_len; i++)
            sprintf(&mac_hex[2*i], "%02x", mac[i]);
        RETVAL = newSVpvn(mac_hex, strlen(mac_hex));
    }
    OUTPUT:
        RETVAL
--- a/inc/CryptX_Mac_OMAC.xs.inc
+++ b/inc/CryptX_Mac_OMAC.xs.inc
@ -1,9 +1,11 @@
 MODULE = CryptX         PACKAGE = Crypt::Mac::OMAC
 PROTOTYPES: DISABLE
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 Crypt::Mac::OMAC
-_new(char * cipher_name, SV * key)
+new(Class, char * cipher_name, SV * key)
    CODE:
    {
        STRLEN k_len=0;
@ -11,17 +13,20 @@ _new(char * cipher_name, SV * key)
        int rv;
        int id;
-        id = find_cipher(cipher_name);
+        id = _find_cipher(cipher_name);
-        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        if (id == -1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
        if (!SvPOK(key)) croak("FATAL: key must be string/buffer scalar");
        k = (unsigned char *) SvPVbyte(key, k_len);
-        Newz(0, RETVAL, 1, struct omac_struct);
+        Newz(0, RETVAL, 1, omac_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        rv = omac_init(&RETVAL->state, id, k, (unsigned long)k_len);
+        rv = omac_init(RETVAL, id, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: omac_init failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: omac_init failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
        RETVAL
@ -34,101 +39,119 @@ DESTROY(Crypt::Mac::OMAC self)
 Crypt::Mac::OMAC
 clone(Crypt::Mac::OMAC self)
    CODE:
-        Newz(0, RETVAL, 1, struct omac_struct);
+        Newz(0, RETVAL, 1, omac_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct omac_struct);
+        Copy(self, RETVAL, 1, omac_state);
    OUTPUT:
        RETVAL
 void
-_add_single(Crypt::Mac::OMAC self, SV * data)
+add(Crypt::Mac::OMAC self, ...)
-    CODE:
+    PPCODE:
    {
-        int rv;
+        int rv, i;
        STRLEN in_data_len;
        unsigned char *in_data;
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        for(i = 1; i < items; i++) {
-        if (in_data_len>0) {
+          in_data = (unsigned char *)SvPVbyte(ST(i), in_data_len);
-          rv = omac_process(&self->state, in_data, (unsigned long)in_data_len);
+          if (in_data_len > 0) {
-          if (rv != CRYPT_OK) croak("FATAL: omac_process failed: %s", error_to_string(rv));
+            rv = omac_process(self, in_data, (unsigned long)in_data_len);
            if (rv != CRYPT_OK) croak("FATAL: omac_process failed: %s", error_to_string(rv));
          }
        }
        XPUSHs(ST(0)); /* return self */
    }
 SV *
 mac(Crypt::Mac::OMAC self)
    ALIAS:
        hexmac  = 1
        b64mac  = 2
        b64umac = 3
    CODE:
    {
-        char mac[MAXBLOCKSIZE];
+        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long maclen, outlen;
        int rv;
        char out[MAXBLOCKSIZE*2];
-        mac_len = sizeof(mac);
+        maclen = sizeof(mac);
-        rv = omac_done(&self->state, (unsigned char*)mac, &mac_len);
+        rv = omac_done(self, mac, &maclen);
        if (rv != CRYPT_OK) croak("FATAL: omac_done failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac, mac_len);
+        outlen = sizeof(out);
        if (ix == 3) {
          rv = base64url_encode(mac, maclen, (unsigned char*)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        if (ix == 2) {
          rv = base64_encode(mac, maclen, (unsigned char*)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        if (ix == 1) {
          rv = _base16_encode(mac, maclen, (unsigned char *)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        else {
          RETVAL = newSVpvn((char * )mac, maclen);
        }
    }
    OUTPUT:
        RETVAL
 SV *
-b64mac(Crypt::Mac::OMAC self)
+omac(char * cipher_name, SV * key, ...)
    ALIAS:
        omac_hex  = 1
        omac_b64  = 2
        omac_b64u = 3
    CODE:
    {
        STRLEN inlen, klen;
        unsigned char *in;
        unsigned char *k = (unsigned char *)SvPVbyte(key, klen);
        int rv, i;
        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long len = sizeof(mac), outlen;
-        int rv;
+        char out[MAXBLOCKSIZE*2];
-        unsigned long outlen;
+        omac_state st;
        char mac_base64[MAXBLOCKSIZE*2 + 1];
-        mac_len = sizeof(mac);
+        int id = _find_cipher(cipher_name);
-        rv = omac_done(&self->state, mac, &mac_len);
+        if (id == -1) croak("FATAL: find_cipher failed for '%s'", cipher_name);
        rv = omac_init(&st, id, k, (unsigned long)klen);
        if (rv != CRYPT_OK) croak("FATAL: omac_init failed: %s", error_to_string(rv));
        for (i = 2; i < items; i++) {
          in = (unsigned char *)SvPVbyte(ST(i), inlen);
          if (inlen > 0) {
            rv = omac_process(&st, in, (unsigned long)inlen);
            if (rv != CRYPT_OK) croak("FATAL: omac_process failed: %s", error_to_string(rv));
          }
        }
        rv = omac_done(&st, mac, &len);
        if (rv != CRYPT_OK) croak("FATAL: omac_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
+
-        rv = base64_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
+        outlen = sizeof(out);
-        if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+        if (ix == 3) {
-        RETVAL = newSVpvn(mac_base64, outlen);
+          rv = base64url_encode(mac, len, (unsigned char *)out, &outlen);
-    }
+          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
-    OUTPUT:
+          RETVAL = newSVpvn((char *) out, outlen);
-        RETVAL
+        }
-
+        else if (ix == 2) {
-SV *
+          rv = base64_encode(mac, len, (unsigned char *)out, &outlen);
-b64umac(Crypt::Mac::OMAC self)
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
-    CODE:
+          RETVAL = newSVpvn((char *) out, outlen);
-    {
+        }
-        unsigned char mac[MAXBLOCKSIZE];
+        else if (ix == 1) {
-        unsigned long mac_len;
+          rv = _base16_encode(mac, len, (unsigned char *)out, &outlen);
-        int rv;
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
-        unsigned long outlen;
+          RETVAL = newSVpvn((char *) out, outlen);
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
+        }
-
+        else {
-        mac_len = sizeof(mac);
+          RETVAL = newSVpvn((char *) mac, len);
-        rv = omac_done(&self->state, mac, &mac_len);
+        }
        if (rv != CRYPT_OK) croak("FATAL: omac_done failed: %s", error_to_string(rv));
        outlen = sizeof(mac_base64);
        rv = base64url_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
        if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
        RETVAL = newSVpvn(mac_base64, outlen);
    }
    OUTPUT:
        RETVAL
 SV *
 hexmac(Crypt::Mac::OMAC self)
    CODE:
    {
        unsigned char mac[MAXBLOCKSIZE];
        unsigned long mac_len, i;
        int rv;
        char mac_hex[MAXBLOCKSIZE*2 + 1];
        mac_len = sizeof(mac);
        rv = omac_done(&self->state, mac, &mac_len);
        if (rv != CRYPT_OK) croak("FATAL: omac_done failed: %s", error_to_string(rv));
        mac_hex[0] = '\0';
        for(i=0; i<mac_len; i++)
            sprintf(&mac_hex[2*i], "%02x", mac[i]);
        RETVAL = newSVpvn(mac_hex, strlen(mac_hex));
    }
    OUTPUT:
        RETVAL
--- a/inc/CryptX_Mac_PMAC.xs.inc
+++ b/inc/CryptX_Mac_PMAC.xs.inc
@ -1,9 +1,11 @@
 MODULE = CryptX         PACKAGE = Crypt::Mac::PMAC
 PROTOTYPES: DISABLE
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 Crypt::Mac::PMAC
-_new(char * cipher_name, SV * key)
+new(Class, char * cipher_name, SV * key)
    CODE:
    {
        STRLEN k_len=0;
@ -11,17 +13,20 @@ _new(char * cipher_name, SV * key)
        int rv;
        int id;
-        id = find_cipher(cipher_name);
+        id = _find_cipher(cipher_name);
-        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        if (id == -1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
        if (!SvPOK(key)) croak("FATAL: key must be string/buffer scalar");
        k = (unsigned char *) SvPVbyte(key, k_len);
-        Newz(0, RETVAL, 1, struct pmac_struct);
+        Newz(0, RETVAL, 1, pmac_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        rv = pmac_init(&RETVAL->state, id, k, (unsigned long)k_len);
+        rv = pmac_init(RETVAL, id, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: pmac_init failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: pmac_init failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
        RETVAL
@ -34,101 +39,119 @@ DESTROY(Crypt::Mac::PMAC self)
 Crypt::Mac::PMAC
 clone(Crypt::Mac::PMAC self)
    CODE:
-        Newz(0, RETVAL, 1, struct pmac_struct);
+        Newz(0, RETVAL, 1, pmac_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct pmac_struct);
+        Copy(self, RETVAL, 1, pmac_state);
    OUTPUT:
        RETVAL
 void
-_add_single(Crypt::Mac::PMAC self, SV * data)
+add(Crypt::Mac::PMAC self, ...)
-    CODE:
+    PPCODE:
    {
-        int rv;
+        int rv, i;
        STRLEN in_data_len;
        unsigned char *in_data;
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        for(i = 1; i < items; i++) {
-        if (in_data_len>0) {
+          in_data = (unsigned char *)SvPVbyte(ST(i), in_data_len);
-          rv = pmac_process(&self->state, in_data, (unsigned long)in_data_len);
+          if (in_data_len > 0) {
-          if (rv != CRYPT_OK) croak("FATAL: pmac_process failed: %s", error_to_string(rv));
+            rv = pmac_process(self, in_data, (unsigned long)in_data_len);
            if (rv != CRYPT_OK) croak("FATAL: pmac_process failed: %s", error_to_string(rv));
          }
        }
        XPUSHs(ST(0)); /* return self */
    }
 SV *
 mac(Crypt::Mac::PMAC self)
    ALIAS:
        hexmac  = 1
        b64mac  = 2
        b64umac = 3
    CODE:
    {
-        char mac[MAXBLOCKSIZE];
+        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long maclen, outlen;
        int rv;
        char out[MAXBLOCKSIZE*2];
-        mac_len = sizeof(mac);
+        maclen = sizeof(mac);
-        rv = pmac_done(&self->state, (unsigned char*)mac, &mac_len);
+        rv = pmac_done(self, mac, &maclen);
        if (rv != CRYPT_OK) croak("FATAL: pmac_done failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac, mac_len);
+        outlen = sizeof(out);
        if (ix == 3) {
          rv = base64url_encode(mac, maclen, (unsigned char*)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        if (ix == 2) {
          rv = base64_encode(mac, maclen, (unsigned char*)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        if (ix == 1) {
          rv = _base16_encode(mac, maclen, (unsigned char *)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        else {
          RETVAL = newSVpvn((char * )mac, maclen);
        }
    }
    OUTPUT:
        RETVAL
 SV *
-b64mac(Crypt::Mac::PMAC self)
+pmac(char * cipher_name, SV * key, ...)
    ALIAS:
        pmac_hex  = 1
        pmac_b64  = 2
        pmac_b64u = 3
    CODE:
    {
        STRLEN inlen, klen;
        unsigned char *in;
        unsigned char *k = (unsigned char *)SvPVbyte(key, klen);
        int rv, i;
        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long len = sizeof(mac), outlen;
-        int rv;
+        char out[MAXBLOCKSIZE*2];
-        unsigned long outlen;
+        pmac_state st;
        char mac_base64[MAXBLOCKSIZE*2 + 1];
-        mac_len = sizeof(mac);
+        int id = _find_cipher(cipher_name);
-        rv = pmac_done(&self->state, mac, &mac_len);
+        if (id == -1) croak("FATAL: find_cipher failed for '%s'", cipher_name);
        rv = pmac_init(&st, id, k, (unsigned long)klen);
        if (rv != CRYPT_OK) croak("FATAL: pmac_init failed: %s", error_to_string(rv));
        for (i = 2; i < items; i++) {
          in = (unsigned char *)SvPVbyte(ST(i), inlen);
          if (inlen > 0) {
            rv = pmac_process(&st, in, (unsigned long)inlen);
            if (rv != CRYPT_OK) croak("FATAL: pmac_process failed: %s", error_to_string(rv));
          }
        }
        rv = pmac_done(&st, mac, &len);
        if (rv != CRYPT_OK) croak("FATAL: pmac_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
+
-        rv = base64_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
+        outlen = sizeof(out);
-        if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+        if (ix == 3) {
-        RETVAL = newSVpvn(mac_base64, outlen);
+          rv = base64url_encode(mac, len, (unsigned char *)out, &outlen);
-    }
+          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
-    OUTPUT:
+          RETVAL = newSVpvn((char *) out, outlen);
-        RETVAL
+        }
-
+        else if (ix == 2) {
-SV *
+          rv = base64_encode(mac, len, (unsigned char *)out, &outlen);
-b64umac(Crypt::Mac::PMAC self)
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
-    CODE:
+          RETVAL = newSVpvn((char *) out, outlen);
-    {
+        }
-        unsigned char mac[MAXBLOCKSIZE];
+        else if (ix == 1) {
-        unsigned long mac_len;
+          rv = _base16_encode(mac, len, (unsigned char *)out, &outlen);
-        int rv;
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
-        unsigned long outlen;
+          RETVAL = newSVpvn((char *) out, outlen);
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
+        }
-
+        else {
-        mac_len = sizeof(mac);
+          RETVAL = newSVpvn((char *) mac, len);
-        rv = pmac_done(&self->state, mac, &mac_len);
+        }
        if (rv != CRYPT_OK) croak("FATAL: pmac_done failed: %s", error_to_string(rv));
        outlen = sizeof(mac_base64);
        rv = base64url_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
        if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
        RETVAL = newSVpvn(mac_base64, outlen);
    }
    OUTPUT:
        RETVAL
 SV *
 hexmac(Crypt::Mac::PMAC self)
    CODE:
    {
        unsigned char mac[MAXBLOCKSIZE];
        unsigned long mac_len, i;
        int rv;
        char mac_hex[MAXBLOCKSIZE*2 + 1];
        mac_len = sizeof(mac);
        rv = pmac_done(&self->state, mac, &mac_len);
        if (rv != CRYPT_OK) croak("FATAL: pmac_done failed: %s", error_to_string(rv));
        mac_hex[0] = '\0';
        for(i=0; i<mac_len; i++)
            sprintf(&mac_hex[2*i], "%02x", mac[i]);
        RETVAL = newSVpvn(mac_hex, strlen(mac_hex));
    }
    OUTPUT:
        RETVAL
--- a/inc/CryptX_Mac_Pelican.xs.inc
+++ b/inc/CryptX_Mac_Pelican.xs.inc
@ -1,9 +1,11 @@
 MODULE = CryptX         PACKAGE = Crypt::Mac::Pelican
 PROTOTYPES: DISABLE
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 Crypt::Mac::Pelican
-_new(SV * key)
+new(Class, SV * key)
    CODE:
    {
        STRLEN k_len=0;
@ -13,11 +15,14 @@ _new(SV * key)
        if (!SvPOK(key)) croak("FATAL: key must be string/buffer scalar");
        k = (unsigned char *) SvPVbyte(key, k_len);
-        Newz(0, RETVAL, 1, struct pelican_struct);
+        Newz(0, RETVAL, 1, pelican_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        rv = pelican_init(&RETVAL->state, k, (unsigned long)k_len);
+        rv = pelican_init(RETVAL, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: pelican_init failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: pelican_init failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
        RETVAL
@ -30,101 +35,118 @@ DESTROY(Crypt::Mac::Pelican self)
 Crypt::Mac::Pelican
 clone(Crypt::Mac::Pelican self)
    CODE:
-        Newz(0, RETVAL, 1, struct pelican_struct);
+        Newz(0, RETVAL, 1, pelican_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct pelican_struct);
+        Copy(self, RETVAL, 1, pelican_state);
    OUTPUT:
        RETVAL
 void
-_add_single(Crypt::Mac::Pelican self, SV * data)
+add(Crypt::Mac::Pelican self, ...)
-    CODE:
+    PPCODE:
    {
-        int rv;
+        int rv, i;
        STRLEN in_data_len;
        unsigned char *in_data;
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        for(i = 1; i < items; i++) {
-        if (in_data_len>0) {
+          in_data = (unsigned char *)SvPVbyte(ST(i), in_data_len);
-          rv = pelican_process(&self->state, in_data, (unsigned long)in_data_len);
+          if (in_data_len > 0) {
-          if (rv != CRYPT_OK) croak("FATAL: pelican_process failed: %s", error_to_string(rv));
+            rv = pelican_process(self, in_data, (unsigned long)in_data_len);
            if (rv != CRYPT_OK) croak("FATAL: pelican_process failed: %s", error_to_string(rv));
          }
        }
        XPUSHs(ST(0)); /* return self */
    }
 SV *
 mac(Crypt::Mac::Pelican self)
    ALIAS:
        hexmac  = 1
        b64mac  = 2
        b64umac = 3
    CODE:
    {
-        char mac[MAXBLOCKSIZE];
+        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long maclen, outlen;
        int rv;
        char out[MAXBLOCKSIZE*2];
-        mac_len = 16;
+        maclen = 16;
-        rv = pelican_done(&self->state, (unsigned char*)mac);
+        rv = pelican_done(self, mac);
        if (rv != CRYPT_OK) croak("FATAL: pelican_done failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac, mac_len);
+        outlen = sizeof(out);
        if (ix == 3) {
          rv = base64url_encode(mac, maclen, (unsigned char*)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        if (ix == 2) {
          rv = base64_encode(mac, maclen, (unsigned char*)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        if (ix == 1) {
          rv = _base16_encode(mac, maclen, (unsigned char *)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        else {
          RETVAL = newSVpvn((char * )mac, maclen);
        }
    }
    OUTPUT:
        RETVAL
 SV *
-b64mac(Crypt::Mac::Pelican self)
+pelican(SV * key, ...)
    ALIAS:
        pelican_hex  = 1
        pelican_b64  = 2
        pelican_b64u = 3
    CODE:
    {
        STRLEN inlen, klen;
        unsigned char *in;
        unsigned char *k = (unsigned char *)SvPVbyte(key, klen);
        int rv, i;
        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long len = sizeof(mac), outlen;
-        int rv;
+        char out[MAXBLOCKSIZE*2];
-        unsigned long outlen;
+        pelican_state st;
        char mac_base64[MAXBLOCKSIZE*2 + 1];
-        mac_len = 16;
+        len = 16;
-        rv = pelican_done(&self->state, mac);
+        rv = pelican_init(&st, k, (unsigned long)klen);
        if (rv != CRYPT_OK) croak("FATAL: pelican_init failed: %s", error_to_string(rv));
        for (i = 1; i < items; i++) {
          in = (unsigned char *)SvPVbyte(ST(i), inlen);
          if (inlen > 0) {
            rv = pelican_process(&st, in, (unsigned long)inlen);
            if (rv != CRYPT_OK) croak("FATAL: pelican_process failed: %s", error_to_string(rv));
          }
        }
        rv = pelican_done(&st, mac);
        if (rv != CRYPT_OK) croak("FATAL: pelican_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
+
-        rv = base64_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
+        outlen = sizeof(out);
-        if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+        if (ix == 3) {
-        RETVAL = newSVpvn(mac_base64, outlen);
+          rv = base64url_encode(mac, len, (unsigned char *)out, &outlen);
-    }
+          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
-    OUTPUT:
+          RETVAL = newSVpvn((char *) out, outlen);
-        RETVAL
+        }
-
+        else if (ix == 2) {
-SV *
+          rv = base64_encode(mac, len, (unsigned char *)out, &outlen);
-b64umac(Crypt::Mac::Pelican self)
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
-    CODE:
+          RETVAL = newSVpvn((char *) out, outlen);
-    {
+        }
-        unsigned char mac[MAXBLOCKSIZE];
+        else if (ix == 1) {
-        unsigned long mac_len;
+          rv = _base16_encode(mac, len, (unsigned char *)out, &outlen);
-        int rv;
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
-        unsigned long outlen;
+          RETVAL = newSVpvn((char *) out, outlen);
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
+        }
-
+        else {
-        mac_len = 16;
+          RETVAL = newSVpvn((char *) mac, len);
-        rv = pelican_done(&self->state, mac);
+        }
        if (rv != CRYPT_OK) croak("FATAL: pelican_done failed: %s", error_to_string(rv));
        outlen = sizeof(mac_base64);
        rv = base64url_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
        if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
        RETVAL = newSVpvn(mac_base64, outlen);
    }
    OUTPUT:
        RETVAL
 SV *
 hexmac(Crypt::Mac::Pelican self)
    CODE:
    {
        unsigned char mac[MAXBLOCKSIZE];
        unsigned long mac_len, i;
        int rv;
        char mac_hex[MAXBLOCKSIZE*2 + 1];
        mac_len = 16;
        rv = pelican_done(&self->state, mac);
        if (rv != CRYPT_OK) croak("FATAL: pelican_done failed: %s", error_to_string(rv));
        mac_hex[0] = '\0';
        for(i=0; i<mac_len; i++)
            sprintf(&mac_hex[2*i], "%02x", mac[i]);
        RETVAL = newSVpvn(mac_hex, strlen(mac_hex));
    }
    OUTPUT:
        RETVAL
--- a/inc/CryptX_Mac_Poly1305.xs.inc
+++ b/inc/CryptX_Mac_Poly1305.xs.inc
@ -1,9 +1,11 @@
 MODULE = CryptX         PACKAGE = Crypt::Mac::Poly1305
 PROTOTYPES: DISABLE
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 Crypt::Mac::Poly1305
-_new(SV * key)
+new(Class, SV * key)
    CODE:
    {
        STRLEN k_len=0;
@ -13,11 +15,14 @@ _new(SV * key)
        if (!SvPOK(key)) croak("FATAL: key must be string/buffer scalar");
        k = (unsigned char *) SvPVbyte(key, k_len);
-        Newz(0, RETVAL, 1, struct poly1305_struct);
+        Newz(0, RETVAL, 1, poly1305_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        rv = poly1305_init(&RETVAL->state, k, (unsigned long)k_len);
+        rv = poly1305_init(RETVAL, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: poly1305_init failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: poly1305_init failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
        RETVAL
@ -30,101 +35,117 @@ DESTROY(Crypt::Mac::Poly1305 self)
 Crypt::Mac::Poly1305
 clone(Crypt::Mac::Poly1305 self)
    CODE:
-        Newz(0, RETVAL, 1, struct poly1305_struct);
+        Newz(0, RETVAL, 1, poly1305_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct poly1305_struct);
+        Copy(self, RETVAL, 1, poly1305_state);
    OUTPUT:
        RETVAL
 void
-_add_single(Crypt::Mac::Poly1305 self, SV * data)
+add(Crypt::Mac::Poly1305 self, ...)
-    CODE:
+    PPCODE:
    {
-        int rv;
+        int rv, i;
        STRLEN in_data_len;
        unsigned char *in_data;
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        for(i = 1; i < items; i++) {
-        if (in_data_len>0) {
+          in_data = (unsigned char *)SvPVbyte(ST(i), in_data_len);
-          rv = poly1305_process(&self->state, in_data, (unsigned long)in_data_len);
+          if (in_data_len > 0) {
-          if (rv != CRYPT_OK) croak("FATAL: poly1305_process failed: %s", error_to_string(rv));
+            rv = poly1305_process(self, in_data, (unsigned long)in_data_len);
            if (rv != CRYPT_OK) croak("FATAL: poly1305_process failed: %s", error_to_string(rv));
          }
        }
        XPUSHs(ST(0)); /* return self */
    }
 SV *
 mac(Crypt::Mac::Poly1305 self)
    ALIAS:
        hexmac  = 1
        b64mac  = 2
        b64umac = 3
    CODE:
    {
-        char mac[MAXBLOCKSIZE];
+        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long maclen, outlen;
        int rv;
        char out[MAXBLOCKSIZE*2];
-        mac_len = sizeof(mac);
+        maclen = sizeof(mac);
-        rv = poly1305_done(&self->state, (unsigned char*)mac, &mac_len);
+        rv = poly1305_done(self, mac, &maclen);
        if (rv != CRYPT_OK) croak("FATAL: poly1305_done failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac, mac_len);
+        outlen = sizeof(out);
        if (ix == 3) {
          rv = base64url_encode(mac, maclen, (unsigned char*)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        if (ix == 2) {
          rv = base64_encode(mac, maclen, (unsigned char*)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        if (ix == 1) {
          rv = _base16_encode(mac, maclen, (unsigned char *)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        else {
          RETVAL = newSVpvn((char * )mac, maclen);
        }
    }
    OUTPUT:
        RETVAL
 SV *
-b64mac(Crypt::Mac::Poly1305 self)
+poly1305(SV * key, ...)
    ALIAS:
        poly1305_hex  = 1
        poly1305_b64  = 2
        poly1305_b64u = 3
    CODE:
    {
        STRLEN inlen, klen;
        unsigned char *in;
        unsigned char *k = (unsigned char *)SvPVbyte(key, klen);
        int rv, i;
        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long len = sizeof(mac), outlen;
-        int rv;
+        char out[MAXBLOCKSIZE*2];
-        unsigned long outlen;
+        poly1305_state st;
        char mac_base64[MAXBLOCKSIZE*2 + 1];
-        mac_len = sizeof(mac);
+        rv = poly1305_init(&st, k, (unsigned long)klen);
-        rv = poly1305_done(&self->state, mac, &mac_len);
+        if (rv != CRYPT_OK) croak("FATAL: poly1305_init failed: %s", error_to_string(rv));
        for (i = 1; i < items; i++) {
          in = (unsigned char *)SvPVbyte(ST(i), inlen);
          if (inlen > 0) {
            rv = poly1305_process(&st, in, (unsigned long)inlen);
            if (rv != CRYPT_OK) croak("FATAL: poly1305_process failed: %s", error_to_string(rv));
          }
        }
        rv = poly1305_done(&st, mac, &len);
        if (rv != CRYPT_OK) croak("FATAL: poly1305_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
+
-        rv = base64_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
+        outlen = sizeof(out);
-        if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+        if (ix == 3) {
-        RETVAL = newSVpvn(mac_base64, outlen);
+          rv = base64url_encode(mac, len, (unsigned char *)out, &outlen);
-    }
+          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
-    OUTPUT:
+          RETVAL = newSVpvn((char *) out, outlen);
-        RETVAL
+        }
-
+        else if (ix == 2) {
-SV *
+          rv = base64_encode(mac, len, (unsigned char *)out, &outlen);
-b64umac(Crypt::Mac::Poly1305 self)
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
-    CODE:
+          RETVAL = newSVpvn((char *) out, outlen);
-    {
+        }
-        unsigned char mac[MAXBLOCKSIZE];
+        else if (ix == 1) {
-        unsigned long mac_len;
+          rv = _base16_encode(mac, len, (unsigned char *)out, &outlen);
-        int rv;
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
-        unsigned long outlen;
+          RETVAL = newSVpvn((char *) out, outlen);
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
+        }
-
+        else {
-        mac_len = sizeof(mac);
+          RETVAL = newSVpvn((char *) mac, len);
-        rv = poly1305_done(&self->state, mac, &mac_len);
+        }
        if (rv != CRYPT_OK) croak("FATAL: poly1305_done failed: %s", error_to_string(rv));
        outlen = sizeof(mac_base64);
        rv = base64url_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
        if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
        RETVAL = newSVpvn(mac_base64, outlen);
    }
    OUTPUT:
        RETVAL
 SV *
 hexmac(Crypt::Mac::Poly1305 self)
    CODE:
    {
        unsigned char mac[MAXBLOCKSIZE];
        unsigned long mac_len, i;
        int rv;
        char mac_hex[MAXBLOCKSIZE*2 + 1];
        mac_len = sizeof(mac);
        rv = poly1305_done(&self->state, mac, &mac_len);
        if (rv != CRYPT_OK) croak("FATAL: poly1305_done failed: %s", error_to_string(rv));
        mac_hex[0] = '\0';
        for(i=0; i<mac_len; i++)
            sprintf(&mac_hex[2*i], "%02x", mac[i]);
        RETVAL = newSVpvn(mac_hex, strlen(mac_hex));
    }
    OUTPUT:
        RETVAL
--- a/inc/CryptX_Mac_XCBC.xs.inc
+++ b/inc/CryptX_Mac_XCBC.xs.inc
@ -1,9 +1,11 @@
 MODULE = CryptX         PACKAGE = Crypt::Mac::XCBC
 PROTOTYPES: DISABLE
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 Crypt::Mac::XCBC
-_new(char * cipher_name, SV * key)
+new(Class, char * cipher_name, SV * key)
    CODE:
    {
        STRLEN k_len=0;
@ -11,17 +13,20 @@ _new(char * cipher_name, SV * key)
        int rv;
        int id;
-        id = find_cipher(cipher_name);
+        id = _find_cipher(cipher_name);
-        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        if (id == -1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
        if (!SvPOK(key)) croak("FATAL: key must be string/buffer scalar");
        k = (unsigned char *) SvPVbyte(key, k_len);
-        Newz(0, RETVAL, 1, struct xcbc_struct);
+        Newz(0, RETVAL, 1, xcbc_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        rv = xcbc_init(&RETVAL->state, id, k, (unsigned long)k_len);
+        rv = xcbc_init(RETVAL, id, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: xcbc_init failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: xcbc_init failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
        RETVAL
@ -34,101 +39,119 @@ DESTROY(Crypt::Mac::XCBC self)
 Crypt::Mac::XCBC
 clone(Crypt::Mac::XCBC self)
    CODE:
-        Newz(0, RETVAL, 1, struct xcbc_struct);
+        Newz(0, RETVAL, 1, xcbc_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct xcbc_struct);
+        Copy(self, RETVAL, 1, xcbc_state);
    OUTPUT:
        RETVAL
 void
-_add_single(Crypt::Mac::XCBC self, SV * data)
+add(Crypt::Mac::XCBC self, ...)
-    CODE:
+    PPCODE:
    {
-        int rv;
+        int rv, i;
        STRLEN in_data_len;
        unsigned char *in_data;
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        for(i = 1; i < items; i++) {
-        if (in_data_len>0) {
+          in_data = (unsigned char *)SvPVbyte(ST(i), in_data_len);
-          rv = xcbc_process(&self->state, in_data, (unsigned long)in_data_len);
+          if (in_data_len > 0) {
-          if (rv != CRYPT_OK) croak("FATAL: xcbc_process failed: %s", error_to_string(rv));
+            rv = xcbc_process(self, in_data, (unsigned long)in_data_len);
            if (rv != CRYPT_OK) croak("FATAL: xcbc_process failed: %s", error_to_string(rv));
          }
        }
        XPUSHs(ST(0)); /* return self */
    }
 SV *
 mac(Crypt::Mac::XCBC self)
    ALIAS:
        hexmac  = 1
        b64mac  = 2
        b64umac = 3
    CODE:
    {
-        char mac[MAXBLOCKSIZE];
+        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long maclen, outlen;
        int rv;
        char out[MAXBLOCKSIZE*2];
-        mac_len = sizeof(mac);
+        maclen = sizeof(mac);
-        rv = xcbc_done(&self->state, (unsigned char*)mac, &mac_len);
+        rv = xcbc_done(self, mac, &maclen);
        if (rv != CRYPT_OK) croak("FATAL: xcbc_done failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac, mac_len);
+        outlen = sizeof(out);
        if (ix == 3) {
          rv = base64url_encode(mac, maclen, (unsigned char*)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        if (ix == 2) {
          rv = base64_encode(mac, maclen, (unsigned char*)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        if (ix == 1) {
          rv = _base16_encode(mac, maclen, (unsigned char *)out, &outlen);
          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
          RETVAL = newSVpvn(out, outlen);
        }
        else {
          RETVAL = newSVpvn((char * )mac, maclen);
        }
    }
    OUTPUT:
        RETVAL
 SV *
-b64mac(Crypt::Mac::XCBC self)
+xcbc(char * cipher_name, SV * key, ...)
    ALIAS:
        xcbc_hex  = 1
        xcbc_b64  = 2
        xcbc_b64u = 3
    CODE:
    {
        STRLEN inlen, klen;
        unsigned char *in;
        unsigned char *k = (unsigned char *)SvPVbyte(key, klen);
        int rv, i;
        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long len = sizeof(mac), outlen;
-        int rv;
+        char out[MAXBLOCKSIZE*2];
-        unsigned long outlen;
+        xcbc_state st;
        char mac_base64[MAXBLOCKSIZE*2 + 1];
-        mac_len = sizeof(mac);
+        int id = _find_cipher(cipher_name);
-        rv = xcbc_done(&self->state, mac, &mac_len);
+        if (id == -1) croak("FATAL: find_cipher failed for '%s'", cipher_name);
        rv = xcbc_init(&st, id, k, (unsigned long)klen);
        if (rv != CRYPT_OK) croak("FATAL: xcbc_init failed: %s", error_to_string(rv));
        for (i = 2; i < items; i++) {
          in = (unsigned char *)SvPVbyte(ST(i), inlen);
          if (inlen > 0) {
            rv = xcbc_process(&st, in, (unsigned long)inlen);
            if (rv != CRYPT_OK) croak("FATAL: xcbc_process failed: %s", error_to_string(rv));
          }
        }
        rv = xcbc_done(&st, mac, &len);
        if (rv != CRYPT_OK) croak("FATAL: xcbc_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
+
-        rv = base64_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
+        outlen = sizeof(out);
-        if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+        if (ix == 3) {
-        RETVAL = newSVpvn(mac_base64, outlen);
+          rv = base64url_encode(mac, len, (unsigned char *)out, &outlen);
-    }
+          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
-    OUTPUT:
+          RETVAL = newSVpvn((char *) out, outlen);
-        RETVAL
+        }
-
+        else if (ix == 2) {
-SV *
+          rv = base64_encode(mac, len, (unsigned char *)out, &outlen);
-b64umac(Crypt::Mac::XCBC self)
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
-    CODE:
+          RETVAL = newSVpvn((char *) out, outlen);
-    {
+        }
-        unsigned char mac[MAXBLOCKSIZE];
+        else if (ix == 1) {
-        unsigned long mac_len;
+          rv = _base16_encode(mac, len, (unsigned char *)out, &outlen);
-        int rv;
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
-        unsigned long outlen;
+          RETVAL = newSVpvn((char *) out, outlen);
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
+        }
-
+        else {
-        mac_len = sizeof(mac);
+          RETVAL = newSVpvn((char *) mac, len);
-        rv = xcbc_done(&self->state, mac, &mac_len);
+        }
        if (rv != CRYPT_OK) croak("FATAL: xcbc_done failed: %s", error_to_string(rv));
        outlen = sizeof(mac_base64);
        rv = base64url_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
        if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
        RETVAL = newSVpvn(mac_base64, outlen);
    }
    OUTPUT:
        RETVAL
 SV *
 hexmac(Crypt::Mac::XCBC self)
    CODE:
    {
        unsigned char mac[MAXBLOCKSIZE];
        unsigned long mac_len, i;
        int rv;
        char mac_hex[MAXBLOCKSIZE*2 + 1];
        mac_len = sizeof(mac);
        rv = xcbc_done(&self->state, mac, &mac_len);
        if (rv != CRYPT_OK) croak("FATAL: xcbc_done failed: %s", error_to_string(rv));
        mac_hex[0] = '\0';
        for(i=0; i<mac_len; i++)
            sprintf(&mac_hex[2*i], "%02x", mac[i]);
        RETVAL = newSVpvn(mac_hex, strlen(mac_hex));
    }
    OUTPUT:
        RETVAL
--- a/inc/CryptX_Mode_CBC.xs.inc
+++ b/inc/CryptX_Mode_CBC.xs.inc
@ -1,9 +1,11 @@
 MODULE = CryptX         PACKAGE = Crypt::Mode::CBC
 PROTOTYPES: DISABLE
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 Crypt::Mode::CBC
-_new(char * cipher_name, int padding=1, int rounds=0)
+new(Class, char * cipher_name, int padding=1, int rounds=0)
    CODE:
    {
        Newz(0, RETVAL, 1, struct cbc_struct);
@ -12,8 +14,11 @@ _new(char * cipher_name, int padding=1, int rounds=0)
        RETVAL->padlen = 0;
        RETVAL->direction = 0;
        RETVAL->cipher_rounds = rounds;
-        RETVAL->cipher_id = find_cipher(cipher_name);
+        RETVAL->cipher_id = _find_cipher(cipher_name);
-        if(RETVAL->cipher_id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        if (RETVAL->cipher_id == -1) {
          Safefree(RETVAL);
          croak("FATAL: find_cipfer failed for '%s'", cipher_name);
        }
    }
    OUTPUT:
        RETVAL
@ -23,16 +28,11 @@ DESTROY(Crypt::Mode::CBC self)
    CODE:
        Safefree(self);
 int
 _get_dir(Crypt::Mode::CBC self)
    CODE:
        RETVAL = self->direction;
    OUTPUT:
        RETVAL
 void
-_start(Crypt::Mode::CBC self, int dir, SV * key, SV * iv)
+start_decrypt(Crypt::Mode::CBC self, SV * key, SV * iv)
-    CODE:
+    ALIAS:
        start_encrypt = 1
    PPCODE:
    {
        int rv;
        STRLEN k_len=0;
@ -53,106 +53,211 @@ _start(Crypt::Mode::CBC self, int dir, SV * key, SV * iv)
          croak("FATAL: cbc_start failed: %s", error_to_string(rv));
        }
-        self->direction = dir;
+        self->direction = ix == 1 ? 1 : -1;
        self->padlen = 0;
        XPUSHs(ST(0)); /* return self */
    }
 SV *
-_encrypt(Crypt::Mode::CBC self, SV * data)
+add(Crypt::Mode::CBC self, ...)
    CODE:
    {
-        int rv, has_tmp_block, blen;
+        int rv, has_tmp_block, blen, j;
        unsigned long i;
-
+        STRLEN in_data_len, in_data_start, out_len = 0;
        STRLEN in_data_len, in_data_start;
        unsigned char *in_data, *out_data, tmp_block[MAXBLOCKSIZE];
-        if (self->direction != 1) croak("FATAL: encrypt error, call start_encrypt first (%d)", self->direction);
+        RETVAL = newSVpvn("", 0);
        for (j = 1; j < items; j++) {
          in_data = (unsigned char *)SvPVbyte(ST(j), in_data_len);
          blen = (&self->state)->blocklen;
          in_data_start = 0;
          has_tmp_block = 0;
          if (in_data_len > 0) {
            if (self->direction == 1) {
              /* handle non-empty self->pad buffer */
              if (self->padlen > 0) {
                i = (blen - self->padlen);
                if (in_data_len >= i) { /* enough data to fill pad */
                  Copy(in_data, self->pad+self->padlen, i, unsigned char);
                  in_data_len -= i;
                  in_data_start = i;
                  rv = cbc_encrypt(self->pad, tmp_block, blen, &self->state);
                  if (rv != CRYPT_OK) {
                    SvREFCNT_dec(RETVAL);
                    croak("FATAL: cbc_encrypt failed: %s", error_to_string(rv));
                  }
                  self->padlen = 0;
                  has_tmp_block = 1;
                }
                else { /* not enough data to fill pad */
                  Copy(in_data, self->pad+self->padlen, in_data_len, unsigned char);
                  self->padlen += (int)in_data_len;
                  in_data_len = 0;
                }
              }
-        blen = (&self->state)->blocklen;
+              i = (unsigned long)(in_data_len % blen);
-        in_data_start = 0;
+              if (in_data_len > 0 && i > 0) { /* save tail of data into pad */
-        has_tmp_block = 0;
+                Copy(in_data + in_data_start + in_data_len - i, self->pad, i, unsigned char);
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+                self->padlen = i;
-        if (in_data_len==0) {
+                in_data_len -= i;
-          RETVAL = newSVpvn("", 0);
+              }
-        }
+
-        else {
+              if (in_data_len > 0) {
-          if(self->padlen > 0) {
+                i = (unsigned long)(has_tmp_block ? in_data_len + blen : in_data_len);
-            i = (blen - self->padlen);
+                out_data = (unsigned char*)SvGROW(RETVAL, out_len + i + 1) + out_len;
-            if (in_data_len >= i) { /* enough data to fill pad */
+                out_len += i;
-              Copy(in_data, self->pad+self->padlen, i, unsigned char);
+                if (has_tmp_block) {
-              in_data_len -= i;
+                  Copy(tmp_block, out_data, blen, unsigned char);
-              in_data_start = i;
+                  out_data += blen;
-              rv = cbc_encrypt(self->pad, tmp_block, blen, &self->state);
+                }
-              if (rv != CRYPT_OK) croak("FATAL: cbc_encrypt failed: %s", error_to_string(rv));
+                rv = cbc_encrypt(in_data+in_data_start, out_data, (unsigned long)in_data_len, &self->state);
-              self->padlen = 0;
+                if (rv != CRYPT_OK) {
-              has_tmp_block = 1;
+                  SvREFCNT_dec(RETVAL);
                  croak("FATAL: cbc_encrypt failed: %s", error_to_string(rv));
                }
              } /* in_data_len > 0 */
              else if (has_tmp_block) {
                out_data = (unsigned char*)SvGROW(RETVAL, out_len + blen + 1) + out_len;
                out_len += blen;
                Copy(tmp_block, out_data, blen, unsigned char);
              }
            }
-            else { /* not enough data to fill pad */
+            else if (self->direction == -1) {
-              Copy(in_data, self->pad+self->padlen, in_data_len, unsigned char);
+              if (self->padlen == blen) {
-              self->padlen += (int)in_data_len;
+                rv = cbc_decrypt(self->pad, tmp_block, blen, &self->state);
-              in_data_len = 0;
+                if (rv != CRYPT_OK) {
                  SvREFCNT_dec(RETVAL);
                  croak("FATAL: cbc_decrypt failed: %s", error_to_string(rv));
                }
                self->padlen = 0;
                has_tmp_block = 1;
              } /* padlen == blen */
              else if (self->padlen > 0) {
                i = (blen - self->padlen); /* remaining bytes in padding buffer */
                if (in_data_len >= i) { /* enough data to fill pad */
                  Copy(in_data, self->pad+self->padlen, i, unsigned char);
                  self->padlen += i;
                  in_data_len -= i;
                  in_data_start = i;
                  if (in_data_len>0 || self->padding_mode == 0) {
                    rv = cbc_decrypt(self->pad, tmp_block, blen, &self->state);
                    if (rv != CRYPT_OK) {
                      SvREFCNT_dec(RETVAL);
                      croak("FATAL: cbc_decrypt failed: %s", error_to_string(rv));
                    }
                    self->padlen = 0;
                    has_tmp_block = 1;
                  }
                }
                else { /* not enough data to fill pad */
                  Copy(in_data, self->pad+self->padlen, in_data_len, unsigned char);
                  self->padlen += (int)in_data_len;
                  in_data_len = 0;
                }
              } /* padlen > 0 */
              /* here: a/ padlen == 1..16 && in_data_len == 0; b/ padlen == 0 && in_data_len > 0 */
              if (in_data_len>0) {
                i = (unsigned long)(in_data_len % blen);
                if (i>0) { /* save tail of data into pad */
                  Copy(in_data+in_data_start+in_data_len-i, self->pad, i, unsigned char);
                  self->padlen = i;
                  in_data_len -= i;
                }
              }
              if (in_data_len>0) {
                if (self->padlen == 0 && self->padding_mode !=0) {
                  /* in case of padding keep full pad if no more data */
                  Copy(in_data+in_data_start+in_data_len-blen, self->pad, blen, unsigned char);
                  self->padlen = blen;
                  in_data_len -= blen;
                }
                i = (unsigned long)(has_tmp_block ? in_data_len + blen : in_data_len);
                if (i > 0) {
                  out_data = (unsigned char*)SvGROW(RETVAL, out_len + i + 1) + out_len;
                  out_len += i;
                  if (has_tmp_block) {
                    Copy(tmp_block, out_data, blen, unsigned char);
                    out_data += blen;
                  }
                  rv = cbc_decrypt(in_data+in_data_start, out_data, (unsigned long)in_data_len, &self->state);
                  if (rv != CRYPT_OK) {
                    SvREFCNT_dec(RETVAL);
                    croak("FATAL: cbc_decrypt failed: %s", error_to_string(rv));
                  }
                }
              } /* in_data_len>0 */
              else if (has_tmp_block) {
                out_data = (unsigned char*)SvGROW(RETVAL, out_len + blen + 1) + out_len;
                out_len += blen;
                Copy(tmp_block, out_data, blen, unsigned char);
              }
            }
-          } /* padlen > 0 */
+            else {
-
+              SvREFCNT_dec(RETVAL);
-          i = (unsigned long)(in_data_len % blen);
+              croak("FATAL: call start_decryt or start_encrpyt first (%d)", self->direction);
          if (in_data_len>0 && i>0) { /* save tail of data into pad */
            Copy(in_data+in_data_start+in_data_len-i, self->pad, i, unsigned char);
            self->padlen = i;
            in_data_len -= i;
          }
          if (in_data_len>0) {
            i = (unsigned long)(has_tmp_block ? in_data_len + blen : in_data_len);
            RETVAL = NEWSV(0, i);
            SvPOK_only(RETVAL);
            SvCUR_set(RETVAL, i);
            out_data = (unsigned char *)SvPV_nolen(RETVAL);
            if (has_tmp_block) {
              Copy(tmp_block, out_data, blen, unsigned char);
              out_data += blen;
            }
            rv = cbc_encrypt(in_data+in_data_start, out_data, (unsigned long)in_data_len, &self->state);
            if (rv != CRYPT_OK) croak("FATAL: cbc_encrypt failed: %s", error_to_string(rv));
          } /* in_data_len>0 */
          else if (has_tmp_block) {
            RETVAL = newSVpvn((char*)tmp_block, blen);
          }
          else {
            RETVAL = newSVpvn("", 0);
          }
        }
        if (out_len > 0) SvCUR_set(RETVAL, out_len);
    }
    OUTPUT:
        RETVAL
 SV *
-_finish_enc(Crypt::Mode::CBC self)
+finish(Crypt::Mode::CBC self)
    CODE:
    {
-        unsigned char tmp_block[MAXBLOCKSIZE];
+        unsigned char tmp_block[MAXBLOCKSIZE], ch;
-        int rv, blen, i, j;
+        int i, j, rv, blen = (&self->state)->blocklen;
-        blen = (&self->state)->blocklen;
+        if (self->direction == 1) {
-        if (self->padlen<0 || self->padlen>=blen) croak("FATAL: invalid padlen");
+          if (self->padlen<0 || self->padlen>=blen) croak("FATAL: invalid padlen");
-
+          if (self->padding_mode == 1) { /* pkcs5|7 padding */
-        if(self->padding_mode == 1) { /* pkcs5|7 padding */
+            i = blen - self->padlen;
-          i = blen - self->padlen;
+            if (i == 0) i = blen;
-          if (i == 0) i = blen;
+            for(j=self->padlen; j<blen; j++) self->pad[j] = (unsigned char)i;
-          for(j=self->padlen; j<blen; j++) self->pad[j] = (unsigned char)i;
+            rv = cbc_encrypt(self->pad, tmp_block, blen, &self->state);
-          rv = cbc_encrypt(self->pad, tmp_block, blen, &self->state);
+            if (rv != CRYPT_OK) croak("FATAL: cbc_encrypt failed: %s", error_to_string(rv));
-          if (rv != CRYPT_OK) croak("FATAL: cbc_encrypt failed: %s", error_to_string(rv));
+          }
          else if (self->padding_mode == 2) { /* oneandzeroes padding */
            self->pad[self->padlen] = 0x80;
            for(j=self->padlen+1; j<blen; j++) self->pad[j] = 0;
            rv = cbc_encrypt(self->pad, tmp_block, blen, &self->state);
            if (rv != CRYPT_OK) croak("FATAL: cbc_encrypt failed: %s", error_to_string(rv));
          }
          else {
            if (self->padlen>0) croak("FATAL: cbc_encrypt, input data length not multiple of %d", blen);
            blen = 0;
          }
        }
-        else if(self->padding_mode == 2) { /* oneandzeroes padding */
+        else if (self->direction == -1) {
-          self->pad[self->padlen] = 0x80;
+          if (self->padlen > 0) {
-          for(j=self->padlen+1; j<blen; j++) self->pad[j] = 0;
+            if (self->padlen != blen) croak("FATAL: cipher text length has to be multiple of %d (%d)", blen, self->padlen);
-          rv = cbc_encrypt(self->pad, tmp_block, blen, &self->state);
+            rv = cbc_decrypt(self->pad, tmp_block, blen, &self->state);
-          if (rv != CRYPT_OK) croak("FATAL: cbc_encrypt failed: %s", error_to_string(rv));
+            if (rv != CRYPT_OK) croak("FATAL: cbc_decrypt failed: %s", error_to_string(rv));
            if (self->padding_mode == 0) {         /* no padding */
              /* we already have blen */
            }
            else if (self->padding_mode == 1) {    /* pkcs5|7 padding */
              ch = tmp_block[blen-1];
              blen = blen - (ch > blen ? blen : ch);
            }
            else if (self->padding_mode == 2) {    /* oneandzeroes padding */
              while ((unsigned char)tmp_block[blen - 1] == 0x00) blen--;
              if ((unsigned char)tmp_block[blen - 1] == 0x80) blen--;
              if (blen < 0) blen = 0;
            }
          }
          else {
            blen = 0;
          }
        }
        else {
-          if (self->padlen>0) croak("FATAL: cbc_encrypt, input data length not multiple of %d", blen);
+           XSRETURN_UNDEF;
          blen = 0;
        }
        self->direction = 0;
@ -160,131 +265,3 @@ _finish_enc(Crypt::Mode::CBC self)
    }
    OUTPUT:
        RETVAL
 SV *
 _decrypt(Crypt::Mode::CBC self, SV * data)
    CODE:
    {
        int rv, has_tmp_block, blen;
        unsigned long i;
        STRLEN in_data_len, in_data_start;
        unsigned char *in_data, *out_data, tmp_block[MAXBLOCKSIZE];
        if (self->direction != -1) croak("FATAL: decrypt error, call start_decryt first (%d)", self->direction);
        blen = (&self->state)->blocklen;
        in_data_start = 0;
        has_tmp_block = 0;
        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
        if (in_data_len==0) {
          RETVAL = newSVpvn("", 0);
        }
        else {
          if(self->padlen == blen) {
            rv = cbc_decrypt(self->pad, tmp_block, blen, &self->state);
            if (rv != CRYPT_OK) croak("FATAL: cbc_decrypt failed: %s", error_to_string(rv));
            self->padlen = 0;
            has_tmp_block = 1;
          } /* padlen == blen */
          else if(self->padlen > 0) {
            i = (blen - self->padlen); /* remaining bytes in padding buffer */
            if (in_data_len >= i) { /* enough data to fill pad */
              Copy(in_data, self->pad+self->padlen, i, unsigned char);
              self->padlen += i;
              in_data_len -= i;
              in_data_start = i;
              if (in_data_len>0 || self->padding_mode == 0) {
                rv = cbc_decrypt(self->pad, tmp_block, blen, &self->state);
                if (rv != CRYPT_OK) croak("FATAL: cbc_decrypt failed: %s", error_to_string(rv));
                self->padlen = 0;
                has_tmp_block = 1;
              }
            }
            else { /* not enough data to fill pad */
              Copy(in_data, self->pad+self->padlen, in_data_len, unsigned char);
              self->padlen += (int)in_data_len;
              in_data_len = 0;
            }
          } /* padlen > 0 */
          /* here: a/ padlen==1..16 && in_data_len==0; b/ padlen==0 && in_data_len>0 */
          if (in_data_len>0) {
            i = (unsigned long)(in_data_len % blen);
            if (i>0) { /* save tail of data into pad */
              Copy(in_data+in_data_start+in_data_len-i, self->pad, i, unsigned char);
              self->padlen = i;
              in_data_len -= i;
            }
          }
          if (in_data_len>0) {
            if(self->padlen == 0 && self->padding_mode !=0) {
              /* in case of padding keep full pad if no more data */
              Copy(in_data+in_data_start+in_data_len-blen, self->pad, blen, unsigned char);
              self->padlen = blen;
              in_data_len -= blen;
            }
            i = (unsigned long)(has_tmp_block ? in_data_len + blen : in_data_len);
            if (i == 0) {
              RETVAL = newSVpvn("", 0);
            }
            else {
              RETVAL = NEWSV(0, i);
              SvPOK_only(RETVAL);
              SvCUR_set(RETVAL, i);
              out_data = (unsigned char *)SvPV_nolen(RETVAL);
              if (has_tmp_block) {
                Copy(tmp_block, out_data, blen, unsigned char);
                out_data += blen;
              }
              rv = cbc_decrypt(in_data+in_data_start, out_data, (unsigned long)in_data_len, &self->state);
              if (rv != CRYPT_OK) croak("FATAL: cbc_decrypt failed: %s", error_to_string(rv));
            }
          } /* in_data_len>0 */
          else if (has_tmp_block) {
            RETVAL = newSVpvn((char*)tmp_block, blen);
          }
          else {
            RETVAL = newSVpvn("", 0);
          }
        }
    }
    OUTPUT:
        RETVAL
 SV *
 _finish_dec(Crypt::Mode::CBC self)
    CODE:
    {
        unsigned char tmp_block[MAXBLOCKSIZE];
        unsigned char i;
        int rv, rv_len, blen;
        rv_len = 0;
        if (self->padlen > 0) {
          blen = (&self->state)->blocklen;
          if (self->padlen != blen) croak("FATAL: cipher text length has to be multiple of %d (%d)", blen, self->padlen);
          rv = cbc_decrypt(self->pad, tmp_block, blen, &self->state);
          if (rv != CRYPT_OK) croak("FATAL: cbc_decrypt failed: %s", error_to_string(rv));
          if(self->padding_mode == 0) {         /* no padding */
            rv_len = blen;
          }
          else if(self->padding_mode == 1) {    /* pkcs5|7 padding */
            i = tmp_block[blen-1];
            rv_len = blen - (i>blen ? blen : i);
          }
          else if(self->padding_mode == 2) {    /* oneandzeroes padding */
            rv_len = blen;
            while ((unsigned char)tmp_block[rv_len-1] == 0x00) rv_len--;
            if ((unsigned char)tmp_block[rv_len-1] == 0x80) rv_len--;
            if (rv_len<0) rv_len = 0;
          }
        }
        self->direction = 0;
        RETVAL = newSVpvn((char*)tmp_block, rv_len);
    }
    OUTPUT:
        RETVAL
--- a/inc/CryptX_Mode_CFB.xs.inc
+++ b/inc/CryptX_Mode_CFB.xs.inc
@ -1,17 +1,22 @@
 MODULE = CryptX         PACKAGE = Crypt::Mode::CFB
 PROTOTYPES: DISABLE
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 Crypt::Mode::CFB
-_new(char * cipher_name, int rounds=0)
+new(Class, char * cipher_name, int rounds=0)
    CODE:
    {
        Newz(0, RETVAL, 1, struct cfb_struct);
        if (!RETVAL) croak("FATAL: Newz failed");
        RETVAL->direction = 0;
        RETVAL->cipher_rounds = rounds;
-        RETVAL->cipher_id = find_cipher(cipher_name);
+        RETVAL->cipher_id = _find_cipher(cipher_name);
-        if(RETVAL->cipher_id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        if (RETVAL->cipher_id == -1) {
          Safefree(RETVAL);
          croak("FATAL: find_cipfer failed for '%s'", cipher_name);
        }
    }
    OUTPUT:
        RETVAL
@ -21,16 +26,11 @@ DESTROY(Crypt::Mode::CFB self)
    CODE:
        Safefree(self);
 int
 _get_dir(Crypt::Mode::CFB self)
    CODE:
        RETVAL = self->direction;
    OUTPUT:
        RETVAL
 void
-_start(Crypt::Mode::CFB self, int dir, SV * key, SV * iv)
+start_decrypt(Crypt::Mode::CFB self, SV * key, SV * iv)
-    CODE:
+    ALIAS:
        start_encrypt = 1
    PPCODE:
    {
        STRLEN k_len=0;
        unsigned char *k=NULL;
@ -52,45 +52,51 @@ _start(Crypt::Mode::CFB self, int dir, SV * key, SV * iv)
          croak("FATAL: cfb_start failed: %s", error_to_string(rv));
        }
-        self->direction = dir;
+        self->direction = ix == 1 ? 1 : -1;
        XPUSHs(ST(0)); /* return self */
    }
 SV *
-_crypt(Crypt::Mode::CFB self, SV * data)
+add(Crypt::Mode::CFB self, ...)
    CODE:
    {
-        int rv;
+        int rv, j;
-        STRLEN in_data_len;
+        STRLEN in_data_len, out_len = 0;
        unsigned char *in_data, *out_data;
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        RETVAL = newSVpvn("", 0);
-        if (in_data_len==0) {
+        for (j = 1; j < items; j++) {
-          RETVAL = newSVpvn("", 0);
+          in_data = (unsigned char *)SvPVbyte(ST(j), in_data_len);
-        }
+          if (in_data_len > 0) {
-        else {
+            out_data = (unsigned char*)SvGROW(RETVAL, out_len + in_data_len + 1) + out_len;
-          RETVAL = NEWSV(0, in_data_len);
+            out_len += in_data_len;
-          SvPOK_only(RETVAL);
+            if (self->direction == 1) {
-          SvCUR_set(RETVAL, in_data_len);
+              rv = cfb_encrypt(in_data, out_data, (unsigned long)in_data_len, &self->state);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+              if (rv != CRYPT_OK) {
-
+                SvREFCNT_dec(RETVAL);
-          if (self->direction == 1) {
+                croak("FATAL: cfb_encrypt failed: %s", error_to_string(rv));
-            rv = cfb_encrypt(in_data, out_data, (unsigned long)in_data_len, &self->state);
+              }
-            if (rv != CRYPT_OK) croak("FATAL: cfb_encrypt failed: %s", error_to_string(rv));
+            }
-          }
+            else if (self->direction == -1) {
-          else if (self->direction == -1) {
+              rv = cfb_decrypt(in_data, out_data, (unsigned long)in_data_len, &self->state);
-            rv = cfb_decrypt(in_data, out_data, (unsigned long)in_data_len, &self->state);
+              if (rv != CRYPT_OK) {
-            if (rv != CRYPT_OK) croak("FATAL: cfb_decrypt failed: %s", error_to_string(rv));
+                SvREFCNT_dec(RETVAL);
-          }
+                croak("FATAL: cfb_decrypt failed: %s", error_to_string(rv));
-          else {
+              }
-            croak("FATAL: cfb_crypt failed: call start_encrypt or start_decrypt first");
+            }
            else {
              SvREFCNT_dec(RETVAL);
              croak("FATAL: cfb_crypt failed: call start_encrypt or start_decrypt first");
            }
          }
        }
        if (out_len > 0) SvCUR_set(RETVAL, out_len);
    }
    OUTPUT:
        RETVAL
 SV *
-_finish(Crypt::Mode::CFB self)
+finish(Crypt::Mode::CFB self)
    CODE:
          self->direction = 0;
          RETVAL = newSVpvn("", 0);
--- a/inc/CryptX_Mode_CTR.xs.inc
+++ b/inc/CryptX_Mode_CTR.xs.inc
@ -1,17 +1,22 @@
 MODULE = CryptX         PACKAGE = Crypt::Mode::CTR
 PROTOTYPES: DISABLE
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 Crypt::Mode::CTR
-_new(char * cipher_name, int ctr_mode=0, int ctr_width=0, int rounds=0)
+new(Class, char * cipher_name, int ctr_mode=0, int ctr_width=0, int rounds=0)
    CODE:
    {
        Newz(0, RETVAL, 1, struct ctr_struct);
        if (!RETVAL) croak("FATAL: Newz failed");
        RETVAL->direction = 0;
        RETVAL->cipher_rounds = rounds;
-        RETVAL->cipher_id = find_cipher(cipher_name);
+        RETVAL->cipher_id = _find_cipher(cipher_name);
-        if(RETVAL->cipher_id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        if (RETVAL->cipher_id == -1) {
          Safefree(RETVAL);
          croak("FATAL: find_cipfer failed for '%s'", cipher_name);
        }
        if (ctr_mode == 0) RETVAL->ctr_mode_param = CTR_COUNTER_LITTLE_ENDIAN;
        if (ctr_mode == 1) RETVAL->ctr_mode_param = CTR_COUNTER_BIG_ENDIAN;
        if (ctr_mode == 2) RETVAL->ctr_mode_param = CTR_COUNTER_LITTLE_ENDIAN|LTC_CTR_RFC3686;
@ -26,16 +31,11 @@ DESTROY(Crypt::Mode::CTR self)
    CODE:
        Safefree(self);
 int
 _get_dir(Crypt::Mode::CTR self)
    CODE:
        RETVAL = self->direction;
    OUTPUT:
        RETVAL
 void
-_start(Crypt::Mode::CTR self, int dir, SV * key, SV * iv)
+start_decrypt(Crypt::Mode::CTR self, SV * key, SV * iv)
-    CODE:
+    ALIAS:
        start_encrypt = 1
    PPCODE:
    {
        STRLEN k_len=0;
        unsigned char *k=NULL;
@ -57,45 +57,51 @@ _start(Crypt::Mode::CTR self, int dir, SV * key, SV * iv)
          croak("FATAL: ctr_start failed: %s", error_to_string(rv));
        }
-        self->direction = dir;
+        self->direction = ix == 1 ? 1 : -1;
        XPUSHs(ST(0)); /* return self */
    }
 SV *
-_crypt(Crypt::Mode::CTR self, SV * data)
+add(Crypt::Mode::CTR self, ...)
    CODE:
    {
-        int rv;
+        int rv, j;
-        STRLEN in_data_len;
+        STRLEN in_data_len, out_len = 0;
        unsigned char *in_data, *out_data;
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        RETVAL = newSVpvn("", 0);
-        if (in_data_len==0) {
+        for (j = 1; j < items; j++) {
-          RETVAL = newSVpvn("", 0);
+          in_data = (unsigned char *)SvPVbyte(ST(j), in_data_len);
-        }
+          if (in_data_len > 0) {
-        else {
+            out_data = (unsigned char*)SvGROW(RETVAL, out_len + in_data_len + 1) + out_len;
-          RETVAL = NEWSV(0, in_data_len);
+            out_len += in_data_len;
-          SvPOK_only(RETVAL);
+            if (self->direction == 1) {
-          SvCUR_set(RETVAL, in_data_len);
+              rv = ctr_encrypt(in_data, out_data, (unsigned long)in_data_len, &self->state);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+              if (rv != CRYPT_OK) {
-
+                SvREFCNT_dec(RETVAL);
-          if (self->direction == 1) {
+                croak("FATAL: ctr_encrypt failed: %s", error_to_string(rv));
-            rv = ctr_encrypt(in_data, out_data, (unsigned long)in_data_len, &self->state);
+              }
-            if (rv != CRYPT_OK) croak("FATAL: ctr_encrypt failed: %s", error_to_string(rv));
+            }
-          }
+            else if (self->direction == -1) {
-          else if (self->direction == -1) {
+              rv = ctr_decrypt(in_data, out_data, (unsigned long)in_data_len, &self->state);
-            rv = ctr_decrypt(in_data, out_data, (unsigned long)in_data_len, &self->state);
+              if (rv != CRYPT_OK) {
-            if (rv != CRYPT_OK) croak("FATAL: ctr_decrypt failed: %s", error_to_string(rv));
+                SvREFCNT_dec(RETVAL);
-          }
+                croak("FATAL: ctr_decrypt failed: %s", error_to_string(rv));
-          else {
+              }
-            croak("FATAL: ctr_crypt failed: call start_encrypt or start_decrypt first");
+            }
            else {
              SvREFCNT_dec(RETVAL);
              croak("FATAL: ctr_crypt failed: call start_encrypt or start_decrypt first");
            }
          }
        }
        if (out_len > 0) SvCUR_set(RETVAL, out_len);
    }
    OUTPUT:
        RETVAL
 SV *
-_finish(Crypt::Mode::CTR self)
+finish(Crypt::Mode::CTR self)
    CODE:
          self->direction = 0;
          RETVAL = newSVpvn("", 0);
--- a/inc/CryptX_Mode_ECB.xs.inc
+++ b/inc/CryptX_Mode_ECB.xs.inc
@ -1,9 +1,11 @@
 MODULE = CryptX         PACKAGE = Crypt::Mode::ECB
 PROTOTYPES: DISABLE
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 Crypt::Mode::ECB
-_new(char * cipher_name, int padding=1, int rounds=0)
+new(Class, char * cipher_name, int padding=1, int rounds=0)
    CODE:
    {
        Newz(0, RETVAL, 1, struct ecb_struct);
@ -12,8 +14,11 @@ _new(char * cipher_name, int padding=1, int rounds=0)
        RETVAL->padlen = 0;
        RETVAL->direction = 0;
        RETVAL->cipher_rounds = rounds;
-        RETVAL->cipher_id = find_cipher(cipher_name);
+        RETVAL->cipher_id = _find_cipher(cipher_name);
-        if(RETVAL->cipher_id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        if (RETVAL->cipher_id == -1) {
          Safefree(RETVAL);
          croak("FATAL: find_cipfer failed for '%s'", cipher_name);
        }
    }
    OUTPUT:
        RETVAL
@ -23,16 +28,11 @@ DESTROY(Crypt::Mode::ECB self)
    CODE:
        Safefree(self);
 int
 _get_dir(Crypt::Mode::ECB self)
    CODE:
        RETVAL = self->direction;
    OUTPUT:
        RETVAL
 void
-_start(Crypt::Mode::ECB self, int dir, SV * key)
+start_decrypt(Crypt::Mode::ECB self, SV * key)
-    CODE:
+    ALIAS:
        start_encrypt = 1
    PPCODE:
    {
        int rv;
        STRLEN k_len=0;
@ -46,106 +46,211 @@ _start(Crypt::Mode::ECB self, int dir, SV * key)
          croak("FATAL: ecb_start failed: %s", error_to_string(rv));
        }
-        self->direction = dir;
+        self->direction = ix == 1 ? 1 : -1;
        self->padlen = 0;
        XPUSHs(ST(0)); /* return self */
    }
 SV *
-_encrypt(Crypt::Mode::ECB self, SV * data)
+add(Crypt::Mode::ECB self, ...)
    CODE:
    {
-        int rv, has_tmp_block, blen;
+        int rv, has_tmp_block, blen, j;
        unsigned long i;
-
+        STRLEN in_data_len, in_data_start, out_len = 0;
        STRLEN in_data_len, in_data_start;
        unsigned char *in_data, *out_data, tmp_block[MAXBLOCKSIZE];
-        if (self->direction != 1) croak("FATAL: encrypt error, call start_encrypt first (%d)", self->direction);
+        RETVAL = newSVpvn("", 0);
        for (j = 1; j < items; j++) {
          in_data = (unsigned char *)SvPVbyte(ST(j), in_data_len);
          blen = (&self->state)->blocklen;
          in_data_start = 0;
          has_tmp_block = 0;
          if (in_data_len > 0) {
            if (self->direction == 1) {
              /* handle non-empty self->pad buffer */
              if (self->padlen > 0) {
                i = (blen - self->padlen);
                if (in_data_len >= i) { /* enough data to fill pad */
                  Copy(in_data, self->pad+self->padlen, i, unsigned char);
                  in_data_len -= i;
                  in_data_start = i;
                  rv = ecb_encrypt(self->pad, tmp_block, blen, &self->state);
                  if (rv != CRYPT_OK) {
                    SvREFCNT_dec(RETVAL);
                    croak("FATAL: ecb_encrypt failed: %s", error_to_string(rv));
                  }
                  self->padlen = 0;
                  has_tmp_block = 1;
                }
                else { /* not enough data to fill pad */
                  Copy(in_data, self->pad+self->padlen, in_data_len, unsigned char);
                  self->padlen += (int)in_data_len;
                  in_data_len = 0;
                }
              }
-        blen = (&self->state)->blocklen;
+              i = (unsigned long)(in_data_len % blen);
-        in_data_start = 0;
+              if (in_data_len > 0 && i > 0) { /* save tail of data into pad */
-        has_tmp_block = 0;
+                Copy(in_data + in_data_start + in_data_len - i, self->pad, i, unsigned char);
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+                self->padlen = i;
-        if (in_data_len==0) {
+                in_data_len -= i;
-          RETVAL = newSVpvn("", 0);
+              }
-        }
+
-        else {
+              if (in_data_len > 0) {
-          if(self->padlen > 0) {
+                i = (unsigned long)(has_tmp_block ? in_data_len + blen : in_data_len);
-            i = (blen - self->padlen);
+                out_data = (unsigned char*)SvGROW(RETVAL, out_len + i + 1) + out_len;
-            if (in_data_len >= i) { /* enough data to fill pad */
+                out_len += i;
-              Copy(in_data, self->pad+self->padlen, i, unsigned char);
+                if (has_tmp_block) {
-              in_data_len -= i;
+                  Copy(tmp_block, out_data, blen, unsigned char);
-              in_data_start = i;
+                  out_data += blen;
-              rv = ecb_encrypt(self->pad, tmp_block, blen, &self->state);
+                }
-              if (rv != CRYPT_OK) croak("FATAL: ecb_encrypt failed: %s", error_to_string(rv));
+                rv = ecb_encrypt(in_data+in_data_start, out_data, (unsigned long)in_data_len, &self->state);
-              self->padlen = 0;
+                if (rv != CRYPT_OK) {
-              has_tmp_block = 1;
+                  SvREFCNT_dec(RETVAL);
                  croak("FATAL: ecb_encrypt failed: %s", error_to_string(rv));
                }
              } /* in_data_len > 0 */
              else if (has_tmp_block) {
                out_data = (unsigned char*)SvGROW(RETVAL, out_len + blen + 1) + out_len;
                out_len += blen;
                Copy(tmp_block, out_data, blen, unsigned char);
              }
            }
-            else { /* not enough data to fill pad */
+            else if (self->direction == -1) {
-              Copy(in_data, self->pad+self->padlen, in_data_len, unsigned char);
+              if (self->padlen == blen) {
-              self->padlen += (int)in_data_len;
+                rv = ecb_decrypt(self->pad, tmp_block, blen, &self->state);
-              in_data_len = 0;
+                if (rv != CRYPT_OK) {
                  SvREFCNT_dec(RETVAL);
                  croak("FATAL: ecb_decrypt failed: %s", error_to_string(rv));
                }
                self->padlen = 0;
                has_tmp_block = 1;
              } /* padlen == blen */
              else if (self->padlen > 0) {
                i = (blen - self->padlen); /* remaining bytes in padding buffer */
                if (in_data_len >= i) { /* enough data to fill pad */
                  Copy(in_data, self->pad+self->padlen, i, unsigned char);
                  self->padlen += i;
                  in_data_len -= i;
                  in_data_start = i;
                  if (in_data_len>0 || self->padding_mode == 0) {
                    rv = ecb_decrypt(self->pad, tmp_block, blen, &self->state);
                    if (rv != CRYPT_OK) {
                      SvREFCNT_dec(RETVAL);
                      croak("FATAL: ecb_decrypt failed: %s", error_to_string(rv));
                    }
                    self->padlen = 0;
                    has_tmp_block = 1;
                  }
                }
                else { /* not enough data to fill pad */
                  Copy(in_data, self->pad+self->padlen, in_data_len, unsigned char);
                  self->padlen += (int)in_data_len;
                  in_data_len = 0;
                }
              } /* padlen > 0 */
              /* here: a/ padlen == 1..16 && in_data_len == 0; b/ padlen == 0 && in_data_len > 0 */
              if (in_data_len>0) {
                i = (unsigned long)(in_data_len % blen);
                if (i>0) { /* save tail of data into pad */
                  Copy(in_data+in_data_start+in_data_len-i, self->pad, i, unsigned char);
                  self->padlen = i;
                  in_data_len -= i;
                }
              }
              if (in_data_len>0) {
                if (self->padlen == 0 && self->padding_mode !=0) {
                  /* in case of padding keep full pad if no more data */
                  Copy(in_data+in_data_start+in_data_len-blen, self->pad, blen, unsigned char);
                  self->padlen = blen;
                  in_data_len -= blen;
                }
                i = (unsigned long)(has_tmp_block ? in_data_len + blen : in_data_len);
                if (i > 0) {
                  out_data = (unsigned char*)SvGROW(RETVAL, out_len + i + 1) + out_len;
                  out_len += i;
                  if (has_tmp_block) {
                    Copy(tmp_block, out_data, blen, unsigned char);
                    out_data += blen;
                  }
                  rv = ecb_decrypt(in_data+in_data_start, out_data, (unsigned long)in_data_len, &self->state);
                  if (rv != CRYPT_OK) {
                    SvREFCNT_dec(RETVAL);
                    croak("FATAL: ecb_decrypt failed: %s", error_to_string(rv));
                  }
                }
              } /* in_data_len>0 */
              else if (has_tmp_block) {
                out_data = (unsigned char*)SvGROW(RETVAL, out_len + blen + 1) + out_len;
                out_len += blen;
                Copy(tmp_block, out_data, blen, unsigned char);
              }
            }
-          } /* padlen > 0 */
+            else {
-
+              SvREFCNT_dec(RETVAL);
-          i = (unsigned long)(in_data_len % blen);
+              croak("FATAL: call start_decryt or start_encrpyt first (%d)", self->direction);
          if (in_data_len>0 && i>0) { /* save tail of data into pad */
            Copy(in_data+in_data_start+in_data_len-i, self->pad, i, unsigned char);
            self->padlen = i;
            in_data_len -= i;
          }
          if (in_data_len>0) {
            i = (unsigned long)(has_tmp_block ? in_data_len + blen : in_data_len);
            RETVAL = NEWSV(0, i);
            SvPOK_only(RETVAL);
            SvCUR_set(RETVAL, i);
            out_data = (unsigned char *)SvPV_nolen(RETVAL);
            if (has_tmp_block) {
              Copy(tmp_block, out_data, blen, unsigned char);
              out_data += blen;
            }
            rv = ecb_encrypt(in_data+in_data_start, out_data, (unsigned long)in_data_len, &self->state);
            if (rv != CRYPT_OK) croak("FATAL: ecb_encrypt failed: %s", error_to_string(rv));
          } /* in_data_len>0 */
          else if (has_tmp_block) {
            RETVAL = newSVpvn((char*)tmp_block, blen);
          }
          else {
            RETVAL = newSVpvn("", 0);
          }
        }
        if (out_len > 0) SvCUR_set(RETVAL, out_len);
    }
    OUTPUT:
        RETVAL
 SV *
-_finish_enc(Crypt::Mode::ECB self)
+finish(Crypt::Mode::ECB self)
    CODE:
    {
-        unsigned char tmp_block[MAXBLOCKSIZE];
+        unsigned char tmp_block[MAXBLOCKSIZE], ch;
-        int rv, blen, i, j;
+        int i, j, rv, blen = (&self->state)->blocklen;
-        blen = (&self->state)->blocklen;
+        if (self->direction == 1) {
-        if (self->padlen<0 || self->padlen>=blen) croak("FATAL: invalid padlen");
+          if (self->padlen<0 || self->padlen>=blen) croak("FATAL: invalid padlen");
-
+          if (self->padding_mode == 1) { /* pkcs5|7 padding */
-        if(self->padding_mode == 1) { /* pkcs5|7 padding */
+            i = blen - self->padlen;
-          i = blen - self->padlen;
+            if (i == 0) i = blen;
-          if (i == 0) i = blen;
+            for(j=self->padlen; j<blen; j++) self->pad[j] = (unsigned char)i;
-          for(j=self->padlen; j<blen; j++) self->pad[j] = (unsigned char)i;
+            rv = ecb_encrypt(self->pad, tmp_block, blen, &self->state);
-          rv = ecb_encrypt(self->pad, tmp_block, blen, &self->state);
+            if (rv != CRYPT_OK) croak("FATAL: ecb_encrypt failed: %s", error_to_string(rv));
-          if (rv != CRYPT_OK) croak("FATAL: ecb_encrypt failed: %s", error_to_string(rv));
+          }
          else if (self->padding_mode == 2) { /* oneandzeroes padding */
            self->pad[self->padlen] = 0x80;
            for(j=self->padlen+1; j<blen; j++) self->pad[j] = 0;
            rv = ecb_encrypt(self->pad, tmp_block, blen, &self->state);
            if (rv != CRYPT_OK) croak("FATAL: ecb_encrypt failed: %s", error_to_string(rv));
          }
          else {
            if (self->padlen>0) croak("FATAL: ecb_encrypt, input data length not multiple of %d", blen);
            blen = 0;
          }
        }
-        else if(self->padding_mode == 2) { /* oneandzeroes padding */
+        else if (self->direction == -1) {
-          self->pad[self->padlen] = 0x80;
+          if (self->padlen > 0) {
-          for(j=self->padlen+1; j<blen; j++) self->pad[j] = 0;
+            if (self->padlen != blen) croak("FATAL: cipher text length has to be multiple of %d (%d)", blen, self->padlen);
-          rv = ecb_encrypt(self->pad, tmp_block, blen, &self->state);
+            rv = ecb_decrypt(self->pad, tmp_block, blen, &self->state);
-          if (rv != CRYPT_OK) croak("FATAL: ecb_encrypt failed: %s", error_to_string(rv));
+            if (rv != CRYPT_OK) croak("FATAL: ecb_decrypt failed: %s", error_to_string(rv));
            if (self->padding_mode == 0) {         /* no padding */
              /* we already have blen */
            }
            else if (self->padding_mode == 1) {    /* pkcs5|7 padding */
              ch = tmp_block[blen-1];
              blen = blen - (ch > blen ? blen : ch);
            }
            else if (self->padding_mode == 2) {    /* oneandzeroes padding */
              while ((unsigned char)tmp_block[blen - 1] == 0x00) blen--;
              if ((unsigned char)tmp_block[blen - 1] == 0x80) blen--;
              if (blen < 0) blen = 0;
            }
          }
          else {
            blen = 0;
          }
        }
        else {
-          if (self->padlen>0) croak("FATAL: ecb_encrypt, input data length not multiple of %d", blen);
+           XSRETURN_UNDEF;
          blen = 0;
        }
        self->direction = 0;
@ -153,131 +258,3 @@ _finish_enc(Crypt::Mode::ECB self)
    }
    OUTPUT:
        RETVAL
 SV *
 _decrypt(Crypt::Mode::ECB self, SV * data)
    CODE:
    {
        int rv, has_tmp_block, blen;
        unsigned long i;
        STRLEN in_data_len, in_data_start;
        unsigned char *in_data, *out_data, tmp_block[MAXBLOCKSIZE];
        if (self->direction != -1) croak("FATAL: decrypt error, call start_decryt first (%d)", self->direction);
        blen = (&self->state)->blocklen;
        in_data_start = 0;
        has_tmp_block = 0;
        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
        if (in_data_len==0) {
          RETVAL = newSVpvn("", 0);
        }
        else {
          if(self->padlen == blen) {
            rv = ecb_decrypt(self->pad, tmp_block, blen, &self->state);
            if (rv != CRYPT_OK) croak("FATAL: ecb_decrypt failed: %s", error_to_string(rv));
            self->padlen = 0;
            has_tmp_block = 1;
          } /* padlen == blen */
          else if(self->padlen > 0) {
            i = (blen - self->padlen); /* remaining bytes in padding buffer */
            if (in_data_len >= i) { /* enough data to fill pad */
              Copy(in_data, self->pad+self->padlen, i, unsigned char);
              self->padlen += i;
              in_data_len -= i;
              in_data_start = i;
              if (in_data_len>0 || self->padding_mode == 0) {
                rv = ecb_decrypt(self->pad, tmp_block, blen, &self->state);
                if (rv != CRYPT_OK) croak("FATAL: ecb_decrypt failed: %s", error_to_string(rv));
                self->padlen = 0;
                has_tmp_block = 1;
              }
            }
            else { /* not enough data to fill pad */
              Copy(in_data, self->pad+self->padlen, in_data_len, unsigned char);
              self->padlen += (int)in_data_len;
              in_data_len = 0;
            }
          } /* padlen > 0 */
          /* here: a/ padlen==1..16 && in_data_len==0; b/ padlen==0 && in_data_len>0 */
          if (in_data_len>0) {
            i = (unsigned long)(in_data_len % blen);
            if (i>0) { /* save tail of data into pad */
              Copy(in_data+in_data_start+in_data_len-i, self->pad, i, unsigned char);
              self->padlen = i;
              in_data_len -= i;
            }
          }
          if (in_data_len>0) {
            if(self->padlen == 0 && self->padding_mode !=0) {
              /* in case of padding keep full pad if no more data */
              Copy(in_data+in_data_start+in_data_len-blen, self->pad, blen, unsigned char);
              self->padlen = blen;
              in_data_len -= blen;
            }
            i = (unsigned long)(has_tmp_block ? in_data_len + blen : in_data_len);
            if (i == 0) {
              RETVAL = newSVpvn("", 0);
            }
            else {
              RETVAL = NEWSV(0, i);
              SvPOK_only(RETVAL);
              SvCUR_set(RETVAL, i);
              out_data = (unsigned char *)SvPV_nolen(RETVAL);
              if (has_tmp_block) {
                Copy(tmp_block, out_data, blen, unsigned char);
                out_data += blen;
              }
              rv = ecb_decrypt(in_data+in_data_start, out_data, (unsigned long)in_data_len, &self->state);
              if (rv != CRYPT_OK) croak("FATAL: ecb_decrypt failed: %s", error_to_string(rv));
            }
          } /* in_data_len>0 */
          else if (has_tmp_block) {
            RETVAL = newSVpvn((char*)tmp_block, blen);
          }
          else {
            RETVAL = newSVpvn("", 0);
          }
        }
    }
    OUTPUT:
        RETVAL
 SV *
 _finish_dec(Crypt::Mode::ECB self)
    CODE:
    {
        unsigned char tmp_block[MAXBLOCKSIZE];
        unsigned char i;
        int rv, rv_len, blen;
        rv_len = 0;
        if (self->padlen > 0) {
          blen = (&self->state)->blocklen;
          if (self->padlen != blen) croak("FATAL: cipher text length has to be multiple of %d (%d)", blen, self->padlen);
          rv = ecb_decrypt(self->pad, tmp_block, blen, &self->state);
          if (rv != CRYPT_OK) croak("FATAL: ecb_decrypt failed: %s", error_to_string(rv));
          if(self->padding_mode == 0) {         /* no padding */
            rv_len = blen;
          }
          else if(self->padding_mode == 1) {    /* pkcs5|7 padding */
            i = tmp_block[blen-1];
            rv_len = blen - (i>blen ? blen : i);
          }
          else if(self->padding_mode == 2) {    /* oneandzeroes padding */
            rv_len = blen;
            while ((unsigned char)tmp_block[rv_len-1] == 0x00) rv_len--;
            if ((unsigned char)tmp_block[rv_len-1] == 0x80) rv_len--;
            if (rv_len<0) rv_len = 0;
          }
        }
        self->direction = 0;
        RETVAL = newSVpvn((char*)tmp_block, rv_len);
    }
    OUTPUT:
        RETVAL
--- a/inc/CryptX_Mode_OFB.xs.inc
+++ b/inc/CryptX_Mode_OFB.xs.inc
@ -1,17 +1,22 @@
 MODULE = CryptX         PACKAGE = Crypt::Mode::OFB
 PROTOTYPES: DISABLE
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 Crypt::Mode::OFB
-_new(char * cipher_name, int rounds=0)
+new(Class, char * cipher_name, int rounds=0)
    CODE:
    {
        Newz(0, RETVAL, 1, struct ofb_struct);
        if (!RETVAL) croak("FATAL: Newz failed");
        RETVAL->direction = 0;
        RETVAL->cipher_rounds = rounds;
-        RETVAL->cipher_id = find_cipher(cipher_name);
+        RETVAL->cipher_id = _find_cipher(cipher_name);
-        if(RETVAL->cipher_id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        if (RETVAL->cipher_id == -1) {
          Safefree(RETVAL);
          croak("FATAL: find_cipfer failed for '%s'", cipher_name);
        }
    }
    OUTPUT:
        RETVAL
@ -21,16 +26,11 @@ DESTROY(Crypt::Mode::OFB self)
    CODE:
        Safefree(self);
 int
 _get_dir(Crypt::Mode::OFB self)
    CODE:
        RETVAL = self->direction;
    OUTPUT:
        RETVAL
 void
-_start(Crypt::Mode::OFB self, int dir, SV * key, SV * iv)
+start_decrypt(Crypt::Mode::OFB self, SV * key, SV * iv)
-    CODE:
+    ALIAS:
        start_encrypt = 1
    PPCODE:
    {
        STRLEN k_len=0;
        unsigned char *k=NULL;
@ -52,45 +52,51 @@ _start(Crypt::Mode::OFB self, int dir, SV * key, SV * iv)
          croak("FATAL: ofb_start failed: %s", error_to_string(rv));
        }
-        self->direction = dir;
+        self->direction = ix == 1 ? 1 : -1;
        XPUSHs(ST(0)); /* return self */
    }
 SV *
-_crypt(Crypt::Mode::OFB self, SV * data)
+add(Crypt::Mode::OFB self, ...)
    CODE:
    {
-        int rv;
+        int rv, j;
-        STRLEN in_data_len;
+        STRLEN in_data_len, out_len = 0;
        unsigned char *in_data, *out_data;
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        RETVAL = newSVpvn("", 0);
-        if (in_data_len==0) {
+        for (j = 1; j < items; j++) {
-          RETVAL = newSVpvn("", 0);
+          in_data = (unsigned char *)SvPVbyte(ST(j), in_data_len);
-        }
+          if (in_data_len > 0) {
-        else {
+            out_data = (unsigned char*)SvGROW(RETVAL, out_len + in_data_len + 1) + out_len;
-          RETVAL = NEWSV(0, in_data_len);
+            out_len += in_data_len;
-          SvPOK_only(RETVAL);
+            if (self->direction == 1) {
-          SvCUR_set(RETVAL, in_data_len);
+              rv = ofb_encrypt(in_data, out_data, (unsigned long)in_data_len, &self->state);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+              if (rv != CRYPT_OK) {
-
+                SvREFCNT_dec(RETVAL);
-          if (self->direction == 1) {
+                croak("FATAL: ofb_encrypt failed: %s", error_to_string(rv));
-            rv = ofb_encrypt(in_data, out_data, (unsigned long)in_data_len, &self->state);
+              }
-            if (rv != CRYPT_OK) croak("FATAL: ofb_encrypt failed: %s", error_to_string(rv));
+            }
-          }
+            else if (self->direction == -1) {
-          else if (self->direction == -1) {
+              rv = ofb_decrypt(in_data, out_data, (unsigned long)in_data_len, &self->state);
-            rv = ofb_decrypt(in_data, out_data, (unsigned long)in_data_len, &self->state);
+              if (rv != CRYPT_OK) {
-            if (rv != CRYPT_OK) croak("FATAL: ofb_decrypt failed: %s", error_to_string(rv));
+                SvREFCNT_dec(RETVAL);
-          }
+                croak("FATAL: ofb_decrypt failed: %s", error_to_string(rv));
-          else {
+              }
-            croak("FATAL: ofb_crypt failed: call start_encrypt or start_decrypt first");
+            }
            else {
              SvREFCNT_dec(RETVAL);
              croak("FATAL: ofb_crypt failed: call start_encrypt or start_decrypt first");
            }
          }
        }
        if (out_len > 0) SvCUR_set(RETVAL, out_len);
    }
    OUTPUT:
        RETVAL
 SV *
-_finish(Crypt::Mode::OFB self)
+finish(Crypt::Mode::OFB self)
    CODE:
          self->direction = 0;
          RETVAL = newSVpvn("", 0);
--- a/inc/CryptX_PK_DH.xs.inc
+++ b/inc/CryptX_PK_DH.xs.inc
@ -1,7 +1,9 @@
 MODULE = CryptX         PACKAGE = Crypt::PK::DH
 PROTOTYPES: DISABLE
 Crypt::PK::DH
-_new()
+_new(Class)
    CODE:
    {
        int rv;
@ -9,40 +11,68 @@ _new()
        if (!RETVAL) croak("FATAL: Newz failed");
        RETVAL->key.type = -1;
        RETVAL->pindex = find_prng("chacha20");
-        if(RETVAL->pindex==-1) croak("FATAL: find_prng('chacha20') failed");
+        if (RETVAL->pindex == -1) {
          Safefree(RETVAL);
          croak("FATAL: find_prng('chacha20') failed");
        }
        rv = rng_make_prng(320, RETVAL->pindex, &RETVAL->pstate, NULL); /* 320bits = 40bytes */
-        if (rv != CRYPT_OK) croak("FATAL: rng_make_prng failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: rng_make_prng failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
        RETVAL
 void
-_generate_key(Crypt::PK::DH self, int key_size=256)
+_generate_key_size(Crypt::PK::DH self, int groupsize=256)
    PPCODE:
    {
        int rv;
-        /* gen the key */
+        rv = dh_set_pg_groupsize(groupsize, &self->key);
-        rv = dh_make_key(&self->pstate, self->pindex, key_size, &self->key);
+        if (rv != CRYPT_OK) croak("FATAL: dh_set_pg_groupsize failed: %s", error_to_string(rv));
-        if (rv != CRYPT_OK) croak("FATAL: dh_make_key failed: %s", error_to_string(rv));
+        rv = dh_generate_key(&self->pstate, self->pindex, &self->key);
        if (rv != CRYPT_OK) croak("FATAL: dh_generate_key failed: %s", error_to_string(rv));
        XPUSHs(ST(0)); /* return self */
    }
 void
-_generate_key_ex(Crypt::PK::DH self, SV * g, SV * p)
+_generate_key_gp(Crypt::PK::DH self, char *g, char *p)
    PPCODE:
    {
        int rv;
-        STRLEN p_len = 0;
+        unsigned char pbin[1024], gbin[512];
-        STRLEN g_len = 0;
+        unsigned long plen=sizeof(pbin), glen=sizeof(gbin);
        unsigned char *p_ptr=NULL;
        unsigned char *g_ptr=NULL;
-        p_ptr = (unsigned char *)SvPVbyte(p, p_len);
+        if (p && strlen(p) > 0 && g && strlen(g) > 0) {
-        g_ptr = (unsigned char *)SvPVbyte(g, g_len);
+          rv = radix_to_bin(p, 16, pbin, &plen);
          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(p) failed: %s", error_to_string(rv));
          rv = radix_to_bin(g, 16, gbin, &glen);
          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(g) failed: %s", error_to_string(rv));
          rv = dh_set_pg(pbin, plen, gbin, glen, &self->key);
          if (rv != CRYPT_OK) croak("FATAL: dh_set_pg failed: %s", error_to_string(rv));
          rv = dh_generate_key(&self->pstate, self->pindex, &self->key);
          if (rv != CRYPT_OK) croak("FATAL: dh_generate_key failed: %s", error_to_string(rv));
        }
        XPUSHs(ST(0)); /* return self */
    }
 void
 _generate_key_dhparam(Crypt::PK::DH self, SV * dhparam)
    PPCODE:
    {
        int rv;
        unsigned char *data=NULL;
        STRLEN data_len=0;
        data = (unsigned char *)SvPVbyte(dhparam, data_len);
        /* load d p q */
        rv = dh_set_pg_dhparam(data, (unsigned long)data_len, &self->key);
        if (rv != CRYPT_OK) croak("FATAL: dh_set_pg_dhparam failed: %s", error_to_string(rv));
        /* gen the key */
-        rv = dh_make_key_ex(&self->pstate, self->pindex, (const char *) g_ptr, (const char *) p_ptr, &self->key);
+        rv = dh_generate_key(&self->pstate, self->pindex, &self->key);
-        if (rv != CRYPT_OK) croak("FATAL: dh_make_key_ex failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) croak("FATAL: dh_generate_key failed: %s", error_to_string(rv));
        XPUSHs(ST(0)); /* return self */
    }
@ -68,21 +98,34 @@ _import_raw(Crypt::PK::DH self, SV * raw_key, int type, char * g, char * p)
        int rv;
        unsigned char *data=NULL;
        STRLEN data_len=0;
        unsigned char pbin[1024], gbin[512];
        unsigned long plen=sizeof(pbin), glen=sizeof(gbin);
        data = (unsigned char *)SvPVbyte(raw_key, data_len);
        if (self->key.type != -1) { dh_free(&self->key); self->key.type = -1; }
-        /* public */
+
-        if (type == 0) {
+        if (p && strlen(p) > 0 && g && strlen(g) > 0) {
-          rv = dh_import_raw(data, (unsigned long)data_len, PK_PUBLIC, g, p, &self->key);
+          rv = radix_to_bin(p, 16, pbin, &plen);
-          if (rv != CRYPT_OK) croak("FATAL: dh_import_raw failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(p) failed: %s", error_to_string(rv));
-        }
+          rv = radix_to_bin(g, 16, gbin, &glen);
-        /* private */
+          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(g) failed: %s", error_to_string(rv));
-        else if (type == 1) {
+
-          rv = dh_import_raw(data, (unsigned long)data_len, PK_PRIVATE, g, p, &self->key);
+          rv = dh_set_pg(pbin, plen, gbin, glen, &self->key);
-          if (rv != CRYPT_OK) croak("FATAL: dh_import_raw failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) croak("FATAL: dh_set_pg failed: %s", error_to_string(rv));
-        }
+
-        else {
+          if (type == 0) {
-          croak("FATAL: import_raw invalid type '%d'", type);
+            /* public */
            rv = dh_set_key(data, (unsigned long)data_len, PK_PUBLIC, &self->key);
            if (rv != CRYPT_OK) croak("FATAL: dh_set_key failed: %s", error_to_string(rv));
          }
          else if (type == 1) {
            /* private */
            rv = dh_set_key(data, (unsigned long)data_len, PK_PRIVATE, &self->key);
            if (rv != CRYPT_OK) croak("FATAL: dh_set_key failed: %s", error_to_string(rv));
          }
          else {
            croak("FATAL: import_raw invalid type '%d'", type);
          }
        }
        XPUSHs(ST(0)); /* return self */
@ -100,7 +143,7 @@ int
 size(Crypt::PK::DH self)
    CODE:
        if (self->key.type == -1) XSRETURN_UNDEF;
-        RETVAL = dh_get_size(&self->key);
+        RETVAL = dh_get_groupsize(&self->key);
    OUTPUT:
        RETVAL
@ -114,7 +157,7 @@ key2hash(Crypt::PK::DH self)
    CODE:
        if (self->key.type == -1) XSRETURN_UNDEF;
        rv_hash = newHV();
-        /* =====> x */
+        /* x */
        siz = (self->key.x) ? mp_unsigned_bin_size(self->key.x) : 0;
        if (siz>10000) {
          croak("FATAL: key2hash failed - 'x' too big number");
@ -126,7 +169,7 @@ key2hash(Crypt::PK::DH self)
        else{
          not_used = hv_store(rv_hash, "x", 1, newSVpv("", 0), 0);
        }
-        /* =====> y */
+        /* y */
        siz = (self->key.y) ? mp_unsigned_bin_size(self->key.y) : 0;
        if (siz>10000) {
          croak("FATAL: key2hash failed - 'y' too big number");
@ -138,7 +181,7 @@ key2hash(Crypt::PK::DH self)
        else{
          not_used = hv_store(rv_hash, "y", 1, newSVpv("", 0), 0);
        }
-        /* =====> p */
+        /* p */
        siz = (self->key.prime) ? mp_unsigned_bin_size(self->key.prime) : 0;
        if (siz>10000) {
          croak("FATAL: key2hash failed - 'p' too big number");
@ -151,7 +194,7 @@ key2hash(Crypt::PK::DH self)
          not_used = hv_store(rv_hash, "p", 1, newSVpv("", 0), 0);
        }
-        /* =====> g */
+        /* g */
        siz = (self->key.base) ? mp_unsigned_bin_size(self->key.base) : 0;
        if (siz>10000) {
          croak("FATAL: key2hash failed - 'g' too big number");
@ -163,11 +206,11 @@ key2hash(Crypt::PK::DH self)
        else {
          not_used = hv_store(rv_hash, "g", 1, newSVpv("", 0), 0);
        }
-        /* =====> size */
+        /* size */
-        not_used = hv_store(rv_hash, "size", 4, newSViv(dh_get_size(&self->key)), 0);
+        not_used = hv_store(rv_hash, "size", 4, newSViv(dh_get_groupsize(&self->key)), 0);
-        /* =====> type */
+        /* type */
        not_used = hv_store(rv_hash, "type", 4, newSViv(self->key.type), 0);
-        if (not_used) not_used = NULL; /* just silence the warning: variable 'not_used' set but not used */
+        LTC_UNUSED_PARAM(not_used);
        RETVAL = newRV_noinc((SV*)rv_hash);
    OUTPUT:
        RETVAL
@ -182,7 +225,7 @@ params2hash(Crypt::PK::DH self)
    CODE:
        if (self->key.type == -1) XSRETURN_UNDEF;
        rv_hash = newHV();
-        /* =====> p */
+        /* p */
        siz = (self->key.prime) ? mp_unsigned_bin_size(self->key.prime) : 0;
        if (siz>10000) {
          croak("FATAL: key2hash failed - 'p' too big number");
@ -195,7 +238,7 @@ params2hash(Crypt::PK::DH self)
          not_used = hv_store(rv_hash, "p", 1, newSVpv("", 0), 0);
        }
-        /* =====> g */
+        /* g */
        siz = (self->key.base) ? mp_unsigned_bin_size(self->key.base) : 0;
        if (siz>10000) {
          croak("FATAL: key2hash failed - 'g' too big number");
@ -238,89 +281,6 @@ export_key(Crypt::PK::DH self, char * type)
    OUTPUT:
        RETVAL
 SV *
 _encrypt(Crypt::PK::DH self, SV * data, char * hash_name)
    CODE:
    {
        int rv, hash_id;
        unsigned char *data_ptr=NULL;
        STRLEN data_len=0;
        unsigned long buffer_len = 1024;
        unsigned char buffer[1024];
        data_ptr = (unsigned char *)SvPVbyte(data, data_len);
        hash_id = find_hash(hash_name);
        if(hash_id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
        rv = dh_encrypt_key(data_ptr, (unsigned long)data_len, buffer, &buffer_len,
                             &self->pstate, self->pindex,
                             hash_id, &self->key);
        if (rv != CRYPT_OK) croak("FATAL: dh_encrypt_key failed: %s", error_to_string(rv));
        RETVAL = newSVpvn((char*)buffer, buffer_len);
    }
    OUTPUT:
        RETVAL
 SV *
 _decrypt(Crypt::PK::DH self, SV * data)
    CODE:
    {
        int rv;
        unsigned char *data_ptr=NULL;
        STRLEN data_len=0;
        unsigned long buffer_len = 1024;
        unsigned char buffer[1024];
        data_ptr = (unsigned char *)SvPVbyte(data, data_len);
        rv = dh_decrypt_key(data_ptr, (unsigned long)data_len, buffer, &buffer_len, &self->key);
        if (rv != CRYPT_OK) croak("FATAL: dh_decrypt_key failed: %s", error_to_string(rv));
        RETVAL = newSVpvn((char*)buffer, buffer_len);
    }
    OUTPUT:
        RETVAL
 SV *
 _sign(Crypt::PK::DH self, SV * data)
    CODE:
    {
        int rv;
        unsigned char *data_ptr=NULL;
        STRLEN data_len=0;
        unsigned long buffer_len = 1024;
        unsigned char buffer[1024];
        data_ptr = (unsigned char *)SvPVbyte(data, data_len);
        rv = dh_sign_hash(data_ptr, (unsigned long)data_len, buffer, &buffer_len,
                           &self->pstate, self->pindex,
                           &self->key);
        if (rv != CRYPT_OK) croak("FATAL: dh_sign_hash failed: %s", error_to_string(rv));
        RETVAL = newSVpvn((char*)buffer, buffer_len);
    }
    OUTPUT:
        RETVAL
 int
 _verify(Crypt::PK::DH self, SV * sig, SV * data)
    CODE:
    {
        int rv, stat;
        unsigned char *data_ptr=NULL;
        STRLEN data_len=0;
        unsigned char *sig_ptr=NULL;
        STRLEN sig_len=0;
        data_ptr = (unsigned char *)SvPVbyte(data, data_len);
        sig_ptr = (unsigned char *)SvPVbyte(sig, sig_len);
        RETVAL = 1;
        rv = dh_verify_hash(sig_ptr, (unsigned long)sig_len, data_ptr, (unsigned long)data_len, &stat, &self->key);
        if (rv != CRYPT_OK || stat != 1) RETVAL = 0;
    }
    OUTPUT:
        RETVAL
 SV *
 shared_secret(Crypt::PK::DH self, Crypt::PK::DH pubkey)
    CODE:
@ -341,79 +301,23 @@ export_key_raw(Crypt::PK::DH self, char * type)
    CODE:
    {
        int rv;
-        unsigned long len, buffer_len = 1024;
+        unsigned char out[1024];
-        unsigned char buffer[1024];
+        unsigned long out_len = 1024;
 	void *key;
        RETVAL = newSVpvn(NULL, 0); /* undef */
        if (strnEQ(type, "private", 7)) {
-		key = self->key.x;
+          rv = dh_export_key(out, &out_len, PK_PRIVATE, &self->key);
          if (rv != CRYPT_OK) croak("FATAL: dh_export_key(PK_PRIVATE) failed: %s", error_to_string(rv));
          RETVAL = newSVpvn((char*)out, out_len);
        }
        else if (strnEQ(type, "public", 6)) {
-		key = self->key.y;
+          rv = dh_export_key(out, &out_len, PK_PUBLIC, &self->key);
          if (rv != CRYPT_OK) croak("FATAL: dh_export_key(PK_PUBLIC) failed: %s", error_to_string(rv));
          RETVAL = newSVpvn((char*)out, out_len);
        }
        else {
          croak("FATAL: export_key_raw: invalid type '%s'", type);
        }
        len = (unsigned long)mp_unsigned_bin_size(key);
        if (buffer_len < len) {
            croak("FATAL: %s", error_to_string(CRYPT_BUFFER_OVERFLOW));
        }
        rv = mp_to_unsigned_bin(key, buffer);
        if (rv != CRYPT_OK) croak("FATAL: %s", error_to_string(rv));
        RETVAL = newSVpvn((char*)buffer, len);
    }
    OUTPUT:
        RETVAL
 int
 _is_pubkey_valid(Crypt::PK::DH self);
    CODE:
    {
        int rv, i, bits_set = 0;
        mp_int one, two, p1, *y;
        mp_digit digit;
        if ((rv = mp_init_multi(&one, &two, &p1, NULL)) != MP_OKAY) {
            croak("FATAL: %s", error_to_string(rv));
        }
        y = self->key.y;
        mp_set(&one, 1);
        mp_set(&two, 2);
 	/* p1 = p-1 */
        if ((rv = mp_sub(self->key.prime, &one, &p1)) != MP_OKAY) {
            croak("FATAL: %s", error_to_string(rv));
        }
 	/* valid public key cannot be negative */
        if (y->sign == MP_NEG) {
            RETVAL = 0;
        }
 	/* valid public key != 1 */
        else if (mp_cmp(y, &one) == MP_EQ) {
            RETVAL = 0;
        }
 	/* public key cannot be > p-1 */
        else if (mp_cmp(y, &p1) == MP_GT) {
            RETVAL = 0;
        }
 	/* if base == 2, public must have more than one bit set */
        else if (mp_cmp(self->key.base, &two) == MP_EQ) {
            for (i = 0; i < y->used; i++) {
                digit = y->dp[i];
                while (digit > ((mp_digit) 0)) {
                    if (digit & ((mp_digit) 1))
                        bits_set++;
                    digit >>= ((mp_digit) 1);
                }
            }
            if (bits_set > 1)
                RETVAL = 1;
            else RETVAL = 0;
        }
        else RETVAL = 1;
    }
    OUTPUT:
        RETVAL
@ -423,4 +327,3 @@ DESTROY(Crypt::PK::DH self)
    CODE:
        if (self->key.type != -1) { dh_free(&self->key); self->key.type = -1; }
        Safefree(self);
--- a/inc/CryptX_PK_DSA.xs.inc
+++ b/inc/CryptX_PK_DSA.xs.inc
@ -1,7 +1,9 @@
 MODULE = CryptX         PACKAGE = Crypt::PK::DSA
 PROTOTYPES: DISABLE
 Crypt::PK::DSA
-_new()
+_new(Class)
    CODE:
    {
        int rv;
@ -9,15 +11,21 @@ _new()
        if (!RETVAL) croak("FATAL: Newz failed");
        RETVAL->key.type = -1;
        RETVAL->pindex = find_prng("chacha20");
-        if(RETVAL->pindex==-1) croak("FATAL: find_prng('chacha20') failed");
+        if (RETVAL->pindex == -1) {
          Safefree(RETVAL);
          croak("FATAL: find_prng('chacha20') failed");
        }
        rv = rng_make_prng(320, RETVAL->pindex, &RETVAL->pstate, NULL); /* 320bits = 40bytes */
-        if (rv != CRYPT_OK) croak("FATAL: rng_make_prng failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: rng_make_prng failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
        RETVAL
 void
-generate_key(Crypt::PK::DSA self, int group_size=30, int modulus_size=256)
+_generate_key_size(Crypt::PK::DSA self, int group_size=30, int modulus_size=256)
    PPCODE:
    {
        int rv;
@ -27,6 +35,48 @@ generate_key(Crypt::PK::DSA self, int group_size=30, int modulus_size=256)
        XPUSHs(ST(0)); /* return self */
    }
 void
 _generate_key_dsaparam(Crypt::PK::DSA self, SV * dsaparam)
    PPCODE:
    {
        int rv;
        unsigned char *data=NULL;
        STRLEN data_len=0;
        data = (unsigned char *)SvPVbyte(dsaparam, data_len);
        /* load d p q */
        rv = dsa_set_pqg_dsaparam(data, (unsigned long)data_len, &self->key);
        if (rv != CRYPT_OK) croak("FATAL: dsa_set_pqg_dsaparam failed: %s", error_to_string(rv));
        /* gen the key */
        rv = dsa_generate_key(&self->pstate, self->pindex, &self->key);
        if (rv != CRYPT_OK) croak("FATAL: dsa_generate_key failed: %s", error_to_string(rv));
        XPUSHs(ST(0)); /* return self */
    }
 void
 _generate_key_pqg_hex(Crypt::PK::DSA self, char *p, char *q, char *g)
    PPCODE:
    {
        int rv;
        unsigned char pbin[512], qbin[512], gbin[512];
        unsigned long plen=sizeof(pbin), qlen=sizeof(qbin), glen=sizeof(gbin);
        if (!p || !strlen(p) || !q || !strlen(q) || !g || !strlen(g)) {
          croak("FATAL: generate_key_pqg_hex incomplete args");
        }
        /* set p q g */
        rv = radix_to_bin(p, 16, pbin, &plen);
        if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(p) failed: %s", error_to_string(rv));
        rv = radix_to_bin(q, 16, qbin, &qlen);
        if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(q) failed: %s", error_to_string(rv));
        rv = radix_to_bin(g, 16, gbin, &glen);
        if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(g) failed: %s", error_to_string(rv));
        rv = dsa_set_pqg(pbin, plen, qbin, qlen, gbin, glen, &self->key);
        if (rv != CRYPT_OK) croak("FATAL: dsa_set_pqg failed: %s", error_to_string(rv));
        /* gen the key */
        rv = dsa_generate_key(&self->pstate, self->pindex, &self->key);
        if (rv != CRYPT_OK) croak("FATAL: dsa_generate_key failed: %s", error_to_string(rv));
        XPUSHs(ST(0)); /* return self */
    }
 void
 _import(Crypt::PK::DSA self, SV * key_data)
    PPCODE:
@ -47,9 +97,37 @@ _import_hex(Crypt::PK::DSA self, char *p, char *q, char *g, char *x, char *y)
    PPCODE:
    {
        int rv;
        unsigned char pbin[512], qbin[512], gbin[512], xbin[512], ybin[512];
        unsigned long plen=sizeof(pbin), qlen=sizeof(qbin), glen=sizeof(gbin), xlen=sizeof(xbin), ylen=sizeof(ybin);
        if (self->key.type != -1) { dsa_free(&self->key); self->key.type = -1; }
-        rv = dsa_import_radix(16, p, q, g, x, y, &self->key);
+
-        if (rv != CRYPT_OK) croak("FATAL: dsa_import_radix failed: %s", error_to_string(rv));
+        if (p && strlen(p) > 0 && q && strlen(q) > 0 && g && strlen(g) > 0 && y && strlen(y) > 0) {
          rv = radix_to_bin(p, 16, pbin, &plen);
          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(p) failed: %s", error_to_string(rv));
          rv = radix_to_bin(q, 16, qbin, &qlen);
          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(q) failed: %s", error_to_string(rv));
          rv = radix_to_bin(g, 16, gbin, &glen);
          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(g) failed: %s", error_to_string(rv));
          rv = dsa_set_pqg(pbin, plen, qbin, qlen, gbin, glen, &self->key);
          if (rv != CRYPT_OK) croak("FATAL: dsa_set_pqg failed: %s", error_to_string(rv));
          rv = radix_to_bin(y, 16, ybin, &ylen);
          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(y) failed: %s", error_to_string(rv));
          if (x && strlen(x) > 0) {
            /* private */
            rv = radix_to_bin(x, 16, xbin, &xlen);
            if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(x) failed: %s", error_to_string(rv));
            rv = dsa_set_key(xbin, xlen, PK_PRIVATE, &self->key);
            if (rv != CRYPT_OK) croak("FATAL: dsa_set_key failed: %s", error_to_string(rv));
          }
          else {
            /* public */
            rv = dsa_set_key(ybin, ylen, PK_PUBLIC, &self->key);
            if (rv != CRYPT_OK) croak("FATAL: dsa_set_key failed: %s", error_to_string(rv));
          }
        }
        XPUSHs(ST(0)); /* return self */
    }
@ -65,7 +143,7 @@ int
 size(Crypt::PK::DSA self)
    CODE:
        if (self->key.type == -1 || self->key.qord <= 0) XSRETURN_UNDEF;
-        RETVAL = mp_unsigned_bin_size(self->key.g);
+        RETVAL = mp_unsigned_bin_size(self->key.p);
    OUTPUT:
        RETVAL
@ -73,7 +151,7 @@ int
 size_q(Crypt::PK::DSA self)
    CODE:
        if (self->key.type == -1 || self->key.qord <= 0) XSRETURN_UNDEF;
-        RETVAL = self->key.qord;
+        RETVAL = mp_unsigned_bin_size(self->key.q);
    OUTPUT:
        RETVAL
@ -89,7 +167,7 @@ key2hash(Crypt::PK::DSA self)
        qsize = mp_unsigned_bin_size(self->key.q);
        psize = mp_unsigned_bin_size(self->key.p);
        rv_hash = newHV();
-        /* =====> g */
+        /* g */
        siz = (self->key.g) ? mp_unsigned_bin_size(self->key.g) : 0;
        if (siz>10000) {
          croak("FATAL: key2hash failed - 'g' too big number");
@ -101,7 +179,7 @@ key2hash(Crypt::PK::DSA self)
        else{
          not_used = hv_store(rv_hash, "g", 1, newSVpv("", 0), 0);
        }
-        /* =====> q */
+        /* q */
        siz = (self->key.q) ? mp_unsigned_bin_size(self->key.q) : 0;
        if (siz>10000) {
          croak("FATAL: key2hash failed - 'q' too big number");
@ -113,7 +191,7 @@ key2hash(Crypt::PK::DSA self)
        else{
          not_used = hv_store(rv_hash, "q", 1, newSVpv("", 0), 0);
        }
-        /* =====> p */
+        /* p */
        siz = (self->key.p) ? mp_unsigned_bin_size(self->key.p) : 0;
        if (siz>10000) {
          croak("FATAL: key2hash failed - 'p' too big number");
@ -125,7 +203,7 @@ key2hash(Crypt::PK::DSA self)
        else{
          not_used = hv_store(rv_hash, "p", 1, newSVpv("", 0), 0);
        }
-        /* =====> x */
+        /* x */
        siz = (self->key.x) ? mp_unsigned_bin_size(self->key.x) : 0;
        if (siz>10000) {
          croak("FATAL: key2hash failed - 'x' too big number");
@ -137,7 +215,7 @@ key2hash(Crypt::PK::DSA self)
        else{
          not_used = hv_store(rv_hash, "x", 1, newSVpv("", 0), 0);
        }
-        /* =====> y */
+        /* y */
        siz = (self->key.y) ? mp_unsigned_bin_size(self->key.y) : 0;
        if (siz>10000) {
          croak("FATAL: key2hash failed - 'y' too big number");
@ -149,11 +227,11 @@ key2hash(Crypt::PK::DSA self)
        else{
          not_used = hv_store(rv_hash, "y", 1, newSVpv("", 0), 0);
        }
-        /* =====> size */
+        /* size */
        not_used = hv_store(rv_hash, "size", 4, newSViv(qsize), 0);
-        /* =====> type */
+        /* type */
        not_used = hv_store(rv_hash, "type", 4, newSViv(self->key.type), 0);
-        if (not_used) not_used = NULL; /* just silence the warning: variable 'not_used' set but not used */
+        LTC_UNUSED_PARAM(not_used);
        RETVAL = newRV_noinc((SV*)rv_hash);
    OUTPUT:
        RETVAL
@ -185,7 +263,7 @@ export_key_der(Crypt::PK::DSA self, char * type)
        RETVAL
 SV *
-_encrypt(Crypt::PK::DSA self, SV * data, char * hash_name)
+encrypt(Crypt::PK::DSA self, SV * data, const char * hash_name = "SHA1")
    CODE:
    {
        int rv, hash_id;
@ -196,8 +274,8 @@ _encrypt(Crypt::PK::DSA self, SV * data, char * hash_name)
        data_ptr = (unsigned char *)SvPVbyte(data, data_len);
-        hash_id = find_hash(hash_name);
+        hash_id = _find_hash(hash_name);
-        if(hash_id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
+        if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
        rv = dsa_encrypt_key(data_ptr, (unsigned long)data_len, buffer, &buffer_len,
                             &self->pstate, self->pindex,
                             hash_id, &self->key);
@ -208,7 +286,7 @@ _encrypt(Crypt::PK::DSA self, SV * data, char * hash_name)
        RETVAL
 SV *
-_decrypt(Crypt::PK::DSA self, SV * data)
+decrypt(Crypt::PK::DSA self, SV * data)
    CODE:
    {
        int rv;
@ -227,17 +305,25 @@ _decrypt(Crypt::PK::DSA self, SV * data)
        RETVAL
 SV *
-_sign(Crypt::PK::DSA self, SV * data)
+sign_hash(Crypt::PK::DSA self, SV * data, const char * hash_name = "SHA1")
    ALIAS:
        sign_message = 1
    CODE:
    {
-        int rv;
+        int rv, id;
-        unsigned char *data_ptr=NULL;
+        unsigned char buffer[1024], tmp[MAXBLOCKSIZE], *data_ptr = NULL;
-        STRLEN data_len=0;
+        unsigned long tmp_len = MAXBLOCKSIZE, buffer_len = 1024;
-        unsigned char buffer[1024];
+        STRLEN data_len = 0;
        unsigned long buffer_len = 1024;
        data_ptr = (unsigned char *)SvPVbyte(data, data_len);
-
+        if (ix == 1) {
          id = _find_hash(hash_name);
          if (id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
          rv = hash_memory(id, data_ptr, (unsigned long)data_len, tmp, &tmp_len);
          if (rv != CRYPT_OK) croak("FATAL: hash_memory failed: %s", error_to_string(rv));
          data_ptr = tmp;
          data_len = tmp_len;
        }
        rv = dsa_sign_hash(data_ptr, (unsigned long)data_len, buffer, &buffer_len,
                           &self->pstate, self->pindex,
                           &self->key);
@ -248,19 +334,28 @@ _sign(Crypt::PK::DSA self, SV * data)
        RETVAL
 int
-_verify(Crypt::PK::DSA self, SV * sig, SV * data)
+verify_hash(Crypt::PK::DSA self, SV * sig, SV * data, const char * hash_name = "SHA1")
    ALIAS:
        verify_message = 1
    CODE:
    {
-        int rv, stat;
+        int rv, stat, id;
-        unsigned char *data_ptr=NULL;
+        unsigned char tmp[MAXBLOCKSIZE], *data_ptr = NULL, *sig_ptr = NULL;
-        STRLEN data_len=0;
+        unsigned long tmp_len = MAXBLOCKSIZE;
-        unsigned char *sig_ptr=NULL;
+        STRLEN data_len = 0, sig_len = 0;
        STRLEN sig_len=0;
        data_ptr = (unsigned char *)SvPVbyte(data, data_len);
        sig_ptr = (unsigned char *)SvPVbyte(sig, sig_len);
-
+        if (ix == 1) {
          id = _find_hash(hash_name);
          if (id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
          rv = hash_memory(id, data_ptr, (unsigned long)data_len, tmp, &tmp_len);
          if (rv != CRYPT_OK) croak("FATAL: hash_memory failed: %s", error_to_string(rv));
          data_ptr = tmp;
          data_len = tmp_len;
        }
        RETVAL = 1;
        stat = 0;
        rv = dsa_verify_hash(sig_ptr, (unsigned long)sig_len, data_ptr, (unsigned long)data_len, &stat, &self->key);
        if (rv != CRYPT_OK || stat != 1) RETVAL = 0;
    }
--- a/inc/CryptX_PK_ECC.xs.inc
+++ b/inc/CryptX_PK_ECC.xs.inc
@ -1,7 +1,9 @@
 MODULE = CryptX         PACKAGE = Crypt::PK::ECC
 PROTOTYPES: DISABLE
 Crypt::PK::ECC
-_new()
+_new(Class)
    CODE:
    {
        int rv;
@ -9,10 +11,15 @@ _new()
        if (!RETVAL) croak("FATAL: Newz failed");
        RETVAL->pindex = find_prng("chacha20");
        RETVAL->key.type = -1;
-        ecc_dp_init(&RETVAL->dp);
+        if (RETVAL->pindex == -1) {
-        if(RETVAL->pindex==-1) croak("FATAL: find_prng('chacha20') failed");
+          Safefree(RETVAL);
          croak("FATAL: find_prng('chacha20') failed");
        }
        rv = rng_make_prng(320, RETVAL->pindex, &RETVAL->pstate, NULL); /* 320bits = 40bytes */
-        if (rv != CRYPT_OK) croak("FATAL: rng_make_prng failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: rng_make_prng failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
        RETVAL
@ -23,10 +30,11 @@ generate_key(Crypt::PK::ECC self, SV *curve)
    {
        int rv;
        /* setup dp structure */
-        _ecc_set_dp_from_SV(&self->dp, curve); /* croaks on error */
+        rv = _ecc_set_dp_from_SV(&self->key, curve); /* croaks on error */
        if (rv != CRYPT_OK) croak("FATAL: ecc_set_dp failed: %s", error_to_string(rv));
        /* gen the key */
-        rv = ecc_make_key_ex(&self->pstate, self->pindex, &self->key, &self->dp);
+        rv = ecc_generate_key(&self->pstate, self->pindex, &self->key);
-        if (rv != CRYPT_OK) croak("FATAL: ecc_make_key_ex failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) croak("FATAL: ecc_generate_key failed: %s", error_to_string(rv));
        XPUSHs(ST(0)); /* return self */
    }
@ -39,14 +47,32 @@ _import(Crypt::PK::ECC self, SV * key_data)
        STRLEN data_len=0;
        data = (unsigned char *)SvPVbyte(key_data, data_len);
-        _ecc_free_key(&self->key, &self->dp);
+        if (self->key.type != -1) { ecc_free(&self->key); self->key.type = -1; }
-        rv = ecc_import_full(data, (unsigned long)data_len, &self->key, &self->dp);
+        rv = ecc_import_openssl(data, (unsigned long)data_len, &self->key);
-        if (rv != CRYPT_OK) croak("FATAL: ecc_import_full failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) croak("FATAL: ecc_import_openssl failed: %s", error_to_string(rv));
        XPUSHs(ST(0)); /* return self */
    }
 void
-_import_pkcs8(Crypt::PK::ECC self, SV * key_data)
+_import_pkcs8(Crypt::PK::ECC self, SV * key_data, SV * passwd)
    PPCODE:
    {
        int rv;
        unsigned char *data=NULL, *pwd=NULL;
        STRLEN data_len=0, pwd_len=0;
        data = (unsigned char *)SvPVbyte(key_data, data_len);
        if (SvOK(passwd)) {
          pwd = (unsigned char *)SvPVbyte(passwd, pwd_len);
        }
        if (self->key.type != -1) { ecc_free(&self->key); self->key.type = -1; }
        rv = ecc_import_pkcs8(data, (unsigned long)data_len, pwd, (unsigned long)pwd_len, &self->key);
        if (rv != CRYPT_OK) croak("FATAL: ecc_import_pkcs8 failed: %s", error_to_string(rv));
        XPUSHs(ST(0)); /* return self */
    }
 void
 _import_x509(Crypt::PK::ECC self, SV * key_data)
    PPCODE:
    {
        int rv;
@ -54,9 +80,9 @@ _import_pkcs8(Crypt::PK::ECC self, SV * key_data)
        STRLEN data_len=0;
        data = (unsigned char *)SvPVbyte(key_data, data_len);
-        _ecc_free_key(&self->key, &self->dp);
+        if (self->key.type != -1) { ecc_free(&self->key); self->key.type = -1; }
-        rv = ecc_import_pkcs8(data, (unsigned long)data_len, NULL, 0, &self->key, &self->dp);
+        rv = ecc_import_x509(data, (unsigned long)data_len, &self->key);
-        if (rv != CRYPT_OK) croak("FATAL: ecc_import_pkcs8 failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) croak("FATAL: ecc_import_x509 failed: %s", error_to_string(rv));
        XPUSHs(ST(0)); /* return self */
    }
@ -64,17 +90,19 @@ void
 import_key_raw(Crypt::PK::ECC self, SV * key_data, SV * curve)
    PPCODE:
    {
-        int rv;
+        int rv, type;
        unsigned char *data=NULL;
        STRLEN data_len=0;
        data = (unsigned char *)SvPVbyte(key_data, data_len);
-        _ecc_free_key(&self->key, &self->dp);
+        if (self->key.type != -1) { ecc_free(&self->key); self->key.type = -1; }
-        
+        /* setup dp structure */
-        _ecc_set_dp_from_SV(&self->dp, curve); /* croaks on error */
+        rv = _ecc_set_dp_from_SV(&self->key, curve); /* croaks on error */
-        
+        if (rv != CRYPT_OK) croak("FATAL: ecc_set_dp failed: %s", error_to_string(rv));
-        rv = ecc_import_raw(data, (unsigned long)data_len, &self->key, &self->dp);
+        /* import key */
-        if (rv != CRYPT_OK) croak("FATAL: ecc_import_raw failed: %s", error_to_string(rv));
+        type = (data_len == (STRLEN)ecc_get_size(&self->key)) ? PK_PRIVATE : PK_PUBLIC;
        rv = ecc_set_key(data, (unsigned long)data_len, type, &self->key);
        if (rv != CRYPT_OK) croak("FATAL: ecc_set_key failed: %s", error_to_string(rv));
        XPUSHs(ST(0)); /* return self */
    }
@ -105,7 +133,7 @@ key2hash(Crypt::PK::ECC self)
        if (self->key.type == -1) XSRETURN_UNDEF;
        esize = ecc_get_size(&self->key);
        rv_hash = newHV();
-        /* =====> k */
+        /* k */
        siz = (self->key.k) ? mp_unsigned_bin_size(self->key.k) : 0;
        if (siz>10000) {
          croak("FATAL: key2hash failed - 'k' too big number");
@ -117,7 +145,7 @@ key2hash(Crypt::PK::ECC self)
        else{
          not_used = hv_store(rv_hash, "k", 1, newSVpv("", 0), 0);
        }
-        /* =====> pub_x */
+        /* pub_x */
        siz = (self->key.pubkey.x) ? mp_unsigned_bin_size(self->key.pubkey.x) : 0;
        if (siz>10000) {
          croak("FATAL: key2hash failed - 'pub_x' too big number");
@ -129,7 +157,7 @@ key2hash(Crypt::PK::ECC self)
        else{
          not_used = hv_store(rv_hash, "pub_x", 5, newSVpv("", 0), 0);
        }
-        /* =====> pub_y */
+        /* pub_y */
        siz = (self->key.pubkey.y) ? mp_unsigned_bin_size(self->key.pubkey.y) : 0;
        if (siz>10000) {
          croak("FATAL: key2hash failed - 'pub_y' too big number");
@ -141,62 +169,56 @@ key2hash(Crypt::PK::ECC self)
        else{
          not_used = hv_store(rv_hash, "pub_y", 5, newSVpv("", 0), 0);
        }
-        /* =====> curve_... */
+        /* curve_... */
-        if (self->key.dp) {
+        {
-          not_used = hv_store(rv_hash, "curve_cofactor", 14, newSViv(self->key.dp->cofactor), 0);
+          not_used = hv_store(rv_hash, "curve_cofactor",                14, newSViv(self->key.dp.cofactor), 0);
-          /* prepend leading zero if we have odd number of hexadecimal digits */
+          mp_tohex_with_leading_zero(self->key.dp.prime, buf, 20000, 0);
-          strncpy(buf, self->key.dp->prime, 20000); str_add_leading_zero(buf, 20000, 0);
+          not_used = hv_store(rv_hash, "curve_prime",                   11, newSVpv(buf, strlen(buf)), 0);
-          not_used = hv_store(rv_hash, "curve_prime", 11, newSVpv(buf, strlen(buf)), 0);
+          mp_tohex_with_leading_zero(self->key.dp.A, buf, 20000, 0);
-          strncpy(buf, self->key.dp->A,     20000); str_add_leading_zero(buf, 20000, 0);
+          not_used = hv_store(rv_hash, "curve_A",                        7, newSVpv(buf, strlen(buf)), 0);
-          not_used = hv_store(rv_hash, "curve_A",      7, newSVpv(buf, strlen(buf)), 0);
+          mp_tohex_with_leading_zero(self->key.dp.B, buf, 20000, 0);
-          strncpy(buf, self->key.dp->B,     20000); str_add_leading_zero(buf, 20000, 0);
+          not_used = hv_store(rv_hash, "curve_B",                        7, newSVpv(buf, strlen(buf)), 0);
-          not_used = hv_store(rv_hash, "curve_B",      7, newSVpv(buf, strlen(buf)), 0);
+          mp_tohex_with_leading_zero(self->key.dp.order, buf, 20000, 0);
-          strncpy(buf, self->key.dp->order, 20000); str_add_leading_zero(buf, 20000, 0);
+          not_used = hv_store(rv_hash, "curve_order",                   11, newSVpv(buf, strlen(buf)), 0);
-          not_used = hv_store(rv_hash, "curve_order", 11, newSVpv(buf, strlen(buf)), 0);
+          mp_tohex_with_leading_zero(self->key.dp.base.x, buf, 20000, 0);
-          strncpy(buf, self->key.dp->Gx,    20000); str_add_leading_zero(buf, 20000, 0);
+          not_used = hv_store(rv_hash, "curve_Gx",                       8, newSVpv(buf, strlen(buf)), 0);
-          not_used = hv_store(rv_hash, "curve_Gx",     8, newSVpv(buf, strlen(buf)), 0);
+          mp_tohex_with_leading_zero(self->key.dp.base.y, buf, 20000, 0);
-          strncpy(buf, self->key.dp->Gy,    20000); str_add_leading_zero(buf, 20000, 0);
+          not_used = hv_store(rv_hash, "curve_Gy",                       8, newSVpv(buf, strlen(buf)), 0);
-          not_used = hv_store(rv_hash, "curve_Gy",     8, newSVpv(buf, strlen(buf)), 0);
+          not_used = hv_store(rv_hash, "curve_bytes",                   11, newSViv(mp_unsigned_bin_size(self->key.dp.prime)), 0);
-          /* OLD approach
+          not_used = hv_store(rv_hash, "curve_bits",                    10, newSViv(mp_count_bits(self->key.dp.prime)), 0);
            not_used = hv_store(rv_hash, "curve_prime", 11, newSVpv(self->key.dp->prime, strlen(self->key.dp->prime)), 0);
            not_used = hv_store(rv_hash, "curve_A",      7, newSVpv(self->key.dp->A,     strlen(self->key.dp->A)), 0);
            not_used = hv_store(rv_hash, "curve_B",      7, newSVpv(self->key.dp->B,     strlen(self->key.dp->B)), 0);
            not_used = hv_store(rv_hash, "curve_order", 11, newSVpv(self->key.dp->order, strlen(self->key.dp->order)), 0);
            not_used = hv_store(rv_hash, "curve_Gx",     8, newSVpv(self->key.dp->Gx,    strlen(self->key.dp->Gx)), 0);
            not_used = hv_store(rv_hash, "curve_Gy",     8, newSVpv(self->key.dp->Gy,    strlen(self->key.dp->Gy)), 0);
          */
          {
            mp_int p_num;
            mp_init(&p_num);
            mp_read_radix(&p_num, self->key.dp->prime, 16);
            not_used = hv_store(rv_hash, "curve_bytes", 11, newSViv(mp_unsigned_bin_size(&p_num)), 0);
            not_used = hv_store(rv_hash, "curve_bits",  10, newSViv(mp_count_bits(&p_num)), 0);
            mp_clear(&p_num);
          }
          {
            unsigned long i;
            SV *name;
            char *name_ptr;
            STRLEN name_len;
-            name = newSVpv(self->key.dp->name,  strlen(self->key.dp->name));
+          if (self->key.dp.oidlen > 0) {
            name_ptr = SvPV(name, name_len);
            for (i=0; i<name_len && name_ptr[i]>0; i++) name_ptr[i] = toLOWER(name_ptr[i]);
            not_used = hv_store(rv_hash, "curve_name", 10, name, 0);
          }
          if (self->key.dp->oid.OIDlen > 0) {
            unsigned long i;
            HV *h;
            SV **pref, *cname;
            char *cname_ptr, *oid_ptr;
            STRLEN cname_len;
            /* OID -> "curve_oid" */
            SV *oid = newSVpv("", 0);
-            for(i = 0; i < self->key.dp->oid.OIDlen - 1; i++) sv_catpvf(oid, "%lu.", self->key.dp->oid.OID[i]);
+            for(i = 0; i < self->key.dp.oidlen - 1; i++) sv_catpvf(oid, "%lu.", self->key.dp.oid[i]);
-            sv_catpvf(oid, "%lu", self->key.dp->oid.OID[i]);
+            sv_catpvf(oid, "%lu", self->key.dp.oid[i]);
            oid_ptr = SvPVX(oid);
            not_used = hv_store(rv_hash, "curve_oid", 9, oid, 0);
            /* curve name -> "curve_name" */
            if ((h = get_hv("Crypt::PK::ECC::curve2ltc", 0)) != NULL) {
              pref = hv_fetch(h, oid_ptr, (U32)strlen(oid_ptr), 0);
              if (pref) {
                cname_ptr = SvPV(*pref, cname_len);
                cname = newSVpv(cname_ptr, cname_len);
                cname_ptr = SvPVX(cname);
                for (i=0; i<cname_len && cname_ptr[i]>0; i++) cname_ptr[i] = toLOWER(cname_ptr[i]);
                not_used = hv_store(rv_hash, "curve_name", 10, cname, 0);
              }
            }
          }
        }
-        /* =====> size */
+        /* size */
        not_used = hv_store(rv_hash, "size", 4, newSViv(esize), 0);
-        /* =====> type */
+        /* type */
        not_used = hv_store(rv_hash, "type", 4, newSViv(self->key.type), 0);
-        if (not_used) not_used = NULL; /* just silence the warning: variable 'not_used' set but not used */
+        LTC_UNUSED_PARAM(not_used);
        RETVAL = newRV_noinc((SV*)rv_hash);
    OUTPUT:
        RETVAL
@ -209,25 +231,35 @@ export_key_der(Crypt::PK::ECC self, char * type)
        unsigned char out[4096];
        unsigned long int out_len = 4096;
-        RETVAL = newSVpvn(NULL, 0); /* undef */
+        if (self->key.type == -1) croak("FATAL: export_key_der no key");
        if (strnEQ(type, "private_short", 16)) {
-          rv = ecc_export_full(out, &out_len, PK_PRIVATE|PK_CURVEOID, &self->key);
+          rv = ecc_export_openssl(out, &out_len, PK_PRIVATE|PK_CURVEOID, &self->key);
-          if (rv != CRYPT_OK) croak("FATAL: ecc_export(PK_PRIVATE|PK_CURVEOID) failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) croak("FATAL: ecc_export_openssl(PK_PRIVATE|PK_CURVEOID) failed: %s", error_to_string(rv));
          RETVAL = newSVpvn((char*)out, out_len);
        }
        else if (strnEQ(type, "private_compressed", 16)) {
          rv = ecc_export_openssl(out, &out_len, PK_PRIVATE|PK_CURVEOID|PK_COMPRESSED, &self->key);
          if (rv != CRYPT_OK) croak("FATAL: ecc_export_openssl(PK_PRIVATE|PK_CURVEOID|PK_COMPRESSED) failed: %s", error_to_string(rv));
          RETVAL = newSVpvn((char*)out, out_len);
        }
        else if (strnEQ(type, "private", 7)) {
-          rv = ecc_export_full(out, &out_len, PK_PRIVATE, &self->key);
+          rv = ecc_export_openssl(out, &out_len, PK_PRIVATE, &self->key);
-          if (rv != CRYPT_OK) croak("FATAL: ecc_export(PK_PRIVATE) failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) croak("FATAL: ecc_export_openssl(PK_PRIVATE) failed: %s", error_to_string(rv));
          RETVAL = newSVpvn((char*)out, out_len);
        }
        else if (strnEQ(type, "public_compressed", 15)) {
          rv = ecc_export_openssl(out, &out_len, PK_PUBLIC|PK_CURVEOID|PK_COMPRESSED, &self->key);
          if (rv != CRYPT_OK) croak("FATAL: ecc_export_openssl(PK_PUBLIC|PK_CURVEOID|PK_COMPRESSED) failed: %s", error_to_string(rv));
          RETVAL = newSVpvn((char*)out, out_len);
        }
        else if (strnEQ(type, "public_short", 15)) {
-          rv = ecc_export_full(out, &out_len, PK_PUBLIC|PK_CURVEOID, &self->key);
+          rv = ecc_export_openssl(out, &out_len, PK_PUBLIC|PK_CURVEOID, &self->key);
-          if (rv != CRYPT_OK) croak("FATAL: ecc_export(PK_PUBLIC|PK_CURVEOID) failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) croak("FATAL: ecc_export_openssl(PK_PUBLIC|PK_CURVEOID) failed: %s", error_to_string(rv));
          RETVAL = newSVpvn((char*)out, out_len);
        }
        else if (strnEQ(type, "public", 6)) {
-          rv = ecc_export_full(out, &out_len, PK_PUBLIC, &self->key);
+          rv = ecc_export_openssl(out, &out_len, PK_PUBLIC, &self->key);
-          if (rv != CRYPT_OK) croak("FATAL: ecc_export(PK_PUBLIC) failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) croak("FATAL: ecc_export_openssl(PK_PUBLIC) failed: %s", error_to_string(rv));
          RETVAL = newSVpvn((char*)out, out_len);
        }
        else {
@ -245,20 +277,20 @@ export_key_raw(Crypt::PK::ECC self, char * type)
        unsigned char out[4096];
        unsigned long int out_len = sizeof(out);
-        RETVAL = newSVpvn(NULL, 0); /* undef */
+        if (self->key.type == -1) croak("FATAL: export_key_der no key");
        if (strnEQ(type, "private", 7)) {
-          rv = ecc_export_raw(out, &out_len, PK_PRIVATE, &self->key);
+          rv = ecc_get_key(out, &out_len, PK_PRIVATE, &self->key);
-          if (rv != CRYPT_OK) croak("FATAL: ecc_export_raw(private) failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) croak("FATAL: ecc_get_key(private) failed: %s", error_to_string(rv));
          RETVAL = newSVpvn((char*)out, out_len);
        }
        else if (strnEQ(type, "public_compressed", 17)) {
-          rv = ecc_export_raw(out, &out_len, PK_PUBLIC_COMPRESSED, &self->key);
+          rv = ecc_get_key(out, &out_len, PK_PUBLIC|PK_COMPRESSED, &self->key);
-          if (rv != CRYPT_OK) croak("FATAL: ecc_export_raw(public_compressed) failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) croak("FATAL: ecc_get_key(public_compressed) failed: %s", error_to_string(rv));
          RETVAL = newSVpvn((char*)out, out_len);
        }
        else if (strnEQ(type, "public", 6)) {
-          rv = ecc_export_raw(out, &out_len, PK_PUBLIC, &self->key);
+          rv = ecc_get_key(out, &out_len, PK_PUBLIC, &self->key);
-          if (rv != CRYPT_OK) croak("FATAL: ecc_export_raw(public) failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) croak("FATAL: ecc_get_key(public) failed: %s", error_to_string(rv));
          RETVAL = newSVpvn((char*)out, out_len);
        }
        else {
@ -269,7 +301,7 @@ export_key_raw(Crypt::PK::ECC self, char * type)
        RETVAL
 SV *
-_encrypt(Crypt::PK::ECC self, SV * data, char * hash_name)
+encrypt(Crypt::PK::ECC self, SV * data, const char * hash_name = "SHA1")
    CODE:
    {
        int rv, hash_id;
@ -280,8 +312,8 @@ _encrypt(Crypt::PK::ECC self, SV * data, char * hash_name)
        data_ptr = (unsigned char *)SvPVbyte(data, data_len);
-        hash_id = find_hash(hash_name);
+        hash_id = _find_hash(hash_name);
-        if(hash_id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
+        if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
        rv = ecc_encrypt_key(data_ptr, (unsigned long)data_len, buffer, &buffer_len,
                             &self->pstate, self->pindex,
                             hash_id, &self->key);
@ -292,7 +324,7 @@ _encrypt(Crypt::PK::ECC self, SV * data, char * hash_name)
        RETVAL
 SV *
-_decrypt(Crypt::PK::ECC self, SV * data)
+decrypt(Crypt::PK::ECC self, SV * data)
    CODE:
    {
        int rv;
@ -311,20 +343,28 @@ _decrypt(Crypt::PK::ECC self, SV * data)
        RETVAL
 SV *
-_sign(Crypt::PK::ECC self, SV * data)
+sign_hash(Crypt::PK::ECC self, SV * data, const char * hash_name = "SHA1")
    ALIAS:
-        _sign_rfc7518 = 1
+        sign_hash_rfc7518    = 3
        sign_message         = 1
        sign_message_rfc7518 = 2
    CODE:
    {
-        int rv;
+        int rv, id;
-        unsigned char *data_ptr=NULL;
+        unsigned char buffer[1024], tmp[MAXBLOCKSIZE], *data_ptr = NULL;
-        STRLEN data_len=0;
+        unsigned long tmp_len = MAXBLOCKSIZE, buffer_len = 1024;
-        unsigned char buffer[1024];
+        STRLEN data_len = 0;
        unsigned long buffer_len = 1024;
        data_ptr = (unsigned char *)SvPVbyte(data, data_len);
-
+        if (ix == 1 || ix == 2) {
-        if (ix == 1) {
+          id = _find_hash(hash_name);
          if (id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
          rv = hash_memory(id, data_ptr, (unsigned long)data_len, tmp, &tmp_len);
          if (rv != CRYPT_OK) croak("FATAL: hash_memory failed: %s", error_to_string(rv));
          data_ptr = tmp;
          data_len = tmp_len;
        }
        if (ix == 2 || ix == 3) {
          rv = ecc_sign_hash_rfc7518(data_ptr, (unsigned long)data_len, buffer, &buffer_len,
                             &self->pstate, self->pindex,
                             &self->key);
@ -341,22 +381,31 @@ _sign(Crypt::PK::ECC self, SV * data)
        RETVAL
 int
-_verify(Crypt::PK::ECC self, SV * sig, SV * data)
+verify_hash(Crypt::PK::ECC self, SV * sig, SV * data, const char * hash_name = "SHA1")
    ALIAS:
-        _verify_rfc7518 = 1
+        verify_hash_rfc7518    = 3
        verify_message         = 1
        verify_message_rfc7518 = 2
    CODE:
    {
-        int rv, stat;
+        int rv, stat, id;
-        unsigned char *data_ptr=NULL;
+        unsigned char tmp[MAXBLOCKSIZE], *data_ptr = NULL, *sig_ptr = NULL;
-        STRLEN data_len=0;
+        unsigned long tmp_len = MAXBLOCKSIZE;
-        unsigned char *sig_ptr=NULL;
+        STRLEN data_len = 0, sig_len = 0;
        STRLEN sig_len=0;
        data_ptr = (unsigned char *)SvPVbyte(data, data_len);
        sig_ptr = (unsigned char *)SvPVbyte(sig, sig_len);
-
+        if (ix == 1 || ix == 2) {
          id = _find_hash(hash_name);
          if (id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
          rv = hash_memory(id, data_ptr, (unsigned long)data_len, tmp, &tmp_len);
          if (rv != CRYPT_OK) croak("FATAL: hash_memory failed: %s", error_to_string(rv));
          data_ptr = tmp;
          data_len = tmp_len;
        }
        RETVAL = 1;
-        if (ix == 1) {
+        stat = 0;
        if (ix == 2 || ix == 3) {
          rv = ecc_verify_hash_rfc7518(sig_ptr, (unsigned long)sig_len, data_ptr, (unsigned long)data_len, &stat, &self->key);
        }
        else {
@ -385,6 +434,6 @@ shared_secret(Crypt::PK::ECC self, Crypt::PK::ECC pubkey)
 void
 DESTROY(Crypt::PK::ECC self)
    CODE:
-        _ecc_free_key(&self->key, &self->dp);
+        if (self->key.type != -1) { ecc_free(&self->key); self->key.type = -1; }
        Safefree(self);
--- a/inc/CryptX_PK_RSA.xs.inc
+++ b/inc/CryptX_PK_RSA.xs.inc
@ -1,7 +1,9 @@
 MODULE = CryptX         PACKAGE = Crypt::PK::RSA
 PROTOTYPES: DISABLE
 Crypt::PK::RSA
-_new()
+_new(Class)
    CODE:
    {
        int rv;
@ -9,9 +11,15 @@ _new()
        if (!RETVAL) croak("FATAL: Newz failed");
        RETVAL->key.type = -1;
        RETVAL->pindex = find_prng("chacha20");
-        if(RETVAL->pindex==-1) croak("FATAL: find_prng('chacha20') failed");
+        if (RETVAL->pindex == -1) {
          Safefree(RETVAL);
          croak("FATAL: find_prng('chacha20') failed");
        }
        rv = rng_make_prng(320, RETVAL->pindex, &RETVAL->pstate, NULL); /* 320bits = 40bytes */
-        if (rv != CRYPT_OK) croak("FATAL: rng_make_prng failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: rng_make_prng failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
        RETVAL
@ -44,7 +52,25 @@ _import(Crypt::PK::RSA self, SV * key_data)
    }
 void
-_import_pkcs8(Crypt::PK::RSA self, SV * key_data)
+_import_pkcs8(Crypt::PK::RSA self, SV * key_data, SV * passwd)
    PPCODE:
    {
        int rv;
        unsigned char *data=NULL, *pwd=NULL;
        STRLEN data_len=0, pwd_len=0;
        data = (unsigned char *)SvPVbyte(key_data, data_len);
        if (SvOK(passwd)) {
          pwd = (unsigned char *)SvPVbyte(passwd, pwd_len);
        }
        if (self->key.type != -1) { rsa_free(&self->key); self->key.type = -1; }
        rv = rsa_import_pkcs8(data, (unsigned long)data_len, pwd, (unsigned long)pwd_len, &self->key);
        if (rv != CRYPT_OK) croak("FATAL: rsa_import_pkcs8 failed: %s", error_to_string(rv));
        XPUSHs(ST(0)); /* return self */
    }
 void
 _import_x509(Crypt::PK::RSA self, SV * key_data)
    PPCODE:
    {
        int rv;
@ -53,8 +79,8 @@ _import_pkcs8(Crypt::PK::RSA self, SV * key_data)
        data = (unsigned char *)SvPVbyte(key_data, data_len);
        if (self->key.type != -1) { rsa_free(&self->key); self->key.type = -1; }
-        rv = rsa_import_pkcs8(data, (unsigned long)data_len, NULL, 0, &self->key);
+        rv = rsa_import_x509(data, (unsigned long)data_len, &self->key);
-        if (rv != CRYPT_OK) croak("FATAL: rsa_import_pkcs8 failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) croak("FATAL: rsa_import_x509 failed: %s", error_to_string(rv));
        XPUSHs(ST(0)); /* return self */
    }
@ -63,9 +89,50 @@ _import_hex(Crypt::PK::RSA self, char *N, char *e, char *d=NULL, char *p=NULL, c
    PPCODE:
    {
        int rv;
-        if (self->key.type != -1) { rsa_free(&self->key); self->key.type = -1; }
+        unsigned char Nbin[1024], ebin[128], dbin[1024], pbin[512], qbin[512], dPbin[512], dQbin[512], qPbin[512];
-        rv = rsa_import_radix(16, N, e, d, p, q, dP, dQ, qP, &self->key);
+        unsigned long Nlen=sizeof(Nbin), elen=sizeof(ebin), dlen=sizeof(dbin), plen=sizeof(pbin),
-        if (rv != CRYPT_OK) croak("FATAL: rsa_import_radix failed: %s", error_to_string(rv));
+                      qlen=sizeof(qbin), dPlen=sizeof(dPbin), dQlen=sizeof(dQbin), qPlen=sizeof(qPbin);
        rv = radix_to_bin(N,  16,  Nbin,  &Nlen);
        if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(N) failed: %s", error_to_string(rv));
        rv = radix_to_bin(e,  16,  ebin,  &elen);
        if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(e) failed: %s", error_to_string(rv));
        if (d && strlen(d) > 0) {
          /* private */
          rv = radix_to_bin(d,  16,  dbin,  &dlen);
          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(d) failed: %s", error_to_string(rv));
          rv = rsa_set_key(Nbin, Nlen, ebin, elen, dbin, dlen, &self->key);
          if (rv != CRYPT_OK) croak("FATAL: rsa_set_key failed: %s", error_to_string(rv));
        }
        else {
          /* public */
          rv = rsa_set_key(Nbin, Nlen, ebin, elen, NULL, 0, &self->key);
          if (rv != CRYPT_OK) croak("FATAL: rsa_set_key failed: %s", error_to_string(rv));
        }
        if (p && strlen(p) > 0 && q && strlen(q) > 0) {
          /* private only */
          rv = radix_to_bin(p,  16,  pbin,  &plen);
          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(p) failed: %s", error_to_string(rv));
          rv = radix_to_bin(q,  16,  qbin,  &qlen);
          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(q) failed: %s", error_to_string(rv));
          rv = rsa_set_factors(pbin, plen, qbin, qlen, &self->key);
          if (rv != CRYPT_OK) croak("FATAL: rsa_set_factors failed: %s", error_to_string(rv));
        }
        if (dP && strlen(dP) > 0 && dQ && strlen(dQ) > 0 && qP && strlen(qP) > 0) {
          /* private only */
          rv = radix_to_bin(dP, 16, dPbin, &dPlen);
          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(dP) failed: %s", error_to_string(rv));
          rv = radix_to_bin(dQ, 16, dQbin, &dQlen);
          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(dQ) failed: %s", error_to_string(rv));
          rv = radix_to_bin(qP, 16, qPbin, &qPlen);
          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(qP) failed: %s", error_to_string(rv));
          rv = rsa_set_crt_params(dPbin, dPlen, dQbin, dQlen, qPbin, qPlen, &self->key);
          if (rv != CRYPT_OK) croak("FATAL: rsa_set_crt_params failed: %s", error_to_string(rv));
        }
        XPUSHs(ST(0)); /* return self */
    }
@ -96,7 +163,7 @@ key2hash(Crypt::PK::RSA self)
        if (self->key.type == -1 || self->key.N == NULL) XSRETURN_UNDEF;
        nsize = mp_unsigned_bin_size(self->key.N);
        rv_hash = newHV();
-        /* =====> e */
+        /* e */
        siz = (self->key.e) ? mp_unsigned_bin_size(self->key.e) : 0;
        if (siz>10000) {
          croak("FATAL: key2hash failed - 'e' too big number");
@ -108,7 +175,7 @@ key2hash(Crypt::PK::RSA self)
        else{
          not_used = hv_store(rv_hash, "e", 1, newSVpv("", 0), 0);
        }
-        /* =====> d */
+        /* d */
        siz = (self->key.d) ? mp_unsigned_bin_size(self->key.d) : 0;
        if (siz>10000) {
          croak("FATAL: key2hash failed - 'd' too big number");
@ -120,7 +187,7 @@ key2hash(Crypt::PK::RSA self)
        else{
          not_used = hv_store(rv_hash, "d", 1, newSVpv("", 0), 0);
        }
-        /* =====> N */
+        /* N */
        siz = (self->key.N) ? nsize : 0;
        if (siz>10000) {
          croak("FATAL: key2hash failed - 'N' too big number");
@ -132,7 +199,7 @@ key2hash(Crypt::PK::RSA self)
        else{
          not_used = hv_store(rv_hash, "N", 1, newSVpv("", 0), 0);
        }
-        /* =====> q */
+        /* q */
        siz = (self->key.q) ? mp_unsigned_bin_size(self->key.q) : 0;
        if (siz>10000) {
          croak("FATAL: key2hash failed - 'q' too big number");
@ -144,7 +211,7 @@ key2hash(Crypt::PK::RSA self)
        else{
          not_used = hv_store(rv_hash, "q", 1, newSVpv("", 0), 0);
        }
-        /* =====> p */
+        /* p */
        siz = (self->key.p) ? mp_unsigned_bin_size(self->key.p) : 0;
        if (siz>10000) {
          croak("FATAL: key2hash failed - 'p' too big number");
@ -156,7 +223,7 @@ key2hash(Crypt::PK::RSA self)
        else{
          not_used = hv_store(rv_hash, "p", 1, newSVpv("", 0), 0);
        }
-        /* =====> qP */
+        /* qP */
        siz = (self->key.qP) ? mp_unsigned_bin_size(self->key.qP) : 0;
        if (siz>10000) {
          croak("FATAL: key2hash failed - 'qP' too big number");
@ -168,7 +235,7 @@ key2hash(Crypt::PK::RSA self)
        else{
          not_used = hv_store(rv_hash, "qP", 2, newSVpv("", 0), 0);
        }
-        /* =====> dP */
+        /* dP */
        siz = (self->key.dP) ? mp_unsigned_bin_size(self->key.dP) : 0;
        if (siz>10000) {
          croak("FATAL: key2hash failed - 'dP' too big number");
@ -180,7 +247,7 @@ key2hash(Crypt::PK::RSA self)
        else{
          not_used = hv_store(rv_hash, "dP", 2, newSVpv("", 0), 0);
        }
-        /* =====> dQ */
+        /* dQ */
        siz = (self->key.dQ) ? mp_unsigned_bin_size(self->key.dQ) : 0;
        if (siz>10000) {
          croak("FATAL: key2hash failed - 'dQ' too big number");
@ -192,11 +259,11 @@ key2hash(Crypt::PK::RSA self)
        else{
          not_used = hv_store(rv_hash, "dQ", 2, newSVpv("", 0), 0);
        }
-        /* =====> size */
+        /* size */
        not_used = hv_store(rv_hash, "size", 4, newSViv(nsize), 0);
-        /* =====> type */
+        /* type */
        not_used = hv_store(rv_hash, "type", 4, newSViv(self->key.type), 0);
-        if (not_used) not_used = NULL; /* just silence the warning: variable 'not_used' set but not used */
+        LTC_UNUSED_PARAM(not_used);
        RETVAL = newRV_noinc((SV*)rv_hash);
    OUTPUT:
        RETVAL
@ -207,7 +274,7 @@ export_key_der(Crypt::PK::RSA self, char * type)
    {
        int rv;
        unsigned char out[4096];
-        unsigned long int out_len = 4096;
+        unsigned long out_len = 4096;
        RETVAL = newSVpvn(NULL, 0); /* undef */
        if (strnEQ(type, "private", 7)) {
@ -228,7 +295,7 @@ export_key_der(Crypt::PK::RSA self, char * type)
        RETVAL
 SV *
-_encrypt(Crypt::PK::RSA self, SV * data, char * padding, char * oaep_hash, SV * oaep_lparam)
+encrypt(Crypt::PK::RSA self, SV * data, const char * padding = "oaep", const char * oaep_hash = "SHA1", SV * oaep_lparam = NULL)
    CODE:
    {
        int rv, hash_id;
@ -243,9 +310,9 @@ _encrypt(Crypt::PK::RSA self, SV * data, char * padding, char * oaep_hash, SV *
        RETVAL = newSVpvn(NULL, 0); /* undef */
        if (strnEQ(padding, "oaep", 4)) {
-          hash_id = find_hash(oaep_hash);
+          hash_id = _find_hash(oaep_hash);
-          if(hash_id==-1) croak("FATAL: find_hash failed for '%s'", oaep_hash);
+          if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", oaep_hash);
-          lparam_ptr = (unsigned char *)SvPVbyte(oaep_lparam, lparam_len);
+          if (oaep_lparam) lparam_ptr = (unsigned char *)SvPVbyte(oaep_lparam, lparam_len);
          rv = rsa_encrypt_key_ex(data_ptr, (unsigned long)data_len, buffer, &buffer_len, lparam_ptr, (unsigned long)lparam_len,
                                  &self->pstate, self->pindex,
                                  hash_id, LTC_PKCS_1_OAEP, &self->key);
@ -273,7 +340,7 @@ _encrypt(Crypt::PK::RSA self, SV * data, char * padding, char * oaep_hash, SV *
        RETVAL
 SV *
-_decrypt(Crypt::PK::RSA self, SV * data, char * padding, char * oaep_hash, SV * oaep_lparam)
+decrypt(Crypt::PK::RSA self, SV * data, const char * padding = "oaep", const char * oaep_hash = "SHA1", SV * oaep_lparam = NULL)
    CODE:
    {
        int rv, hash_id, stat;
@ -288,9 +355,9 @@ _decrypt(Crypt::PK::RSA self, SV * data, char * padding, char * oaep_hash, SV *
        RETVAL = newSVpvn(NULL, 0); /* undef */
        if (strnEQ(padding, "oaep", 4)) {
-          hash_id = find_hash(oaep_hash);
+          hash_id = _find_hash(oaep_hash);
-          if(hash_id==-1) croak("FATAL: find_hash failed for '%s'", oaep_hash);
+          if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", oaep_hash);
-          lparam_ptr = (unsigned char *)SvPVbyte(oaep_lparam, lparam_len);
+          if (oaep_lparam) lparam_ptr = (unsigned char *)SvPVbyte(oaep_lparam, lparam_len);
          rv = rsa_decrypt_key_ex(data_ptr, (unsigned long)data_len, buffer, &buffer_len, lparam_ptr, (unsigned long)lparam_len,
                                  hash_id, LTC_PKCS_1_OAEP, &stat, &self->key);
          if (rv != CRYPT_OK) croak("FATAL: rsa_decrypt_key_ex failed: %s", error_to_string(rv));
@ -318,21 +385,28 @@ _decrypt(Crypt::PK::RSA self, SV * data, char * padding, char * oaep_hash, SV *
        RETVAL
 SV *
-_sign(Crypt::PK::RSA self, SV * data, char * padding, char * hash_name=NULL, unsigned long saltlen=12)
+sign_hash(Crypt::PK::RSA self, SV * data, const char * hash_name = "SHA1", const char * padding = "pss", unsigned long saltlen=12)
    ALIAS:
        sign_message = 1
    CODE:
    {
        int rv, hash_id;
-        unsigned char *data_ptr=NULL;
+        unsigned char buffer[1024], tmp[MAXBLOCKSIZE], *data_ptr = NULL;
-        STRLEN data_len=0;
+        unsigned long tmp_len = MAXBLOCKSIZE, buffer_len = 1024;
-        unsigned char buffer[1024];
+        STRLEN data_len = 0;
        unsigned long buffer_len = 1024;
        data_ptr = (unsigned char *)SvPVbyte(data, data_len);
-
+        if (ix == 1) {
-        RETVAL = newSVpvn(NULL, 0); /* undef */
+          hash_id = _find_hash(hash_name);
          if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
          rv = hash_memory(hash_id, data_ptr, (unsigned long)data_len, tmp, &tmp_len);
          if (rv != CRYPT_OK) croak("FATAL: hash_memory failed: %s", error_to_string(rv));
          data_ptr = tmp;
          data_len = tmp_len;
        }
        if (strnEQ(padding, "pss", 3)) {
-          hash_id = find_hash(hash_name);
+          hash_id = _find_hash(hash_name);
-          if(hash_id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
+          if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
          rv = rsa_sign_hash_ex(data_ptr, (unsigned long)data_len, buffer, &buffer_len, LTC_PKCS_1_PSS,
                                &self->pstate, self->pindex,
                                hash_id, saltlen, &self->key);
@ -340,8 +414,8 @@ _sign(Crypt::PK::RSA self, SV * data, char * padding, char * hash_name=NULL, uns
          RETVAL = newSVpvn((char*)buffer, buffer_len);
        }
        else if (strnEQ(padding, "v1.5", 4)) {
-          hash_id = find_hash(hash_name);
+          hash_id = _find_hash(hash_name);
-          if(hash_id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
+          if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
          rv = rsa_sign_hash_ex(data_ptr, (unsigned long)data_len, buffer, &buffer_len, LTC_PKCS_1_V1_5,
                                &self->pstate, self->pindex,
                                hash_id, 0, &self->key);
@ -362,31 +436,38 @@ _sign(Crypt::PK::RSA self, SV * data, char * padding, char * hash_name=NULL, uns
        RETVAL
 int
-_verify(Crypt::PK::RSA self, SV * sig, SV * data, char * padding, char * hash_name=NULL, unsigned long saltlen=12)
+verify_hash(Crypt::PK::RSA self, SV * sig, SV * data, const char * hash_name = "SHA1", const char * padding = "pss", unsigned long saltlen = 12)
    ALIAS:
        verify_message = 1
    CODE:
    {
        int rv, hash_id, stat;
-        unsigned char *data_ptr=NULL;
+        unsigned char tmp[MAXBLOCKSIZE], buffer[1024], *data_ptr = NULL, *sig_ptr = NULL;
-        STRLEN data_len=0;
+        unsigned long i, tmp_len = MAXBLOCKSIZE, buffer_len = 1024;
-        unsigned char *sig_ptr=NULL;
+        STRLEN data_len = 0, sig_len = 0;
        STRLEN sig_len=0;
        unsigned char buffer[1024];
        unsigned long i, buffer_len = 1024;
        data_ptr = (unsigned char *)SvPVbyte(data, data_len);
        sig_ptr = (unsigned char *)SvPVbyte(sig, sig_len);
-
+        if (ix == 1) {
          hash_id = _find_hash(hash_name);
          if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
          rv = hash_memory(hash_id, data_ptr, (unsigned long)data_len, tmp, &tmp_len);
          if (rv != CRYPT_OK) croak("FATAL: hash_memory failed: %s", error_to_string(rv));
          data_ptr = tmp;
          data_len = tmp_len;
        }
        RETVAL = 1;
        stat = 0;
        if (strnEQ(padding, "pss", 3)) {
-          hash_id = find_hash(hash_name);
+          hash_id = _find_hash(hash_name);
-          if(hash_id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
+          if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
          rv = rsa_verify_hash_ex(sig_ptr, (unsigned long)sig_len, data_ptr, (unsigned long)data_len, LTC_PKCS_1_PSS,
                                hash_id, saltlen, &stat, &self->key);
          if (rv != CRYPT_OK || stat != 1) RETVAL = 0;
        }
        else if (strnEQ(padding, "v1.5", 4)) {
-          hash_id = find_hash(hash_name);
+          hash_id = _find_hash(hash_name);
-          if(hash_id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
+          if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
          rv = rsa_verify_hash_ex(sig_ptr, (unsigned long)sig_len, data_ptr, (unsigned long)data_len, LTC_PKCS_1_V1_5,
                                hash_id, 0, &stat, &self->key);
          if (rv != CRYPT_OK || stat != 1) RETVAL = 0;
@ -416,4 +497,3 @@ DESTROY(Crypt::PK::RSA self)
    CODE:
        if (self->key.type != -1) { rsa_free(&self->key); self->key.type = -1; }
        Safefree(self);
--- a/inc/CryptX_PRNG.xs.inc
+++ b/inc/CryptX_PRNG.xs.inc
@ -1,38 +1,68 @@
 MODULE = CryptX         PACKAGE = Crypt::PRNG
 PROTOTYPES: DISABLE
 Crypt::PRNG
-_new(IV curpid, char * prng_name, SV * entropy=&PL_sv_undef)
+new(char * class, ...)
    CODE:
    {
-        int rv, id;
+        IV curpid = (IV)PerlProc_getpid();
        int rv, id, idx;
        unsigned char *ent=NULL;
        STRLEN ent_len=0;
        unsigned char entropy_buf[40];
        char *prng_name = (char *)"ChaCha20";
        SV *entropy = &PL_sv_undef;
        /* we need to handle:
           Crypt::PRNG->new('RC4');
           Crypt::Cipher::RC4->new();
         */
        idx = strcmp("Crypt::PRNG", class) == 0 ? 1 : 0;
        if (idx + 1 <= items) prng_name = SvPVX(ST(idx));
        if (idx + 2 <= items) entropy = ST(idx + 1);
        Newz(0, RETVAL, 1, struct prng_struct);
        if (!RETVAL) croak("FATAL: Newz failed");
-        id = find_prng(prng_name);
+        id = _find_prng(prng_name);
-        if(id==-1) croak("FATAL: find_prng failed for '%s'", prng_name);
+        if (id == -1) {
-        RETVAL->id = id;
+          Safefree(RETVAL);
          croak("FATAL: find_prng failed for '%s'", prng_name);
        }
        RETVAL->last_pid = curpid;
        RETVAL->desc = &prng_descriptor[id];
        rv = RETVAL->desc->start(&RETVAL->state);
-        if (rv != CRYPT_OK) croak("FATAL: PRNG_start failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: PRNG_start failed: %s", error_to_string(rv));
        }
-        if(SvOK(entropy)) {
+        if (SvOK(entropy)) {
          ent = (unsigned char *) SvPVbyte(entropy, ent_len);
          rv = RETVAL->desc->add_entropy(ent, (unsigned long)ent_len, &RETVAL->state);
-          if (rv != CRYPT_OK) croak("FATAL: PRNG_add_entropy failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
            Safefree(RETVAL);
            croak("FATAL: PRNG_add_entropy failed: %s", error_to_string(rv));
          }
        }
        else {
-          if (rng_get_bytes(entropy_buf, 40, NULL) != 40) croak("FATAL: rng_get_bytes failed: %s", error_to_string(rv));
+          if (rng_get_bytes(entropy_buf, 40, NULL) != 40) {
            Safefree(RETVAL);
            croak("FATAL: rng_get_bytes failed: %s", error_to_string(rv));
          }
          rv = RETVAL->desc->add_entropy(entropy_buf, 40, &RETVAL->state);
-          if (rv != CRYPT_OK) croak("FATAL: PRNG_add_entropy failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
            Safefree(RETVAL);
            croak("FATAL: PRNG_add_entropy failed: %s", error_to_string(rv));
          }
        }
        rv = RETVAL->desc->ready(&RETVAL->state);
-        if (rv != CRYPT_OK) croak("FATAL: PRNG_ready failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: PRNG_ready failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
        RETVAL
@ -40,9 +70,7 @@ _new(IV curpid, char * prng_name, SV * entropy=&PL_sv_undef)
 void
 DESTROY(Crypt::PRNG self)
    CODE:
    {
        Safefree(self);
    }
 void
 add_entropy(Crypt::PRNG self, SV * entropy=&PL_sv_undef)
@ -50,16 +78,16 @@ add_entropy(Crypt::PRNG self, SV * entropy=&PL_sv_undef)
    {
        STRLEN in_len=0;
        unsigned char *in_buffer=NULL;
-        unsigned char entropy_buf[32];
+        unsigned char entropy_buf[40];
        int rv;
-        if(SvOK(entropy)) {
+        if (SvOK(entropy)) {
          in_buffer = (unsigned char *) SvPVbyte(entropy, in_len);
          rv = self->desc->add_entropy(in_buffer, (unsigned long)in_len, &self->state);
          if (rv != CRYPT_OK) croak("FATAL: PRNG_add_entropy failed: %s", error_to_string(rv));
        }
        else {
-          if (rng_get_bytes(entropy_buf, 32, NULL) != 32) croak("FATAL: rng_get_bytes failed");
+          if (rng_get_bytes(entropy_buf, 40, NULL) != 40) croak("FATAL: rng_get_bytes failed");
-          rv = self->desc->add_entropy(entropy_buf, 32, &self->state);
+          rv = self->desc->add_entropy(entropy_buf, 40, &self->state);
          if (rv != CRYPT_OK) croak("FATAL: PRNG_add_entropy failed: %s", error_to_string(rv));
        }
        rv = self->desc->ready(&self->state);
@ -67,41 +95,96 @@ add_entropy(Crypt::PRNG self, SV * entropy=&PL_sv_undef)
    }
 SV *
-_bytes(Crypt::PRNG self, IV curpid, STRLEN output_len)
+bytes(Crypt::PRNG self, unsigned long output_len)
    ALIAS:
        bytes_hex  = 1
        bytes_b64  = 2
        bytes_b64u = 3
    CODE:
    {
-        int rv_len;
+        IV curpid = (IV)PerlProc_getpid();
-        unsigned char *rdata;
+        int rv_len, rv;
-        unsigned char entropy_buf[32];
+        unsigned long len;
        unsigned char *rdata, *tmp;
        unsigned char entropy_buf[40];
-        if (self->last_pid != curpid) {
+        if (output_len == 0) {
-          rng_get_bytes(entropy_buf, 32, NULL);
+          RETVAL = newSVpvn("", 0);
-          self->desc->add_entropy(entropy_buf, 32, &self->state);
+        }
-          self->desc->ready(&self->state);
+        else {
-          self->last_pid = curpid;
+          if (self->last_pid != curpid) {
            if (rng_get_bytes(entropy_buf, 40, NULL) != 40) croak("FATAL: rng_get_bytes failed");
            self->desc->add_entropy(entropy_buf, 40, &self->state);
            self->desc->ready(&self->state);
            self->last_pid = curpid;
          }
          if (ix == 1) {
            /* HEX */
            Newz(0, tmp, output_len, unsigned char);
            if (tmp == NULL) croak("FATAL: Newz failed");
            rv_len = (self->desc->read)(tmp, (unsigned long)output_len, &self->state);
            if ((UV)rv_len != output_len) croak("FATAL: PRNG_read failed");
            RETVAL = NEWSV(0, output_len * 2); /* avoid zero! */
            SvPOK_only(RETVAL);
            SvCUR_set(RETVAL, output_len * 2);
            rdata = (unsigned char *)SvPVX(RETVAL);
            len = output_len * 2;
            rv = _base16_encode(tmp, output_len, rdata, &len);
            Safefree(tmp);
            if (rv != CRYPT_OK) {
              SvREFCNT_dec(RETVAL);
              croak("FATAL: base16_encode failed");
            }
          }
          else if (ix == 2 || ix == 3) {
            /* BASE64 or BASE64URL */
            Newz(0, tmp, output_len, unsigned char);
            if (tmp == NULL) croak("FATAL: Newz failed");
            rv_len = (self->desc->read)(tmp, (unsigned long)output_len, &self->state);
            if ((UV)rv_len != output_len) croak("FATAL: PRNG_read failed");
            RETVAL = NEWSV(0, output_len * 2); /* avoid zero! */
            SvPOK_only(RETVAL);
            SvCUR_set(RETVAL, output_len * 2);
            rdata = (unsigned char *)SvPVX(RETVAL);
            len = output_len * 2;
            rv = ix == 3 ? base64url_encode(tmp, output_len, rdata, &len) :
                           base64_encode(tmp, output_len, rdata, &len);
            SvCUR_set(RETVAL, len);
            Safefree(tmp);
            if (rv != CRYPT_OK) {
              SvREFCNT_dec(RETVAL);
              croak(ix == 3 ? "FATAL: base64url_encode failed" : "FATAL: base64_encode failed");
            }
          }
          else {
            /* RAW BYTES */
            RETVAL = NEWSV(0, output_len); /* avoid zero! */
            SvPOK_only(RETVAL);
            SvCUR_set(RETVAL, output_len);
            rdata = (unsigned char *)SvPVX(RETVAL);
            rv_len = (self->desc->read)(rdata, (unsigned long)output_len, &self->state);
            if ((UV)rv_len != output_len) {
              SvREFCNT_dec(RETVAL);
              croak("FATAL: PRNG_read failed");
            }
          }
        }
        RETVAL = NEWSV(0, output_len);
        SvPOK_only(RETVAL);
        SvCUR_set(RETVAL, output_len);
        rdata = (unsigned char *)SvPV_nolen(RETVAL);
        rv_len = (self->desc->read)(rdata, (unsigned long)output_len, &self->state);
        if ((UV)rv_len != output_len) croak("FATAL: PRNG_read failed");
    }
    OUTPUT:
        RETVAL
 UV
-_int32(Crypt::PRNG self, IV curpid)
+int32(Crypt::PRNG self)
    CODE:
    {
        IV curpid = (IV)PerlProc_getpid();
        int i;
        unsigned char rdata[4];
-        unsigned char entropy_buf[32];
+        unsigned char entropy_buf[40];
        if (self->last_pid != curpid) {
-          rng_get_bytes(entropy_buf, 32, NULL);
+          if (rng_get_bytes(entropy_buf, 40, NULL) != 40) croak("FATAL: rng_get_bytes failed");
-          self->desc->add_entropy(entropy_buf, 32, &self->state);
+          self->desc->add_entropy(entropy_buf, 40, &self->state);
          self->desc->ready(&self->state);
          self->last_pid = curpid;
        }
@ -114,18 +197,18 @@ _int32(Crypt::PRNG self, IV curpid)
        RETVAL
 NV
-_double(Crypt::PRNG self, IV curpid, ...)
+double(Crypt::PRNG self, SV * limit_sv = NULL)
    CODE:
    {
        IV curpid = (IV)PerlProc_getpid();
        int i;
        unsigned long a, b;     /* 32bit is enough */
        unsigned char rdata[7]; /* for double we need 53 bits */
-        unsigned char entropy_buf[32];
+        unsigned char entropy_buf[40];
        NV limit;
        if (self->last_pid != curpid) {
-          rng_get_bytes(entropy_buf, 32, NULL);
+          if (rng_get_bytes(entropy_buf, 40, NULL) != 40) croak("FATAL: rng_get_bytes failed");
-          self->desc->add_entropy(entropy_buf, 32, &self->state);
+          self->desc->add_entropy(entropy_buf, 40, &self->state);
          self->desc->ready(&self->state);
          self->last_pid = curpid;
        }
@ -135,8 +218,8 @@ _double(Crypt::PRNG self, IV curpid, ...)
        a = (((unsigned long)(rdata[0])<<16) + ((unsigned long)(rdata[1])<<8) + ((unsigned long)(rdata[2]))) & 0x1FFFFF;                      /* 21 bits */
        b = ((unsigned long)(rdata[3])<<24) + ((unsigned long)(rdata[4])<<16) + ((unsigned long)(rdata[5])<<8) + ((unsigned long)(rdata[6])); /* 32 bits */
        RETVAL = ( (NV)a * 4294967296.0 + (NV)b ) / 9007199254740992.0;                           /* (a * 2^32 + b) / 2^53 */
-        if (items>2 && SvOK(ST(2))) {
+        if (limit_sv && SvOK(limit_sv)) {
-          limit = SvNV(ST(2));
+          NV limit = SvNV(limit_sv);
          if (limit > 0 || limit < 0) RETVAL = RETVAL * limit;
        }
    }
--- a/inc/CryptX_Stream_ChaCha.xs.inc
+++ b/inc/CryptX_Stream_ChaCha.xs.inc
@ -1,7 +1,9 @@
 MODULE = CryptX         PACKAGE = Crypt::Stream::ChaCha
 PROTOTYPES: DISABLE
 Crypt::Stream::ChaCha
-_new(SV * key, SV * nonce, UV counter = 0, int rounds = 20)
+new(Class, SV * key, SV * nonce, UV counter = 0, int rounds = 20)
    CODE:
    {
        int rv;
@ -13,21 +15,31 @@ _new(SV * key, SV * nonce, UV counter = 0, int rounds = 20)
        k  = (unsigned char *) SvPVbyte(key, k_len);
        iv = (unsigned char *) SvPVbyte(nonce, iv_len);
-        Newz(0, RETVAL, 1, struct chacha_struct);
+        Newz(0, RETVAL, 1, chacha_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        rv = chacha_setup(&RETVAL->state, k, (unsigned long)k_len, rounds);
+        rv = chacha_setup(RETVAL, k, (unsigned long)k_len, rounds);
-        if (rv != CRYPT_OK) croak("FATAL: chacha_setup failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: chacha_setup failed: %s", error_to_string(rv));
        }
        if (iv_len == 12) {
-          rv = chacha_ivctr32(&RETVAL->state, iv, (unsigned long)iv_len, (ulong32)counter);
+          rv = chacha_ivctr32(RETVAL, iv, (unsigned long)iv_len, (ulong32)counter);
-          if (rv != CRYPT_OK) croak("FATAL: chacha_ivctr32 failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
            Safefree(RETVAL);
            croak("FATAL: chacha_ivctr32 failed: %s", error_to_string(rv));
          }
        }
        else if (iv_len == 8) {
-          rv = chacha_ivctr64(&RETVAL->state, iv, (unsigned long)iv_len, (ulong64)counter);
+          rv = chacha_ivctr64(RETVAL, iv, (unsigned long)iv_len, (ulong64)counter);
-          if (rv != CRYPT_OK) croak("FATAL: chacha_ivctr64 failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
            Safefree(RETVAL);
            croak("FATAL: chacha_ivctr64 failed: %s", error_to_string(rv));
          }
        }
        else {
          Safefree(RETVAL);
          croak("FATAL: chacha IV length must be 8 or 12 bytes");
        }
    }
@ -37,15 +49,15 @@ _new(SV * key, SV * nonce, UV counter = 0, int rounds = 20)
 void
 DESTROY(Crypt::Stream::ChaCha self)
    CODE:
-        chacha_done(&self->state);
+        chacha_done(self);
        Safefree(self);
 Crypt::Stream::ChaCha
 clone(Crypt::Stream::ChaCha self)
    CODE:
-        Newz(0, RETVAL, 1, struct chacha_struct);
+        Newz(0, RETVAL, 1, chacha_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct chacha_struct);
+        Copy(self, RETVAL, 1, chacha_state);
    OUTPUT:
        RETVAL
@ -56,12 +68,20 @@ keystream(Crypt::Stream::ChaCha self, STRLEN out_len)
        int rv;
        unsigned char *out_data;
-        RETVAL = NEWSV(0, out_len);
+        if (out_len == 0) {
-        SvPOK_only(RETVAL);
+          RETVAL = newSVpvn("", 0);
-        SvCUR_set(RETVAL, out_len);
+        }
-        out_data = (unsigned char *)SvPV_nolen(RETVAL);
+        else {
-        rv = chacha_keystream(&self->state, out_data, out_len);
+          RETVAL = NEWSV(0, out_len); /* avoid zero! */
-        if (rv != CRYPT_OK) croak("FATAL: chacha_keystream failed: %s", error_to_string(rv));
+          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, out_len);
          out_data = (unsigned char *)SvPVX(RETVAL);
          rv = chacha_keystream(self, out_data, (unsigned long)out_len);
          if (rv != CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: chacha_keystream failed: %s", error_to_string(rv));
          }
        }
    }
    OUTPUT:
        RETVAL
@ -75,16 +95,19 @@ crypt(Crypt::Stream::ChaCha self, SV * data)
        unsigned char *in_data, *out_data;
        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
+        if (in_data_len == 0) {
          RETVAL = newSVpvn("", 0);
        }
        else {
-          RETVAL = NEWSV(0, in_data_len);
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, in_data_len);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-          rv = chacha_crypt(&self->state, in_data, (unsigned long)in_data_len, out_data);
+          rv = chacha_crypt(self, in_data, (unsigned long)in_data_len, out_data);
-          if (rv != CRYPT_OK) croak("FATAL: chacha_crypt failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: chacha_crypt failed: %s", error_to_string(rv));
          }
        }
    }
    OUTPUT:
--- a/inc/CryptX_Stream_RC4.xs.inc
+++ b/inc/CryptX_Stream_RC4.xs.inc
@ -1,7 +1,9 @@
 MODULE = CryptX         PACKAGE = Crypt::Stream::RC4
 PROTOTYPES: DISABLE
 Crypt::Stream::RC4
-_new(SV * key)
+new(Class, SV * key)
    CODE:
    {
        int rv;
@ -11,11 +13,14 @@ _new(SV * key)
        if (!SvPOK(key))   croak("FATAL: key must be string/buffer scalar");
        k  = (unsigned char *) SvPVbyte(key, k_len);
-        Newz(0, RETVAL, 1, struct rc4_struct);
+        Newz(0, RETVAL, 1, rc4_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        rv = rc4_stream_setup(&RETVAL->state, k, (unsigned long)k_len);
+        rv = rc4_stream_setup(RETVAL, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: rc4_stream_setup failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: rc4_stream_setup failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
        RETVAL
@ -23,15 +28,15 @@ _new(SV * key)
 void
 DESTROY(Crypt::Stream::RC4 self)
    CODE:
-        rc4_stream_done(&self->state);
+        rc4_stream_done(self);
        Safefree(self);
 Crypt::Stream::RC4
 clone(Crypt::Stream::RC4 self)
    CODE:
-        Newz(0, RETVAL, 1, struct rc4_struct);
+        Newz(0, RETVAL, 1, rc4_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct rc4_struct);
+        Copy(self, RETVAL, 1, rc4_state);
    OUTPUT:
        RETVAL
@ -42,12 +47,20 @@ keystream(Crypt::Stream::RC4 self, STRLEN out_len)
        int rv;
        unsigned char *out_data;
-        RETVAL = NEWSV(0, out_len);
+        if (out_len == 0) {
-        SvPOK_only(RETVAL);
+          RETVAL = newSVpvn("", 0);
-        SvCUR_set(RETVAL, out_len);
+        }
-        out_data = (unsigned char *)SvPV_nolen(RETVAL);
+        else {
-        rv = rc4_stream_keystream(&self->state, out_data, out_len);
+          RETVAL = NEWSV(0, out_len); /* avoid zero! */
-        if (rv != CRYPT_OK) croak("FATAL: rc4_stream_keystream failed: %s", error_to_string(rv));
+          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, out_len);
          out_data = (unsigned char *)SvPVX(RETVAL);
          rv = rc4_stream_keystream(self, out_data, (unsigned long)out_len);
          if (rv != CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: rc4_stream_keystream failed: %s", error_to_string(rv));
          }
        }
    }
    OUTPUT:
        RETVAL
@ -61,16 +74,19 @@ crypt(Crypt::Stream::RC4 self, SV * data)
        unsigned char *in_data, *out_data;
        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
+        if (in_data_len == 0) {
          RETVAL = newSVpvn("", 0);
        }
        else {
-          RETVAL = NEWSV(0, in_data_len);
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, in_data_len);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-          rv = rc4_stream_crypt(&self->state, in_data, (unsigned long)in_data_len, out_data);
+          rv = rc4_stream_crypt(self, in_data, (unsigned long)in_data_len, out_data);
-          if (rv != CRYPT_OK) croak("FATAL: rc4_stream_crypt failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: rc4_stream_crypt failed: %s", error_to_string(rv));
          }
        }
    }
    OUTPUT:
--- a/inc/CryptX_Stream_Rabbit.xs.inc
+++ b/inc/CryptX_Stream_Rabbit.xs.inc
@ -0,0 +1,104 @@
 MODULE = CryptX         PACKAGE = Crypt::Stream::Rabbit
 PROTOTYPES: DISABLE
 Crypt::Stream::Rabbit
 new(Class, SV * key, SV * nonce=&PL_sv_undef)
    CODE:
    {
        int rv;
        STRLEN iv_len=0, k_len=0;
        unsigned char *iv=NULL, *k=NULL;
        if (!SvPOK(key))   croak("FATAL: key must be string/buffer scalar");
        k  = (unsigned char *)SvPVbyte(key, k_len);
        Newz(0, RETVAL, 1, rabbit_state);
        if (!RETVAL) croak("FATAL: Newz failed");
        rv = rabbit_setup(RETVAL, k, (unsigned long)k_len);
        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: rabbit_setup failed: %s", error_to_string(rv));
        }
        if (SvOK(nonce)) {
          if (!SvPOK(nonce)) croak("FATAL: nonce must be string/buffer scalar");
          iv = (unsigned char *)SvPVbyte(nonce, iv_len);
          rv = rabbit_setiv(RETVAL, iv, (unsigned long)iv_len);
          if (rv != CRYPT_OK) {
            Safefree(RETVAL);
            croak("FATAL: rabbit_setiv failed: %s", error_to_string(rv));
          }
        }
    }
    OUTPUT:
        RETVAL
 void
 DESTROY(Crypt::Stream::Rabbit self)
    CODE:
        rabbit_done(self);
        Safefree(self);
 Crypt::Stream::Rabbit
 clone(Crypt::Stream::Rabbit self)
    CODE:
        Newz(0, RETVAL, 1, rabbit_state);
        if (!RETVAL) croak("FATAL: Newz failed");
        Copy(self, RETVAL, 1, rabbit_state);
    OUTPUT:
        RETVAL
 SV *
 keystream(Crypt::Stream::Rabbit self, STRLEN out_len)
    CODE:
    {
        int rv;
        unsigned char *out_data;
        if (out_len == 0) {
          RETVAL = newSVpvn("", 0);
        }
        else {
          RETVAL = NEWSV(0, out_len); /* avoid zero! */
          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, out_len);
          out_data = (unsigned char *)SvPVX(RETVAL);
          rv = rabbit_keystream(self, out_data, (unsigned long)out_len);
          if (rv != CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: rabbit_keystream failed: %s", error_to_string(rv));
          }
        }
    }
    OUTPUT:
        RETVAL
 SV *
 crypt(Crypt::Stream::Rabbit self, SV * data)
    CODE:
    {
        int rv;
        STRLEN in_data_len;
        unsigned char *in_data, *out_data;
        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
        if (in_data_len == 0) {
          RETVAL = newSVpvn("", 0);
        }
        else {
          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, in_data_len);
          out_data = (unsigned char *)SvPVX(RETVAL);
          rv = rabbit_crypt(self, in_data, (unsigned long)in_data_len, out_data);
          if (rv != CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: rabbit_crypt failed: %s", error_to_string(rv));
          }
        }
    }
    OUTPUT:
        RETVAL
--- a/inc/CryptX_Stream_Salsa20.xs.inc
+++ b/inc/CryptX_Stream_Salsa20.xs.inc
@ -0,0 +1,101 @@
 MODULE = CryptX         PACKAGE = Crypt::Stream::Salsa20
 PROTOTYPES: DISABLE
 Crypt::Stream::Salsa20
 new(Class, SV * key, SV * nonce, UV counter = 0, int rounds = 20)
    CODE:
    {
        int rv;
        STRLEN iv_len=0, k_len=0;
        unsigned char *iv=NULL, *k=NULL;
        if (!SvPOK(key))   croak("FATAL: key must be string/buffer scalar");
        if (!SvPOK(nonce)) croak("FATAL: nonce must be string/buffer scalar");
        k  = (unsigned char *)SvPVbyte(key, k_len);
        iv = (unsigned char *)SvPVbyte(nonce, iv_len);
        Newz(0, RETVAL, 1, salsa20_state);
        if (!RETVAL) croak("FATAL: Newz failed");
        rv = salsa20_setup(RETVAL, k, (unsigned long)k_len, rounds);
        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: salsa20_setup failed: %s", error_to_string(rv));
        }
        rv = salsa20_ivctr64(RETVAL, iv, (unsigned long)iv_len, (ulong64)counter);
        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: salsa20_ivctr64 failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
        RETVAL
 void
 DESTROY(Crypt::Stream::Salsa20 self)
    CODE:
        salsa20_done(self);
        Safefree(self);
 Crypt::Stream::Salsa20
 clone(Crypt::Stream::Salsa20 self)
    CODE:
        Newz(0, RETVAL, 1, salsa20_state);
        if (!RETVAL) croak("FATAL: Newz failed");
        Copy(self, RETVAL, 1, salsa20_state);
    OUTPUT:
        RETVAL
 SV *
 keystream(Crypt::Stream::Salsa20 self, STRLEN out_len)
    CODE:
    {
        int rv;
        unsigned char *out_data;
        if (out_len == 0) {
          RETVAL = newSVpvn("", 0);
        }
        else {
          RETVAL = NEWSV(0, out_len); /* avoid zero! */
          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, out_len);
          out_data = (unsigned char *)SvPVX(RETVAL);
          rv = salsa20_keystream(self, out_data, (unsigned long)out_len);
          if (rv != CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: salsa20_keystream failed: %s", error_to_string(rv));
          }
        }
    }
    OUTPUT:
        RETVAL
 SV *
 crypt(Crypt::Stream::Salsa20 self, SV * data)
    CODE:
    {
        int rv;
        STRLEN in_data_len;
        unsigned char *in_data, *out_data;
        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
        if (in_data_len == 0) {
          RETVAL = newSVpvn("", 0);
        }
        else {
          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, in_data_len);
          out_data = (unsigned char *)SvPVX(RETVAL);
          rv = salsa20_crypt(self, in_data, (unsigned long)in_data_len, out_data);
          if (rv != CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: salsa20_crypt failed: %s", error_to_string(rv));
          }
        }
    }
    OUTPUT:
        RETVAL
--- a/inc/CryptX_Stream_Sober128.xs.inc
+++ b/inc/CryptX_Stream_Sober128.xs.inc
@ -1,7 +1,9 @@
 MODULE = CryptX         PACKAGE = Crypt::Stream::Sober128
 PROTOTYPES: DISABLE
 Crypt::Stream::Sober128
-_new(SV * key, SV * nonce)
+new(Class, SV * key, SV * nonce)
    CODE:
    {
        int rv;
@ -13,14 +15,20 @@ _new(SV * key, SV * nonce)
        k  = (unsigned char *) SvPVbyte(key, k_len);
        iv = (unsigned char *) SvPVbyte(nonce, iv_len);
-        Newz(0, RETVAL, 1, struct sober128_struct);
+        Newz(0, RETVAL, 1, sober128_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        rv = sober128_stream_setup(&RETVAL->state, k, (unsigned long)k_len);
+        rv = sober128_stream_setup(RETVAL, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: sober128_stream_setup failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: sober128_stream_setup failed: %s", error_to_string(rv));
        }
-        rv = sober128_stream_setiv(&RETVAL->state, iv, (unsigned long)iv_len);
+        rv = sober128_stream_setiv(RETVAL, iv, (unsigned long)iv_len);
-        if (rv != CRYPT_OK) croak("FATAL: sober128_stream_setiv failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: sober128_stream_setiv failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
        RETVAL
@ -28,15 +36,15 @@ _new(SV * key, SV * nonce)
 void
 DESTROY(Crypt::Stream::Sober128 self)
    CODE:
-        sober128_stream_done(&self->state);
+        sober128_stream_done(self);
        Safefree(self);
 Crypt::Stream::Sober128
 clone(Crypt::Stream::Sober128 self)
    CODE:
-        Newz(0, RETVAL, 1, struct sober128_struct);
+        Newz(0, RETVAL, 1, sober128_state);
        if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct sober128_struct);
+        Copy(self, RETVAL, 1, sober128_state);
    OUTPUT:
        RETVAL
@ -47,12 +55,20 @@ keystream(Crypt::Stream::Sober128 self, STRLEN out_len)
        int rv;
        unsigned char *out_data;
-        RETVAL = NEWSV(0, out_len);
+        if (out_len == 0) {
-        SvPOK_only(RETVAL);
+          RETVAL = newSVpvn("", 0);
-        SvCUR_set(RETVAL, out_len);
+        }
-        out_data = (unsigned char *)SvPV_nolen(RETVAL);
+        else {
-        rv = sober128_stream_keystream(&self->state, out_data, out_len);
+          RETVAL = NEWSV(0, out_len); /* avoid zero! */
-        if (rv != CRYPT_OK) croak("FATAL: sober128_stream_keystream failed: %s", error_to_string(rv));
+          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, out_len);
          out_data = (unsigned char *)SvPVX(RETVAL);
          rv = sober128_stream_keystream(self, out_data, (unsigned long)out_len);
          if (rv != CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: sober128_stream_keystream failed: %s", error_to_string(rv));
          }
        }
    }
    OUTPUT:
        RETVAL
@ -66,16 +82,19 @@ crypt(Crypt::Stream::Sober128 self, SV * data)
        unsigned char *in_data, *out_data;
        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
+        if (in_data_len == 0) {
          RETVAL = newSVpvn("", 0);
        }
        else {
-          RETVAL = NEWSV(0, in_data_len);
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, in_data_len);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-          rv = sober128_stream_crypt(&self->state, in_data, (unsigned long)in_data_len, out_data);
+          rv = sober128_stream_crypt(self, in_data, (unsigned long)in_data_len, out_data);
-          if (rv != CRYPT_OK) croak("FATAL: sober128_stream_crypt failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: sober128_stream_crypt failed: %s", error_to_string(rv));
          }
        }
    }
    OUTPUT:
--- a/inc/CryptX_Stream_Sosemanuk.xs.inc
+++ b/inc/CryptX_Stream_Sosemanuk.xs.inc
@ -0,0 +1,107 @@
 MODULE = CryptX         PACKAGE = Crypt::Stream::Sosemanuk
 PROTOTYPES: DISABLE
 Crypt::Stream::Sosemanuk
 new(Class, SV * key, SV * nonce=&PL_sv_undef)
    CODE:
    {
        int rv;
        STRLEN iv_len=0, k_len=0;
        unsigned char *iv=NULL, *k=NULL;
        if (!SvPOK(key))   croak("FATAL: key must be string/buffer scalar");
        k  = (unsigned char *)SvPVbyte(key, k_len);
        Newz(0, RETVAL, 1, sosemanuk_state);
        if (!RETVAL) croak("FATAL: Newz failed");
        rv = sosemanuk_setup(RETVAL, k, (unsigned long)k_len);
        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: sosemanuk_setup failed: %s", error_to_string(rv));
        }
        if (SvOK(nonce)) {
          if (!SvPOK(nonce)) croak("FATAL: nonce must be string/buffer scalar");
          iv = (unsigned char *)SvPVbyte(nonce, iv_len);
          rv = sosemanuk_setiv(RETVAL, iv, (unsigned long)iv_len);
        }
        else {
          rv = sosemanuk_setiv(RETVAL, NULL, 0);
        }
        if (rv != CRYPT_OK) {
          Safefree(RETVAL);
          croak("FATAL: sosemanuk_setiv failed: %s", error_to_string(rv));
        }
    }
    OUTPUT:
        RETVAL
 void
 DESTROY(Crypt::Stream::Sosemanuk self)
    CODE:
        sosemanuk_done(self);
        Safefree(self);
 Crypt::Stream::Sosemanuk
 clone(Crypt::Stream::Sosemanuk self)
    CODE:
        Newz(0, RETVAL, 1, sosemanuk_state);
        if (!RETVAL) croak("FATAL: Newz failed");
        Copy(self, RETVAL, 1, sosemanuk_state);
    OUTPUT:
        RETVAL
 SV *
 keystream(Crypt::Stream::Sosemanuk self, STRLEN out_len)
    CODE:
    {
        int rv;
        unsigned char *out_data;
        if (out_len == 0) {
          RETVAL = newSVpvn("", 0);
        }
        else {
          RETVAL = NEWSV(0, out_len); /* avoid zero! */
          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, out_len);
          out_data = (unsigned char *)SvPVX(RETVAL);
          rv = sosemanuk_keystream(self, out_data, (unsigned long)out_len);
          if (rv != CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: sosemanuk_keystream failed: %s", error_to_string(rv));
          }
        }
    }
    OUTPUT:
        RETVAL
 SV *
 crypt(Crypt::Stream::Sosemanuk self, SV * data)
    CODE:
    {
        int rv;
        STRLEN in_data_len;
        unsigned char *in_data, *out_data;
        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
        if (in_data_len == 0) {
          RETVAL = newSVpvn("", 0);
        }
        else {
          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
          SvPOK_only(RETVAL);
          SvCUR_set(RETVAL, in_data_len);
          out_data = (unsigned char *)SvPVX(RETVAL);
          rv = sosemanuk_crypt(self, in_data, (unsigned long)in_data_len, out_data);
          if (rv != CRYPT_OK) {
            SvREFCNT_dec(RETVAL);
            croak("FATAL: sosemanuk_crypt failed: %s", error_to_string(rv));
          }
        }
    }
    OUTPUT:
        RETVAL
--- a/lib/Crypt/AuthEnc.pm
+++ b/lib/Crypt/AuthEnc.pm
@ -2,16 +2,16 @@ package Crypt::AuthEnc;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-sub CLONE_SKIP { 1 } # prevent cloning
+### not used
 1;
-__END__
+=pod
- 
+
 =head1 NAME
 Crypt::AuthEnc - [internal only]
-=cut
+=cut
--- a/lib/Crypt/AuthEnc/CCM.pm
+++ b/lib/Crypt/AuthEnc/CCM.pm
@ -2,39 +2,18 @@ package Crypt::AuthEnc::CCM;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use base qw(Crypt::AuthEnc Exporter);
+require Exporter; our @ISA = qw(Exporter); ### use Exporter 'import';
 our %EXPORT_TAGS = ( all => [qw( ccm_encrypt_authenticate ccm_decrypt_verify )] );
 our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
 our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
 use CryptX;
 use Crypt::Cipher;
-### the following functions are implemented in XS:
+sub CLONE_SKIP { 1 } # prevent cloning
 # - _memory_encrypt
 # - _memory_decrypt
 sub ccm_encrypt_authenticate {
  my $cipher_name = shift;
  my $key = shift;
  my $nonce = shift;
  my $adata = shift;
  my $tag_len = shift;
  my $plaintext = shift;
  return _memory_encrypt(Crypt::Cipher::_trans_cipher_name($cipher_name), $key, $nonce, $adata, $tag_len, $plaintext);
 }
 sub ccm_decrypt_verify {
  my $cipher_name = shift;
  my $key = shift;
  my $nonce = shift;
  my $adata = shift;
  my $ciphertext = shift;
  my $tag = shift;
  return _memory_decrypt(Crypt::Cipher::_trans_cipher_name($cipher_name), $key, $nonce, $adata, $ciphertext, $tag);
 }
 1;
@ -46,15 +25,36 @@ Crypt::AuthEnc::CCM - Authenticated encryption in CCM mode
 =head1 SYNOPSIS
 ### OO interface
 use Crypt::AuthEnc::CCM;
 # encrypt and authenticate
 my $ae = Crypt::AuthEnc::CCM->new("AES", $key, $iv, $adata, $tag_len, $pt_len);
 my $ct = $ae->encrypt_add('data1');
 $ct .= $ae->encrypt_add('data2');
 $ct .= $ae->encrypt_add('data3');
 my $tag = $ae->encrypt_done();
 # decrypt and verify
 my $ae = Crypt::AuthEnc::CCM->new("AES", $key, $iv, $adata, $tag_len, $pt_len);
 my $pt = $ae->decrypt_add('ciphertext1');
 $pt .= $ae->decrypt_add('ciphertext2');
 $pt .= $ae->decrypt_add('ciphertext3');
 my $tag = $ae->decrypt_done();
 die "decrypt failed" unless $tag eq $expected_tag;
 #or
 my $result = $ae->decrypt_done($expected_tag); # 0 or 1
 ### functional interface
 use Crypt::AuthEnc::CCM qw(ccm_encrypt_authenticate ccm_decrypt_verify);
- my ($ciphertext, $tag) = ccm_encrypt_authenticate('AES', $key, $nonce, $adata, $tag_len, $plaintext);
+ ($ciphertext, $tag) = ccm_encrypt_authenticate('AES', $key, $nonce, $adata, $tag_len, $plaintext);
- my $plaintext = ccm_decrypt_verify('AES', $key, $nonce, $adata, $ciphertext, $tag);
+ $plaintext = ccm_decrypt_verify('AES', $key, $nonce, $adata, $ciphertext, $tag);
 =head1 DESCRIPTION
-CCM is a encrypt+authenticate mode that is centered around using AES (or any 16-byte cipher) as aprimitive.
+CCM is a encrypt+authenticate mode that is centered around using AES (or any 16-byte cipher) as a primitive.
 Unlike EAX and OCB mode, it is only meant for packet mode where the length of the input is known in advance.
 =head1 EXPORT
@ -63,7 +63,7 @@ Nothing is exported by default.
 You can export selected functions:
-  use Crypt::AuthEnc::CCM qw(ccm_encrypt_authenticate ccm_decrypt_verify);
+ use Crypt::AuthEnc::CCM qw(ccm_encrypt_authenticate ccm_decrypt_verify);
 =head1 FUNCTIONS
@ -85,9 +85,43 @@ CCM parameters should follow L<http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistsp
 =head2 ccm_decrypt_verify
-  my $plaintext = ccm_decrypt_verify($cipher, $key, $nonce, $adata, $ciphertext, $tag);
+ my $plaintext = ccm_decrypt_verify($cipher, $key, $nonce, $adata, $ciphertext, $tag);
 # on error returns undef
-  # on error returns undef
+=head1 METHODS
 =head2 new
 my $ae = Crypt::AuthEnc::CCM->new($cipher, $key, $nonce, $adata, $tag_len, $pt_len);
 # $cipher .. 'AES' or name of any other cipher with 16-byte block len
 # $key ..... key of proper length (e.g. 128/192/256bits for AES)
 # $nonce ... unique nonce/salt (no need to keep it secret)
 # $adata ... additional authenticated data
 # $tag_len . required length of output tag
 # $pt_len .. expected length of plaintext/ciphertext to encrypt/decrypt
 =head2 encrypt_add
 $ciphertext = $ae->encrypt_add($data);        # can be called multiple times
 =head2 encrypt_done
 my $tag = $ae->encrypt_done;                  # returns $tag value
 =head2 decrypt_add
 $plaintext = $ae->decrypt_add($ciphertext);   # can be called multiple times
 =head2 decrypt_done
 my $tag = $ae->decrypt_done;           # returns $tag value
 #or
 my $result = $ae->decrypt_done($tag);  # returns 1 (success) or 0 (failure)
 =head2 clone
 my $ae_new = $ae->clone;
 =head1 SEE ALSO
@ -98,3 +132,5 @@ CCM parameters should follow L<http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistsp
 =item * L<https://en.wikipedia.org/wiki/CCM_mode|https://en.wikipedia.org/wiki/CCM_mode>
 =back
 =cut
--- a/lib/Crypt/AuthEnc/ChaCha20Poly1305.pm
+++ b/lib/Crypt/AuthEnc/ChaCha20Poly1305.pm
@ -2,42 +2,18 @@ package Crypt::AuthEnc::ChaCha20Poly1305;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use base qw(Crypt::AuthEnc Exporter);
+require Exporter; our @ISA = qw(Exporter); ### use Exporter 'import';
 our %EXPORT_TAGS = ( all => [qw( chacha20poly1305_encrypt_authenticate chacha20poly1305_decrypt_verify )] );
 our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
 our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
 use CryptX;
-sub new { my $class = shift; _new(@_) }
+sub CLONE_SKIP { 1 } # prevent cloning
 sub chacha20poly1305_encrypt_authenticate {
  my $key = shift;
  my $iv = shift;
  my $adata = shift;
  my $plaintext = shift;
  my $m = Crypt::AuthEnc::ChaCha20Poly1305->new($key, $iv);
  $m->adata_add(defined $adata ? $adata : ''); #XXX-TODO if no aad we have to pass empty string
  my $ct = $m->encrypt_add($plaintext);
  my $tag = $m->encrypt_done;
  return ($ct, $tag);
 }
 sub chacha20poly1305_decrypt_verify {
  my $key = shift;
  my $iv = shift;
  my $adata = shift;
  my $ciphertext = shift;
  my $tag = shift;
  my $m = Crypt::AuthEnc::ChaCha20Poly1305->new($key, $iv);
  $m->adata_add(defined $adata ? $adata : ''); #XXX-TODO if no aad we have to pass empty string
  my $ct = $m->decrypt_add($ciphertext);
  return $m->decrypt_done($tag) ? $ct : undef;
 }
 1;
@ -45,7 +21,7 @@ sub chacha20poly1305_decrypt_verify {
 =head1 NAME
-Crypt::AuthEnc::ChaCha20Poly1305 - Authenticated encryption in ChaCha20Poly1305 mode
+Crypt::AuthEnc::ChaCha20Poly1305 - Authenticated encryption in ChaCha20-Poly1305 mode
 =head1 SYNOPSIS
@ -54,25 +30,25 @@ Crypt::AuthEnc::ChaCha20Poly1305 - Authenticated encryption in ChaCha20Poly1305
 # encrypt and authenticate
 my $ae = Crypt::AuthEnc::ChaCha20Poly1305->new($key, $iv);
- $ae->aad_add('additional_authenticated_data1');
+ $ae->adata_add('additional_authenticated_data1');
- $ae->aad_add('additional_authenticated_data2');
+ $ae->adata_add('additional_authenticated_data2');
- $ct = $ae->encrypt_add('data1');
+ my $ct = $ae->encrypt_add('data1');
- $ct = $ae->encrypt_add('data2');
+ $ct .= $ae->encrypt_add('data2');
- $ct = $ae->encrypt_add('data3');
+ $ct .= $ae->encrypt_add('data3');
- $tag = $ae->encrypt_done();
+ my $tag = $ae->encrypt_done();
 # decrypt and verify
 my $ae = Crypt::AuthEnc::ChaCha20Poly1305->new($key, $iv);
- $ae->aad_add('additional_authenticated_data1');
+ $ae->adata_add('additional_authenticated_data1');
- $ae->aad_add('additional_authenticated_data2');
+ $ae->adata_add('additional_authenticated_data2');
- $pt = $ae->decrypt_add('ciphertext1');
+ my $pt = $ae->decrypt_add('ciphertext1');
- $pt = $ae->decrypt_add('ciphertext2');
+ $pt .= $ae->decrypt_add('ciphertext2');
- $pt = $ae->decrypt_add('ciphertext3');
+ $pt .= $ae->decrypt_add('ciphertext3');
- $tag = $ae->decrypt_done();
+ my $tag = $ae->decrypt_done();
 die "decrypt failed" unless $tag eq $expected_tag;
 #or
- my $result = $ae->decrypt_done($expected_tag) die "decrypt failed";
+ my $result = $ae->decrypt_done($expected_tag); # 0 or 1
 ### functional interface
 use Crypt::AuthEnc::ChaCha20Poly1305 qw(chacha20poly1305_encrypt_authenticate chacha20poly1305_decrypt_verify);
@ -105,7 +81,6 @@ You can export selected functions:
 =head2 chacha20poly1305_decrypt_verify
 my $plaintext = chacha20poly1305_decrypt_verify($key, $iv, $adata, $ciphertext, $tag);
 # on error returns undef
 =head1 METHODS
@ -117,42 +92,48 @@ You can export selected functions:
 # $key ..... encryption key of proper length (128 or 256 bits / 16 or 32 bytes)
 # $iv ...... initialization vector (64 or 96 bits / 8 or 12 bytes)
-=head2 aad_add
+=head2 adata_add
 Add B<additional authenticated data>.
 Can be called before the first C<encrypt_add> or C<decrypt_add>;
- $ae->aad_add($aad_data);                       #can be called multiple times
+ $ae->adata_add($aad_data);                     # can be called multiple times
 =head2 encrypt_add
- $ciphertext = $ae->encrypt_add($data);         #can be called multiple times
+ $ciphertext = $ae->encrypt_add($data);         # can be called multiple times
 =head2 encrypt_done
- $tag = $ae->encrypt_done();
+ $tag = $ae->encrypt_done();                    # returns $tag value
 =head2 decrypt_add
- $plaintext = $ae->decrypt_add($ciphertext);    #can be called multiple times
+ $plaintext = $ae->decrypt_add($ciphertext);    # can be called multiple times
 =head2 decrypt_done
 my $result = $ae->decrypt_done($tag);  # returns 1 (success) or 0 (failure)
 #or
 my $tag = $ae->decrypt_done;           # returns $tag value
 #or
 my $result = $ae->decrypt_done($tag);  # returns 1 (success) or 0 (failure)
 =head2 set_iv
 my $ae = Crypt::AuthEnc::ChaCha20Poly1305->new($key)->set_iv($iv);
 # $iv ...... initialization vector (64 or 96 bits / 8 or 12 bytes)
 =head2 set_iv_rfc7905
 See L<https://tools.ietf.org/html/rfc7905>
 my $ae = Crypt::AuthEnc::ChaCha20Poly1305->new($key)->set_iv_rfc7905($iv, $seqnum);
 # $iv ...... initialization vector (96 bits / 12 bytes)
 # $seqnum .. 64bit integer (sequence number)
 =head2 clone
 my $ae_new = $ae->clone;
 =head2 set_iv
 $ae->set_iv($iv);
 =head2 set_iv_rfc7905
 $ae->set_iv_rfc7905($iv, $seqnum);
 =head1 SEE ALSO
 =over
@ -162,3 +143,5 @@ Can be called before the first C<encrypt_add> or C<decrypt_add>;
 =item * L<https://tools.ietf.org/html/rfc7539>
 =back
 =cut
--- a/lib/Crypt/AuthEnc/EAX.pm
+++ b/lib/Crypt/AuthEnc/EAX.pm
@ -2,60 +2,22 @@ package Crypt::AuthEnc::EAX;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use base qw(Crypt::AuthEnc Exporter);
+require Exporter; our @ISA = qw(Exporter); ### use Exporter 'import';
 our %EXPORT_TAGS = ( all => [qw( eax_encrypt_authenticate eax_decrypt_verify )] );
 our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
 our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
 use CryptX;
 use Crypt::Cipher;
-### the following methods/functions are implemented in XS:
+# obsolete, only for backwards compatibility
-# - _new
+sub header_add { goto &adata_add }
-# - DESTROY
+sub aad_add    { goto &adata_add }
 # - clone
 # - encrypt_add
 # - encrypt_done
 # - decrypt_add
 # - decrypt_done
 # - aad_add
-sub new { my $class = shift; _new(Crypt::Cipher::_trans_cipher_name(shift), @_) }
+sub CLONE_SKIP { 1 } # prevent cloning
 sub eax_encrypt_authenticate {
  my $cipher_name = shift;
  my $key = shift;
  my $iv = shift;
  my $adata = shift;
  my $plaintext = shift;
  my $m = Crypt::AuthEnc::EAX->new($cipher_name, $key, $iv);
  $m->aad_add($adata) if defined $adata;
  my $ct = $m->encrypt_add($plaintext);
  my $tag = $m->encrypt_done;
  return ($ct, $tag);
 }
 sub eax_decrypt_verify {
  my $cipher_name = shift;
  my $key = shift;
  my $iv = shift;
  my $adata = shift;
  my $ciphertext = shift;
  my $tag = shift;
  my $m = Crypt::AuthEnc::EAX->new($cipher_name, $key, $iv);
  $m->aad_add($adata) if defined $adata;
  my $ct = $m->decrypt_add($ciphertext);
  return $m->decrypt_done($tag) ? $ct : undef;
 }
 sub header_add {
  # obsolete, only for backwards compatibility
  shift->aad_add(@_);
 }
 1;
@ -72,25 +34,25 @@ Crypt::AuthEnc::EAX - Authenticated encryption in EAX mode
 # encrypt and authenticate
 my $ae = Crypt::AuthEnc::EAX->new("AES", $key, $iv);
- $ae->aad_add('additional_authenticated_data1');
+ $ae->adata_add('additional_authenticated_data1');
- $ae->aad_add('additional_authenticated_data2');
+ $ae->adata_add('additional_authenticated_data2');
- $ct = $ae->encrypt_add('data1');
+ my $ct = $ae->encrypt_add('data1');
- $ct = $ae->encrypt_add('data2');
+ $ct .= $ae->encrypt_add('data2');
- $ct = $ae->encrypt_add('data3');
+ $ct .= $ae->encrypt_add('data3');
- $tag = $ae->encrypt_done();
+ my $tag = $ae->encrypt_done();
 # decrypt and verify
 my $ae = Crypt::AuthEnc::EAX->new("AES", $key, $iv);
- $ae->aad_add('additional_authenticated_data1');
+ $ae->adata_add('additional_authenticated_data1');
- $ae->aad_add('additional_authenticated_data2');
+ $ae->adata_add('additional_authenticated_data2');
- $pt = $ae->decrypt_add('ciphertext1');
+ my $pt = $ae->decrypt_add('ciphertext1');
- $pt = $ae->decrypt_add('ciphertext2');
+ $pt .= $ae->decrypt_add('ciphertext2');
- $pt = $ae->decrypt_add('ciphertext3');
+ $pt .= $ae->decrypt_add('ciphertext3');
- $tag = $ae->decrypt_done();
+ my $tag = $ae->decrypt_done();
 die "decrypt failed" unless $tag eq $expected_tag;
 #or
- my $result = $ae->decrypt_done($expected_tag) die "decrypt failed";
+ my $result = $ae->decrypt_done($expected_tag); # 0 or 1
 ### functional interface
 use Crypt::AuthEnc::EAX qw(eax_encrypt_authenticate eax_decrypt_verify);
@ -101,7 +63,7 @@ Crypt::AuthEnc::EAX - Authenticated encryption in EAX mode
 =head1 DESCRIPTION
 EAX is a mode that requires a cipher, CTR and OMAC support and provides encryption and authentication.
-It is initialized with a random IV that can be shared publicly, additional authenticated data which can 
+It is initialized with a random IV that can be shared publicly, additional authenticated data which can
 be fixed and public, and a random secret symmetric key.
 =head1 EXPORT
@ -125,9 +87,8 @@ You can export selected functions:
 =head2 eax_decrypt_verify
-  my $plaintext = eax_decrypt_verify($cipher, $key, $iv, $adata, $ciphertext, $tag);
+ my $plaintext = eax_decrypt_verify($cipher, $key, $iv, $adata, $ciphertext, $tag);
-
+ # on error returns undef
  # on error returns undef
 =head1 METHODS
@ -142,27 +103,27 @@ You can export selected functions:
 # $iv ...... unique initialization vector (no need to keep it secret)
 # $adata ... additional authenticated data (optional)
-=head2 aad_add
+=head2 adata_add
- $ae->aad_add($adata);                          #can be called multiple times
+ $ae->adata_add($adata);                        # can be called multiple times
 =head2 encrypt_add
- $ciphertext = $ae->encrypt_add($data);         #can be called multiple times
+ $ciphertext = $ae->encrypt_add($data);         # can be called multiple times
 =head2 encrypt_done
- $tag = $ae->encrypt_done();
+ $tag = $ae->encrypt_done();                    # returns $tag value
 =head2 decrypt_add
- $plaintext = $ae->decrypt_add($ciphertext);    #can be called multiple times
+ $plaintext = $ae->decrypt_add($ciphertext);    # can be called multiple times
 =head2 decrypt_done
 my $result = $ae->decrypt_done($tag);  # returns 1 (success) or 0 (failure)
 #or
 my $tag = $ae->decrypt_done;           # returns $tag value
 #or
 my $result = $ae->decrypt_done($tag);  # returns 1 (success) or 0 (failure)
 =head2 clone
@ -177,3 +138,5 @@ You can export selected functions:
 =item * L<https://en.wikipedia.org/wiki/EAX_mode|https://en.wikipedia.org/wiki/EAX_mode>
 =back
 =cut
--- a/lib/Crypt/AuthEnc/GCM.pm
+++ b/lib/Crypt/AuthEnc/GCM.pm
@ -2,53 +2,18 @@ package Crypt::AuthEnc::GCM;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use base qw(Crypt::AuthEnc Exporter);
+require Exporter; our @ISA = qw(Exporter); ### use Exporter 'import';
 our %EXPORT_TAGS = ( all => [qw( gcm_encrypt_authenticate gcm_decrypt_verify )] );
 our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
 our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
 use CryptX;
 use Crypt::Cipher;
-sub new {
+sub CLONE_SKIP { 1 } # prevent cloning
  my ($class, $cipher, $key, $iv) = @_;
  my $self = _new(Crypt::Cipher::_trans_cipher_name($cipher), $key);
  # for backwards compatibility the $iv is optional
  $self->iv_add($iv) if defined $iv;
  return $self;
 }
 sub gcm_encrypt_authenticate {
  my $cipher_name = shift;
  my $key = shift;
  my $iv = shift;
  my $adata = shift;
  my $plaintext = shift;
  my $m = Crypt::AuthEnc::GCM->new($cipher_name, $key);
  $m->iv_add($iv);
  $m->adata_add(defined $adata ? $adata : ''); #XXX-TODO if no aad we have to pass empty string
  my $ct = $m->encrypt_add($plaintext);
  my $tag = $m->encrypt_done;
  return ($ct, $tag);
 }
 sub gcm_decrypt_verify {
  my $cipher_name = shift;
  my $key = shift;
  my $iv = shift;
  my $adata = shift;
  my $ciphertext = shift;
  my $tag = shift;
  my $m = Crypt::AuthEnc::GCM->new($cipher_name, $key);
  $m->iv_add($iv);
  $m->adata_add(defined $adata ? $adata : ''); #XXX-TODO if no aad we have to pass empty string
  my $ct = $m->decrypt_add($ciphertext);
  return $m->decrypt_done($tag) ? $ct : undef;
 }
 1;
@ -65,25 +30,25 @@ Crypt::AuthEnc::GCM - Authenticated encryption in GCM mode
 # encrypt and authenticate
 my $ae = Crypt::AuthEnc::GCM->new("AES", $key, $iv);
- $ae->aad_add('additional_authenticated_data1');
+ $ae->adata_add('additional_authenticated_data1');
- $ae->aad_add('additional_authenticated_data2');
+ $ae->adata_add('additional_authenticated_data2');
- $ct = $ae->encrypt_add('data1');
+ my $ct = $ae->encrypt_add('data1');
- $ct = $ae->encrypt_add('data2');
+ $ct .= $ae->encrypt_add('data2');
- $ct = $ae->encrypt_add('data3');
+ $ct .= $ae->encrypt_add('data3');
- $tag = $ae->encrypt_done();
+ my $tag = $ae->encrypt_done();
 # decrypt and verify
 my $ae = Crypt::AuthEnc::GCM->new("AES", $key, $iv);
- $ae->aad_add('additional_authenticated_data1');
+ $ae->adata_add('additional_authenticated_data1');
- $ae->aad_add('additional_authenticated_data2');
+ $ae->adata_add('additional_authenticated_data2');
- $pt = $ae->decrypt_add('ciphertext1');
+ my $pt = $ae->decrypt_add('ciphertext1');
- $pt = $ae->decrypt_add('ciphertext2');
+ $pt .= $ae->decrypt_add('ciphertext2');
- $pt = $ae->decrypt_add('ciphertext3');
+ $pt .= $ae->decrypt_add('ciphertext3');
- $tag = $ae->decrypt_done();
+ my $tag = $ae->decrypt_done();
 die "decrypt failed" unless $tag eq $expected_tag;
 #or
- my $result = $ae->decrypt_done($expected_tag) die "decrypt failed";
+ my $result = $ae->decrypt_done($expected_tag); # 0 or 1
 ### functional interface
 use Crypt::AuthEnc::GCM qw(gcm_encrypt_authenticate gcm_decrypt_verify);
@ -117,7 +82,6 @@ You can export selected functions:
 =head2 gcm_decrypt_verify
 my $plaintext = gcm_decrypt_verify($cipher, $key, $iv, $adata, $ciphertext, $tag);
 # on error returns undef
 =head1 METHODS
@ -134,31 +98,34 @@ You can export selected functions:
 =head2 iv_add
- $ae->iv_add($iv_data);                 #can be called multiple times
+Set initialization vector (IV).
-=head2 aad_add
+ $ae->iv_add($iv_data);                        #can be called multiple times
-Can be called B<after> all C<iv_add> calls but before the first C<encrypt_add> or C<decrypt_add>;
+=head2 adata_add
- $ae->aad_add($aad_data);               #can be called multiple times
+Add B<additional authenticated data>.
 Can be called B<after> all C<iv_add> calls but before the first C<encrypt_add> or C<decrypt_add>.
 $ae->adata_add($aad_data);                    # can be called multiple times
 =head2 encrypt_add
- $ciphertext = $ae->encrypt_add($data);        #can be called multiple times
+ $ciphertext = $ae->encrypt_add($data);        # can be called multiple times
 =head2 encrypt_done
- $tag = $ae->encrypt_done();
+ $tag = $ae->encrypt_done();                   # returns $tag value
 =head2 decrypt_add
- $plaintext = $ae->decrypt_add($ciphertext);   #can be called multiple times
+ $plaintext = $ae->decrypt_add($ciphertext);   # can be called multiple times
 =head2 decrypt_done
 my $result = $ae->decrypt_done($tag);  # returns 1 (success) or 0 (failure)
 #or
 my $tag = $ae->decrypt_done;           # returns $tag value
 #or
 my $result = $ae->decrypt_done($tag);  # returns 1 (success) or 0 (failure)
 =head2 reset
@ -177,3 +144,5 @@ Can be called B<after> all C<iv_add> calls but before the first C<encrypt_add> o
 =item * L<https://en.wikipedia.org/wiki/Galois/Counter_Mode>
 =back
 =cut
--- a/lib/Crypt/AuthEnc/OCB.pm
+++ b/lib/Crypt/AuthEnc/OCB.pm
@ -2,50 +2,22 @@ package Crypt::AuthEnc::OCB;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use base qw(Crypt::AuthEnc Exporter);
+require Exporter; our @ISA = qw(Exporter); ### use Exporter 'import';
 our %EXPORT_TAGS = ( all => [qw( ocb_encrypt_authenticate ocb_decrypt_verify )] );
 our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
 our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
 use CryptX;
 use Crypt::Cipher;
-sub new { my $class = shift; _new(Crypt::Cipher::_trans_cipher_name(shift), @_) }
+# obsolete, only for backwards compatibility
 sub aad_add { goto &adata_add }
 sub blocksize { return 16 }
-sub ocb_encrypt_authenticate {
+sub CLONE_SKIP { 1 } # prevent cloning
  my $cipher_name = shift;
  my $key = shift;
  my $nonce = shift;
  my $adata = shift;
  my $plaintext = shift;
  my $m = Crypt::AuthEnc::OCB->new($cipher_name, $key, $nonce);
  $m->aad_add($adata) if defined $adata;
  my $ct = $m->encrypt_last($plaintext);
  my $tag = $m->encrypt_done;
  return ($ct, $tag);
 }
 sub ocb_decrypt_verify {
  my $cipher_name = shift;
  my $key = shift;
  my $nonce = shift;
  my $adata = shift;
  my $ciphertext = shift;
  my $tag = shift;
  my $m = Crypt::AuthEnc::OCB->new($cipher_name, $key, $nonce);
  $m->aad_add($adata) if defined $adata;
  my $ct = $m->decrypt_last($ciphertext);
  return $m->decrypt_done($tag) ? $ct : undef;
 }
 sub adata_add {
  # obsolete, only for backwards compatibility
  shift->aad_add(@_);
 }
 1;
@ -61,34 +33,38 @@ Crypt::AuthEnc::OCB - Authenticated encryption in OCBv3 mode
 use Crypt::AuthEnc::OCB;
 # encrypt and authenticate
- my $ae = Crypt::AuthEnc::OCB->new("AES", $key, $nonce);
+ my $ae = Crypt::AuthEnc::OCB->new("AES", $key, $nonce, $tag_len);
- $ae->aad_add('additional_authenticated_data1');
+ $ae->adata_add('additional_authenticated_data1');
- $ae->aad_add('additional_authenticated_data2');
+ $ae->adata_add('additional_authenticated_data2');
- $ct = $ae->encrypt_add('data1');
+ my $ct = $ae->encrypt_add('data1');
- $ct = $ae->encrypt_add('data2');
+ $ct .= $ae->encrypt_add('data2');
- $ct = $ae->encrypt_add('data3');
+ $ct .= $ae->encrypt_add('data3');
- $ct = $ae->encrypt_last('rest of data');
+ $ct .= $ae->encrypt_last('rest of data');
- ($ct,$tag) = $ae->encrypt_done();
+ my $tag = $ae->encrypt_done();
 # decrypt and verify
- my $ae = Crypt::AuthEnc::OCB->new("AES", $key, $nonce);
+ my $ae = Crypt::AuthEnc::OCB->new("AES", $key, $nonce, $tag_len);
- $ae->aad_add('additional_authenticated_data1');
+ $ae->adata_add('additional_authenticated_data1');
- $ae->aad_add('additional_authenticated_data2');
+ $ae->adata_add('additional_authenticated_data2');
- $pt = $ae->decrypt_add('ciphertext1');
+ my $pt = $ae->decrypt_add('ciphertext1');
- $pt = $ae->decrypt_add('ciphertext2');
+ $pt .= $ae->decrypt_add('ciphertext2');
- $pt = $ae->decrypt_add('ciphertext3');
+ $pt .= $ae->decrypt_add('ciphertext3');
- $pt = $ae->decrypt_last('rest of data');
+ $pt .= $ae->decrypt_last('rest of data');
- ($pt,$tag) = $ae->decrypt_done();
+ my $tag = $ae->decrypt_done();
 die "decrypt failed" unless $tag eq $expected_tag;
 #or
 my $result = $ae->decrypt_done($expected_tag); # 0 or 1
 ### functional interface
 use Crypt::AuthEnc::OCB qw(ocb_encrypt_authenticate ocb_decrypt_verify);
- my ($ciphertext, $tag) = ocb_encrypt_authenticate('AES', $key, $nonce, $adata, $plaintext);
+ my ($ciphertext, $tag) = ocb_encrypt_authenticate('AES', $key, $nonce, $adata, $tag_len, $plaintext);
 my $plaintext = ocb_decrypt_verify('AES', $key, $nonce, $adata, $ciphertext, $tag);
 =head1 DESCRIPTION
-This module implements OCB version 3 according http://datatracker.ietf.org/doc/draft-irtf-cfrg-ocb/
+This module implements OCB v3 according to L<https://tools.ietf.org/html/rfc7253>
 =head1 EXPORT
@ -102,36 +78,37 @@ You can export selected functions:
 =head2 ocb_encrypt_authenticate
- my ($ciphertext, $tag) = ocb_encrypt_authenticate($cipher, $key, $nonce, $adata, $plaintext);
+ my ($ciphertext, $tag) = ocb_encrypt_authenticate($cipher, $key, $nonce, $adata, $tag_len, $plaintext);
 # $cipher .. 'AES' or name of any other cipher with 16-byte block len
 # $key ..... AES key of proper length (128/192/256bits)
 # $nonce ... unique nonce/salt (no need to keep it secret)
 # $adata ... additional authenticated data
 # $tag_len . required length of output tag
 =head2 ocb_decrypt_verify
  my $plaintext = ocb_decrypt_verify($cipher, $key, $nonce, $adata, $ciphertext, $tag);
  # on error returns undef
 =head1 METHODS
 =head2 new
- my $ae = Crypt::AuthEnc::OCB->new($cipher, $key, $nonce);
+ my $ae = Crypt::AuthEnc::OCB->new($cipher, $key, $nonce, $tag_len);
 # $cipher .. 'AES' or name of any other cipher with 16-byte block len
 # $key ..... AES key of proper length (128/192/256bits)
 # $nonce ... unique nonce/salt (no need to keep it secret)
 # $tag_len . required length of output tag
-=head2 aad_add
+=head2 adata_add
- $ae->aad_add($adata);                          #can be called multiple times
+ $ae->adata_add($adata);                        #can be called multiple times
 =head2 encrypt_add
- $ciphertext = $ae->encrypt_add($data);         #can be called multiple times
+ $ciphertext = $ae->encrypt_add($data);         # can be called multiple times
 #BEWARE: size of $data has to be multiple of blocklen (16 for AES)
@ -141,23 +118,23 @@ You can export selected functions:
 =head2 encrypt_done
- $tag = $ae->encrypt_done();
+ $tag = $ae->encrypt_done();                    # returns $tag value
 =head2 decrypt_add
- $plaintext = $ae->decrypt_add($ciphertext);    #can be called multiple times
+ $plaintext = $ae->decrypt_add($ciphertext);    # can be called multiple times
 #BEWARE: size of $ciphertext has to be multiple of blocklen (16 for AES)
-=head2 encrypt_last
+=head2 decrypt_last
 $plaintext = $ae->decrypt_last($data);
 =head2 decrypt_done
 my $result = $ae->decrypt_done($tag);  # returns 1 (success) or 0 (failure)
 #or
 my $tag = $ae->decrypt_done;           # returns $tag value
 #or
 my $result = $ae->decrypt_done($tag);  # returns 1 (success) or 0 (failure)
 =head2 clone
@ -169,6 +146,10 @@ You can export selected functions:
 =item * L<CryptX|CryptX>, L<Crypt::AuthEnc::CCM|Crypt::AuthEnc::CCM>, L<Crypt::AuthEnc::GCM|Crypt::AuthEnc::GCM>, L<Crypt::AuthEnc::EAX|Crypt::AuthEnc::EAX>
-=item * L<https://en.wikipedia.org/wiki/OCB_mode|https://en.wikipedia.org/wiki/OCB_mode>
+=item * L<https://en.wikipedia.org/wiki/OCB_mode>
-=back
+=item * L<https://tools.ietf.org/html/rfc7253>
 =back
 =cut
--- a/lib/Crypt/Checksum.pm
+++ b/lib/Crypt/Checksum.pm
@ -2,32 +2,57 @@ package Crypt::Checksum;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 require Exporter; our @ISA = qw(Exporter); ### use Exporter 'import';
-our %EXPORT_TAGS = ( all => [qw/
+our %EXPORT_TAGS = ( all => [qw/ adler32_data adler32_data_hex adler32_data_int adler32_file adler32_file_hex adler32_file_int
-                                  adler32_data adler32_data_hex adler32_data_int adler32_file adler32_file_hex adler32_file_int
+                                 crc32_data crc32_data_hex crc32_data_int crc32_file crc32_file_hex crc32_file_int /] );
                                  crc32_data crc32_data_hex crc32_data_int crc32_file crc32_file_hex crc32_file_int
                               /] );
 our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
 our @EXPORT = qw();
 use Carp;
-use Crypt::Checksum::Adler32;
+$Carp::Internal{(__PACKAGE__)}++;
 use Crypt::Checksum::CRC32;
-sub adler32_data        { Crypt::Checksum::Adler32->new->add(@_)->digest                  }
+# obsolete since v0.057, only for backwards compatibility
-sub adler32_data_hex    { Crypt::Checksum::Adler32->new->add(@_)->hexdigest               }
+use Crypt::Checksum::CRC32;
-sub adler32_data_int    { unpack("N", Crypt::Checksum::Adler32->new->add(@_)->digest)     }
+use Crypt::Checksum::Adler32;
-sub adler32_file        { Crypt::Checksum::Adler32->new->addfile(@_)->digest              }
+sub adler32_data        { goto \&Crypt::Checksum::Adler32::adler32_data     }
-sub adler32_file_hex    { Crypt::Checksum::Adler32->new->addfile(@_)->hexdigest           }
+sub adler32_data_hex    { goto \&Crypt::Checksum::Adler32::adler32_data_hex }
-sub adler32_file_int    { unpack("N", Crypt::Checksum::Adler32->new->addfile(@_)->digest) }
+sub adler32_data_int    { goto \&Crypt::Checksum::Adler32::adler32_data_int }
-sub crc32_data          { Crypt::Checksum::CRC32->new->add(@_)->digest                    }
+sub adler32_file        { goto \&Crypt::Checksum::Adler32::adler32_file     }
-sub crc32_data_hex      { Crypt::Checksum::CRC32->new->add(@_)->hexdigest                 }
+sub adler32_file_hex    { goto \&Crypt::Checksum::Adler32::adler32_file_hex }
-sub crc32_data_int      { unpack("N", Crypt::Checksum::CRC32->new->add(@_)->digest)       }
+sub adler32_file_int    { goto \&Crypt::Checksum::Adler32::adler32_file_int }
-sub crc32_file          { Crypt::Checksum::CRC32->new->addfile(@_)->digest                }
+sub crc32_data          { goto \&Crypt::Checksum::CRC32::crc32_data     }
-sub crc32_file_hex      { Crypt::Checksum::CRC32->new->addfile(@_)->hexdigest             }
+sub crc32_data_hex      { goto \&Crypt::Checksum::CRC32::crc32_data_hex }
-sub crc32_file_int      { unpack("N", Crypt::Checksum::CRC32->new->addfile(@_)->digest)   }
+sub crc32_data_int      { goto \&Crypt::Checksum::CRC32::crc32_data_int }
 sub crc32_file          { goto \&Crypt::Checksum::CRC32::crc32_file     }
 sub crc32_file_hex      { goto \&Crypt::Checksum::CRC32::crc32_file_hex }
 sub crc32_file_int      { goto \&Crypt::Checksum::CRC32::crc32_file_int }
 sub addfile {
  my ($self, $file) = @_;
  my $handle;
  if (ref(\$file) eq 'SCALAR') {        #filename
    open($handle, "<", $file) || croak "FATAL: cannot open '$file': $!";
    binmode($handle);
  }
  else {                                #handle
    $handle = $file
  }
  croak "FATAL: invalid handle" unless defined $handle;
  my $n;
  my $buf = "";
  while (($n = read($handle, $buf, 32*1024))) {
    $self->add($buf)
  }
  croak "FATAL: read failed: $!" unless defined $n;
  return $self;
 }
 sub CLONE_SKIP { 1 } # prevent cloning
 1;
@ -35,163 +60,10 @@ sub crc32_file_int      { unpack("N", Crypt::Checksum::CRC32->new->addfile(@_)->
 =head1 NAME
-Crypt::Checksum - functional interface to CRC32 and Adler32 checksums
+Crypt::Checksum - [internal only]
 =head1 SYNOPSIS
   use Crypt::Checksum ':all';
   # calculate Adler32 checksum from string/buffer
   $checksum_raw  = adler32_data($data);
   $checksum_hex  = adler32_data_hex($data);
   # calculate Adler32 checksum from file
   $checksum_raw  = adler32_file('filename.dat');
   $checksum_hex  = adler32_file_hex('filename.dat');
   # calculate Adler32 checksum from filehandle
   $checksum_raw  = adler32_file(*FILEHANDLE);
   $checksum_hex  = adler32_file_hex(*FILEHANDLE);
   # calculate CRC32 checksum from string/buffer
   $checksum_raw  = crc32_data($data);
   $checksum_hex  = crc32_data_hex($data);
   # calculate CRC32 checksum from file
   $checksum_raw  = crc32_file('filename.dat');
   $checksum_hex  = crc32_file_hex('filename.dat');
   # calculate CRC32 checksum from filehandle
   $checksum_raw  = crc32_file(*FILEHANDLE);
   $checksum_hex  = crc32_file_hex(*FILEHANDLE);
 =head1 DESCRIPTION
-Calculating CRC32 and Adler32 checksums (functional interface);
+You are probably looking for L<Crypt::Checksum::CRC32> or L<Crypt::Checksum::Adler32>.
-I<Since: CryptX-0.032>
+=cut
 =head1 EXPORT
 Nothing is exported by default.
 You can export selected functions:
  use Crypt::Checksum qw( adler32_data adler32_data_hex adler32_file adler32_file_hex
                          crc32_data crc32_data_hex crc32_file crc32_file_hex );
 Or all of them at once:
  use Crypt::Checksum ':all';
 =head1 FUNCTIONS
 =head2 adler32_data
 Returns checksum as raw octects.
 $checksum_raw = adler32_data('data string');
 #or
 $checksum_raw = adler32_data('any data', 'more data', 'even more data');
 =head2 adler32_data_hex
 Returns checksum as a hexadecimal string.
 $checksum_hex = adler32_data_hex('data string');
 #or
 $checksum_hex = adler32_data_hex('any data', 'more data', 'even more data');
 =head2 adler32_data_int
 Returns checksum as unsingned 32bit integer.
 $checksum_hex = adler32_data_int('data string');
 #or
 $checksum_hex = adler32_data_int('any data', 'more data', 'even more data');
 =head2 adler32_file
 Returns checksum as raw octects.
 $checksum_raw = adler32_file('filename.dat');
 #or
 $checksum_raw = adler32_file(*FILEHANDLE);
 =head2 adler32_file_hex
 Returns checksum as a hexadecimal string.
 $checksum_hex = adler32_file_hex('filename.dat');
 #or
 $checksum_hex = adler32_file_hex(*FILEHANDLE);
 =head2 adler32_file_int
 Returns checksum as unsingned 32bit integer.
 $checksum_hex = adler32_file_int('data string');
 #or
 $checksum_hex = adler32_file_int('any data', 'more data', 'even more data');
 =head2 crc32_data
 Returns checksum as raw octects.
 $checksum_raw = crc32_data('data string');
 #or
 $checksum_raw = crc32_data('any data', 'more data', 'even more data');
 =head2 crc32_data_hex
 Returns checksum as a hexadecimal string.
 $checksum_hex = crc32_data_hex('data string');
 #or
 $checksum_hex = crc32_data_hex('any data', 'more data', 'even more data');
 =head2 crc32_data_int
 Returns checksum as unsingned 32bit integer.
 $checksum_hex = crc32_data_int('data string');
 #or
 $checksum_hex = crc32_data_int('any data', 'more data', 'even more data');
 =head2 crc32_file
 Returns checksum as raw octects.
 $checksum_raw = crc32_file('filename.dat');
 #or
 $checksum_raw = crc32_file(*FILEHANDLE);
 =head2 crc32_file_hex
 Returns checksum as a hexadecimal string.
 $checksum_hex = crc32_file_hex('filename.dat');
 #or
 $checksum_hex = crc32_file_hex(*FILEHANDLE);
 =head2 crc32_file_int
 Returns checksum as unsingned 32bit integer.
 $checksum_hex = crc32_file_int('data string');
 #or
 $checksum_hex = crc32_file_int('any data', 'more data', 'even more data');
 =head1 SEE ALSO
 =over
 =item * L<CryptX|CryptX>, L<Crypt::Checksum::Adler32>, L<Crypt::Checksum::CRC32>
 =item * L<https://en.wikipedia.org/wiki/Adler-32>
 =item * L<https://en.wikipedia.org/wiki/Cyclic_redundancy_check>
 =back
 =cut
--- a/lib/Crypt/Checksum/Adler32.pm
+++ b/lib/Crypt/Checksum/Adler32.pm
@ -2,34 +2,20 @@ package Crypt::Checksum::Adler32;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 use base qw(Crypt::Checksum Exporter);
 our %EXPORT_TAGS = ( all => [qw( adler32_data adler32_data_hex adler32_data_int adler32_file adler32_file_hex adler32_file_int )] );
 our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
 our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
 use CryptX;
-sub addfile {
+sub adler32_file     { local $SIG{__DIE__} = \&CryptX::_croak; Crypt::Checksum::Adler32->new->addfile(@_)->digest    }
-  my ($self, $file) = @_;
+sub adler32_file_hex { local $SIG{__DIE__} = \&CryptX::_croak; Crypt::Checksum::Adler32->new->addfile(@_)->hexdigest }
-
+sub adler32_file_int { local $SIG{__DIE__} = \&CryptX::_croak; Crypt::Checksum::Adler32->new->addfile(@_)->intdigest }
  my $handle;
  if (ref(\$file) eq 'SCALAR') {        #filename
    open($handle, "<", $file) || croak "FATAL: cannot open '$file': $!";
    binmode($handle);
  }
  else {                                #handle
    $handle = $file
  }
  croak "FATAL: invalid handle" unless defined $handle;
  my $n;
  my $buf = "";
  while (($n = read($handle, $buf, 32*1024))) {
    $self->add($buf)
  }
  croak "FATAL: read failed: $!" unless defined $n;
  return $self;
 }
 sub CLONE_SKIP { 1 } # prevent cloning
 1;
@ -41,20 +27,101 @@ Crypt::Checksum::Adler32 - Compute Adler32 checksum
 =head1 SYNOPSIS
   ### Functional interface:
   use Crypt::Checksum::Adler32 ':all';
   # calculate Adler32 checksum from string/buffer
   $checksum_raw  = adler32_data($data);
   $checksum_hex  = adler32_data_hex($data);
   $checksum_int  = adler32_data_int($data);
   # calculate Adler32 checksum from file
   $checksum_raw  = adler32_file('filename.dat');
   $checksum_hex  = adler32_file_hex('filename.dat');
   $checksum_int  = adler32_file_int('filename.dat');
   # calculate Adler32 checksum from filehandle
   $checksum_raw  = adler32_file(*FILEHANDLE);
   $checksum_hex  = adler32_file_hex(*FILEHANDLE);
   $checksum_int  = adler32_file_int(*FILEHANDLE);
   ### OO interface:
   use Crypt::Checksum::Adler32;
   $d = Crypt::Checksum::Adler32->new;
   $d->add('any data');
   $d->add('another data');
   $d->addfile('filename.dat');
   $d->addfile(*FILEHANDLE);
-   $checksum_raw  = $d->digest;     # raw bytes
+   $checksum_raw  = $d->digest;     # raw 4 bytes
   $checksum_hex  = $d->hexdigest;  # hexadecimal form
   $checksum_int  = $d->intdigest;  # 32bit unsigned integer
 =head1 DESCRIPTION
-Calculating Adler32 checksums (OO interface);
+Calculating Adler32 checksums.
-I<Since: CryptX-0.032>
+I<Updated: v0.057>
 =head1 EXPORT
 Nothing is exported by default.
 You can export selected functions:
 use Crypt::Checksum::Adler32 qw(adler32_data adler32_data_hex adler32_data_int adler32_file adler32_file_hex adler32_file_int);
 Or all of them at once:
 use Crypt::Checksum::Adler32 ':all';
 =head1 FUNCTIONS
 =head2 adler32_data
 Returns checksum as raw octects.
 $checksum_raw = adler32_data('data string');
 #or
 $checksum_raw = adler32_data('any data', 'more data', 'even more data');
 =head2 adler32_data_hex
 Returns checksum as a hexadecimal string.
 $checksum_hex = adler32_data_hex('data string');
 #or
 $checksum_hex = adler32_data_hex('any data', 'more data', 'even more data');
 =head2 adler32_data_int
 Returns checksum as unsigned 32bit integer.
 $checksum_int = adler32_data_int('data string');
 #or
 $checksum_int = adler32_data_int('any data', 'more data', 'even more data');
 =head2 adler32_file
 Returns checksum as raw octects.
 $checksum_raw = adler32_file('filename.dat');
 #or
 $checksum_raw = adler32_file(*FILEHANDLE);
 =head2 adler32_file_hex
 Returns checksum as a hexadecimal string.
 $checksum_hex = adler32_file_hex('filename.dat');
 #or
 $checksum_hex = adler32_file_hex(*FILEHANDLE);
 =head2 adler32_file_int
 Returns checksum as unsigned 32bit integer.
 $checksum_int = adler32_file_int('filename.dat');
 #or
 $checksum_int = adler32_file_int(*FILEHANDLE);
 =head1 METHODS
@ -108,14 +175,20 @@ Returns the checksum encoded as a hexadecimal string.
 $result_hex = $d->hexdigest();
 =head2 intdigest
 Returns the checksum encoded as unsigned 32bit integer.
 $result_int = $d->intdigest();
 =head1 SEE ALSO
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Checksum>
+=item * L<CryptX|CryptX>
 =item * L<https://en.wikipedia.org/wiki/Adler-32>
 =back
-=cut
+=cut
--- a/lib/Crypt/Checksum/CRC32.pm
+++ b/lib/Crypt/Checksum/CRC32.pm
@ -2,34 +2,20 @@ package Crypt::Checksum::CRC32;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 use base qw(Crypt::Checksum Exporter);
 our %EXPORT_TAGS = ( all => [qw( crc32_data crc32_data_hex crc32_data_int crc32_file crc32_file_hex crc32_file_int )] );
 our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
 our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
 use CryptX;
-sub addfile {
+sub crc32_file     { local $SIG{__DIE__} = \&CryptX::_croak; Crypt::Checksum::CRC32->new->addfile(@_)->digest    }
-  my ($self, $file) = @_;
+sub crc32_file_hex { local $SIG{__DIE__} = \&CryptX::_croak; Crypt::Checksum::CRC32->new->addfile(@_)->hexdigest }
-
+sub crc32_file_int { local $SIG{__DIE__} = \&CryptX::_croak; Crypt::Checksum::CRC32->new->addfile(@_)->intdigest }
  my $handle;
  if (ref(\$file) eq 'SCALAR') {        #filename
    open($handle, "<", $file) || croak "FATAL: cannot open '$file': $!";
    binmode($handle);
  }
  else {                                #handle
    $handle = $file
  }
  croak "FATAL: invalid handle" unless defined $handle;
  my $n;
  my $buf = "";
  while (($n = read($handle, $buf, 32*1024))) {
    $self->add($buf)
  }
  croak "FATAL: read failed: $!" unless defined $n;
  return $self;
 }
 sub CLONE_SKIP { 1 } # prevent cloning
 1;
@ -41,20 +27,101 @@ Crypt::Checksum::CRC32 - Compute CRC32 checksum
 =head1 SYNOPSIS
   ### Functional interface:
   use Crypt::Checksum::CRC32 ':all';
   # calculate CRC32 checksum from string/buffer
   $checksum_raw  = crc32_data($data);
   $checksum_hex  = crc32_data_hex($data);
   $checksum_int  = crc32_data_int($data);
   # calculate CRC32 checksum from file
   $checksum_raw  = crc32_file('filename.dat');
   $checksum_hex  = crc32_file_hex('filename.dat');
   $checksum_int  = crc32_file_int('filename.dat');
   # calculate CRC32 checksum from filehandle
   $checksum_raw  = crc32_file(*FILEHANDLE);
   $checksum_hex  = crc32_file_hex(*FILEHANDLE);
   $checksum_int  = crc32_file_int(*FILEHANDLE);
   ### OO interface:
   use Crypt::Checksum::CRC32;
   $d = Crypt::Checksum::CRC32->new;
   $d->add('any data');
   $d->add('another data');
   $d->addfile('filename.dat');
   $d->addfile(*FILEHANDLE);
-   $checksum_raw = $d->digest;     # raw bytes
+   $checksum_raw = $d->digest;     # raw 4 bytes
   $checksum_hex = $d->hexdigest;  # hexadecimal form
   $checksum_int = $d->intdigest;  # 32bit unsigned integer
 =head1 DESCRIPTION
-Calculating CRC32 checksums (OO interface);
+Calculating CRC32 checksums.
-I<Since: CryptX-0.032>
+I<Updated: v0.057>
 =head1 EXPORT
 Nothing is exported by default.
 You can export selected functions:
 use Crypt::Checksum::CRC32 qw(crc32_data crc32_data_hex crc32_data_int crc32_file crc32_file_hex crc32_file_int);
 Or all of them at once:
 use Crypt::Checksum::CRC32 ':all';
 =head1 FUNCTIONS
 =head2 crc32_data
 Returns checksum as raw octects.
 $checksum_raw = crc32_data('data string');
 #or
 $checksum_raw = crc32_data('any data', 'more data', 'even more data');
 =head2 crc32_data_hex
 Returns checksum as a hexadecimal string.
 $checksum_hex = crc32_data_hex('data string');
 #or
 $checksum_hex = crc32_data_hex('any data', 'more data', 'even more data');
 =head2 crc32_data_int
 Returns checksum as unsigned 32bit integer.
 $checksum_int = crc32_data_int('data string');
 #or
 $checksum_int = crc32_data_int('any data', 'more data', 'even more data');
 =head2 crc32_file
 Returns checksum as raw octects.
 $checksum_raw = crc32_file('filename.dat');
 #or
 $checksum_raw = crc32_file(*FILEHANDLE);
 =head2 crc32_file_hex
 Returns checksum as a hexadecimal string.
 $checksum_hex = crc32_file_hex('filename.dat');
 #or
 $checksum_hex = crc32_file_hex(*FILEHANDLE);
 =head2 crc32_file_int
 Returns checksum as unsigned 32bit integer.
 $checksum_int = crc32_file_int('filename.dat');
 #or
 $checksum_int = crc32_file_int(*FILEHANDLE);
 =head1 METHODS
@ -108,14 +175,20 @@ Returns the checksum encoded as a hexadecimal string.
 $result_hex = $d->hexdigest();
 =head2 intdigest
 Returns the checksum encoded as unsigned 32bit integer.
 $result_int = $d->intdigest();
 =head1 SEE ALSO
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Checksum>
+=item * L<CryptX|CryptX>
 =item * L<https://en.wikipedia.org/wiki/Cyclic_redundancy_check>
 =back
-=cut
+=cut
--- a/lib/Crypt/Cipher.pm
+++ b/lib/Crypt/Cipher.pm
@ -2,83 +2,23 @@ package Crypt::Cipher;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
 use CryptX;
 ### the following methods/functions are implemented in XS:
-# - _new
+# - new
 # - DESTROY
-# - _keysize
+# - blocksize
 # - _max_keysize
 # - _min_keysize
 # - _blocksize
 # - _default_rounds
 # - encrypt
 # - decrypt
-#functions, not methods:
+# - default_rounds
-# - _block_length_by_name
+# - encrypt
-# - _min_key_length_by_name
+# - max_keysize
-# - _max_key_length_by_name
+# - min_keysize
 # - _default_rounds_by_name
-sub _trans_cipher_name {
+sub keysize { goto \&max_keysize; } # for Crypt::CBC compatibility
  my $name = shift;
  my %trans = (
    DES_EDE     => '3des',
    SAFERP      => 'safer+',
    SAFER_K128  => 'safer-k128',
    SAFER_K64   => 'safer-k64',
    SAFER_SK128 => 'safer-sk128',
    SAFER_SK64  => 'safer-sk64',
  );
  $name =~ s/^Crypt::Cipher:://;
  return $trans{uc($name)} if defined $trans{uc($name)};
  return lc($name);
 }
 ### METHODS
 sub new {
  my $pkg = shift;
  my $cipher_name = $pkg eq __PACKAGE__ ? _trans_cipher_name(shift) : _trans_cipher_name($pkg);
  return _new($cipher_name, @_);
 }
 sub blocksize {
  my $self = shift;
  return $self->_blocksize if ref($self);
  $self = _trans_cipher_name(shift) if $self eq __PACKAGE__;
  return _block_length_by_name(_trans_cipher_name($self));
 }
 sub keysize {
  max_keysize(@_);
 }
 sub max_keysize
 {
  my $self = shift;
  return unless defined $self;
  return $self->_max_keysize if ref($self);
  $self = _trans_cipher_name(shift) if $self eq __PACKAGE__;
  return _max_key_length_by_name(_trans_cipher_name($self));
 }
 sub min_keysize {
  my $self = shift;
  return unless defined $self;
  return $self->_min_keysize if ref($self);
  $self = _trans_cipher_name(shift) if $self eq __PACKAGE__;
  return _min_key_length_by_name(_trans_cipher_name($self));
 }
 sub default_rounds {
  my $self = shift;
  return unless defined $self;
  return $self->_default_rounds if ref($self);
  $self = _trans_cipher_name(shift) if $self eq __PACKAGE__;
  return _default_rounds_by_name(_trans_cipher_name($self));
 }
 sub CLONE_SKIP { 1 } # prevent cloning
@ -121,7 +61,7 @@ Crypt::Cipher - Generic interface to cipher functions
 =head1 DESCRIPTION
-Provides an interface to various symetric cipher algorithms.
+Provides an interface to various symmetric cipher algorithms.
 B<BEWARE:> This module implements just elementary "one-block-(en|de)cryption" operation - if you want to
 encrypt/decrypt generic data you have to use some of the cipher block modes - check for example
@ -138,11 +78,11 @@ Constructor, returns a reference to the cipher object.
 # $name = one of 'AES', 'Anubis', 'Blowfish', 'CAST5', 'Camellia', 'DES', 'DES_EDE',
 #                'KASUMI', 'Khazad', 'MULTI2', 'Noekeon', 'RC2', 'RC5', 'RC6',
 #                'SAFERP', 'SAFER_K128', 'SAFER_K64', 'SAFER_SK128', 'SAFER_SK64',
- #                'SEED', 'Skipjack', 'Twofish', 'XTEA'
+ #                'SEED', 'Skipjack', 'Twofish', 'XTEA', 'IDEA', 'Serpent'
- #                simply any <CNAME> for which there exists Crypt::Cipher::<NAME>
+ #                simply any <NAME> for which there exists Crypt::Cipher::<NAME>
 # $key = binary key (keysize should comply with selected cipher requirements)
- ## some of the ciphers (e.g. MULTI2, RC5, SAFER) allows to set number of rounds
+ ## some of the ciphers (e.g. MULTI2, RC5, SAFER) allow one to set number of rounds
 $d = Crypt::Cipher->new('MULTI2', $key, $rounds);
 # $rounds = positive integer (should comply with selected cipher requirements)
@ -194,7 +134,7 @@ Returns block size (in bytes) for given cipher.
 =head2 default_rounds
-Returns default number of rounds for given cipher. NOTE: only some cipher (e.g. MULTI2, RC5, SAFER) allows to set number of rounds via new().
+Returns default number of rounds for given cipher. NOTE: only some ciphers (e.g. MULTI2, RC5, SAFER) allow one to set number of rounds via new().
 $d->default_rounds;
 #or
@ -213,5 +153,3 @@ Returns default number of rounds for given cipher. NOTE: only some cipher (e.g.
 =back
 =cut
 __END__
--- a/lib/Crypt/Cipher/AES.pm
+++ b/lib/Crypt/Cipher/AES.pm
@ -4,16 +4,15 @@ package Crypt::Cipher::AES;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use CryptX;
+use base qw(Crypt::Cipher);
 use base 'Crypt::Cipher';
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('AES')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('AES')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('AES')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('AES')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('AES') }
 1;
@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 =head1 NAME
-Crypt::Cipher::AES - Symetric cipher AES (aka Rijndael), key size: 128/192/256 bits (Crypt::CBC compliant)
+Crypt::Cipher::AES - Symmetric cipher AES (aka Rijndael), key size: 128/192/256 bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
@ -33,7 +32,7 @@ Crypt::Cipher::AES - Symetric cipher AES (aka Rijndael), key size: 128/192/256 b
  my $cbc = Crypt::Mode::CBC->new('AES');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
-  ### example 2
+  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::AES;
@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
-=item * L<http://en.wikipedia.org/wiki/Advanced_Encryption_Standard|http://en.wikipedia.org/wiki/Advanced_Encryption_Standard>
+=item * L<https://en.wikipedia.org/wiki/Advanced_Encryption_Standard>
 =back
 =cut
 __END__
--- a/lib/Crypt/Cipher/Anubis.pm
+++ b/lib/Crypt/Cipher/Anubis.pm
@ -4,16 +4,15 @@ package Crypt::Cipher::Anubis;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use CryptX;
+use base qw(Crypt::Cipher);
 use base 'Crypt::Cipher';
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('Anubis')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('Anubis')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('Anubis')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('Anubis')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('Anubis') }
 1;
@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 =head1 NAME
-Crypt::Cipher::Anubis - Symetric cipher Anubis, key size: 128-320 bits (Crypt::CBC compliant)
+Crypt::Cipher::Anubis - Symmetric cipher Anubis, key size: 128-320 bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
@ -33,7 +32,7 @@ Crypt::Cipher::Anubis - Symetric cipher Anubis, key size: 128-320 bits (Crypt::C
  my $cbc = Crypt::Mode::CBC->new('Anubis');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
-  ### example 2
+  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::Anubis;
@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
-=item * L<http://en.wikipedia.org/wiki/Anubis_(cipher)|http://en.wikipedia.org/wiki/Anubis_(cipher)>
+=item * L<https://en.wikipedia.org/wiki/Anubis_(cipher)>
 =back
 =cut
 __END__
--- a/lib/Crypt/Cipher/Blowfish.pm
+++ b/lib/Crypt/Cipher/Blowfish.pm
@ -4,16 +4,15 @@ package Crypt::Cipher::Blowfish;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use CryptX;
+use base qw(Crypt::Cipher);
 use base 'Crypt::Cipher';
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('Blowfish')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('Blowfish')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('Blowfish')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('Blowfish')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('Blowfish') }
 1;
@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 =head1 NAME
-Crypt::Cipher::Blowfish - Symetric cipher Blowfish, key size: 64-448 bits (Crypt::CBC compliant)
+Crypt::Cipher::Blowfish - Symmetric cipher Blowfish, key size: 64-448 bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
@ -33,7 +32,7 @@ Crypt::Cipher::Blowfish - Symetric cipher Blowfish, key size: 64-448 bits (Crypt
  my $cbc = Crypt::Mode::CBC->new('Blowfish');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
-  ### example 2
+  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::Blowfish;
@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
-=item * L<http://en.wikipedia.org/wiki/Blowfish_(cipher)|http://en.wikipedia.org/wiki/Blowfish_(cipher)>
+=item * L<https://en.wikipedia.org/wiki/Blowfish_(cipher)>
 =back
 =cut
 __END__
--- a/lib/Crypt/Cipher/CAST5.pm
+++ b/lib/Crypt/Cipher/CAST5.pm
@ -4,16 +4,15 @@ package Crypt::Cipher::CAST5;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use CryptX;
+use base qw(Crypt::Cipher);
 use base 'Crypt::Cipher';
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('CAST5')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('CAST5')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('CAST5')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('CAST5')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('CAST5') }
 1;
@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 =head1 NAME
-Crypt::Cipher::CAST5 - Symetric cipher CAST5 (aka CAST-128), key size: 40-128 bits (Crypt::CBC compliant)
+Crypt::Cipher::CAST5 - Symmetric cipher CAST5 (aka CAST-128), key size: 40-128 bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
@ -33,7 +32,7 @@ Crypt::Cipher::CAST5 - Symetric cipher CAST5 (aka CAST-128), key size: 40-128 bi
  my $cbc = Crypt::Mode::CBC->new('CAST5');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
-  ### example 2
+  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::CAST5;
@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
-=item * L<http://en.wikipedia.org/wiki/CAST-128|http://en.wikipedia.org/wiki/CAST-128>
+=item * L<https://en.wikipedia.org/wiki/CAST-128>
 =back
 =cut
 __END__
--- a/lib/Crypt/Cipher/Camellia.pm
+++ b/lib/Crypt/Cipher/Camellia.pm
@ -4,16 +4,15 @@ package Crypt::Cipher::Camellia;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use CryptX;
+use base qw(Crypt::Cipher);
 use base 'Crypt::Cipher';
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('Camellia')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('Camellia')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('Camellia')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('Camellia')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('Camellia') }
 1;
@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 =head1 NAME
-Crypt::Cipher::Camellia - Symetric cipher Camellia, key size: 128/192/256 bits (Crypt::CBC compliant)
+Crypt::Cipher::Camellia - Symmetric cipher Camellia, key size: 128/192/256 bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
@ -33,7 +32,7 @@ Crypt::Cipher::Camellia - Symetric cipher Camellia, key size: 128/192/256 bits (
  my $cbc = Crypt::Mode::CBC->new('Camellia');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
-  ### example 2
+  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::Camellia;
@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
-=item * L<http://en.wikipedia.org/wiki/Camellia_(cipher)|http://en.wikipedia.org/wiki/Camellia_(cipher)>
+=item * L<https://en.wikipedia.org/wiki/Camellia_(cipher)>
 =back
 =cut
 __END__
--- a/lib/Crypt/Cipher/DES.pm
+++ b/lib/Crypt/Cipher/DES.pm
@ -4,16 +4,15 @@ package Crypt::Cipher::DES;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use CryptX;
+use base qw(Crypt::Cipher);
 use base 'Crypt::Cipher';
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('DES')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('DES')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('DES')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('DES')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('DES') }
 1;
@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 =head1 NAME
-Crypt::Cipher::DES - Symetric cipher DES, key size: 64[56] bits (Crypt::CBC compliant)
+Crypt::Cipher::DES - Symmetric cipher DES, key size: 64[56] bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
@ -33,7 +32,7 @@ Crypt::Cipher::DES - Symetric cipher DES, key size: 64[56] bits (Crypt::CBC comp
  my $cbc = Crypt::Mode::CBC->new('DES');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
-  ### example 2
+  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::DES;
@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
-=item * L<http://en.wikipedia.org/wiki/Data_Encryption_Standard|http://en.wikipedia.org/wiki/Data_Encryption_Standard>
+=item * L<https://en.wikipedia.org/wiki/Data_Encryption_Standard>
 =back
 =cut
 __END__
--- a/lib/Crypt/Cipher/DES_EDE.pm
+++ b/lib/Crypt/Cipher/DES_EDE.pm
@ -4,16 +4,15 @@ package Crypt::Cipher::DES_EDE;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use CryptX;
+use base qw(Crypt::Cipher);
 use base 'Crypt::Cipher';
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('DES_EDE')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('DES_EDE')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('DES_EDE')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('DES_EDE')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('DES_EDE') }
 1;
@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 =head1 NAME
-Crypt::Cipher::DES_EDE - Symetric cipher DES_EDE (aka Tripple-DES, 3DES), key size: 192[168] bits (Crypt::CBC compliant)
+Crypt::Cipher::DES_EDE - Symmetric cipher DES_EDE (aka Triple-DES, 3DES), key size: 192[168] bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
@ -33,7 +32,7 @@ Crypt::Cipher::DES_EDE - Symetric cipher DES_EDE (aka Tripple-DES, 3DES), key si
  my $cbc = Crypt::Mode::CBC->new('DES_EDE');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
-  ### example 2
+  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::DES_EDE;
@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
-=item * L<http://en.wikipedia.org/wiki/Triple_DES|http://en.wikipedia.org/wiki/Triple_DES>
+=item * L<https://en.wikipedia.org/wiki/Triple_DES>
 =back
 =cut
 __END__
--- a/lib/Crypt/Cipher/IDEA.pm
+++ b/lib/Crypt/Cipher/IDEA.pm
@ -0,0 +1,118 @@
 package Crypt::Cipher::IDEA;
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 use strict;
 use warnings;
 our $VERSION = '0.058_002';
 use base qw(Crypt::Cipher);
 sub blocksize      { Crypt::Cipher::blocksize('IDEA')      }
 sub keysize        { Crypt::Cipher::keysize('IDEA')        }
 sub max_keysize    { Crypt::Cipher::max_keysize('IDEA')    }
 sub min_keysize    { Crypt::Cipher::min_keysize('IDEA')    }
 sub default_rounds { Crypt::Cipher::default_rounds('IDEA') }
 1;
 =pod
 =head1 NAME
 Crypt::Cipher::IDEA - Symmetric cipher IDEA, key size: 128 bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
  ### example 1
  use Crypt::Mode::CBC;
  my $key = '...'; # length has to be valid key size for this cipher
  my $iv = '...';  # 16 bytes
  my $cbc = Crypt::Mode::CBC->new('IDEA');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::IDEA;
  my $key = '...'; # length has to be valid key size for this cipher
  my $iv = '...';  # 16 bytes
  my $cbc = Crypt::CBC->new( -cipher=>'Cipher::IDEA', -key=>$key, -iv=>$iv );
  my $ciphertext = $cbc->encrypt("secret data");
 =head1 DESCRIPTION
 This module implements the IDEA cipher. Provided interface is compliant with L<Crypt::CBC|Crypt::CBC> module.
 B<BEWARE:> This module implements just elementary "one-block-(en|de)cryption" operation - if you want to
 encrypt/decrypt generic data you have to use some of the cipher block modes - check for example
 L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<Crypt::CBC|Crypt::CBC> (which will be slower).
 =head1 METHODS
 =head2 new
 $c = Crypt::Cipher::IDEA->new($key);
 #or
 $c = Crypt::Cipher::IDEA->new($key, $rounds);
 =head2 encrypt
 $ciphertext = $c->encrypt($plaintext);
 =head2 decrypt
 $plaintext = $c->decrypt($ciphertext);
 =head2 keysize
  $c->keysize;
  #or
  Crypt::Cipher::IDEA->keysize;
  #or
  Crypt::Cipher::IDEA::keysize;
 =head2 blocksize
  $c->blocksize;
  #or
  Crypt::Cipher::IDEA->blocksize;
  #or
  Crypt::Cipher::IDEA::blocksize;
 =head2 max_keysize
  $c->max_keysize;
  #or
  Crypt::Cipher::IDEA->max_keysize;
  #or
  Crypt::Cipher::IDEA::max_keysize;
 =head2 min_keysize
  $c->min_keysize;
  #or
  Crypt::Cipher::IDEA->min_keysize;
  #or
  Crypt::Cipher::IDEA::min_keysize;
 =head2 default_rounds
  $c->default_rounds;
  #or
  Crypt::Cipher::IDEA->default_rounds;
  #or
  Crypt::Cipher::IDEA::default_rounds;
 =head1 SEE ALSO
 =over
 =item * L<CryptX|CryptX>, L<Crypt::Cipher>
 =item * L<https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm>
 =back
 =cut
--- a/lib/Crypt/Cipher/KASUMI.pm
+++ b/lib/Crypt/Cipher/KASUMI.pm
@ -4,16 +4,15 @@ package Crypt::Cipher::KASUMI;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use CryptX;
+use base qw(Crypt::Cipher);
 use base 'Crypt::Cipher';
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('KASUMI')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('KASUMI')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('KASUMI')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('KASUMI')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('KASUMI') }
 1;
@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 =head1 NAME
-Crypt::Cipher::KASUMI - Symetric cipher KASUMI, key size: 128 bits (Crypt::CBC compliant)
+Crypt::Cipher::KASUMI - Symmetric cipher KASUMI, key size: 128 bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
@ -33,7 +32,7 @@ Crypt::Cipher::KASUMI - Symetric cipher KASUMI, key size: 128 bits (Crypt::CBC c
  my $cbc = Crypt::Mode::CBC->new('KASUMI');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
-  ### example 2
+  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::KASUMI;
@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
-=item * L<http://en.wikipedia.org/wiki/KASUMI_(block_cipher)|http://en.wikipedia.org/wiki/KASUMI_(block_cipher)>
+=item * L<https://en.wikipedia.org/wiki/KASUMI_(block_cipher)>
 =back
 =cut
 __END__
--- a/lib/Crypt/Cipher/Khazad.pm
+++ b/lib/Crypt/Cipher/Khazad.pm
@ -4,16 +4,15 @@ package Crypt::Cipher::Khazad;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use CryptX;
+use base qw(Crypt::Cipher);
 use base 'Crypt::Cipher';
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('Khazad')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('Khazad')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('Khazad')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('Khazad')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('Khazad') }
 1;
@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 =head1 NAME
-Crypt::Cipher::Khazad - Symetric cipher Khazad, key size: 128 bits (Crypt::CBC compliant)
+Crypt::Cipher::Khazad - Symmetric cipher Khazad, key size: 128 bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
@ -33,7 +32,7 @@ Crypt::Cipher::Khazad - Symetric cipher Khazad, key size: 128 bits (Crypt::CBC c
  my $cbc = Crypt::Mode::CBC->new('Khazad');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
-  ### example 2
+  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::Khazad;
@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
-=item * L<http://en.wikipedia.org/wiki/KHAZAD|http://en.wikipedia.org/wiki/KHAZAD>
+=item * L<https://en.wikipedia.org/wiki/KHAZAD>
 =back
 =cut
 __END__
--- a/lib/Crypt/Cipher/MULTI2.pm
+++ b/lib/Crypt/Cipher/MULTI2.pm
@ -4,16 +4,15 @@ package Crypt::Cipher::MULTI2;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use CryptX;
+use base qw(Crypt::Cipher);
 use base 'Crypt::Cipher';
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('MULTI2')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('MULTI2')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('MULTI2')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('MULTI2')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('MULTI2') }
 1;
@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 =head1 NAME
-Crypt::Cipher::MULTI2 - Symetric cipher MULTI2, key size: 320 bits (Crypt::CBC compliant)
+Crypt::Cipher::MULTI2 - Symmetric cipher MULTI2, key size: 320 bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
@ -33,7 +32,7 @@ Crypt::Cipher::MULTI2 - Symetric cipher MULTI2, key size: 320 bits (Crypt::CBC c
  my $cbc = Crypt::Mode::CBC->new('MULTI2');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
-  ### example 2
+  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::MULTI2;
@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
-=item * L<http://en.wikipedia.org/wiki/MULTI2|http://en.wikipedia.org/wiki/MULTI2>
+=item * L<https://en.wikipedia.org/wiki/MULTI2>
 =back
 =cut
 __END__
--- a/lib/Crypt/Cipher/Noekeon.pm
+++ b/lib/Crypt/Cipher/Noekeon.pm
@ -4,16 +4,15 @@ package Crypt::Cipher::Noekeon;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use CryptX;
+use base qw(Crypt::Cipher);
 use base 'Crypt::Cipher';
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('Noekeon')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('Noekeon')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('Noekeon')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('Noekeon')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('Noekeon') }
 1;
@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 =head1 NAME
-Crypt::Cipher::Noekeon - Symetric cipher Noekeon, key size: 128 bits (Crypt::CBC compliant)
+Crypt::Cipher::Noekeon - Symmetric cipher Noekeon, key size: 128 bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
@ -33,7 +32,7 @@ Crypt::Cipher::Noekeon - Symetric cipher Noekeon, key size: 128 bits (Crypt::CBC
  my $cbc = Crypt::Mode::CBC->new('Noekeon');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
-  ### example 2
+  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::Noekeon;
@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
-=item * L<http://en.wikipedia.org/wiki/NOEKEON|http://en.wikipedia.org/wiki/NOEKEON>
+=item * L<https://en.wikipedia.org/wiki/NOEKEON>
 =back
 =cut
 __END__
--- a/lib/Crypt/Cipher/RC2.pm
+++ b/lib/Crypt/Cipher/RC2.pm
@ -4,16 +4,15 @@ package Crypt::Cipher::RC2;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use CryptX;
+use base qw(Crypt::Cipher);
 use base 'Crypt::Cipher';
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('RC2')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('RC2')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('RC2')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('RC2')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('RC2') }
 1;
@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 =head1 NAME
-Crypt::Cipher::RC2 - Symetric cipher RC2, key size: 64-1024 bits (Crypt::CBC compliant)
+Crypt::Cipher::RC2 - Symmetric cipher RC2, key size: 40-1024 bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
@ -33,7 +32,7 @@ Crypt::Cipher::RC2 - Symetric cipher RC2, key size: 64-1024 bits (Crypt::CBC com
  my $cbc = Crypt::Mode::CBC->new('RC2');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
-  ### example 2
+  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::RC2;
@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
-=item * L<http://en.wikipedia.org/wiki/RC2|http://en.wikipedia.org/wiki/RC2>
+=item * L<https://en.wikipedia.org/wiki/RC2>
 =back
 =cut
 __END__
--- a/lib/Crypt/Cipher/RC5.pm
+++ b/lib/Crypt/Cipher/RC5.pm
@ -4,16 +4,15 @@ package Crypt::Cipher::RC5;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use CryptX;
+use base qw(Crypt::Cipher);
 use base 'Crypt::Cipher';
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('RC5')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('RC5')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('RC5')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('RC5')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('RC5') }
 1;
@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 =head1 NAME
-Crypt::Cipher::RC5 - Symetric cipher RC5, key size: 64-1024 bits (Crypt::CBC compliant)
+Crypt::Cipher::RC5 - Symmetric cipher RC5, key size: 64-1024 bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
@ -33,7 +32,7 @@ Crypt::Cipher::RC5 - Symetric cipher RC5, key size: 64-1024 bits (Crypt::CBC com
  my $cbc = Crypt::Mode::CBC->new('RC5');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
-  ### example 2
+  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::RC5;
@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
-=item * L<http://en.wikipedia.org/wiki/RC5|http://en.wikipedia.org/wiki/RC5>
+=item * L<https://en.wikipedia.org/wiki/RC5>
 =back
 =cut
 __END__
--- a/lib/Crypt/Cipher/RC6.pm
+++ b/lib/Crypt/Cipher/RC6.pm
@ -4,16 +4,15 @@ package Crypt::Cipher::RC6;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use CryptX;
+use base qw(Crypt::Cipher);
 use base 'Crypt::Cipher';
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('RC6')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('RC6')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('RC6')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('RC6')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('RC6') }
 1;
@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 =head1 NAME
-Crypt::Cipher::RC6 - Symetric cipher RC6, key size: 64-1024 bits (Crypt::CBC compliant)
+Crypt::Cipher::RC6 - Symmetric cipher RC6, key size: 64-1024 bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
@ -33,7 +32,7 @@ Crypt::Cipher::RC6 - Symetric cipher RC6, key size: 64-1024 bits (Crypt::CBC com
  my $cbc = Crypt::Mode::CBC->new('RC6');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
-  ### example 2
+  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::RC6;
@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
-=item * L<http://en.wikipedia.org/wiki/RC6|http://en.wikipedia.org/wiki/RC6>
+=item * L<https://en.wikipedia.org/wiki/RC6>
 =back
 =cut
 __END__
--- a/lib/Crypt/Cipher/SAFERP.pm
+++ b/lib/Crypt/Cipher/SAFERP.pm
@ -4,16 +4,15 @@ package Crypt::Cipher::SAFERP;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use CryptX;
+use base qw(Crypt::Cipher);
 use base 'Crypt::Cipher';
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('SAFERP')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('SAFERP')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('SAFERP')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('SAFERP')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('SAFERP') }
 1;
@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 =head1 NAME
-Crypt::Cipher::SAFERP - Symetric cipher SAFER+, key size: 128/192/256 bits (Crypt::CBC compliant)
+Crypt::Cipher::SAFERP - Symmetric cipher SAFER+, key size: 128/192/256 bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
@ -33,7 +32,7 @@ Crypt::Cipher::SAFERP - Symetric cipher SAFER+, key size: 128/192/256 bits (Cryp
  my $cbc = Crypt::Mode::CBC->new('SAFERP');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
-  ### example 2
+  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::SAFERP;
@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
-=item * L<http://en.wikipedia.org/wiki/SAFER|http://en.wikipedia.org/wiki/SAFER>
+=item * L<https://en.wikipedia.org/wiki/SAFER>
 =back
 =cut
 __END__
--- a/lib/Crypt/Cipher/SAFER_K128.pm
+++ b/lib/Crypt/Cipher/SAFER_K128.pm
@ -4,16 +4,15 @@ package Crypt::Cipher::SAFER_K128;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use CryptX;
+use base qw(Crypt::Cipher);
 use base 'Crypt::Cipher';
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('SAFER_K128')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('SAFER_K128')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('SAFER_K128')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('SAFER_K128')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('SAFER_K128') }
 1;
@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 =head1 NAME
-Crypt::Cipher::SAFER_K128 - Symetric cipher SAFER_K128, key size: 128 bits (Crypt::CBC compliant)
+Crypt::Cipher::SAFER_K128 - Symmetric cipher SAFER_K128, key size: 128 bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
@ -33,7 +32,7 @@ Crypt::Cipher::SAFER_K128 - Symetric cipher SAFER_K128, key size: 128 bits (Cryp
  my $cbc = Crypt::Mode::CBC->new('SAFER_K128');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
-  ### example 2
+  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::SAFER_K128;
@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
-=item * L<http://en.wikipedia.org/wiki/SAFER|http://en.wikipedia.org/wiki/SAFER>
+=item * L<https://en.wikipedia.org/wiki/SAFER>
 =back
 =cut
 __END__
--- a/lib/Crypt/Cipher/SAFER_K64.pm
+++ b/lib/Crypt/Cipher/SAFER_K64.pm
@ -4,16 +4,15 @@ package Crypt::Cipher::SAFER_K64;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use CryptX;
+use base qw(Crypt::Cipher);
 use base 'Crypt::Cipher';
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('SAFER_K64')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('SAFER_K64')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('SAFER_K64')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('SAFER_K64')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('SAFER_K64') }
 1;
@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 =head1 NAME
-Crypt::Cipher::SAFER_K64 - Symetric cipher SAFER_K64, key size: 64 bits (Crypt::CBC compliant)
+Crypt::Cipher::SAFER_K64 - Symmetric cipher SAFER_K64, key size: 64 bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
@ -33,7 +32,7 @@ Crypt::Cipher::SAFER_K64 - Symetric cipher SAFER_K64, key size: 64 bits (Crypt::
  my $cbc = Crypt::Mode::CBC->new('SAFER_K64');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
-  ### example 2
+  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::SAFER_K64;
@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
-=item * L<http://en.wikipedia.org/wiki/SAFER|http://en.wikipedia.org/wiki/SAFER>
+=item * L<https://en.wikipedia.org/wiki/SAFER>
 =back
 =cut
 __END__
--- a/lib/Crypt/Cipher/SAFER_SK128.pm
+++ b/lib/Crypt/Cipher/SAFER_SK128.pm
@ -4,16 +4,15 @@ package Crypt::Cipher::SAFER_SK128;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use CryptX;
+use base qw(Crypt::Cipher);
 use base 'Crypt::Cipher';
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('SAFER_SK128')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('SAFER_SK128')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('SAFER_SK128')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('SAFER_SK128')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('SAFER_SK128') }
 1;
@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 =head1 NAME
-Crypt::Cipher::SAFER_SK128 - Symetric cipher SAFER_SK128, key size: 128 bits (Crypt::CBC compliant)
+Crypt::Cipher::SAFER_SK128 - Symmetric cipher SAFER_SK128, key size: 128 bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
@ -33,7 +32,7 @@ Crypt::Cipher::SAFER_SK128 - Symetric cipher SAFER_SK128, key size: 128 bits (Cr
  my $cbc = Crypt::Mode::CBC->new('SAFER_SK128');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
-  ### example 2
+  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::SAFER_SK128;
@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
-=item * L<http://en.wikipedia.org/wiki/SAFER|http://en.wikipedia.org/wiki/SAFER>
+=item * L<https://en.wikipedia.org/wiki/SAFER>
 =back
 =cut
 __END__
--- a/lib/Crypt/Cipher/SAFER_SK64.pm
+++ b/lib/Crypt/Cipher/SAFER_SK64.pm
@ -4,16 +4,15 @@ package Crypt::Cipher::SAFER_SK64;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use CryptX;
+use base qw(Crypt::Cipher);
 use base 'Crypt::Cipher';
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('SAFER_SK64')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('SAFER_SK64')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('SAFER_SK64')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('SAFER_SK64')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('SAFER_SK64') }
 1;
@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 =head1 NAME
-Crypt::Cipher::SAFER_SK64 - Symetric cipher SAFER_SK64, key size: 64 bits (Crypt::CBC compliant)
+Crypt::Cipher::SAFER_SK64 - Symmetric cipher SAFER_SK64, key size: 64 bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
@ -33,7 +32,7 @@ Crypt::Cipher::SAFER_SK64 - Symetric cipher SAFER_SK64, key size: 64 bits (Crypt
  my $cbc = Crypt::Mode::CBC->new('SAFER_SK64');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
-  ### example 2
+  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::SAFER_SK64;
@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
-=item * L<http://en.wikipedia.org/wiki/SAFER|http://en.wikipedia.org/wiki/SAFER>
+=item * L<https://en.wikipedia.org/wiki/SAFER>
 =back
 =cut
 __END__
--- a/lib/Crypt/Cipher/SEED.pm
+++ b/lib/Crypt/Cipher/SEED.pm
@ -4,16 +4,15 @@ package Crypt::Cipher::SEED;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use CryptX;
+use base qw(Crypt::Cipher);
 use base 'Crypt::Cipher';
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('SEED')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('SEED')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('SEED')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('SEED')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('SEED') }
 1;
@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 =head1 NAME
-Crypt::Cipher::SEED - Symetric cipher SEED, key size: 128 bits (Crypt::CBC compliant)
+Crypt::Cipher::SEED - Symmetric cipher SEED, key size: 128 bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
@ -33,7 +32,7 @@ Crypt::Cipher::SEED - Symetric cipher SEED, key size: 128 bits (Crypt::CBC compl
  my $cbc = Crypt::Mode::CBC->new('SEED');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
-  ### example 2
+  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::SEED;
@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
-=item * L<http://en.wikipedia.org/wiki/SEED|http://en.wikipedia.org/wiki/SEED>
+=item * L<https://en.wikipedia.org/wiki/SEED>
 =back
 =cut
 __END__
--- a/lib/Crypt/Cipher/Serpent.pm
+++ b/lib/Crypt/Cipher/Serpent.pm
@ -0,0 +1,118 @@
 package Crypt::Cipher::Serpent;
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 use strict;
 use warnings;
 our $VERSION = '0.058_002';
 use base qw(Crypt::Cipher);
 sub blocksize      { Crypt::Cipher::blocksize('Serpent')      }
 sub keysize        { Crypt::Cipher::keysize('Serpent')        }
 sub max_keysize    { Crypt::Cipher::max_keysize('Serpent')    }
 sub min_keysize    { Crypt::Cipher::min_keysize('Serpent')    }
 sub default_rounds { Crypt::Cipher::default_rounds('Serpent') }
 1;
 =pod
 =head1 NAME
 Crypt::Cipher::Serpent - Symmetric cipher Serpent, key size: 128/192/256 bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
  ### example 1
  use Crypt::Mode::CBC;
  my $key = '...'; # length has to be valid key size for this cipher
  my $iv = '...';  # 16 bytes
  my $cbc = Crypt::Mode::CBC->new('Serpent');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::Serpent;
  my $key = '...'; # length has to be valid key size for this cipher
  my $iv = '...';  # 16 bytes
  my $cbc = Crypt::CBC->new( -cipher=>'Cipher::Serpent', -key=>$key, -iv=>$iv );
  my $ciphertext = $cbc->encrypt("secret data");
 =head1 DESCRIPTION
 This module implements the Serpent cipher. Provided interface is compliant with L<Crypt::CBC|Crypt::CBC> module.
 B<BEWARE:> This module implements just elementary "one-block-(en|de)cryption" operation - if you want to
 encrypt/decrypt generic data you have to use some of the cipher block modes - check for example
 L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<Crypt::CBC|Crypt::CBC> (which will be slower).
 =head1 METHODS
 =head2 new
 $c = Crypt::Cipher::Serpent->new($key);
 #or
 $c = Crypt::Cipher::Serpent->new($key, $rounds);
 =head2 encrypt
 $ciphertext = $c->encrypt($plaintext);
 =head2 decrypt
 $plaintext = $c->decrypt($ciphertext);
 =head2 keysize
  $c->keysize;
  #or
  Crypt::Cipher::Serpent->keysize;
  #or
  Crypt::Cipher::Serpent::keysize;
 =head2 blocksize
  $c->blocksize;
  #or
  Crypt::Cipher::Serpent->blocksize;
  #or
  Crypt::Cipher::Serpent::blocksize;
 =head2 max_keysize
  $c->max_keysize;
  #or
  Crypt::Cipher::Serpent->max_keysize;
  #or
  Crypt::Cipher::Serpent::max_keysize;
 =head2 min_keysize
  $c->min_keysize;
  #or
  Crypt::Cipher::Serpent->min_keysize;
  #or
  Crypt::Cipher::Serpent::min_keysize;
 =head2 default_rounds
  $c->default_rounds;
  #or
  Crypt::Cipher::Serpent->default_rounds;
  #or
  Crypt::Cipher::Serpent::default_rounds;
 =head1 SEE ALSO
 =over
 =item * L<CryptX|CryptX>, L<Crypt::Cipher>
 =item * L<https://en.wikipedia.org/wiki/Serpent_(cipher)>
 =back
 =cut
--- a/lib/Crypt/Cipher/Skipjack.pm
+++ b/lib/Crypt/Cipher/Skipjack.pm
@ -4,16 +4,15 @@ package Crypt::Cipher::Skipjack;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use CryptX;
+use base qw(Crypt::Cipher);
 use base 'Crypt::Cipher';
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('Skipjack')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('Skipjack')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('Skipjack')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('Skipjack')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('Skipjack') }
 1;
@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 =head1 NAME
-Crypt::Cipher::Skipjack - Symetric cipher Skipjack, key size: 80 bits (Crypt::CBC compliant)
+Crypt::Cipher::Skipjack - Symmetric cipher Skipjack, key size: 80 bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
@ -33,7 +32,7 @@ Crypt::Cipher::Skipjack - Symetric cipher Skipjack, key size: 80 bits (Crypt::CB
  my $cbc = Crypt::Mode::CBC->new('Skipjack');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
-  ### example 2
+  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::Skipjack;
@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
-=item * L<http://en.wikipedia.org/wiki/Skipjack_(cipher)|http://en.wikipedia.org/wiki/Skipjack_(cipher)>
+=item * L<https://en.wikipedia.org/wiki/Skipjack_(cipher)>
 =back
 =cut
 __END__
--- a/lib/Crypt/Cipher/Twofish.pm
+++ b/lib/Crypt/Cipher/Twofish.pm
@ -4,16 +4,15 @@ package Crypt::Cipher::Twofish;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use CryptX;
+use base qw(Crypt::Cipher);
 use base 'Crypt::Cipher';
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('Twofish')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('Twofish')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('Twofish')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('Twofish')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('Twofish') }
 1;
@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 =head1 NAME
-Crypt::Cipher::Twofish - Symetric cipher Twofish, key size: 128/192/256 bits (Crypt::CBC compliant)
+Crypt::Cipher::Twofish - Symmetric cipher Twofish, key size: 128/192/256 bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
@ -33,7 +32,7 @@ Crypt::Cipher::Twofish - Symetric cipher Twofish, key size: 128/192/256 bits (Cr
  my $cbc = Crypt::Mode::CBC->new('Twofish');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
-  ### example 2
+  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::Twofish;
@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
-=item * L<http://en.wikipedia.org/wiki/Twofish|http://en.wikipedia.org/wiki/Twofish>
+=item * L<https://en.wikipedia.org/wiki/Twofish>
 =back
 =cut
 __END__
--- a/lib/Crypt/Cipher/XTEA.pm
+++ b/lib/Crypt/Cipher/XTEA.pm
@ -4,16 +4,15 @@ package Crypt::Cipher::XTEA;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
-use CryptX;
+use base qw(Crypt::Cipher);
 use base 'Crypt::Cipher';
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('XTEA')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('XTEA')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('XTEA')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('XTEA')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('XTEA') }
 1;
@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 =head1 NAME
-Crypt::Cipher::XTEA - Symetric cipher XTEA, key size: 128 bits (Crypt::CBC compliant)
+Crypt::Cipher::XTEA - Symmetric cipher XTEA, key size: 128 bits (Crypt::CBC compliant)
 =head1 SYNOPSIS
@ -33,7 +32,7 @@ Crypt::Cipher::XTEA - Symetric cipher XTEA, key size: 128 bits (Crypt::CBC compl
  my $cbc = Crypt::Mode::CBC->new('XTEA');
  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
-  ### example 2
+  ### example 2 (slower)
  use Crypt::CBC;
  use Crypt::Cipher::XTEA;
@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
-=item * L<http://en.wikipedia.org/wiki/XTEA|http://en.wikipedia.org/wiki/XTEA>
+=item * L<https://en.wikipedia.org/wiki/XTEA>
 =back
 =cut
 __END__
--- a/lib/Crypt/Digest.pm
+++ b/lib/Crypt/Digest.pm
@ -2,7 +2,7 @@ package Crypt::Digest;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 require Exporter; our @ISA = qw(Exporter); ### use Exporter 'import';
 our %EXPORT_TAGS = ( all => [qw( digest_data digest_data_hex digest_data_b64 digest_data_b64u digest_file digest_file_hex digest_file_b64 digest_file_b64u )] );
@ -14,70 +14,22 @@ $Carp::Internal{(__PACKAGE__)}++;
 use CryptX;
 ### the following methods/functions are implemented in XS:
-# - _new
+# - new
-# - _hashsize
+# - hashsize
 # - _hashsize_by_name (function, not method)
 # - clone
 # - reset
 # - digest
 # - hexdigest
 # - b64digest
 # - add
 # - digest_data
 # - digest_data_hex
 # - digest_data_b64
 # - digest_data_b64u
 # - DESTROY
 sub _trans_digest_name {
  my $name = shift;
  my %trans = (
    CHAES       => 'chc_hash',
    RIPEMD128   => 'rmd128',
    RIPEMD160   => 'rmd160',
    RIPEMD256   => 'rmd256',
    RIPEMD320   => 'rmd320',
    TIGER192    => 'tiger',
    SHA512_224  => 'sha512-224',
    SHA512_256  => 'sha512-256',
    SHA3_224    => 'sha3-224',
    SHA3_256    => 'sha3-256',
    SHA3_384    => 'sha3-384',
    SHA3_512    => 'sha3-512',
    BLAKE2B_160 => 'blake2b-160',
    BLAKE2B_256 => 'blake2b-256',
    BLAKE2B_384 => 'blake2b-384',
    BLAKE2B_512 => 'blake2b-512',
    BLAKE2S_128 => 'blake2s-128',
    BLAKE2S_160 => 'blake2s-160',
    BLAKE2S_224 => 'blake2s-224',
    BLAKE2S_256 => 'blake2s-256',
  );
  $name =~ s/^Crypt::Digest:://i;
  return $trans{uc($name)} if defined $trans{uc($name)};
  return lc($name);
 }
 ### METHODS
 sub new {
  my $pkg = shift;
  unshift @_, ($pkg eq 'Crypt::Digest' ? _trans_digest_name(shift) : _trans_digest_name($pkg));
  ###return _new(@_);
  goto \&_new; # keep the real caller for croak()
 }
 sub hashsize {
  return unless defined $_[0];
  if (ref $_[0]) {
    ###return _hashsize(@_);
    goto \&_hashsize if ref $_[0];        # keep the real caller for croak()
  }
  else {
    my $pkg = shift;
    unshift @_, ($pkg eq 'Crypt::Digest' ? _trans_digest_name(shift) : _trans_digest_name($pkg));
    ###return _hashsize_by_name(@_);
    goto \&_hashsize_by_name;             # keep the real caller for croak()
  }
 }
 sub addfile {
  my ($self, $file) = @_;
@ -105,22 +57,10 @@ sub CLONE_SKIP { 1 } # prevent cloning
 ### FUNCTIONS
-sub digest_data        { my $rv = eval {Crypt::Digest->new(shift)->add(@_)->digest}; _croak($@); $rv }
+sub digest_file        { local $SIG{__DIE__} = \&CryptX::_croak; Crypt::Digest->new(shift)->addfile(@_)->digest     }
-sub digest_data_hex    { my $rv = eval {Crypt::Digest->new(shift)->add(@_)->hexdigest}; _croak($@); $rv }
+sub digest_file_hex    { local $SIG{__DIE__} = \&CryptX::_croak; Crypt::Digest->new(shift)->addfile(@_)->hexdigest  }
-sub digest_data_b64    { my $rv = eval {Crypt::Digest->new(shift)->add(@_)->b64digest}; _croak($@); $rv }
+sub digest_file_b64    { local $SIG{__DIE__} = \&CryptX::_croak; Crypt::Digest->new(shift)->addfile(@_)->b64digest  }
-sub digest_data_b64u   { my $rv = eval {Crypt::Digest->new(shift)->add(@_)->b64udigest}; _croak($@); $rv }
+sub digest_file_b64u   { local $SIG{__DIE__} = \&CryptX::_croak; Crypt::Digest->new(shift)->addfile(@_)->b64udigest }
 sub digest_file        { my $rv = eval {Crypt::Digest->new(shift)->addfile(@_)->digest}; _croak($@); $rv }
 sub digest_file_hex    { my $rv = eval {Crypt::Digest->new(shift)->addfile(@_)->hexdigest}; _croak($@); $rv }
 sub digest_file_b64    { my $rv = eval {Crypt::Digest->new(shift)->addfile(@_)->b64digest}; _croak($@); $rv }
 sub digest_file_b64u   { my $rv = eval {Crypt::Digest->new(shift)->addfile(@_)->b64udigest}; _croak($@); $rv }
 sub _croak { #XXX-FIXME ugly hack for reporting real caller from XS croaks
   if ($_[0]) {
     $_[0] =~ s/ at .*?\.pm line \d+.[\n\r]*$//g;
     croak $_[0];
   }
 }
 1;
@ -183,14 +123,16 @@ Or all of them at once:
 =head1 FUNCTIONS
-Please note that all functions take as its first argument the algoritm name, supported values are:
+Please note that all functions take as its first argument the algorithm name, supported values are:
 'CHAES', 'MD2', 'MD4', 'MD5', 'RIPEMD128', 'RIPEMD160',
 'RIPEMD256', 'RIPEMD320', 'SHA1', 'SHA224', 'SHA256',
 'SHA384', 'SHA512', 'SHA512_224', 'SHA512_256', 'Tiger192', 'Whirlpool',
- 'SHA3_224', 'SHA3_256', 'SHA3_384', 'SHA3_512'
+ 'SHA3_224', 'SHA3_256', 'SHA3_384', 'SHA3_512',
 'BLAKE2b_160', 'BLAKE2b_256', 'BLAKE2b_384', 'BLAKE2b_512',
 'BLAKE2s_128', 'BLAKE2s_160', 'BLAKE2s_224', 'BLAKE2s_256'
- (simply any <FUNCNAME> for which there is Crypt::Digest::<FUNCNAME> module)
+ (simply any <NAME> for which there is Crypt::Digest::<NAME> module)
 =head2 digest_data
@ -355,7 +297,7 @@ Returns the digest encoded as a hexadecimal string.
 =head2 b64digest
 Returns the digest encoded as a Base64 string, B<with> trailing '=' padding (B<BEWARE:> this padding
-style might differ from other Digest::SOMETHING modules on CPAN).
+style might differ from other Digest::<SOMETHING> modules on CPAN).
 $result_b64 = $d->b64digest();
@ -378,5 +320,3 @@ Returns the digest encoded as a Base64 URL Safe string (see RFC 4648 section 5).
 =back
 =cut
 __END__
--- a/lib/Crypt/Digest/BLAKE2b_160.pm
+++ b/lib/Crypt/Digest/BLAKE2b_160.pm
@ -4,7 +4,7 @@ package Crypt::Digest::BLAKE2b_160;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( blake2b_160 blake2b_160_hex blake2b_160_b64 blake2b_160_b64u blake2b_160_file blake2b_160_file_hex blake2b_160_file_b64 blake2b_160_file_b64u )] );
@ -13,19 +13,17 @@ our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('BLAKE2b_160')             }
-
+sub blake2b_160             { Crypt::Digest::digest_data('BLAKE2b_160', @_)      }
-sub blake2b_160             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub blake2b_160_hex         { Crypt::Digest::digest_data_hex('BLAKE2b_160', @_)  }
-sub blake2b_160_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub blake2b_160_b64         { Crypt::Digest::digest_data_b64('BLAKE2b_160', @_)  }
-sub blake2b_160_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub blake2b_160_b64u        { Crypt::Digest::digest_data_b64u('BLAKE2b_160', @_) }
-sub blake2b_160_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub blake2b_160_file        { Crypt::Digest::digest_file('BLAKE2b_160', @_)      }
-
+sub blake2b_160_file_hex    { Crypt::Digest::digest_file_hex('BLAKE2b_160', @_)  }
-sub blake2b_160_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub blake2b_160_file_b64    { Crypt::Digest::digest_file_b64('BLAKE2b_160', @_)  }
-sub blake2b_160_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub blake2b_160_file_b64u   { Crypt::Digest::digest_file_b64u('BLAKE2b_160', @_) }
 sub blake2b_160_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
 sub blake2b_160_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 1;
@ -216,14 +214,12 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
-=item * L<https://blake2.net/|https://blake2.net/>
+=item * L<https://blake2.net/>
-=item * L<https://tools.ietf.org/html/rfc7693|https://tools.ietf.org/html/rfc7693>
+=item * L<https://tools.ietf.org/html/rfc7693>
 =back
 =cut
 __END__
--- a/lib/Crypt/Digest/BLAKE2b_256.pm
+++ b/lib/Crypt/Digest/BLAKE2b_256.pm
@ -4,7 +4,7 @@ package Crypt::Digest::BLAKE2b_256;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( blake2b_256 blake2b_256_hex blake2b_256_b64 blake2b_256_b64u blake2b_256_file blake2b_256_file_hex blake2b_256_file_b64 blake2b_256_file_b64u )] );
@ -13,19 +13,17 @@ our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('BLAKE2b_256')             }
-
+sub blake2b_256             { Crypt::Digest::digest_data('BLAKE2b_256', @_)      }
-sub blake2b_256             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub blake2b_256_hex         { Crypt::Digest::digest_data_hex('BLAKE2b_256', @_)  }
-sub blake2b_256_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub blake2b_256_b64         { Crypt::Digest::digest_data_b64('BLAKE2b_256', @_)  }
-sub blake2b_256_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub blake2b_256_b64u        { Crypt::Digest::digest_data_b64u('BLAKE2b_256', @_) }
-sub blake2b_256_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub blake2b_256_file        { Crypt::Digest::digest_file('BLAKE2b_256', @_)      }
-
+sub blake2b_256_file_hex    { Crypt::Digest::digest_file_hex('BLAKE2b_256', @_)  }
-sub blake2b_256_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub blake2b_256_file_b64    { Crypt::Digest::digest_file_b64('BLAKE2b_256', @_)  }
-sub blake2b_256_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub blake2b_256_file_b64u   { Crypt::Digest::digest_file_b64u('BLAKE2b_256', @_) }
 sub blake2b_256_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
 sub blake2b_256_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 1;
@ -216,14 +214,12 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
-=item * L<https://blake2.net/|https://blake2.net/>
+=item * L<https://blake2.net/>
-=item * L<https://tools.ietf.org/html/rfc7693|https://tools.ietf.org/html/rfc7693>
+=item * L<https://tools.ietf.org/html/rfc7693>
 =back
 =cut
 __END__
--- a/lib/Crypt/Digest/BLAKE2b_384.pm
+++ b/lib/Crypt/Digest/BLAKE2b_384.pm
@ -4,7 +4,7 @@ package Crypt::Digest::BLAKE2b_384;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( blake2b_384 blake2b_384_hex blake2b_384_b64 blake2b_384_b64u blake2b_384_file blake2b_384_file_hex blake2b_384_file_b64 blake2b_384_file_b64u )] );
@ -13,19 +13,17 @@ our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('BLAKE2b_384')             }
-
+sub blake2b_384             { Crypt::Digest::digest_data('BLAKE2b_384', @_)      }
-sub blake2b_384             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub blake2b_384_hex         { Crypt::Digest::digest_data_hex('BLAKE2b_384', @_)  }
-sub blake2b_384_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub blake2b_384_b64         { Crypt::Digest::digest_data_b64('BLAKE2b_384', @_)  }
-sub blake2b_384_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub blake2b_384_b64u        { Crypt::Digest::digest_data_b64u('BLAKE2b_384', @_) }
-sub blake2b_384_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub blake2b_384_file        { Crypt::Digest::digest_file('BLAKE2b_384', @_)      }
-
+sub blake2b_384_file_hex    { Crypt::Digest::digest_file_hex('BLAKE2b_384', @_)  }
-sub blake2b_384_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub blake2b_384_file_b64    { Crypt::Digest::digest_file_b64('BLAKE2b_384', @_)  }
-sub blake2b_384_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub blake2b_384_file_b64u   { Crypt::Digest::digest_file_b64u('BLAKE2b_384', @_) }
 sub blake2b_384_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
 sub blake2b_384_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 1;
@ -216,14 +214,12 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
-=item * L<https://blake2.net/|https://blake2.net/>
+=item * L<https://blake2.net/>
-=item * L<https://tools.ietf.org/html/rfc7693|https://tools.ietf.org/html/rfc7693>
+=item * L<https://tools.ietf.org/html/rfc7693>
 =back
 =cut
 __END__
--- a/lib/Crypt/Digest/BLAKE2b_512.pm
+++ b/lib/Crypt/Digest/BLAKE2b_512.pm
@ -4,7 +4,7 @@ package Crypt::Digest::BLAKE2b_512;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( blake2b_512 blake2b_512_hex blake2b_512_b64 blake2b_512_b64u blake2b_512_file blake2b_512_file_hex blake2b_512_file_b64 blake2b_512_file_b64u )] );
@ -13,19 +13,17 @@ our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('BLAKE2b_512')             }
-
+sub blake2b_512             { Crypt::Digest::digest_data('BLAKE2b_512', @_)      }
-sub blake2b_512             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub blake2b_512_hex         { Crypt::Digest::digest_data_hex('BLAKE2b_512', @_)  }
-sub blake2b_512_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub blake2b_512_b64         { Crypt::Digest::digest_data_b64('BLAKE2b_512', @_)  }
-sub blake2b_512_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub blake2b_512_b64u        { Crypt::Digest::digest_data_b64u('BLAKE2b_512', @_) }
-sub blake2b_512_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub blake2b_512_file        { Crypt::Digest::digest_file('BLAKE2b_512', @_)      }
-
+sub blake2b_512_file_hex    { Crypt::Digest::digest_file_hex('BLAKE2b_512', @_)  }
-sub blake2b_512_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub blake2b_512_file_b64    { Crypt::Digest::digest_file_b64('BLAKE2b_512', @_)  }
-sub blake2b_512_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub blake2b_512_file_b64u   { Crypt::Digest::digest_file_b64u('BLAKE2b_512', @_) }
 sub blake2b_512_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
 sub blake2b_512_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 1;
@ -216,14 +214,12 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
-=item * L<https://blake2.net/|https://blake2.net/>
+=item * L<https://blake2.net/>
-=item * L<https://tools.ietf.org/html/rfc7693|https://tools.ietf.org/html/rfc7693>
+=item * L<https://tools.ietf.org/html/rfc7693>
 =back
 =cut
 __END__
--- a/lib/Crypt/Digest/BLAKE2s_128.pm
+++ b/lib/Crypt/Digest/BLAKE2s_128.pm
@ -4,7 +4,7 @@ package Crypt::Digest::BLAKE2s_128;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( blake2s_128 blake2s_128_hex blake2s_128_b64 blake2s_128_b64u blake2s_128_file blake2s_128_file_hex blake2s_128_file_b64 blake2s_128_file_b64u )] );
@ -13,19 +13,17 @@ our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('BLAKE2s_128')             }
-
+sub blake2s_128             { Crypt::Digest::digest_data('BLAKE2s_128', @_)      }
-sub blake2s_128             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub blake2s_128_hex         { Crypt::Digest::digest_data_hex('BLAKE2s_128', @_)  }
-sub blake2s_128_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub blake2s_128_b64         { Crypt::Digest::digest_data_b64('BLAKE2s_128', @_)  }
-sub blake2s_128_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub blake2s_128_b64u        { Crypt::Digest::digest_data_b64u('BLAKE2s_128', @_) }
-sub blake2s_128_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub blake2s_128_file        { Crypt::Digest::digest_file('BLAKE2s_128', @_)      }
-
+sub blake2s_128_file_hex    { Crypt::Digest::digest_file_hex('BLAKE2s_128', @_)  }
-sub blake2s_128_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub blake2s_128_file_b64    { Crypt::Digest::digest_file_b64('BLAKE2s_128', @_)  }
-sub blake2s_128_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub blake2s_128_file_b64u   { Crypt::Digest::digest_file_b64u('BLAKE2s_128', @_) }
 sub blake2s_128_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
 sub blake2s_128_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 1;
@ -216,14 +214,12 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
-=item * L<https://blake2.net/|https://blake2.net/>
+=item * L<https://blake2.net/>
-=item * L<https://tools.ietf.org/html/rfc7693|https://tools.ietf.org/html/rfc7693>
+=item * L<https://tools.ietf.org/html/rfc7693>
 =back
 =cut
 __END__
--- a/lib/Crypt/Digest/BLAKE2s_160.pm
+++ b/lib/Crypt/Digest/BLAKE2s_160.pm
@ -4,7 +4,7 @@ package Crypt::Digest::BLAKE2s_160;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( blake2s_160 blake2s_160_hex blake2s_160_b64 blake2s_160_b64u blake2s_160_file blake2s_160_file_hex blake2s_160_file_b64 blake2s_160_file_b64u )] );
@ -13,19 +13,17 @@ our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('BLAKE2s_160')             }
-
+sub blake2s_160             { Crypt::Digest::digest_data('BLAKE2s_160', @_)      }
-sub blake2s_160             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub blake2s_160_hex         { Crypt::Digest::digest_data_hex('BLAKE2s_160', @_)  }
-sub blake2s_160_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub blake2s_160_b64         { Crypt::Digest::digest_data_b64('BLAKE2s_160', @_)  }
-sub blake2s_160_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub blake2s_160_b64u        { Crypt::Digest::digest_data_b64u('BLAKE2s_160', @_) }
-sub blake2s_160_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub blake2s_160_file        { Crypt::Digest::digest_file('BLAKE2s_160', @_)      }
-
+sub blake2s_160_file_hex    { Crypt::Digest::digest_file_hex('BLAKE2s_160', @_)  }
-sub blake2s_160_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub blake2s_160_file_b64    { Crypt::Digest::digest_file_b64('BLAKE2s_160', @_)  }
-sub blake2s_160_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub blake2s_160_file_b64u   { Crypt::Digest::digest_file_b64u('BLAKE2s_160', @_) }
 sub blake2s_160_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
 sub blake2s_160_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 1;
@ -216,14 +214,12 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
-=item * L<https://blake2.net/|https://blake2.net/>
+=item * L<https://blake2.net/>
-=item * L<https://tools.ietf.org/html/rfc7693|https://tools.ietf.org/html/rfc7693>
+=item * L<https://tools.ietf.org/html/rfc7693>
 =back
 =cut
 __END__
--- a/lib/Crypt/Digest/BLAKE2s_224.pm
+++ b/lib/Crypt/Digest/BLAKE2s_224.pm
@ -4,7 +4,7 @@ package Crypt::Digest::BLAKE2s_224;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( blake2s_224 blake2s_224_hex blake2s_224_b64 blake2s_224_b64u blake2s_224_file blake2s_224_file_hex blake2s_224_file_b64 blake2s_224_file_b64u )] );
@ -13,19 +13,17 @@ our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('BLAKE2s_224')             }
-
+sub blake2s_224             { Crypt::Digest::digest_data('BLAKE2s_224', @_)      }
-sub blake2s_224             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub blake2s_224_hex         { Crypt::Digest::digest_data_hex('BLAKE2s_224', @_)  }
-sub blake2s_224_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub blake2s_224_b64         { Crypt::Digest::digest_data_b64('BLAKE2s_224', @_)  }
-sub blake2s_224_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub blake2s_224_b64u        { Crypt::Digest::digest_data_b64u('BLAKE2s_224', @_) }
-sub blake2s_224_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub blake2s_224_file        { Crypt::Digest::digest_file('BLAKE2s_224', @_)      }
-
+sub blake2s_224_file_hex    { Crypt::Digest::digest_file_hex('BLAKE2s_224', @_)  }
-sub blake2s_224_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub blake2s_224_file_b64    { Crypt::Digest::digest_file_b64('BLAKE2s_224', @_)  }
-sub blake2s_224_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub blake2s_224_file_b64u   { Crypt::Digest::digest_file_b64u('BLAKE2s_224', @_) }
 sub blake2s_224_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
 sub blake2s_224_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 1;
@ -216,14 +214,12 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
-=item * L<https://blake2.net/|https://blake2.net/>
+=item * L<https://blake2.net/>
-=item * L<https://tools.ietf.org/html/rfc7693|https://tools.ietf.org/html/rfc7693>
+=item * L<https://tools.ietf.org/html/rfc7693>
 =back
 =cut
 __END__
--- a/lib/Crypt/Digest/BLAKE2s_256.pm
+++ b/lib/Crypt/Digest/BLAKE2s_256.pm
@ -4,7 +4,7 @@ package Crypt::Digest::BLAKE2s_256;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( blake2s_256 blake2s_256_hex blake2s_256_b64 blake2s_256_b64u blake2s_256_file blake2s_256_file_hex blake2s_256_file_b64 blake2s_256_file_b64u )] );
@ -13,19 +13,17 @@ our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('BLAKE2s_256')             }
-
+sub blake2s_256             { Crypt::Digest::digest_data('BLAKE2s_256', @_)      }
-sub blake2s_256             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub blake2s_256_hex         { Crypt::Digest::digest_data_hex('BLAKE2s_256', @_)  }
-sub blake2s_256_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub blake2s_256_b64         { Crypt::Digest::digest_data_b64('BLAKE2s_256', @_)  }
-sub blake2s_256_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub blake2s_256_b64u        { Crypt::Digest::digest_data_b64u('BLAKE2s_256', @_) }
-sub blake2s_256_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub blake2s_256_file        { Crypt::Digest::digest_file('BLAKE2s_256', @_)      }
-
+sub blake2s_256_file_hex    { Crypt::Digest::digest_file_hex('BLAKE2s_256', @_)  }
-sub blake2s_256_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub blake2s_256_file_b64    { Crypt::Digest::digest_file_b64('BLAKE2s_256', @_)  }
-sub blake2s_256_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub blake2s_256_file_b64u   { Crypt::Digest::digest_file_b64u('BLAKE2s_256', @_) }
 sub blake2s_256_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
 sub blake2s_256_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 1;
@ -216,14 +214,12 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
-=item * L<https://blake2.net/|https://blake2.net/>
+=item * L<https://blake2.net/>
-=item * L<https://tools.ietf.org/html/rfc7693|https://tools.ietf.org/html/rfc7693>
+=item * L<https://tools.ietf.org/html/rfc7693>
 =back
 =cut
 __END__
--- a/lib/Crypt/Digest/CHAES.pm
+++ b/lib/Crypt/Digest/CHAES.pm
@ -4,7 +4,7 @@ package Crypt::Digest::CHAES;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( chaes chaes_hex chaes_b64 chaes_b64u chaes_file chaes_file_hex chaes_file_b64 chaes_file_b64u )] );
@ -13,19 +13,17 @@ our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('CHAES')             }
-
+sub chaes             { Crypt::Digest::digest_data('CHAES', @_)      }
-sub chaes             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub chaes_hex         { Crypt::Digest::digest_data_hex('CHAES', @_)  }
-sub chaes_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub chaes_b64         { Crypt::Digest::digest_data_b64('CHAES', @_)  }
-sub chaes_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub chaes_b64u        { Crypt::Digest::digest_data_b64u('CHAES', @_) }
-sub chaes_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub chaes_file        { Crypt::Digest::digest_file('CHAES', @_)      }
-
+sub chaes_file_hex    { Crypt::Digest::digest_file_hex('CHAES', @_)  }
-sub chaes_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub chaes_file_b64    { Crypt::Digest::digest_file_b64('CHAES', @_)  }
-sub chaes_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub chaes_file_b64u   { Crypt::Digest::digest_file_b64u('CHAES', @_) }
 sub chaes_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
 sub chaes_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 1;
@ -216,12 +214,10 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
-=item * L<http://en.wikipedia.org/wiki/Cryptographic_hash_function#Hash_functions_based_on_block_ciphers|http://en.wikipedia.org/wiki/Cryptographic_hash_function#Hash_functions_based_on_block_ciphers>
+=item * L<https://en.wikipedia.org/wiki/Cryptographic_hash_function#Hash_functions_based_on_block_ciphers>
 =back
 =cut
 __END__
--- a/lib/Crypt/Digest/Keccak224.pm
+++ b/lib/Crypt/Digest/Keccak224.pm
@ -0,0 +1,223 @@
 package Crypt::Digest::Keccak224;
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 use strict;
 use warnings;
 our $VERSION = '0.058_002';
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( keccak224 keccak224_hex keccak224_b64 keccak224_b64u keccak224_file keccak224_file_hex keccak224_file_b64 keccak224_file_b64u )] );
 our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
 our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
 use Crypt::Digest;
 sub hashsize                { Crypt::Digest::hashsize('Keccak224')             }
 sub keccak224             { Crypt::Digest::digest_data('Keccak224', @_)      }
 sub keccak224_hex         { Crypt::Digest::digest_data_hex('Keccak224', @_)  }
 sub keccak224_b64         { Crypt::Digest::digest_data_b64('Keccak224', @_)  }
 sub keccak224_b64u        { Crypt::Digest::digest_data_b64u('Keccak224', @_) }
 sub keccak224_file        { Crypt::Digest::digest_file('Keccak224', @_)      }
 sub keccak224_file_hex    { Crypt::Digest::digest_file_hex('Keccak224', @_)  }
 sub keccak224_file_b64    { Crypt::Digest::digest_file_b64('Keccak224', @_)  }
 sub keccak224_file_b64u   { Crypt::Digest::digest_file_b64u('Keccak224', @_) }
 1;
 =pod
 =head1 NAME
 Crypt::Digest::Keccak224 - Hash function Keccak-224 [size: 224 bits]
 =head1 SYNOPSIS
   ### Functional interface:
   use Crypt::Digest::Keccak224 qw( keccak224 keccak224_hex keccak224_b64 keccak224_b64u
                                keccak224_file keccak224_file_hex keccak224_file_b64 keccak224_file_b64u );
   # calculate digest from string/buffer
   $keccak224_raw  = keccak224('data string');
   $keccak224_hex  = keccak224_hex('data string');
   $keccak224_b64  = keccak224_b64('data string');
   $keccak224_b64u = keccak224_b64u('data string');
   # calculate digest from file
   $keccak224_raw  = keccak224_file('filename.dat');
   $keccak224_hex  = keccak224_file_hex('filename.dat');
   $keccak224_b64  = keccak224_file_b64('filename.dat');
   $keccak224_b64u = keccak224_file_b64u('filename.dat');
   # calculate digest from filehandle
   $keccak224_raw  = keccak224_file(*FILEHANDLE);
   $keccak224_hex  = keccak224_file_hex(*FILEHANDLE);
   $keccak224_b64  = keccak224_file_b64(*FILEHANDLE);
   $keccak224_b64u = keccak224_file_b64u(*FILEHANDLE);
   ### OO interface:
   use Crypt::Digest::Keccak224;
   $d = Crypt::Digest::Keccak224->new;
   $d->add('any data');
   $d->addfile('filename.dat');
   $d->addfile(*FILEHANDLE);
   $result_raw  = $d->digest;     # raw bytes
   $result_hex  = $d->hexdigest;  # hexadecimal form
   $result_b64  = $d->b64digest;  # Base64 form
   $result_b64u = $d->b64udigest; # Base64 URL Safe form
 =head1 DESCRIPTION
 Provides an interface to the Keccak224 digest algorithm.
 =head1 EXPORT
 Nothing is exported by default.
 You can export selected functions:
  use Crypt::Digest::Keccak224 qw(keccak224 keccak224_hex keccak224_b64 keccak224_b64u
                                      keccak224_file keccak224_file_hex keccak224_file_b64 keccak224_file_b64u);
 Or all of them at once:
  use Crypt::Digest::Keccak224 ':all';
 =head1 FUNCTIONS
 =head2 keccak224
 Logically joins all arguments into a single string, and returns its Keccak224 digest encoded as a binary string.
 $keccak224_raw = keccak224('data string');
 #or
 $keccak224_raw = keccak224('any data', 'more data', 'even more data');
 =head2 keccak224_hex
 Logically joins all arguments into a single string, and returns its Keccak224 digest encoded as a hexadecimal string.
 $keccak224_hex = keccak224_hex('data string');
 #or
 $keccak224_hex = keccak224_hex('any data', 'more data', 'even more data');
 =head2 keccak224_b64
 Logically joins all arguments into a single string, and returns its Keccak224 digest encoded as a Base64 string, B<with> trailing '=' padding.
 $keccak224_b64 = keccak224_b64('data string');
 #or
 $keccak224_b64 = keccak224_b64('any data', 'more data', 'even more data');
 =head2 keccak224_b64u
 Logically joins all arguments into a single string, and returns its Keccak224 digest encoded as a Base64 URL Safe string (see RFC 4648 section 5).
 $keccak224_b64url = keccak224_b64u('data string');
 #or
 $keccak224_b64url = keccak224_b64u('any data', 'more data', 'even more data');
 =head2 keccak224_file
 Reads file (defined by filename or filehandle) content, and returns its Keccak224 digest encoded as a binary string.
 $keccak224_raw = keccak224_file('filename.dat');
 #or
 $keccak224_raw = keccak224_file(*FILEHANDLE);
 =head2 keccak224_file_hex
 Reads file (defined by filename or filehandle) content, and returns its Keccak224 digest encoded as a hexadecimal string.
 $keccak224_hex = keccak224_file_hex('filename.dat');
 #or
 $keccak224_hex = keccak224_file_hex(*FILEHANDLE);
 B<BEWARE:> You have to make sure that the filehandle is in binary mode before you pass it as argument to the addfile() method.
 =head2 keccak224_file_b64
 Reads file (defined by filename or filehandle) content, and returns its Keccak224 digest encoded as a Base64 string, B<with> trailing '=' padding.
 $keccak224_b64 = keccak224_file_b64('filename.dat');
 #or
 $keccak224_b64 = keccak224_file_b64(*FILEHANDLE);
 =head2 keccak224_file_b64u
 Reads file (defined by filename or filehandle) content, and returns its Keccak224 digest encoded as a Base64 URL Safe string (see RFC 4648 section 5).
 $keccak224_b64url = keccak224_file_b64u('filename.dat');
 #or
 $keccak224_b64url = keccak224_file_b64u(*FILEHANDLE);
 =head1 METHODS
 The OO interface provides the same set of functions as L<Crypt::Digest>.
 =head2 new
 $d = Crypt::Digest::Keccak224->new();
 =head2 clone
 $d->clone();
 =head2 reset
 $d->reset();
 =head2 add
 $d->add('any data');
 #or
 $d->add('any data', 'more data', 'even more data');
 =head2 addfile
 $d->addfile('filename.dat');
 #or
 $d->addfile(*FILEHANDLE);
 =head2 add_bits
 $d->add_bits($bit_string);   # e.g. $d->add_bits("111100001010");
 #or
 $d->add_bits($data, $nbits); # e.g. $d->add_bits("\xF0\xA0", 16);
 =head2 hashsize
 $d->hashsize;
 #or
 Crypt::Digest::Keccak224->hashsize();
 #or
 Crypt::Digest::Keccak224::hashsize();
 =head2 digest
 $result_raw = $d->digest();
 =head2 hexdigest
 $result_hex = $d->hexdigest();
 =head2 b64digest
 $result_b64 = $d->b64digest();
 =head2 b64udigest
 $result_b64url = $d->b64udigest();
 =head1 SEE ALSO
 =over
 =item * L<CryptX|CryptX>, L<Crypt::Digest>
 =item * L<https://keccak.team/index.html>
 =back
 =cut
--- a/lib/Crypt/Digest/Keccak256.pm
+++ b/lib/Crypt/Digest/Keccak256.pm
@ -0,0 +1,223 @@
 package Crypt::Digest::Keccak256;
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 use strict;
 use warnings;
 our $VERSION = '0.058_002';
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( keccak256 keccak256_hex keccak256_b64 keccak256_b64u keccak256_file keccak256_file_hex keccak256_file_b64 keccak256_file_b64u )] );
 our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
 our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
 use Crypt::Digest;
 sub hashsize                { Crypt::Digest::hashsize('Keccak256')             }
 sub keccak256             { Crypt::Digest::digest_data('Keccak256', @_)      }
 sub keccak256_hex         { Crypt::Digest::digest_data_hex('Keccak256', @_)  }
 sub keccak256_b64         { Crypt::Digest::digest_data_b64('Keccak256', @_)  }
 sub keccak256_b64u        { Crypt::Digest::digest_data_b64u('Keccak256', @_) }
 sub keccak256_file        { Crypt::Digest::digest_file('Keccak256', @_)      }
 sub keccak256_file_hex    { Crypt::Digest::digest_file_hex('Keccak256', @_)  }
 sub keccak256_file_b64    { Crypt::Digest::digest_file_b64('Keccak256', @_)  }
 sub keccak256_file_b64u   { Crypt::Digest::digest_file_b64u('Keccak256', @_) }
 1;
 =pod
 =head1 NAME
 Crypt::Digest::Keccak256 - Hash function Keccak-256 [size: 256 bits]
 =head1 SYNOPSIS
   ### Functional interface:
   use Crypt::Digest::Keccak256 qw( keccak256 keccak256_hex keccak256_b64 keccak256_b64u
                                keccak256_file keccak256_file_hex keccak256_file_b64 keccak256_file_b64u );
   # calculate digest from string/buffer
   $keccak256_raw  = keccak256('data string');
   $keccak256_hex  = keccak256_hex('data string');
   $keccak256_b64  = keccak256_b64('data string');
   $keccak256_b64u = keccak256_b64u('data string');
   # calculate digest from file
   $keccak256_raw  = keccak256_file('filename.dat');
   $keccak256_hex  = keccak256_file_hex('filename.dat');
   $keccak256_b64  = keccak256_file_b64('filename.dat');
   $keccak256_b64u = keccak256_file_b64u('filename.dat');
   # calculate digest from filehandle
   $keccak256_raw  = keccak256_file(*FILEHANDLE);
   $keccak256_hex  = keccak256_file_hex(*FILEHANDLE);
   $keccak256_b64  = keccak256_file_b64(*FILEHANDLE);
   $keccak256_b64u = keccak256_file_b64u(*FILEHANDLE);
   ### OO interface:
   use Crypt::Digest::Keccak256;
   $d = Crypt::Digest::Keccak256->new;
   $d->add('any data');
   $d->addfile('filename.dat');
   $d->addfile(*FILEHANDLE);
   $result_raw  = $d->digest;     # raw bytes
   $result_hex  = $d->hexdigest;  # hexadecimal form
   $result_b64  = $d->b64digest;  # Base64 form
   $result_b64u = $d->b64udigest; # Base64 URL Safe form
 =head1 DESCRIPTION
 Provides an interface to the Keccak256 digest algorithm.
 =head1 EXPORT
 Nothing is exported by default.
 You can export selected functions:
  use Crypt::Digest::Keccak256 qw(keccak256 keccak256_hex keccak256_b64 keccak256_b64u
                                      keccak256_file keccak256_file_hex keccak256_file_b64 keccak256_file_b64u);
 Or all of them at once:
  use Crypt::Digest::Keccak256 ':all';
 =head1 FUNCTIONS
 =head2 keccak256
 Logically joins all arguments into a single string, and returns its Keccak256 digest encoded as a binary string.
 $keccak256_raw = keccak256('data string');
 #or
 $keccak256_raw = keccak256('any data', 'more data', 'even more data');
 =head2 keccak256_hex
 Logically joins all arguments into a single string, and returns its Keccak256 digest encoded as a hexadecimal string.
 $keccak256_hex = keccak256_hex('data string');
 #or
 $keccak256_hex = keccak256_hex('any data', 'more data', 'even more data');
 =head2 keccak256_b64
 Logically joins all arguments into a single string, and returns its Keccak256 digest encoded as a Base64 string, B<with> trailing '=' padding.
 $keccak256_b64 = keccak256_b64('data string');
 #or
 $keccak256_b64 = keccak256_b64('any data', 'more data', 'even more data');
 =head2 keccak256_b64u
 Logically joins all arguments into a single string, and returns its Keccak256 digest encoded as a Base64 URL Safe string (see RFC 4648 section 5).
 $keccak256_b64url = keccak256_b64u('data string');
 #or
 $keccak256_b64url = keccak256_b64u('any data', 'more data', 'even more data');
 =head2 keccak256_file
 Reads file (defined by filename or filehandle) content, and returns its Keccak256 digest encoded as a binary string.
 $keccak256_raw = keccak256_file('filename.dat');
 #or
 $keccak256_raw = keccak256_file(*FILEHANDLE);
 =head2 keccak256_file_hex
 Reads file (defined by filename or filehandle) content, and returns its Keccak256 digest encoded as a hexadecimal string.
 $keccak256_hex = keccak256_file_hex('filename.dat');
 #or
 $keccak256_hex = keccak256_file_hex(*FILEHANDLE);
 B<BEWARE:> You have to make sure that the filehandle is in binary mode before you pass it as argument to the addfile() method.
 =head2 keccak256_file_b64
 Reads file (defined by filename or filehandle) content, and returns its Keccak256 digest encoded as a Base64 string, B<with> trailing '=' padding.
 $keccak256_b64 = keccak256_file_b64('filename.dat');
 #or
 $keccak256_b64 = keccak256_file_b64(*FILEHANDLE);
 =head2 keccak256_file_b64u
 Reads file (defined by filename or filehandle) content, and returns its Keccak256 digest encoded as a Base64 URL Safe string (see RFC 4648 section 5).
 $keccak256_b64url = keccak256_file_b64u('filename.dat');
 #or
 $keccak256_b64url = keccak256_file_b64u(*FILEHANDLE);
 =head1 METHODS
 The OO interface provides the same set of functions as L<Crypt::Digest>.
 =head2 new
 $d = Crypt::Digest::Keccak256->new();
 =head2 clone
 $d->clone();
 =head2 reset
 $d->reset();
 =head2 add
 $d->add('any data');
 #or
 $d->add('any data', 'more data', 'even more data');
 =head2 addfile
 $d->addfile('filename.dat');
 #or
 $d->addfile(*FILEHANDLE);
 =head2 add_bits
 $d->add_bits($bit_string);   # e.g. $d->add_bits("111100001010");
 #or
 $d->add_bits($data, $nbits); # e.g. $d->add_bits("\xF0\xA0", 16);
 =head2 hashsize
 $d->hashsize;
 #or
 Crypt::Digest::Keccak256->hashsize();
 #or
 Crypt::Digest::Keccak256::hashsize();
 =head2 digest
 $result_raw = $d->digest();
 =head2 hexdigest
 $result_hex = $d->hexdigest();
 =head2 b64digest
 $result_b64 = $d->b64digest();
 =head2 b64udigest
 $result_b64url = $d->b64udigest();
 =head1 SEE ALSO
 =over
 =item * L<CryptX|CryptX>, L<Crypt::Digest>
 =item * L<https://keccak.team/index.html>
 =back
 =cut
--- a/lib/Crypt/Digest/Keccak384.pm
+++ b/lib/Crypt/Digest/Keccak384.pm
@ -0,0 +1,223 @@
 package Crypt::Digest::Keccak384;
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 use strict;
 use warnings;
 our $VERSION = '0.058_002';
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( keccak384 keccak384_hex keccak384_b64 keccak384_b64u keccak384_file keccak384_file_hex keccak384_file_b64 keccak384_file_b64u )] );
 our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
 our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
 use Crypt::Digest;
 sub hashsize                { Crypt::Digest::hashsize('Keccak384')             }
 sub keccak384             { Crypt::Digest::digest_data('Keccak384', @_)      }
 sub keccak384_hex         { Crypt::Digest::digest_data_hex('Keccak384', @_)  }
 sub keccak384_b64         { Crypt::Digest::digest_data_b64('Keccak384', @_)  }
 sub keccak384_b64u        { Crypt::Digest::digest_data_b64u('Keccak384', @_) }
 sub keccak384_file        { Crypt::Digest::digest_file('Keccak384', @_)      }
 sub keccak384_file_hex    { Crypt::Digest::digest_file_hex('Keccak384', @_)  }
 sub keccak384_file_b64    { Crypt::Digest::digest_file_b64('Keccak384', @_)  }
 sub keccak384_file_b64u   { Crypt::Digest::digest_file_b64u('Keccak384', @_) }
 1;
 =pod
 =head1 NAME
 Crypt::Digest::Keccak384 - Hash function Keccak-384 [size: 384 bits]
 =head1 SYNOPSIS
   ### Functional interface:
   use Crypt::Digest::Keccak384 qw( keccak384 keccak384_hex keccak384_b64 keccak384_b64u
                                keccak384_file keccak384_file_hex keccak384_file_b64 keccak384_file_b64u );
   # calculate digest from string/buffer
   $keccak384_raw  = keccak384('data string');
   $keccak384_hex  = keccak384_hex('data string');
   $keccak384_b64  = keccak384_b64('data string');
   $keccak384_b64u = keccak384_b64u('data string');
   # calculate digest from file
   $keccak384_raw  = keccak384_file('filename.dat');
   $keccak384_hex  = keccak384_file_hex('filename.dat');
   $keccak384_b64  = keccak384_file_b64('filename.dat');
   $keccak384_b64u = keccak384_file_b64u('filename.dat');
   # calculate digest from filehandle
   $keccak384_raw  = keccak384_file(*FILEHANDLE);
   $keccak384_hex  = keccak384_file_hex(*FILEHANDLE);
   $keccak384_b64  = keccak384_file_b64(*FILEHANDLE);
   $keccak384_b64u = keccak384_file_b64u(*FILEHANDLE);
   ### OO interface:
   use Crypt::Digest::Keccak384;
   $d = Crypt::Digest::Keccak384->new;
   $d->add('any data');
   $d->addfile('filename.dat');
   $d->addfile(*FILEHANDLE);
   $result_raw  = $d->digest;     # raw bytes
   $result_hex  = $d->hexdigest;  # hexadecimal form
   $result_b64  = $d->b64digest;  # Base64 form
   $result_b64u = $d->b64udigest; # Base64 URL Safe form
 =head1 DESCRIPTION
 Provides an interface to the Keccak384 digest algorithm.
 =head1 EXPORT
 Nothing is exported by default.
 You can export selected functions:
  use Crypt::Digest::Keccak384 qw(keccak384 keccak384_hex keccak384_b64 keccak384_b64u
                                      keccak384_file keccak384_file_hex keccak384_file_b64 keccak384_file_b64u);
 Or all of them at once:
  use Crypt::Digest::Keccak384 ':all';
 =head1 FUNCTIONS
 =head2 keccak384
 Logically joins all arguments into a single string, and returns its Keccak384 digest encoded as a binary string.
 $keccak384_raw = keccak384('data string');
 #or
 $keccak384_raw = keccak384('any data', 'more data', 'even more data');
 =head2 keccak384_hex
 Logically joins all arguments into a single string, and returns its Keccak384 digest encoded as a hexadecimal string.
 $keccak384_hex = keccak384_hex('data string');
 #or
 $keccak384_hex = keccak384_hex('any data', 'more data', 'even more data');
 =head2 keccak384_b64
 Logically joins all arguments into a single string, and returns its Keccak384 digest encoded as a Base64 string, B<with> trailing '=' padding.
 $keccak384_b64 = keccak384_b64('data string');
 #or
 $keccak384_b64 = keccak384_b64('any data', 'more data', 'even more data');
 =head2 keccak384_b64u
 Logically joins all arguments into a single string, and returns its Keccak384 digest encoded as a Base64 URL Safe string (see RFC 4648 section 5).
 $keccak384_b64url = keccak384_b64u('data string');
 #or
 $keccak384_b64url = keccak384_b64u('any data', 'more data', 'even more data');
 =head2 keccak384_file
 Reads file (defined by filename or filehandle) content, and returns its Keccak384 digest encoded as a binary string.
 $keccak384_raw = keccak384_file('filename.dat');
 #or
 $keccak384_raw = keccak384_file(*FILEHANDLE);
 =head2 keccak384_file_hex
 Reads file (defined by filename or filehandle) content, and returns its Keccak384 digest encoded as a hexadecimal string.
 $keccak384_hex = keccak384_file_hex('filename.dat');
 #or
 $keccak384_hex = keccak384_file_hex(*FILEHANDLE);
 B<BEWARE:> You have to make sure that the filehandle is in binary mode before you pass it as argument to the addfile() method.
 =head2 keccak384_file_b64
 Reads file (defined by filename or filehandle) content, and returns its Keccak384 digest encoded as a Base64 string, B<with> trailing '=' padding.
 $keccak384_b64 = keccak384_file_b64('filename.dat');
 #or
 $keccak384_b64 = keccak384_file_b64(*FILEHANDLE);
 =head2 keccak384_file_b64u
 Reads file (defined by filename or filehandle) content, and returns its Keccak384 digest encoded as a Base64 URL Safe string (see RFC 4648 section 5).
 $keccak384_b64url = keccak384_file_b64u('filename.dat');
 #or
 $keccak384_b64url = keccak384_file_b64u(*FILEHANDLE);
 =head1 METHODS
 The OO interface provides the same set of functions as L<Crypt::Digest>.
 =head2 new
 $d = Crypt::Digest::Keccak384->new();
 =head2 clone
 $d->clone();
 =head2 reset
 $d->reset();
 =head2 add
 $d->add('any data');
 #or
 $d->add('any data', 'more data', 'even more data');
 =head2 addfile
 $d->addfile('filename.dat');
 #or
 $d->addfile(*FILEHANDLE);
 =head2 add_bits
 $d->add_bits($bit_string);   # e.g. $d->add_bits("111100001010");
 #or
 $d->add_bits($data, $nbits); # e.g. $d->add_bits("\xF0\xA0", 16);
 =head2 hashsize
 $d->hashsize;
 #or
 Crypt::Digest::Keccak384->hashsize();
 #or
 Crypt::Digest::Keccak384::hashsize();
 =head2 digest
 $result_raw = $d->digest();
 =head2 hexdigest
 $result_hex = $d->hexdigest();
 =head2 b64digest
 $result_b64 = $d->b64digest();
 =head2 b64udigest
 $result_b64url = $d->b64udigest();
 =head1 SEE ALSO
 =over
 =item * L<CryptX|CryptX>, L<Crypt::Digest>
 =item * L<https://keccak.team/index.html>
 =back
 =cut
--- a/lib/Crypt/Digest/Keccak512.pm
+++ b/lib/Crypt/Digest/Keccak512.pm
@ -0,0 +1,223 @@
 package Crypt::Digest::Keccak512;
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 use strict;
 use warnings;
 our $VERSION = '0.058_002';
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( keccak512 keccak512_hex keccak512_b64 keccak512_b64u keccak512_file keccak512_file_hex keccak512_file_b64 keccak512_file_b64u )] );
 our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
 our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
 use Crypt::Digest;
 sub hashsize                { Crypt::Digest::hashsize('Keccak512')             }
 sub keccak512             { Crypt::Digest::digest_data('Keccak512', @_)      }
 sub keccak512_hex         { Crypt::Digest::digest_data_hex('Keccak512', @_)  }
 sub keccak512_b64         { Crypt::Digest::digest_data_b64('Keccak512', @_)  }
 sub keccak512_b64u        { Crypt::Digest::digest_data_b64u('Keccak512', @_) }
 sub keccak512_file        { Crypt::Digest::digest_file('Keccak512', @_)      }
 sub keccak512_file_hex    { Crypt::Digest::digest_file_hex('Keccak512', @_)  }
 sub keccak512_file_b64    { Crypt::Digest::digest_file_b64('Keccak512', @_)  }
 sub keccak512_file_b64u   { Crypt::Digest::digest_file_b64u('Keccak512', @_) }
 1;
 =pod
 =head1 NAME
 Crypt::Digest::Keccak512 - Hash function Keccak-512 [size: 512 bits]
 =head1 SYNOPSIS
   ### Functional interface:
   use Crypt::Digest::Keccak512 qw( keccak512 keccak512_hex keccak512_b64 keccak512_b64u
                                keccak512_file keccak512_file_hex keccak512_file_b64 keccak512_file_b64u );
   # calculate digest from string/buffer
   $keccak512_raw  = keccak512('data string');
   $keccak512_hex  = keccak512_hex('data string');
   $keccak512_b64  = keccak512_b64('data string');
   $keccak512_b64u = keccak512_b64u('data string');
   # calculate digest from file
   $keccak512_raw  = keccak512_file('filename.dat');
   $keccak512_hex  = keccak512_file_hex('filename.dat');
   $keccak512_b64  = keccak512_file_b64('filename.dat');
   $keccak512_b64u = keccak512_file_b64u('filename.dat');
   # calculate digest from filehandle
   $keccak512_raw  = keccak512_file(*FILEHANDLE);
   $keccak512_hex  = keccak512_file_hex(*FILEHANDLE);
   $keccak512_b64  = keccak512_file_b64(*FILEHANDLE);
   $keccak512_b64u = keccak512_file_b64u(*FILEHANDLE);
   ### OO interface:
   use Crypt::Digest::Keccak512;
   $d = Crypt::Digest::Keccak512->new;
   $d->add('any data');
   $d->addfile('filename.dat');
   $d->addfile(*FILEHANDLE);
   $result_raw  = $d->digest;     # raw bytes
   $result_hex  = $d->hexdigest;  # hexadecimal form
   $result_b64  = $d->b64digest;  # Base64 form
   $result_b64u = $d->b64udigest; # Base64 URL Safe form
 =head1 DESCRIPTION
 Provides an interface to the Keccak512 digest algorithm.
 =head1 EXPORT
 Nothing is exported by default.
 You can export selected functions:
  use Crypt::Digest::Keccak512 qw(keccak512 keccak512_hex keccak512_b64 keccak512_b64u
                                      keccak512_file keccak512_file_hex keccak512_file_b64 keccak512_file_b64u);
 Or all of them at once:
  use Crypt::Digest::Keccak512 ':all';
 =head1 FUNCTIONS
 =head2 keccak512
 Logically joins all arguments into a single string, and returns its Keccak512 digest encoded as a binary string.
 $keccak512_raw = keccak512('data string');
 #or
 $keccak512_raw = keccak512('any data', 'more data', 'even more data');
 =head2 keccak512_hex
 Logically joins all arguments into a single string, and returns its Keccak512 digest encoded as a hexadecimal string.
 $keccak512_hex = keccak512_hex('data string');
 #or
 $keccak512_hex = keccak512_hex('any data', 'more data', 'even more data');
 =head2 keccak512_b64
 Logically joins all arguments into a single string, and returns its Keccak512 digest encoded as a Base64 string, B<with> trailing '=' padding.
 $keccak512_b64 = keccak512_b64('data string');
 #or
 $keccak512_b64 = keccak512_b64('any data', 'more data', 'even more data');
 =head2 keccak512_b64u
 Logically joins all arguments into a single string, and returns its Keccak512 digest encoded as a Base64 URL Safe string (see RFC 4648 section 5).
 $keccak512_b64url = keccak512_b64u('data string');
 #or
 $keccak512_b64url = keccak512_b64u('any data', 'more data', 'even more data');
 =head2 keccak512_file
 Reads file (defined by filename or filehandle) content, and returns its Keccak512 digest encoded as a binary string.
 $keccak512_raw = keccak512_file('filename.dat');
 #or
 $keccak512_raw = keccak512_file(*FILEHANDLE);
 =head2 keccak512_file_hex
 Reads file (defined by filename or filehandle) content, and returns its Keccak512 digest encoded as a hexadecimal string.
 $keccak512_hex = keccak512_file_hex('filename.dat');
 #or
 $keccak512_hex = keccak512_file_hex(*FILEHANDLE);
 B<BEWARE:> You have to make sure that the filehandle is in binary mode before you pass it as argument to the addfile() method.
 =head2 keccak512_file_b64
 Reads file (defined by filename or filehandle) content, and returns its Keccak512 digest encoded as a Base64 string, B<with> trailing '=' padding.
 $keccak512_b64 = keccak512_file_b64('filename.dat');
 #or
 $keccak512_b64 = keccak512_file_b64(*FILEHANDLE);
 =head2 keccak512_file_b64u
 Reads file (defined by filename or filehandle) content, and returns its Keccak512 digest encoded as a Base64 URL Safe string (see RFC 4648 section 5).
 $keccak512_b64url = keccak512_file_b64u('filename.dat');
 #or
 $keccak512_b64url = keccak512_file_b64u(*FILEHANDLE);
 =head1 METHODS
 The OO interface provides the same set of functions as L<Crypt::Digest>.
 =head2 new
 $d = Crypt::Digest::Keccak512->new();
 =head2 clone
 $d->clone();
 =head2 reset
 $d->reset();
 =head2 add
 $d->add('any data');
 #or
 $d->add('any data', 'more data', 'even more data');
 =head2 addfile
 $d->addfile('filename.dat');
 #or
 $d->addfile(*FILEHANDLE);
 =head2 add_bits
 $d->add_bits($bit_string);   # e.g. $d->add_bits("111100001010");
 #or
 $d->add_bits($data, $nbits); # e.g. $d->add_bits("\xF0\xA0", 16);
 =head2 hashsize
 $d->hashsize;
 #or
 Crypt::Digest::Keccak512->hashsize();
 #or
 Crypt::Digest::Keccak512::hashsize();
 =head2 digest
 $result_raw = $d->digest();
 =head2 hexdigest
 $result_hex = $d->hexdigest();
 =head2 b64digest
 $result_b64 = $d->b64digest();
 =head2 b64udigest
 $result_b64url = $d->b64udigest();
 =head1 SEE ALSO
 =over
 =item * L<CryptX|CryptX>, L<Crypt::Digest>
 =item * L<https://keccak.team/index.html>
 =back
 =cut
--- a/lib/Crypt/Digest/MD2.pm
+++ b/lib/Crypt/Digest/MD2.pm
@ -4,7 +4,7 @@ package Crypt::Digest::MD2;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( md2 md2_hex md2_b64 md2_b64u md2_file md2_file_hex md2_file_b64 md2_file_b64u )] );
@ -13,19 +13,17 @@ our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('MD2')             }
-
+sub md2             { Crypt::Digest::digest_data('MD2', @_)      }
-sub md2             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub md2_hex         { Crypt::Digest::digest_data_hex('MD2', @_)  }
-sub md2_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub md2_b64         { Crypt::Digest::digest_data_b64('MD2', @_)  }
-sub md2_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub md2_b64u        { Crypt::Digest::digest_data_b64u('MD2', @_) }
-sub md2_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub md2_file        { Crypt::Digest::digest_file('MD2', @_)      }
-
+sub md2_file_hex    { Crypt::Digest::digest_file_hex('MD2', @_)  }
-sub md2_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub md2_file_b64    { Crypt::Digest::digest_file_b64('MD2', @_)  }
-sub md2_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub md2_file_b64u   { Crypt::Digest::digest_file_b64u('MD2', @_) }
 sub md2_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
 sub md2_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 1;
@ -216,12 +214,10 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
-=item * L<http://en.wikipedia.org/wiki/MD2_(cryptography)|http://en.wikipedia.org/wiki/MD2_(cryptography)>
+=item * L<https://en.wikipedia.org/wiki/MD2_(cryptography)>
 =back
 =cut
 __END__
--- a/lib/Crypt/Digest/MD4.pm
+++ b/lib/Crypt/Digest/MD4.pm
@ -4,7 +4,7 @@ package Crypt::Digest::MD4;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( md4 md4_hex md4_b64 md4_b64u md4_file md4_file_hex md4_file_b64 md4_file_b64u )] );
@ -13,19 +13,17 @@ our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('MD4')             }
-
+sub md4             { Crypt::Digest::digest_data('MD4', @_)      }
-sub md4             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub md4_hex         { Crypt::Digest::digest_data_hex('MD4', @_)  }
-sub md4_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub md4_b64         { Crypt::Digest::digest_data_b64('MD4', @_)  }
-sub md4_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub md4_b64u        { Crypt::Digest::digest_data_b64u('MD4', @_) }
-sub md4_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub md4_file        { Crypt::Digest::digest_file('MD4', @_)      }
-
+sub md4_file_hex    { Crypt::Digest::digest_file_hex('MD4', @_)  }
-sub md4_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub md4_file_b64    { Crypt::Digest::digest_file_b64('MD4', @_)  }
-sub md4_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub md4_file_b64u   { Crypt::Digest::digest_file_b64u('MD4', @_) }
 sub md4_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
 sub md4_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 1;
@ -216,12 +214,10 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
-=item * L<http://en.wikipedia.org/wiki/MD4|http://en.wikipedia.org/wiki/MD4>
+=item * L<https://en.wikipedia.org/wiki/MD4>
 =back
 =cut
 __END__
--- a/lib/Crypt/Digest/MD5.pm
+++ b/lib/Crypt/Digest/MD5.pm
@ -4,7 +4,7 @@ package Crypt::Digest::MD5;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( md5 md5_hex md5_b64 md5_b64u md5_file md5_file_hex md5_file_b64 md5_file_b64u )] );
@ -13,19 +13,17 @@ our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('MD5')             }
-
+sub md5             { Crypt::Digest::digest_data('MD5', @_)      }
-sub md5             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub md5_hex         { Crypt::Digest::digest_data_hex('MD5', @_)  }
-sub md5_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub md5_b64         { Crypt::Digest::digest_data_b64('MD5', @_)  }
-sub md5_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub md5_b64u        { Crypt::Digest::digest_data_b64u('MD5', @_) }
-sub md5_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub md5_file        { Crypt::Digest::digest_file('MD5', @_)      }
-
+sub md5_file_hex    { Crypt::Digest::digest_file_hex('MD5', @_)  }
-sub md5_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub md5_file_b64    { Crypt::Digest::digest_file_b64('MD5', @_)  }
-sub md5_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub md5_file_b64u   { Crypt::Digest::digest_file_b64u('MD5', @_) }
 sub md5_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
 sub md5_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 1;
@ -216,12 +214,10 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
-=item * L<http://en.wikipedia.org/wiki/MD5|http://en.wikipedia.org/wiki/MD5>
+=item * L<https://en.wikipedia.org/wiki/MD5>
 =back
 =cut
 __END__
--- a/lib/Crypt/Digest/RIPEMD128.pm
+++ b/lib/Crypt/Digest/RIPEMD128.pm
@ -4,7 +4,7 @@ package Crypt::Digest::RIPEMD128;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( ripemd128 ripemd128_hex ripemd128_b64 ripemd128_b64u ripemd128_file ripemd128_file_hex ripemd128_file_b64 ripemd128_file_b64u )] );
@ -13,19 +13,17 @@ our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('RIPEMD128')             }
-
+sub ripemd128             { Crypt::Digest::digest_data('RIPEMD128', @_)      }
-sub ripemd128             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub ripemd128_hex         { Crypt::Digest::digest_data_hex('RIPEMD128', @_)  }
-sub ripemd128_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub ripemd128_b64         { Crypt::Digest::digest_data_b64('RIPEMD128', @_)  }
-sub ripemd128_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub ripemd128_b64u        { Crypt::Digest::digest_data_b64u('RIPEMD128', @_) }
-sub ripemd128_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub ripemd128_file        { Crypt::Digest::digest_file('RIPEMD128', @_)      }
-
+sub ripemd128_file_hex    { Crypt::Digest::digest_file_hex('RIPEMD128', @_)  }
-sub ripemd128_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub ripemd128_file_b64    { Crypt::Digest::digest_file_b64('RIPEMD128', @_)  }
-sub ripemd128_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub ripemd128_file_b64u   { Crypt::Digest::digest_file_b64u('RIPEMD128', @_) }
 sub ripemd128_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
 sub ripemd128_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 1;
@ -216,12 +214,10 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
-=item * L<http://en.wikipedia.org/wiki/RIPEMD|http://en.wikipedia.org/wiki/RIPEMD>
+=item * L<https://en.wikipedia.org/wiki/RIPEMD>
 =back
 =cut
 __END__
--- a/lib/Crypt/Digest/RIPEMD160.pm
+++ b/lib/Crypt/Digest/RIPEMD160.pm
@ -4,7 +4,7 @@ package Crypt::Digest::RIPEMD160;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( ripemd160 ripemd160_hex ripemd160_b64 ripemd160_b64u ripemd160_file ripemd160_file_hex ripemd160_file_b64 ripemd160_file_b64u )] );
@ -13,19 +13,17 @@ our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('RIPEMD160')             }
-
+sub ripemd160             { Crypt::Digest::digest_data('RIPEMD160', @_)      }
-sub ripemd160             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub ripemd160_hex         { Crypt::Digest::digest_data_hex('RIPEMD160', @_)  }
-sub ripemd160_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub ripemd160_b64         { Crypt::Digest::digest_data_b64('RIPEMD160', @_)  }
-sub ripemd160_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub ripemd160_b64u        { Crypt::Digest::digest_data_b64u('RIPEMD160', @_) }
-sub ripemd160_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub ripemd160_file        { Crypt::Digest::digest_file('RIPEMD160', @_)      }
-
+sub ripemd160_file_hex    { Crypt::Digest::digest_file_hex('RIPEMD160', @_)  }
-sub ripemd160_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub ripemd160_file_b64    { Crypt::Digest::digest_file_b64('RIPEMD160', @_)  }
-sub ripemd160_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub ripemd160_file_b64u   { Crypt::Digest::digest_file_b64u('RIPEMD160', @_) }
 sub ripemd160_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
 sub ripemd160_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 1;
@ -216,12 +214,10 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
-=item * L<http://en.wikipedia.org/wiki/RIPEMD|http://en.wikipedia.org/wiki/RIPEMD>
+=item * L<https://en.wikipedia.org/wiki/RIPEMD>
 =back
 =cut
 __END__
--- a/lib/Crypt/Digest/RIPEMD256.pm
+++ b/lib/Crypt/Digest/RIPEMD256.pm
@ -4,7 +4,7 @@ package Crypt::Digest::RIPEMD256;
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( ripemd256 ripemd256_hex ripemd256_b64 ripemd256_b64u ripemd256_file ripemd256_file_hex ripemd256_file_b64 ripemd256_file_b64u )] );
@ -13,19 +13,17 @@ our @EXPORT = qw();
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('RIPEMD256')             }
-
+sub ripemd256             { Crypt::Digest::digest_data('RIPEMD256', @_)      }
-sub ripemd256             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub ripemd256_hex         { Crypt::Digest::digest_data_hex('RIPEMD256', @_)  }
-sub ripemd256_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub ripemd256_b64         { Crypt::Digest::digest_data_b64('RIPEMD256', @_)  }
-sub ripemd256_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub ripemd256_b64u        { Crypt::Digest::digest_data_b64u('RIPEMD256', @_) }
-sub ripemd256_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub ripemd256_file        { Crypt::Digest::digest_file('RIPEMD256', @_)      }
-
+sub ripemd256_file_hex    { Crypt::Digest::digest_file_hex('RIPEMD256', @_)  }
-sub ripemd256_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub ripemd256_file_b64    { Crypt::Digest::digest_file_b64('RIPEMD256', @_)  }
-sub ripemd256_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub ripemd256_file_b64u   { Crypt::Digest::digest_file_b64u('RIPEMD256', @_) }
 sub ripemd256_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
 sub ripemd256_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 1;
@ -216,12 +214,10 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 =over
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
-=item * L<http://en.wikipedia.org/wiki/RIPEMD|http://en.wikipedia.org/wiki/RIPEMD>
+=item * L<https://en.wikipedia.org/wiki/RIPEMD>
 =back
 =cut
 __END__
--- a/Show More
+++ b/Show More