make depends

Update outdated URL in README.md

.github/workflows/docker-publish.yml

@@ -0,0 +1,85 @@
+name: Docker
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Install the cosign tool except on PR
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@v3
+
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@v2
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@v4
+        with:
+          file: ./contrib/docker/Dockerfile
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      # Sign the resulting Docker image digest except on PRs.
+      # This will only write to the public Rekor transparency log when the Docker
+      # repository is public to avoid leaking data.  If you would like to publish
+      # transparency data even for private images, pass --force to cosign below.
+      # https://github.com/sigstore/cosign
+      - name: Sign the published Docker image
+        if: ${{ github.event_name != 'pull_request' }}
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push.outputs.digest }}

GNUmakefile.in

@@ -268,115 +268,115 @@ ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/ge25519.h
 ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/fe25519.h
 ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/compat.h
 ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/fe25519_batchinvert.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/fe25519_batchinvert.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/fe25519_getparity.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/fe25519_getparity.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/fe25519_invert.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/fe25519_invert.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/fe25519_iseq.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/fe25519_iseq.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/fe25519_iszero.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/fe25519_iszero.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/fe25519_neg.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/fe25519_neg.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/fe25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/fe25519_pack.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/fe25519_pow2523.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/fe25519_pow2523.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/fe25519_setint.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/fe25519_setint.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/fe25519_unpack.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/fe25519_unpack.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519_base_slide_multiples.data
-ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/index_heap.h
-ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/ge25519.h
+ed25519/amd64-64-24k/fe25519_batchinvert.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/fe25519_batchinvert.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/fe25519_getparity.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/fe25519_getparity.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/fe25519_invert.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/fe25519_invert.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/fe25519_iseq.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/fe25519_iseq.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/fe25519_iszero.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/fe25519_iszero.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/fe25519_neg.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/fe25519_neg.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/fe25519_pack.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/fe25519_pack.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/fe25519_pow2523.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/fe25519_pow2523.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/fe25519_setint.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/fe25519_setint.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/fe25519_unpack.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/fe25519_unpack.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/ge25519_base_slide_multiples.data
+ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/index_heap.h
+ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/ge25519.h
 ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/ge25519_base_niels.data
-ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
-ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-51-30k/hram.h
-ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-51-30k/index_heap.h
-ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/crypto_sign.h
-ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/ed25519.h
-ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
-ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/randombytes.h
-ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/crypto_sign.h
-ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/ed25519.h
-ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/crypto_verify_32.h
-ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
-ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/sc25519_from32bytes.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/sc25519_from32bytes.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/sc25519_from64bytes.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/sc25519_from64bytes.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/sc25519_from_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/sc25519_from_shortsc.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/sc25519_iszero.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/sc25519_iszero.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/sc25519_mul.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/sc25519_mul.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/sc25519_mul_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/sc25519_mul_shortsc.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/sc25519_slide.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/sc25519_slide.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/sc25519_to32bytes.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/sc25519_to32bytes.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/sc25519_window4.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/sc25519_window4.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/crypto_sign.h
-ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/ed25519.h
-ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
-ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/compat.h
-ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/sc25519.h
+ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-64-24k/crypto_hash_sha512.h
+ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-64-24k/hram.h
+ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-64-24k/index_heap.h
+ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/crypto_sign.h
+ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/ed25519.h
+ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/crypto_hash_sha512.h
+ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/randombytes.h
+ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/crypto_sign.h
+ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/ed25519.h
+ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/crypto_verify_32.h
+ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/crypto_hash_sha512.h
+ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/sc25519_from32bytes.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/sc25519_from32bytes.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/sc25519_from64bytes.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/sc25519_from64bytes.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/sc25519_from_shortsc.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/sc25519_from_shortsc.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/sc25519_iszero.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/sc25519_iszero.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/sc25519_mul.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/sc25519_mul.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/sc25519_mul_shortsc.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/sc25519_mul_shortsc.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/sc25519_slide.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/sc25519_slide.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/sc25519_to32bytes.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/sc25519_to32bytes.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/sc25519_window4.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/sc25519_window4.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/crypto_sign.h
+ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/ed25519.h
+ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/crypto_hash_sha512.h
+ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/sc25519.h
 ed25519/ref10/fe_0.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
 ed25519/ref10/fe_1.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
 ed25519/ref10/fe_add.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
@@ -394,7 +394,7 @@ ed25519/ref10/fe_isnegative.c.o: ed25519/ref10/fe.h
 ed25519/ref10/fe_isnegative.c.o: ed25519/ref10/crypto_int32.h
 ed25519/ref10/fe_isnonzero.c.o: ed25519/ref10/fe.h
 ed25519/ref10/fe_isnonzero.c.o: ed25519/ref10/crypto_int32.h
-ed25519/ref10/fe_isnonzero.c.o: ed25519/amd64-51-30k/crypto_verify_32.h
+ed25519/ref10/fe_isnonzero.c.o: ed25519/ref10/crypto_verify_32.h
 ed25519/ref10/fe_mul.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
 ed25519/ref10/fe_mul.c.o: ed25519/ref10/crypto_int64.h
 ed25519/ref10/fe_neg.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
@@ -453,29 +453,27 @@ ed25519/ref10/ge_sub.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
 ed25519/ref10/ge_sub.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/ge_sub.h
 ed25519/ref10/ge_tobytes.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
 ed25519/ref10/ge_tobytes.c.o: ed25519/ref10/crypto_int32.h
-ed25519/ref10/keypair.c.o: ed25519/amd64-51-30k/randombytes.h
-ed25519/ref10/keypair.c.o: ed25519/amd64-51-30k/crypto_sign.h
-ed25519/ref10/keypair.c.o: ed25519/amd64-51-30k/ed25519.h
-ed25519/ref10/keypair.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
+ed25519/ref10/keypair.c.o: ed25519/ref10/randombytes.h
+ed25519/ref10/keypair.c.o: ed25519/ref10/crypto_sign.h
+ed25519/ref10/keypair.c.o: ed25519/ref10/ed25519.h
+ed25519/ref10/keypair.c.o: ed25519/ref10/crypto_hash_sha512.h
 ed25519/ref10/keypair.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
 ed25519/ref10/keypair.c.o: ed25519/ref10/crypto_int32.h
-ed25519/ref10/open.c.o: ed25519/amd64-51-30k/crypto_sign.h
-ed25519/ref10/open.c.o: ed25519/amd64-51-30k/ed25519.h
-ed25519/ref10/open.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
-ed25519/ref10/open.c.o: ed25519/amd64-51-30k/crypto_verify_32.h
-ed25519/ref10/open.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
-ed25519/ref10/open.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/sc.h
+ed25519/ref10/open.c.o: ed25519/ref10/crypto_sign.h ed25519/ref10/ed25519.h
+ed25519/ref10/open.c.o: ed25519/ref10/crypto_hash_sha512.h
+ed25519/ref10/open.c.o: ed25519/ref10/crypto_verify_32.h ed25519/ref10/ge.h
+ed25519/ref10/open.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
+ed25519/ref10/open.c.o: ed25519/ref10/sc.h
 ed25519/ref10/sc_muladd.c.o: ed25519/ref10/sc.h ed25519/ref10/crypto_int64.h
 ed25519/ref10/sc_muladd.c.o: ed25519/ref10/crypto_uint32.h
 ed25519/ref10/sc_muladd.c.o: ed25519/ref10/crypto_uint64.h
 ed25519/ref10/sc_reduce.c.o: ed25519/ref10/sc.h ed25519/ref10/crypto_int64.h
 ed25519/ref10/sc_reduce.c.o: ed25519/ref10/crypto_uint32.h
 ed25519/ref10/sc_reduce.c.o: ed25519/ref10/crypto_uint64.h
-ed25519/ref10/sign.c.o: ed25519/amd64-51-30k/crypto_sign.h
-ed25519/ref10/sign.c.o: ed25519/amd64-51-30k/ed25519.h
-ed25519/ref10/sign.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
-ed25519/ref10/sign.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
-ed25519/ref10/sign.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/sc.h
+ed25519/ref10/sign.c.o: ed25519/ref10/crypto_sign.h ed25519/ref10/ed25519.h
+ed25519/ref10/sign.c.o: ed25519/ref10/crypto_hash_sha512.h ed25519/ref10/ge.h
+ed25519/ref10/sign.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
+ed25519/ref10/sign.c.o: ed25519/ref10/sc.h
 ioutil.c.o: types.h ioutil.h vec.h
 keccak.c.o: types.h keccak.h
 main.c.o: types.h vec.h base32.h cpucount.h keccak.h ioutil.h common.h yaml.h
@@ -486,14 +484,16 @@ test_base32.c.o: types.h base32.h
 test_base64.c.o: types.h base64.h
 test_ed25519.c.o: types.h base16.h ed25519/ed25519.h
 test_ed25519.c.o: ed25519/ed25519_impl_pre.h ed25519/ref10/crypto_sign.h
-test_ed25519.c.o: ed25519/amd64-51-30k/ed25519.h ed25519/ref10/ge.h
+test_ed25519.c.o: ed25519/ref10/ed25519.h ed25519/ref10/ge.h
 test_ed25519.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
 test_ed25519.c.o: ed25519/amd64-51-30k/crypto_sign.h
+test_ed25519.c.o: ed25519/amd64-51-30k/ed25519.h
 test_ed25519.c.o: ed25519/amd64-51-30k/ge25519.h
 test_ed25519.c.o: ed25519/amd64-51-30k/fe25519.h
 test_ed25519.c.o: ed25519/amd64-51-30k/compat.h
 test_ed25519.c.o: ed25519/amd64-51-30k/sc25519.h
 test_ed25519.c.o: ed25519/amd64-64-24k/crypto_sign.h
+test_ed25519.c.o: ed25519/amd64-64-24k/ed25519.h
 test_ed25519.c.o: ed25519/amd64-64-24k/ge25519.h
 test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna.h
 test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-portable.h
@@ -519,12 +519,12 @@ worker.c.o: types.h likely.h vec.h base32.h keccak.h ioutil.h common.h yaml.h
 worker.c.o: worker.h filters.h filters_inc.inc.h filters_worker.inc.h
 worker.c.o: filters_common.inc.h ed25519/ed25519.h worker_impl.inc.h
 worker.c.o: ed25519/ed25519_impl_pre.h ed25519/ref10/crypto_sign.h
-worker.c.o: ed25519/amd64-51-30k/ed25519.h ed25519/ref10/ge.h
-worker.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
-worker.c.o: ed25519/amd64-51-30k/crypto_sign.h ed25519/amd64-51-30k/ge25519.h
+worker.c.o: ed25519/ref10/ed25519.h ed25519/ref10/ge.h ed25519/ref10/fe.h
+worker.c.o: ed25519/ref10/crypto_int32.h ed25519/amd64-51-30k/crypto_sign.h
+worker.c.o: ed25519/amd64-51-30k/ed25519.h ed25519/amd64-51-30k/ge25519.h
 worker.c.o: ed25519/amd64-51-30k/fe25519.h ed25519/amd64-51-30k/compat.h
 worker.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-64-24k/crypto_sign.h
-worker.c.o: ed25519/amd64-64-24k/ge25519.h
+worker.c.o: ed25519/amd64-64-24k/ed25519.h ed25519/amd64-64-24k/ge25519.h
 worker.c.o: ed25519/ed25519-donna/ed25519-donna.h
 worker.c.o: ed25519/ed25519-donna/ed25519-donna-portable.h
 worker.c.o: ed25519/ed25519-donna/ed25519-donna-portable-identify.h
@@ -542,7 +542,7 @@ worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86-32bit.h
 worker.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-sse2.h
 worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-sse2.h
 worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-sse2.h
-worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h worker_slow.inc.h
-worker.c.o: worker_fast.inc.h worker_fast_pass.inc.h worker_batch.inc.h
-worker.c.o: worker_batch_pass.inc.h ed25519/ed25519_impl_post.h
+worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h
+worker.c.o: worker_batch.inc.h worker_batch_pass.inc.h
+worker.c.o: ed25519/ed25519_impl_post.h
 yaml.c.o: types.h yaml.h ioutil.h base32.h base64.h common.h

README.md

@@ -1,9 +1,9 @@
 ## mkp224o - vanity address generator for ed25519 onion services
 
-This tool generates vanity ed25519 ([hidden service version 3][v3],
+This tool generates vanity ed25519 (hidden service version 3[^1][^2],
 formely known as proposal 224) onion addresses.
 
-### Requirements
+### Requirements for building
 
 * C99 compatible compiler (gcc and clang should work)
 * libsodium (including headers)
@@ -15,28 +15,31 @@ formely known as proposal 224) onion addresses.
 For debian-like linux distros, this should be enough to prepare for building:
 
 ```bash
-apt install gcc libsodium-dev make autoconf
+apt install gcc libc6-dev libsodium-dev make autoconf
 ```
 
 ### Building
 
-`./autogen.sh` to generate configure script, if it's not there already.
+Run `./autogen.sh` to generate a configure script, if there isn't one already.
 
-`./configure` to generate makefile; in \*BSD platforms you probably want to use
+Run `./configure` to generate a makefile.
+On \*BSD platforms you may need to specify extra include/library paths:
 `./configure CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib"`.
 
 On AMD64 platforms, you probably also want to pass something like
-`--enable-amd64-51-30k`  to configure script for faster key generation;
+`--enable-amd64-51-30k` to the configure script invocation for faster key generation;
 run `./configure --help` to see all available options.
 
 Finally, `make` to start building (`gmake` in \*BSD platforms).
 
 ### Usage
 
-Generator needs one or more filters to work.
+mkp224o needs one or more filters to work.
+You may specify them as command line arguments,
+eg `./mkp224o test`, or load them from file with `-f` switch.
 
-It makes directory with secret/public keys and hostname
-for each discovered service. By default root is current
+It makes directories with secret/public keys and hostnames
+for each discovered service. By default, the working directory is the current
 directory, but that can be overridden with `-d` switch.
 
 Use `-s` switch to enable printing of statistics, which may be useful
@@ -75,7 +78,7 @@ performance-related tips.
   Then edit `torrc` and add new service with that folder.\
   After reload/restart tor should pick it up.
 
-* Generate addresses with `1-2` and `7-9` digits?
+* How to generate addresses with `0-1` and `8-9` digits?
 
   Onion addresses use base32 encoding which does not include `0,1,8,9`
   numbers.\
@@ -100,6 +103,15 @@ performance-related tips.
   It appears that onionbalance supports loading usual
   `hs_ed25519_secret_key` key so it should work.
 
+* Is there a docker image?
+
+  Yes, if you do not wish to compile mkp224o yourself, you can use
+  the `ghcr.io/cathugger/mkp224o` image like so:
+
+  ```bash
+  docker run --rm -it -v $PWD:/keys ghcr.io/cathugger/mkp224o:master -d /keys neko
+  ```
+
 ### Acknowledgements & Legal
 
 To the extent possible under law, the author(s) have dedicated all
@@ -119,7 +131,6 @@ along with this software. If not, see [CC0][].
 * Passphrase-based generation code and idea used in `worker_batch()`
   contributed by [foobar2019][]
 
-[v3]: https://gitweb.torproject.org/torspec.git/plain/rend-spec-v3.txt
 [OPTIMISATION]: ./OPTIMISATION.txt
 [#27]: https://github.com/cathugger/mkp224o/issues/27
 [keccak.c]: https://github.com/XKCP/XKCP/blob/master/Standalone/CompactFIPS202/C/Keccak-more-compact.c
@@ -128,3 +139,5 @@ along with this software. If not, see [CC0][].
 [ed25519-donna]: https://github.com/floodyberry/ed25519-donna
 [horse25519]: https://github.com/Yawning/horse25519
 [foobar2019]: https://github.com/foobar2019
+[^1]: https://spec.torproject.org/rend-spec/index.html
+[^2]: https://gitlab.torproject.org/tpo/core/torspec/-/raw/main/attic/text_formats/rend-spec-v3.txt

contrib/docker/.dockerignore

@@ -1 +0,0 @@
-.git

contrib/docker/Dockerfile

@@ -1,21 +1,14 @@
-FROM alpine:3.12.0
+FROM alpine:latest AS builder
+RUN apk add --no-cache gcc libc-dev libsodium-dev libsodium-static make autoconf git
+WORKDIR /app
+COPY . .
+RUN ./autogen.sh
+RUN ./configure --enable-amd64-51-30k CFLAGS="-O3 -march=x86-64 -mtune=generic -fomit-frame-pointer" LDFLAGS="-static"
+RUN make
+RUN strip mkp224o
 
-LABEL maintainer="sstefin@bk.ru"
+FROM scratch
+WORKDIR /app
+COPY --from=builder /app/mkp224o .
 
-#Installing all the dependencies
-RUN apk add --no-cache gcc libsodium-dev make autoconf build-base
-
-WORKDIR /mkp224o
-
-COPY . /mkp224o/
-
-RUN ./autogen.sh \
-  && ./configure \
-  && make \
-  && cp /mkp224o/mkp224o /usr/local/bin/
-
-VOLUME /root/data
-
-WORKDIR /root/data
-
-ENTRYPOINT ["mkp224o"]
+ENTRYPOINT ["./mkp224o"]

contrib/release-scripts/README.md

@@ -0,0 +1,2 @@
+packages that work on archlinux:
+wine-wow64 mingw-w64-toolchain mingw-w64-ldd mingw-w64-pcre2 mingw-w64-libsodium zip zopfli

contrib/release-scripts/release.sh

@@ -22,6 +22,7 @@ mkdir -p out
 SV=mkp224o-$V
 SO=$(realpath ./out/$SV)
 git clone ../../ "$SO"
+git -C ../../ diff | git -C "$SO" apply --allow-empty
 cd "$SO"
 rm -rf .git
 ./autogen.sh
@@ -71,7 +72,7 @@ export PATH=$OPATH
 cd "$D/out"
 
 tar --portability --no-acls --no-selinux --no-xattrs --owner root:0 --group=root:0 --sort=name -c -f $SV-src.tar $SV
-zopfli   -c $SV-src.tar  > $SV-src.tar.gz
+zopfli -i100 -c $SV-src.tar  > $SV-src.tar.gz
 zstd   -19   -f $SV-src.tar -o $SV-src.tar.zst
 rm $SV-src.tar
 

contrib/release-scripts/sign.sh

@@ -10,6 +10,8 @@ D=$(realpath "$0")
 D=$(dirname "$D")
 cd "$D"
 
+export TZ=UTC
+
 cd out
 
 gpg --detach-sign -u "$1" mkp224o-*-src.tar.gz

ed25519/amd64-51-30k/consts.S

@@ -1,4 +1,8 @@
+#ifndef __APPLE__
 .section .rodata
+#else
+.const
+#endif
 
 .globl CRYPTO_NAMESPACE(batch_REDMASK51)
 .globl CRYPTO_NAMESPACE(batch_121666_213)

ed25519/amd64-51-30k/fe25519.h

@@ -17,7 +17,6 @@
 #define fe25519_add          CRYPTO_NAMESPACE(batch_fe25519_add)
 #define fe25519_sub          CRYPTO_NAMESPACE(batch_fe25519_sub)
 #define fe25519_mul          CRYPTO_NAMESPACE(batch_fe25519_mul)
-#define fe25519_mul121666    CRYPTO_NAMESPACE(batch_fe25519_mul121666)
 #define fe25519_square       CRYPTO_NAMESPACE(batch_fe25519_square)
 #define fe25519_nsquare       CRYPTO_NAMESPACE(batch_fe25519_nsquare)
 #define fe25519_invert       CRYPTO_NAMESPACE(batch_fe25519_invert)
@@ -56,8 +55,6 @@ void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y);
 
 void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y) SYSVABI;
 
-void fe25519_mul121666(fe25519 *r, const fe25519 *x);
-
 void fe25519_square(fe25519 *r, const fe25519 *x) SYSVABI;
 
 void fe25519_nsquare(fe25519 *r, unsigned long long n) SYSVABI;

ed25519/amd64-64-24k/consts.S

@@ -1,4 +1,8 @@
+#ifndef __APPLE__
 .section .rodata
+#else
+.const
+#endif
 
 .globl CRYPTO_NAMESPACE(121666)
 .globl CRYPTO_NAMESPACE(MU0)

ed25519/ed25519_impl_post.h

@@ -54,7 +54,6 @@
 #undef ge25519_add_p1p1
 #undef ge25519_dbl_p1p1
 #undef choose_t
-#undef choose_t_smultq
 #undef ge25519_nielsadd2
 #undef ge25519_nielsadd_p1p1
 #undef ge25519_pnielsadd_p1p1

ed25519/ref10/fe.h

@@ -29,7 +29,6 @@ Bounds on each t[i] vary depending on context.
 #define fe_mul CRYPTO_NAMESPACE(fe_mul)
 #define fe_sq CRYPTO_NAMESPACE(fe_sq)
 #define fe_sq2 CRYPTO_NAMESPACE(fe_sq2)
-#define fe_mul121666 CRYPTO_NAMESPACE(fe_mul121666)
 #define fe_invert CRYPTO_NAMESPACE(fe_invert)
 #define fe_batchinvert CRYPTO_NAMESPACE(fe_batchinvert)
 #define fe_pow22523 CRYPTO_NAMESPACE(fe_pow22523)
@@ -51,7 +50,6 @@ extern void fe_neg(fe,const fe);
 extern void fe_mul(fe,const fe,const fe);
 extern void fe_sq(fe,const fe);
 extern void fe_sq2(fe,const fe);
-extern void fe_mul121666(fe,const fe);
 extern void fe_invert(fe,const fe);
 extern void fe_batchinvert(fe *out,fe *in,fe *tmp,size_t num,size_t shift);
 extern void fe_pow22523(fe,const fe);

ioutil.c

@@ -221,22 +221,29 @@ int createdir(const char *path,int secret)
 static int syncwritefile(const char *filename,const char *tmpname,int secret,const u8 *data,size_t datalen)
 {
 	FH f = createfile(tmpname,secret);
-	if (f == FH_invalid)
+	if (f == FH_invalid) {
+		//fprintf(stderr,"!failed to create\n");
 		return -1;
+	}
+
 
 	if (writeall(f,data,datalen) < 0) {
+		//fprintf(stderr,"!failed to write\n");
 		goto failclose;
 	}
 
 	if (FlushFileBuffers(f) == 0) {
+		//fprintf(stderr,"!failed to flush\n");
 		goto failclose;
 	}
 
 	if (closefile(f) < 0) {
+		//fprintf(stderr,"!failed to close\n");
 		goto failrm;
 	}
 
-	if (MoveFileA(tmpname,filename) == 0) {
+	if (MoveFileExA(tmpname,filename,MOVEFILE_REPLACE_EXISTING) == 0) {
+		//fprintf(stderr,"!failed to move\n");
 		goto failrm;
 	}
 

main.c

@@ -89,51 +89,56 @@ VEC_STRUCT(tstatsvec,struct tstatstruct);
 
 static void printhelp(FILE *out,const char *progname)
 {
-	//   0         1         2         3         4         5         6         7
-	//   01234567890123456789012345678901234567890123456789012345678901234567890123456789
 	fprintf(out,
+		//         1         2         3         4         5         6         7
+		//1234567890123456789012345678901234567890123456789012345678901234567890123456789
 		"Usage: %s FILTER [FILTER...] [OPTION]\n"
 		"       %s -f FILTERFILE [OPTION]\n"
 		"Options:\n"
 		"  -f FILTERFILE         specify filter file which contains filters separated\n"
-		"                        by newlines\n"
-		"  -D                    deduplicate filters\n"
-		"  -q                    do not print diagnostic output to stderr\n"
-		"  -x                    do not print onion names\n"
-		"  -v                    print more diagnostic data\n"
-		"  -o FILENAME           output onion names to specified file (append)\n"
-		"  -O FILENAME           output onion names to specified file (overwrite)\n"
-		"  -F                    include directory names in onion names output\n"
-		"  -d DIRNAME            output directory\n"
+		"                        by newlines.\n"
+		"  -D                    deduplicate filters.\n"
+		"  -q                    do not print diagnostic output to stderr.\n"
+		"  -x                    do not print onion names.\n"
+		"  -v                    print more diagnostic data.\n"
+		"  -o FILENAME           output onion names to specified file (append).\n"
+		"  -O FILENAME           output onion names to specified file (overwrite).\n"
+		"  -F                    include directory names in onion names output.\n"
+		"  -d DIRNAME            output directory.\n"
 		"  -t NUMTHREADS         specify number of threads to utilise\n"
-		"                        (default - try detecting CPU core count)\n"
-		"  -j NUMTHREADS         same as -t\n"
-		"  -n NUMKEYS            specify number of keys (default - 0 - unlimited)\n"
-		"  -N NUMWORDS           specify number of words per key (default - 1)\n"
-		"  -Z                    use \"slower\" key generation method (initial default)\n"
-		"  -z                    use \"faster\" key generation method (later default)\n"
-		"  -B                    use batching key generation method\n"
-		"                        (>10x faster than -z, current default)\n"
-		"  -s                    print statistics each 10 seconds\n"
-		"  -S SECONDS            print statistics every specified amount of seconds\n"
-		"  -T                    do not reset statistics counters when printing\n"
+		"                        (default - try detecting CPU core count).\n"
+		"  -j NUMTHREADS         same as -t.\n"
+		"  -n NUMKEYS            specify number of keys (default - 0 - unlimited).\n"
+		"  -N NUMWORDS           specify number of words per key (default - 1).\n"
+		"  -Z                    deprecated, does nothing.\n"
+		"  -z                    deprecated, does nothing.\n"
+		"  -B                    use batching key generation method (current default).\n"
+		"  -s                    print statistics each 10 seconds.\n"
+		"  -S SECONDS            print statistics every specified amount of seconds.\n"
+		"  -T                    do not reset statistics counters when printing.\n"
 		"  -y                    output generated keys in YAML format instead of\n"
-		"                        dumping them to filesystem\n"
+		"                        dumping them to filesystem.\n"
 		"  -Y [FILENAME [host.onion]]\n"
 		"                        parse YAML encoded input and extract key(s) to\n"
-		"                        filesystem\n"
+		"                        filesystem.\n"
 #ifdef PASSPHRASE
-		"  -p PASSPHRASE         use passphrase to initialize the random seed with\n"
+		"  -p PASSPHRASE         use passphrase to initialize the random seed with.\n"
 		"  -P                    same as -p, but takes passphrase from PASSPHRASE\n"
-		"                        environment variable\n"
+		"                        environment variable.\n"
 		"  --checkpoint filename\n"
 		"                        load/save checkpoint of progress to specified file\n"
-		"                        (requires passphrase)\n"
+		"                        (requires passphrase).\n"
+		"  --skipnear            skip near passphrase keys; you probably want this\n"
+		"                        because of improved safety unless you're trying to\n"
+		"                        regenerate an old key; possible future default.\n"
+		"  --warnnear            print warning about passphrase key being near another\n"
+		"                        (safety hazard); prefer --skipnear to this unless\n"
+		"                        you're regenerating an old key.\n"
 #endif
 		"      --rawyaml         raw (unprefixed) public/secret keys for -y/-Y\n"
-		"                        (may be useful for tor controller API)\n"
-		"  -h, --help, --usage   print help to stdout and quit\n"
-		"  -V, --version         print version information to stdout and exit\n"
+		"                        (may be useful for tor controller API).\n"
+		"  -h, --help, --usage   print help to stdout and quit.\n"
+		"  -V, --version         print version information to stdout and exit.\n"
 		,progname,progname);
 	fflush(out);
 }
@@ -214,7 +219,7 @@ static void savecheckpoint(void)
 
 	if (syncwrite(checkpointfile,1,checkpoint,SEED_LEN) < 0) {
 		pthread_mutex_lock(&fout_mutex);
-		fprintf(stderr,"ERROR: could not save checkpoint\n");
+		fprintf(stderr,"ERROR: could not save checkpoint to \"%s\"\n",checkpointfile);
 		pthread_mutex_unlock(&fout_mutex);
 	}
 }
@@ -257,8 +262,6 @@ VEC_STRUCT(threadvec,pthread_t);
 #include "filters_main.inc.h"
 
 enum worker_type {
-	WT_SLOW,
-	WT_FAST,
 	WT_BATCH,
 };
 
@@ -335,6 +338,14 @@ int main(int argc,char **argv)
 					else
 						e_additional();
 				}
+				else if (!strcmp(arg,"skipnear")) {
+					pw_skipnear = 1;
+					pw_warnnear = 0;
+				}
+				else if (!strcmp(arg,"warnnear")) {
+					pw_warnnear = 1;
+					pw_skipnear = 0;
+				}
 #endif // PASSPHRASE
 				else {
 					fprintf(stderr,"unrecognised argument: --%s\n",arg);
@@ -417,9 +428,9 @@ int main(int argc,char **argv)
 					e_additional();
 			}
 			else if (*arg == 'Z')
-				wt = WT_SLOW;
+				/* ignored */ ;
 			else if (*arg == 'z')
-				wt = WT_FAST;
+				/* ignored */ ;
 			else if (*arg == 'B')
 				wt = WT_BATCH;
 			else if (*arg == 's') {
@@ -600,8 +611,13 @@ int main(int argc,char **argv)
 
 #ifdef PASSPHRASE
 	if (deterministic) {
-		if (!quietflag && numneedgenerate != 1)
-			fprintf(stderr,"CAUTION: avoid using keys generated with same password for unrelated services, as single leaked key may help attacker to regenerate related keys.\n");
+		if (!quietflag && numneedgenerate != 1 && !pw_skipnear && !pw_warnnear)
+			fprintf(stderr,
+				//         1         2         3         4         5         6         7
+				//1234567890123456789012345678901234567890123456789012345678901234567890123456789
+				"CAUTION: avoid using keys generated with the same password for unrelated\n"
+				"         services, as single leaked key may help an attacker to regenerate\n"
+				"		  related keys; to silence this warning, pass --skipnear or --warnnear.\n");
 		if (checkpointfile) {
 			memcpy(orig_determseed,determseed,sizeof(determseed));
 			// Read current checkpoint position if file exists
@@ -615,8 +631,11 @@ int main(int argc,char **argv)
 				fclose(checkout);
 
 				// Apply checkpoint to determseed
-				for (int i = 0; i < SEED_LEN; i++)
-					determseed[i] += checkpoint[i];
+				bool carry = 0;
+				for (int i = 0; i < SEED_LEN; i++) {
+					determseed[i] += checkpoint[i] + carry;
+					carry = determseed[i] < checkpoint[i];
+				}
 			}
 		}
 	}
@@ -665,17 +684,10 @@ int main(int argc,char **argv)
 			tattrp,
 #ifdef PASSPHRASE
 			deterministic
-				? (wt == WT_BATCH
 				? CRYPTO_NAMESPACE(worker_batch_pass)
-					: CRYPTO_NAMESPACE(worker_fast_pass))
 				:
 #endif
-			wt == WT_BATCH
-				? CRYPTO_NAMESPACE(worker_batch)
-				:
-			wt == WT_FAST
-				? CRYPTO_NAMESPACE(worker_fast)
-				: CRYPTO_NAMESPACE(worker_slow),
+			CRYPTO_NAMESPACE(worker_batch),
 			tp
 		);
 		if (tret) {

worker.c

@@ -58,6 +58,8 @@ size_t workdirlen = 0;
 
 pthread_mutex_t determseed_mutex;
 u8 determseed[SEED_LEN];
+int pw_skipnear = 0;
+int pw_warnnear = 0;
 #endif
 
 
@@ -71,7 +73,7 @@ char *makesname(void)
 	return sname;
 }
 
-static void onionready(char *sname,const u8 *secret,const u8 *pubonion)
+static void onionready(char *sname,const u8 *secret,const u8 *pubonion,int warnnear)
 {
 	if (endwork)
 		return;
@@ -102,7 +104,7 @@ static void onionready(char *sname,const u8 *secret,const u8 *pubonion)
 	if (!yamloutput) {
 		if (createdir(sname,1) != 0) {
 			pthread_mutex_lock(&fout_mutex);
-			fprintf(stderr,"ERROR: could not create directory for key output\n");
+			fprintf(stderr,"ERROR: could not create directory \"%s\" for key output\n",sname);
 			pthread_mutex_unlock(&fout_mutex);
 			return;
 		}
@@ -122,6 +124,15 @@ static void onionready(char *sname,const u8 *secret,const u8 *pubonion)
 		}
 		if (fout) {
 			pthread_mutex_lock(&fout_mutex);
+#ifdef PASSPHRASE
+			const char * const pwarn = " warn:near\n";
+			if (warnnear)
+				strcpy(&sname[onionendpos],pwarn);
+			const size_t oprintlen = printlen;
+			const size_t printlen = oprintlen + (warnnear ? strlen(pwarn)-1 : 0);
+#else
+			(void) warnnear;
+#endif
 			fwrite(&sname[printstartpos],printlen,1,fout);
 			fflush(fout);
 			pthread_mutex_unlock(&fout_mutex);
@@ -150,6 +161,7 @@ union pubonionunion {
 	} i;
 } ;
 
+/*
 // little endian inc
 static void addsk32(u8 *sk)
 {
@@ -160,6 +172,7 @@ static void addsk32(u8 *sk)
 		if (!c) break;
 	}
 }
+*/
 
 // 0123 4567 xxxx --3--> 3456 7xxx
 // 0123 4567 xxxx --1--> 1234 567x

worker.h

@@ -33,6 +33,8 @@ VEC_STRUCT(statsvec,struct statstruct);
 #ifdef PASSPHRASE
 extern pthread_mutex_t determseed_mutex;
 extern u8 determseed[SEED_LEN];
+extern int pw_skipnear;
+extern int pw_warnnear;
 #endif
 
 extern void worker_init(void);
@@ -40,10 +42,7 @@ extern void worker_init(void);
 extern char *makesname(void);
 extern size_t worker_batch_memuse(void);
 
-extern void *CRYPTO_NAMESPACE(worker_slow)(void *task);
-extern void *CRYPTO_NAMESPACE(worker_fast)(void *task);
 extern void *CRYPTO_NAMESPACE(worker_batch)(void *task);
 #ifdef PASSPHRASE
-extern void *CRYPTO_NAMESPACE(worker_fast_pass)(void *task);
 extern void *CRYPTO_NAMESPACE(worker_batch_pass)(void *task);
 #endif

worker_batch.inc.h

@@ -102,7 +102,7 @@ initseed:
 				pk[PUBLIC_LEN + 2] = 0x03;
 				// full name
 				strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion");
-				onionready(sname,secret,pubonion.raw);
+				onionready(sname,secret,pubonion.raw,0);
 				pk[PUBLIC_LEN] = 0; // what is this for?
 				// don't reuse same seed
 				goto initseed;

worker_batch_pass.inc.h

@@ -38,12 +38,16 @@ void *CRYPTO_NAMESPACE(worker_batch_pass)(void *task)
 
 	sname = makesname();
 
+	int seednear;
+
 initseed:
 
 #ifdef STATISTICS
 	++st->numrestart.v;
 #endif
 
+	seednear = 0;
+
 	pthread_mutex_lock(&determseed_mutex);
 	for (int i = 0; i < SEED_LEN; i++)
 		if (++determseed[i])
@@ -112,8 +116,12 @@ initseed:
 				pk[PUBLIC_LEN + 2] = 0x03;
 				// full name
 				strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion");
-				onionready(sname,secret,pubonion.raw);
+				onionready(sname,secret,pubonion.raw,seednear && pw_warnnear);
 				pk[PUBLIC_LEN] = 0; // what is this for?
+
+				if (pw_skipnear)
+					goto initseed;
+				seednear = 1;
 			});
 		next:
 			;
@@ -180,8 +188,12 @@ initseed:
 				pk[PUBLIC_LEN + 2] = 0x03;
 				// full name
 				strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion");
-				onionready(sname,secret,pubonion.raw);
+				onionready(sname,secret,pubonion.raw,seednear && pw_warnnear);
 				pk[PUBLIC_LEN] = 0; // what is this for?
+
+				if (pw_skipnear)
+					goto initseed;
+				seednear = 1;
 			});
 		next2:
 			;

worker_fast.inc.h

@@ -1,107 +0,0 @@
-
-void *CRYPTO_NAMESPACE(worker_fast)(void *task)
-{
-	union pubonionunion pubonion;
-	u8 * const pk = &pubonion.raw[PKPREFIX_SIZE];
-	u8 secret[SKPREFIX_SIZE + SECRET_LEN];
-	u8 * const sk = &secret[SKPREFIX_SIZE];
-	u8 seed[SEED_LEN];
-	u8 hashsrc[checksumstrlen + PUBLIC_LEN + 1];
-	u8 wpk[PUBLIC_LEN + 1];
-	ge_p3 ALIGN(16) ge_public;
-	char *sname;
-
-	size_t counter;
-	size_t i;
-
-#ifdef STATISTICS
-	struct statstruct *st = (struct statstruct *)task;
-#else
-	(void) task;
-#endif
-
-	PREFILTER
-
-	memcpy(secret,skprefix,SKPREFIX_SIZE);
-	wpk[PUBLIC_LEN] = 0;
-	memset(&pubonion,0,sizeof(pubonion));
-	memcpy(pubonion.raw,pkprefix,PKPREFIX_SIZE);
-	// write version later as it will be overwritten by hash
-	memcpy(hashsrc,checksumstr,checksumstrlen);
-	hashsrc[checksumstrlen + PUBLIC_LEN] = 0x03; // version
-
-	sname = makesname();
-
-initseed:
-
-#ifdef STATISTICS
-	++st->numrestart.v;
-#endif
-
-	randombytes(seed,sizeof(seed));
-
-	ed25519_seckey_expand(sk,seed);
-
-	ge_scalarmult_base(&ge_public,sk);
-	ge_p3_tobytes(pk,&ge_public);
-
-	for (counter = 0;counter < SIZE_MAX-8;counter += 8) {
-		ge_p1p1 ALIGN(16) sum;
-
-		if (unlikely(endwork))
-			goto end;
-
-		DOFILTER(i,pk,{
-			if (numwords > 1) {
-				shiftpk(wpk,pk,filter_len(i));
-				size_t j;
-				for (int w = 1;;) {
-					DOFILTER(j,wpk,goto secondfind);
-					goto next;
-				secondfind:
-					if (++w >= numwords)
-						break;
-					shiftpk(wpk,wpk,filter_len(j));
-				}
-			}
-			// found!
-			// update secret key with counter
-			addsztoscalar32(sk,counter);
-			// sanity check
-			if ((sk[0] & 248) != sk[0] || ((sk[31] & 63) | 64) != sk[31])
-				goto initseed;
-
-			ADDNUMSUCCESS;
-
-			// calc checksum
-			memcpy(&hashsrc[checksumstrlen],pk,PUBLIC_LEN);
-			FIPS202_SHA3_256(hashsrc,sizeof(hashsrc),&pk[PUBLIC_LEN]);
-			// version byte
-			pk[PUBLIC_LEN + 2] = 0x03;
-			// full name
-			strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion");
-			onionready(sname,secret,pubonion.raw);
-			pk[PUBLIC_LEN] = 0; // what is this for?
-			// don't reuse same seed
-			goto initseed;
-		});
-	next:
-		ge_add(&sum,&ge_public,&ge_eightpoint);
-		ge_p1p1_to_p3(&ge_public,&sum);
-		ge_p3_tobytes(pk,&ge_public);
-#ifdef STATISTICS
-		++st->numcalc.v;
-#endif
-	}
-	goto initseed;
-
-end:
-	free(sname);
-
-	POSTFILTER
-
-	sodium_memzero(secret,sizeof(secret));
-	sodium_memzero(seed,sizeof(seed));
-
-	return 0;
-}

worker_fast_pass.inc.h

@@ -1,116 +0,0 @@
-
-#ifdef PASSPHRASE
-void *CRYPTO_NAMESPACE(worker_fast_pass)(void *task)
-{
-	union pubonionunion pubonion;
-	u8 * const pk = &pubonion.raw[PKPREFIX_SIZE];
-	u8 secret[SKPREFIX_SIZE + SECRET_LEN];
-	u8 * const sk = &secret[SKPREFIX_SIZE];
-	u8 seed[SEED_LEN];
-	u8 hashsrc[checksumstrlen + PUBLIC_LEN + 1];
-	u8 wpk[PUBLIC_LEN + 1];
-	ge_p3 ALIGN(16) ge_public;
-	char *sname;
-
-	size_t counter,oldcounter;
-	size_t i;
-
-#ifdef STATISTICS
-	struct statstruct *st = (struct statstruct *)task;
-#else
-	(void) task;
-#endif
-
-	PREFILTER
-
-	memcpy(secret,skprefix,SKPREFIX_SIZE);
-	wpk[PUBLIC_LEN] = 0;
-	memset(&pubonion,0,sizeof(pubonion));
-	memcpy(pubonion.raw,pkprefix,PKPREFIX_SIZE);
-	// write version later as it will be overwritten by hash
-	memcpy(hashsrc,checksumstr,checksumstrlen);
-	hashsrc[checksumstrlen + PUBLIC_LEN] = 0x03; // version
-
-	sname = makesname();
-
-initseed:
-
-#ifdef STATISTICS
-	++st->numrestart.v;
-#endif
-
-	pthread_mutex_lock(&determseed_mutex);
-	for (int i = 0; i < SEED_LEN; i++)
-		if (++determseed[i])
-			break;
-	memcpy(seed, determseed, SEED_LEN);
-	pthread_mutex_unlock(&determseed_mutex);
-
-	ed25519_seckey_expand(sk,seed);
-
-	ge_scalarmult_base(&ge_public,sk);
-	ge_p3_tobytes(pk,&ge_public);
-
-	for (counter = oldcounter = 0;counter < DETERMINISTIC_LOOP_COUNT;counter += 8) {
-		ge_p1p1 ALIGN(16) sum;
-
-		if (unlikely(endwork))
-			goto end;
-
-		DOFILTER(i,pk,{
-			if (numwords > 1) {
-				shiftpk(wpk,pk,filter_len(i));
-				size_t j;
-				for (int w = 1;;) {
-					DOFILTER(j,wpk,goto secondfind);
-					goto next;
-				secondfind:
-					if (++w >= numwords)
-						break;
-					shiftpk(wpk,wpk,filter_len(j));
-				}
-			}
-			// found!
-			// update secret key with delta since last hit (if any)
-			addsztoscalar32(sk,counter-oldcounter);
-			oldcounter = counter;
-			// sanity check
-			if ((sk[0] & 248) != sk[0] || ((sk[31] & 63) | 64) != sk[31])
-				goto initseed;
-
-			// reseed right half of key to avoid reuse, it won't change public key anyway
-			reseedright(sk);
-
-			ADDNUMSUCCESS;
-
-			// calc checksum
-			memcpy(&hashsrc[checksumstrlen],pk,PUBLIC_LEN);
-			FIPS202_SHA3_256(hashsrc,sizeof(hashsrc),&pk[PUBLIC_LEN]);
-			// version byte
-			pk[PUBLIC_LEN + 2] = 0x03;
-			// full name
-			strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion");
-			onionready(sname,secret,pubonion.raw);
-			pk[PUBLIC_LEN] = 0; // what is this for?
-		});
-	next:
-		ge_add(&sum, &ge_public,&ge_eightpoint);
-		ge_p1p1_to_p3(&ge_public,&sum);
-		ge_p3_tobytes(pk,&ge_public);
-#ifdef STATISTICS
-		++st->numcalc.v;
-#endif
-	}
-	goto initseed;
-
-end:
-	free(sname);
-
-	POSTFILTER
-
-	sodium_memzero(secret,sizeof(secret));
-	sodium_memzero(seed,sizeof(seed));
-
-	return 0;
-}
-#endif // PASSPHRASE

worker_impl.inc.h

@@ -6,9 +6,6 @@ static size_t CRYPTO_NAMESPACE(worker_batch_memuse)(void)
 	return (sizeof(ge_p3) + sizeof(fe) + sizeof(bytes32)) * BATCHNUM;
 }
 
-#include "worker_slow.inc.h"
-#include "worker_fast.inc.h"
-#include "worker_fast_pass.inc.h"
 #include "worker_batch.inc.h"
 #include "worker_batch_pass.inc.h"
 

worker_slow.inc.h

@@ -1,94 +0,0 @@
-
-void *CRYPTO_NAMESPACE(worker_slow)(void *task)
-{
-	union pubonionunion pubonion;
-	u8 * const pk = &pubonion.raw[PKPREFIX_SIZE];
-	u8 secret[SKPREFIX_SIZE + SECRET_LEN];
-	u8 * const sk = &secret[SKPREFIX_SIZE];
-	u8 seed[SEED_LEN];
-	u8 hashsrc[checksumstrlen + PUBLIC_LEN + 1];
-	u8 wpk[PUBLIC_LEN + 1];
-	char *sname;
-
-	size_t i;
-
-#ifdef STATISTICS
-	struct statstruct *st = (struct statstruct *)task;
-#else
-	(void) task;
-#endif
-
-	PREFILTER
-
-	memcpy(secret,skprefix,SKPREFIX_SIZE);
-	wpk[PUBLIC_LEN] = 0;
-	memset(&pubonion,0,sizeof(pubonion));
-	memcpy(pubonion.raw,pkprefix,PKPREFIX_SIZE);
-	// write version later as it will be overwritten by hash
-	memcpy(hashsrc,checksumstr,checksumstrlen);
-	hashsrc[checksumstrlen + PUBLIC_LEN] = 0x03; // version
-
-	sname = makesname();
-
-initseed:
-	randombytes(seed,sizeof(seed));
-	ed25519_seckey_expand(sk,seed);
-
-#ifdef STATISTICS
-	++st->numrestart.v;
-#endif
-
-again:
-	if (unlikely(endwork))
-		goto end;
-
-	ed25519_pubkey(pk,sk);
-
-#ifdef STATISTICS
-	++st->numcalc.v;
-#endif
-
-	DOFILTER(i,pk,{
-		if (numwords > 1) {
-			shiftpk(wpk,pk,filter_len(i));
-			size_t j;
-			for (int w = 1;;) {
-				DOFILTER(j,wpk,goto secondfind);
-				goto next;
-			secondfind:
-				if (++w >= numwords)
-					break;
-				shiftpk(wpk,wpk,filter_len(j));
-			}
-		}
-		// sanity check
-		if ((sk[0] & 248) != sk[0] || ((sk[31] & 63) | 64) != sk[31])
-			goto initseed;
-
-		ADDNUMSUCCESS;
-
-		// calc checksum
-		memcpy(&hashsrc[checksumstrlen],pk,PUBLIC_LEN);
-		FIPS202_SHA3_256(hashsrc,sizeof(hashsrc),&pk[PUBLIC_LEN]);
-		// version byte
-		pk[PUBLIC_LEN + 2] = 0x03;
-		// base32
-		strcpy(base32_to(&sname[direndpos],pk,PUBONION_LEN),".onion");
-		onionready(sname,secret,pubonion.raw);
-		pk[PUBLIC_LEN] = 0; // what is this for?
-		goto initseed;
-	});
-next:
-	addsk32(sk);
-	goto again;
-
-end:
-	free(sname);
-
-	POSTFILTER
-
-	sodium_memzero(secret,sizeof(secret));
-	sodium_memzero(seed,sizeof(seed));
-
-	return 0;
-}

yaml.c

@@ -274,7 +274,7 @@ int yamlin_parseandcreate(
 			sigprocmask(SIG_BLOCK,&nset,&oset);
 #endif
 			if (createdir(sname,1) != 0) {
-				fprintf(stderr,"ERROR: could not create directory for key output\n");
+				fprintf(stderr,"ERROR: could not create directory \"%s\" for key output\n",sname);
 				return 1;
 			}