Description: <short summary of the patch>
 TODO: Put a short summary on the line above and replace this paragraph
 with a longer explanation of this change. Complete the meta-information
 with other relevant fields (see below for details). To make it easier, the
 information below has been extracted from the changelog. Adjust it or drop
 it.
 .
 scrypt (1.3.0-3) unstable; urgency=medium
 .
   * track some minor upstream documentation (non-functional) mods
Author: Barak A. Pearlmutter <bap@debian.org>

---
The information above should follow the Patch Tagging Guidelines, please
checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:

Origin: <vendor|upstream|other>, <url of original patch>
Bug: <url in upstream bugtracker>
Bug-Debian: https://bugs.debian.org/<bugnumber>
Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
Forwarded: <no|not-needed|url proving that it has been forwarded>
Reviewed-By: <name and email of someone who approved the patch>
Last-Update: 2019-11-01

--- /dev/null
+++ scrypt-1.3.0/.autom4te.cfg
@@ -0,0 +1,7 @@
+## ------------------ ##
+## User Preferences.  ##
+## ------------------ ##
+
+begin-language: "Autoconf-without-aclocal-m4"
+args: --no-cache
+end-language: "Autoconf-without-aclocal-m4"
--- /dev/null
+++ scrypt-1.3.0/.travis.yml
@@ -0,0 +1,44 @@
+language: C
+# Ubuntu xenial 16.04 comes with valgrind-3.11, which can't handle the
+# RDRAND instructions and aborts with "Illegal instruction".  This is not a
+# problem with Ubuntu bionic 18.04, which has valgrind-3.13.
+dist: bionic
+addons:
+  apt:
+    packages:
+      - valgrind
+matrix:
+  include:
+    - compiler: gcc
+      env: CFLAGS_STRICT="-Wall -Wextra -Werror -Wpedantic -pedantic-errors -Wno-clobbered"
+    - compiler: clang
+      env: CFLAGS_STRICT="-Wall -Wextra -Werror -Weverything -Wno-#warnings -Wno-pedantic -Wno-padded -Wno-format-nonliteral -Wno-disabled-macro-expansion -Wno-missing-noreturn -Wno-reserved-id-macro"
+env:
+  global:
+    # Some projects need -std=c99 to specify library support for ./configure
+    - CFLAGS="-std=c99 -O2"
+    - secure: "FDGqRY+fCRQDkkY5YohCNqecntL6/AV0N4qqrJ1F+FOOOr3SKwt6dH4dJ30CZQWG/0qHNeaCDdE0HNwgCv4xjreh80NPLL6FyHz8mkz/hajKc47LYXvIxv1u8DQyUtSYA+cxEyNtJt8lb4+7ZL2lm6E1UXTjYl+8far1vpI8RjkOFIdLx2cW6LzQ6OZ2vQq5INfW6PIEPdjLD7PreLmEZY385Tjh2C77UAnq7AcG2xVd7SMAjZjkqOyVs0Eo8JD2+xhBIVCQ5H0FUIL8Upp1Th2LhxcYAccj0W5r58D6HWZLzsoNi09eb6ozKZbQRyTqfdRKuVxDZznjHsdkbGme81q7epFxOB+2ushu9lnpvFko7vJ1wstjdCcrs6lAVrCP43gU3DpyGb7BKGPLEX6ty2PWLkj5lQVOiHxxhlHkSGSn79PDOnsJsLkEqw4MEeOtcVPBF+qLLrqntLJnMAr1npdCsLgyfc1bdV6ZpgO6bdW6EOGMwl6L9ZBQgAW+CemZEy5TSAUjHS6VspMKCE2FIkzftKhq2adR0Wi1tJU1OiYVEBSgFzceNVNPQgyLojgXq8VEej7G0loj9ni4t2hd7jMhZKwQjPeYrf4xiw1rpvu64Ro7ZeAlfzqzlg4EaNcqcy+uB2gaeWW74z0j09RZd3HBkAADgbadIvgbly9lW/E="
+    - COVERITY_SCAN_PROJECT_NAME="Tarsnap/scrypt"
+    - COVERITY_SCAN_BRANCH_PATTERN="coverity-scan"
+    - COVERITY_SCAN_NOTIFICATION_EMAIL="cperciva@tarsnap.com"
+    - COVERITY_SCAN_BUILD_COMMAND_PREPEND="autoreconf -i && ./configure"
+    - COVERITY_SCAN_BUILD_COMMAND="make all clean"
+before_install:
+  # Handle Coverity scan
+  - >
+    if [[ "${TRAVIS_BRANCH}" == "coverity-scan" ]]; then
+      if [[ "${TRAVIS_JOB_NUMBER##*.}" == "1" ]]; then
+        curl -s "https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh" | bash || true
+      else
+        echo "Not main job; do nothing."
+      fi
+      echo "Done Coverity scan."
+      sleep 1
+      exit 0
+    fi
+  # Otherwise, act normally.
+  - autoreconf -i
+  - ./configure
+# We can't use strict flags in CFLAGS as a general environment
+# variable, because that messes up ./configure and coverity-scan.
+script: make CFLAGS="$CFLAGS $CFLAGS_STRICT" && make test USE_VALGRIND=1
--- /dev/null
+++ scrypt-1.3.0/Makefile.am
@@ -0,0 +1,186 @@
+bin_PROGRAMS=	scrypt
+noinst_PROGRAMS=	tests/verify-strings/test_scrypt			\
+	tests/valgrind/potential-memleaks
+dist_man_MANS=$(scrypt_man_MANS)
+ACLOCAL_AMFLAGS=	-I m4
+
+# These files fulfill the crypto_scrypt() function, with the exception of
+#     libcperciva/alg/sha256_shani.c
+#     lib/crypto/crypto_scrypt_smix_sse2.c
+# which require special compiler flags and are thus compiled as separate
+# libraries.  See test_scrypt for an example.
+crypto_scrypt_files=	lib/crypto/crypto_scrypt.c			\
+			lib/crypto/crypto_scrypt.h			\
+			lib/crypto/crypto_scrypt_smix.c			\
+			lib/crypto/crypto_scrypt_smix.h			\
+			lib/crypto/crypto_scrypt_smix_sse2.h		\
+			lib/platform.h					\
+			libcperciva/alg/sha256.c			\
+			libcperciva/alg/sha256.h			\
+			libcperciva/alg/sha256_shani.h			\
+			libcperciva/cpusupport/cpusupport.h		\
+			libcperciva/cpusupport/cpusupport_x86_shani.c	\
+			libcperciva/cpusupport/cpusupport_x86_sse2.c	\
+			libcperciva/cpusupport/cpusupport_x86_ssse3.c	\
+			libcperciva/util/insecure_memzero.c		\
+			libcperciva/util/insecure_memzero.h		\
+			libcperciva/util/warnp.c			\
+			libcperciva/util/warnp.h
+
+scrypt_SOURCES=		main.c					\
+			$(crypto_scrypt_files)			\
+			lib/scryptenc/scryptenc.c		\
+			lib/scryptenc/scryptenc.h		\
+			lib/scryptenc/scryptenc_cpuperf.c	\
+			lib/scryptenc/scryptenc_cpuperf.h	\
+			lib/util/memlimit.c			\
+			lib/util/memlimit.h			\
+			libcperciva/cpusupport/cpusupport_x86_aesni.c \
+			libcperciva/cpusupport/cpusupport_x86_rdrand.c \
+			libcperciva/crypto/crypto_aes.c		\
+			libcperciva/crypto/crypto_aes.h		\
+			libcperciva/crypto/crypto_aes_aesni.h	\
+			libcperciva/crypto/crypto_aesctr.c	\
+			libcperciva/crypto/crypto_aesctr.h	\
+			libcperciva/crypto/crypto_entropy.c	\
+			libcperciva/crypto/crypto_entropy.h	\
+			libcperciva/crypto/crypto_entropy_rdrand.h \
+			libcperciva/crypto/crypto_verify_bytes.c \
+			libcperciva/crypto/crypto_verify_bytes.h \
+			libcperciva/util/asprintf.c		\
+			libcperciva/util/asprintf.h		\
+			libcperciva/util/entropy.c		\
+			libcperciva/util/entropy.h		\
+			libcperciva/util/getopt.c		\
+			libcperciva/util/getopt.h		\
+			libcperciva/util/humansize.c		\
+			libcperciva/util/humansize.h		\
+			libcperciva/util/monoclock.c		\
+			libcperciva/util/monoclock.h		\
+			libcperciva/util/parsenum.h		\
+			libcperciva/util/readpass.c		\
+			libcperciva/util/readpass.h		\
+			libcperciva/util/sysendian.h
+
+AM_CPPFLAGS=		-I$(srcdir)/lib				\
+			-I$(srcdir)/lib/crypto			\
+			-I$(srcdir)/lib/scryptenc		\
+			-I$(srcdir)/lib/util			\
+			-I$(srcdir)/libcperciva/alg		\
+			-I$(srcdir)/libcperciva/cpusupport	\
+			-I$(srcdir)/libcperciva/crypto		\
+			-I$(srcdir)/libcperciva/util		\
+			-DCPUSUPPORT_CONFIG_FILE=\"cpusupport-config.h\" \
+			-D_POSIX_C_SOURCE=200809L		\
+			-D_XOPEN_SOURCE=700			\
+			${CFLAGS_POSIX}
+
+scrypt_LDADD=		libcperciva_aesni.la libcperciva_rdrand.la \
+			libcperciva_shani.la libscrypt_sse2.la	\
+			${LDADD_POSIX}
+scrypt_man_MANS=	scrypt.1
+
+cpusupport-config.h:
+	( export CC="${CC}"; export CFLAGS="${CFLAGS}"; command -p sh $(srcdir)/libcperciva/cpusupport/Build/cpusupport.sh "$$PATH") > cpusupport-config.h.tmp && command -p mv cpusupport-config.h.tmp cpusupport-config.h
+BUILT_SOURCES=	cpusupport-config.h
+CLEANFILES=	cpusupport-config.h cpusupport-config.h.tmp
+
+# Libraries from libcperciva code.
+noinst_LTLIBRARIES=	libcperciva_aesni.la
+libcperciva_aesni_la_SOURCES=	libcperciva/crypto/crypto_aes_aesni.c
+nodist_libcperciva_aesni_la_SOURCES=	cpusupport-config.h
+libcperciva_aesni_la_CFLAGS=`. ./cpusupport-config.h; echo $${CFLAGS_X86_AESNI}`
+
+noinst_LTLIBRARIES+=	libcperciva_rdrand.la
+libcperciva_rdrand_la_SOURCES=	libcperciva/crypto/crypto_entropy_rdrand.c
+nodist_libcperciva_rdrand_la_SOURCES=	cpusupport-config.h
+libcperciva_rdrand_la_CFLAGS=						\
+	`. ./cpusupport-config.h; echo $${CFLAGS_X86_RDRAND}`
+
+noinst_LTLIBRARIES+=	libcperciva_shani.la
+libcperciva_shani_la_SOURCES=	libcperciva/alg/sha256_shani.c
+nodist_libcperciva_shani_la_SOURCES=	cpusupport-config.h
+libcperciva_shani_la_CFLAGS=`. ./cpusupport-config.h; echo $${CFLAGS_X86_SHANI} $${CFLAGS_X86_SSSE3}`
+
+# Library from scrypt code.
+noinst_LTLIBRARIES+=	libscrypt_sse2.la
+libscrypt_sse2_la_SOURCES=	lib/crypto/crypto_scrypt_smix_sse2.c
+nodist_libscrypt_sse2_la_SOURCES=	cpusupport-config.h
+libscrypt_sse2_la_CFLAGS=`. ./cpusupport-config.h; echo $${CFLAGS_X86_SSE2}`
+
+# Install libscrypt-kdf?
+if LIBSCRYPT_KDF
+lib_LTLIBRARIES=		libscrypt-kdf.la
+libscrypt_kdf_la_LDFLAGS=	-version-info 1			\
+	-export-symbols-regex 'crypto_scrypt$$'
+include_HEADERS=		libscrypt-kdf/scrypt-kdf.h
+noinst_PROGRAMS+=		tests/libscrypt-kdf/sample-libscrypt-kdf
+else
+# Allow the user to get a usable library even if they didn't run configure
+# with --enable-libscrypt-kdf.  If we didn't include this, they would get
+# empty libraries if they ran `make libscrypt-kdf.la`.
+EXTRA_LTLIBRARIES=		libscrypt-kdf.la
+endif
+
+# Shared definitions for libscrypt-kdf.
+libscrypt_kdf_la_SOURCES=	$(crypto_scrypt_files)
+libscrypt_kdf_la_LIBADD=	libcperciva_shani.la libscrypt_sse2.la
+# Workaround for "created with both libtool and without"
+libscrypt_kdf_la_CFLAGS=	$(AM_CFLAGS)
+
+# Test libscrypt-kdf compile
+tests_libscrypt_kdf_sample_libscrypt_kdf_SOURCES=	\
+	tests/libscrypt-kdf/sample-libscrypt-kdf.c
+tests_libscrypt_kdf_sample_libscrypt_kdf_CPPFLAGS=	\
+	-I$(srcdir)/libscrypt-kdf/
+tests_libscrypt_kdf_sample_libscrypt_kdf_LDADD=		libscrypt-kdf.la
+
+EXTRA_DIST = \
+	COPYRIGHT						\
+	FORMAT							\
+	README.md						\
+	STYLE							\
+	lib/README						\
+	lib/crypto/crypto_scrypt-ref.c				\
+	libcperciva/POSIX/README				\
+	libcperciva/POSIX/posix-cflags.sh			\
+	libcperciva/POSIX/posix-clock_gettime.c			\
+	libcperciva/POSIX/posix-clock_realtime.c		\
+	libcperciva/POSIX/posix-l.c				\
+	libcperciva/POSIX/posix-l.sh				\
+	libcperciva/POSIX/posix-msg_nosignal.c			\
+	libcperciva/POSIX/posix-restrict.c			\
+	libcperciva/cpusupport/Build/cpusupport-X86-AESNI.c	\
+	libcperciva/cpusupport/Build/cpusupport-X86-CPUID.c	\
+	libcperciva/cpusupport/Build/cpusupport-X86-RDRAND.c	\
+	libcperciva/cpusupport/Build/cpusupport-X86-SHANI.c	\
+	libcperciva/cpusupport/Build/cpusupport-X86-SSE2.c	\
+	libcperciva/cpusupport/Build/cpusupport-X86-SSSE3.c	\
+	libcperciva/cpusupport/Build/cpusupport.sh		\
+	tests/01-known-values.sh				\
+	tests/02-decrypt-reference-file.sh			\
+	tests/03-encrypt-decrypt-file.sh			\
+	tests/04-force-resources.sh				\
+	tests/05-system-scrypt-encrypt-decrypt.sh		\
+	tests/shared_test_functions.sh				\
+	tests/test_scrypt.sh					\
+	tests/verify-strings/test_scrypt.good			\
+	tests/verify-strings/test_scrypt_good.enc
+
+# Binary to test the crypto_scrypt() function.
+tests_verify_strings_test_scrypt_SOURCES =			\
+	tests/verify-strings/test_scrypt.c			\
+	$(crypto_scrypt_files)
+
+tests_verify_strings_test_scrypt_LDADD=	libcperciva_shani.la	\
+	libscrypt_sse2.la					\
+	${LDADD_POSIX}
+
+# Eliminate false positives while memory-checking for the test framework.
+tests_valgrind_potential_memleaks_SOURCES = tests/valgrind/potential-memleaks.c
+
+.PHONY: test
+# we can't only build "scrypt tests/verify-strings/test_scrypt" because that
+# won't build the BUILT_SOURCES.
+test: all
+	$(top_srcdir)/tests/test_scrypt.sh .
--- /dev/null
+++ scrypt-1.3.0/README.md
@@ -0,0 +1,160 @@
+The scrypt key derivation function
+----------------------------------
+
+
+The scrypt key derivation function was originally developed for use in the
+[Tarsnap online backup system](https://www.tarsnap.com/index.html) and is
+designed to be far more secure against hardware brute-force attacks than
+alternative functions such as [PBKDF2](https://en.wikipedia.org/wiki/PBKDF2) or
+[bcrypt](https://www.openbsd.org/papers/bcrypt-paper.ps).
+
+We estimate that on modern (2009) hardware, if 5 seconds are spent computing a
+derived key, the cost of a hardware brute-force attack against `scrypt` is
+roughly 4000 times greater than the cost of a similar attack against bcrypt (to
+find the same password), and 20000 times greater than a similar attack against
+PBKDF2.  If the `scrypt` encryption utility is used with default parameters,
+the cost of cracking the password on a file encrypted by `scrypt enc` is
+approximately 100 billion times more than the cost of cracking the same
+password on a file encrypted by `openssl enc`; this means that a five-character
+password using `scrypt` is stronger than a ten-character password using
+`openssl`.
+
+Details of the `scrypt` key derivation function are given in:
+
+* The Internet Engineering Task Force (IETF)
+  [RFC 7914: The scrypt Password-Based Key Derivation Function](
+  https://tools.ietf.org/html/rfc7914).
+* The original conference paper: Colin Percival,
+  [Stronger Key Derivation via Sequential Memory-Hard Functions](
+  https://www.tarsnap.com/scrypt/scrypt.pdf), presented at
+  [BSDCan'09](https://www.bsdcan.org/2009/), May 2009.
+  [Conference presentation slides](
+  https://www.tarsnap.com/scrypt/scrypt-slides.pdf).
+
+Some additional articles may be of interest:
+
+* Filippo Valsorda presented a very well-written explanation about how
+  [the scrypt parameters](https://blog.filippo.io/the-scrypt-parameters/)
+  impact the memory usage and CPU time of the algorithm.
+
+* J. Alwen, B. Chen, K. Pietrzak, L. Reyzin, S. Tessaro,
+  [Scrypt is Maximally Memory-Hard](https://eprint.iacr.org/2016/989),
+  Cryptology ePrint Archive: Report 2016/989.
+
+
+The scrypt encryption utility
+-----------------------------
+
+A simple password-based encryption utility is available as a demonstration of
+the `scrypt` key derivation function.  It can be invoked as `scrypt enc infile
+[outfile]` to encrypt data (if `outfile` is not specified, the encrypted data
+is written to the standard output), or as `scrypt dec infile [outfile]` to
+decrypt data (if outfile is not specified, the decrypted data is written to the
+standard output). `scrypt` also supports three command-line options:
+
+* `-t maxtime` will instruct `scrypt` to spend at most maxtime seconds
+  computing the derived encryption key from the password; for encryption, this
+  value will determine how secure the encrypted data is, while for decryption
+  this value is used as an upper limit (if `scrypt` detects that it would take
+  too long to decrypt the data, it will exit with an error message).
+* `-m maxmemfrac` instructs `scrypt` to use at most the specified fraction of
+  the available RAM for computing the derived encryption key. For encryption,
+  increasing this value might increase the security of the encrypted data,
+  depending on the `maxtime` value; for decryption, this value is used as an
+  upper limit and may `cause` scrypt to exit with an error.
+* `-M maxmem` instructs `scrypt` to use at most the specified number of bytes
+  of RAM when computing the derived encryption key.
+
+If the encrypted data is corrupt, `scrypt dec` will exit with a non-zero
+status.  However, **`scrypt dec` may produce output before it determines that
+the encrypted data was corrupt**, so for applications which require data to be
+authenticated, you must store the output of `scrypt dec` in a temporary
+location and check `scrypt`'s exit code before using the decrypted data.
+
+The `scrypt` utility has been tested on FreeBSD, NetBSD, OpenBSD, Linux
+(Slackware, CentOS, Gentoo, Ubuntu), Solaris, OS X, Cygwin, and GNU Hurd.
+
+* [scrypt version 1.3.0 source tarball](
+  https://www.tarsnap.com/scrypt/scrypt-1.3.0.tgz)
+* [GPG-signed SHA256 for scrypt version 1.3.0](
+  https://www.tarsnap.com/scrypt/scrypt-sigs-1.3.0.asc) (signature
+  generated using Tarsnap [code signing key](
+  https://www.tarsnap.com/tarsnap-signing-key.asc))
+
+  This cleartext signature of the SHA256 output can be verified with:
+
+      gpg --decrypt scrypt-sigs-1.3.0.asc
+
+  You may then compare the displayed hash to the SHA256 hash of
+  `scrypt-1.3.0.gz`.
+
+In addition, `scrypt` is available in the OpenBSD and FreeBSD ports trees and
+in NetBSD pkgsrc as `security/scrypt`.
+
+
+Using scrypt as a KDF
+---------------------
+
+To use scrypt as a [key derivation function](
+https://en.wikipedia.org/wiki/Key_derivation_function) (KDF), take a look at
+the `lib/crypto/crypto_scrypt.h` header, which provides:
+
+```
+/**
+ * crypto_scrypt(passwd, passwdlen, salt, saltlen, N, r, p, buf, buflen):
+ * Compute scrypt(passwd[0 .. passwdlen - 1], salt[0 .. saltlen - 1], N, r,
+ * p, buflen) and write the result into buf.  The parameters r, p, and buflen
+ * must satisfy r * p < 2^30 and buflen <= (2^32 - 1) * 32.  The parameter N
+ * must be a power of 2 greater than 1.
+ *
+ * Return 0 on success; or -1 on error.
+ */
+int crypto_scrypt(const uint8_t *, size_t, const uint8_t *, size_t, uint64_t,
+    uint32_t, uint32_t, uint8_t *, size_t);
+```
+
+The same function is provided in the optional `libscrypt-kdf` library; there
+is a sample of using it in `tests/libscrypt-kdf`.  If you installed the
+library, you can compile that file and run the binary:
+
+```
+$ cd tests/libscrypt-kdf/
+$ c99 sample-libscrypt-kdf.c -lscrypt-kdf
+$ ./a.out
+crypto_scrypt(): success
+```
+
+
+Building
+--------
+
+:exclamation: We strongly recommend that people use the latest
+official release tarball on https://www.tarsnap.com/scrypt.html
+
+To build scrypt, extract the tarball and run `./configure` && `make`.  See the
+`BUILDING` file for more details (e.g., dealing with OpenSSL on OSX).
+
+
+Testing
+-------
+
+A small test suite can be run with:
+
+    make test
+
+Memory-testing normal operations with valgrind (takes approximately 4 times as
+long as no valgrind tests) can be enabled with:
+
+    make test USE_VALGRIND=1
+
+Memory-testing all tests with valgrind (requires over 1 GB memory, and takes
+approximately 4 times as long as `USE_VALGRIND=1`) can be enabled with:
+
+    make test USE_VALGRIND=2
+
+
+Mailing list
+------------
+
+The scrypt key derivation function and the scrypt encryption utility are
+discussed on the <scrypt@tarsnap.com> mailing list.
--- /dev/null
+++ scrypt-1.3.0/STYLE
@@ -0,0 +1,193 @@
+Code style
+==========
+
+In general, FreeBSD style(9) should be followed unless it is irrelevant
+(e.g., $FreeBSD$ tags).
+
+Functions with external linkage are declared like this:
+	/**
+	 * module_func(arg1, arg2):
+	 * Description of what the function does, referring to arguments as
+	 * ${arg1} or suchlike.
+	 */
+	int module_func(void *, int);
+
+The identical comment appears in the C file where the function is defined.
+
+Static functions may have the above form of comment, or simply a
+/* Brief description of what the function does. */
+line before the function.
+
+"Unrewrappable" comments starting in the first column should be
+/**
+ * Written like this.
+ *
+ * Because (some of) the line-breaks are important.
+ */
+whereas when such comments are indented, they should be
+	/*-
+	 * Written like this.
+	 *
+	 * Because (some of) the line-breaks are important.
+	 */
+
+Line lengths should generally be 78 characters, and not more than 80
+characters.
+
+In general, functions should return (int)(-1) or NULL to indicate error.
+
+Errors should be printed via warnp (if errno is relevant) or warn0 (if errno
+is not relevant) when they are first detected and also at higher levels where
+useful.  As an exception to this, malloc failures (i.e., errno = ENOMEM) can
+result in failure being passed back up the call chain without being printed
+immediately.  (Naturally, other errors can be passed back where a function
+definition so specifies; e.g., ENOENT in cases where a file not existing is
+not erronous.)
+
+The first statement in main(), after variable declarations, should be
+"WARNP_INIT;" in order to set the program name used for printing warnings.
+
+In general, functions should be structured with one return statement per
+status, e.g., one return() for success and one return() for failure.  Errors
+should be handled by using goto to enter the error return path, e.g.,
+	int
+	foo(int bar)
+	{
+
+		if (something fails)
+			goto err0;
+		/* ... */
+		if (something else fails)
+			goto err1;
+		/* ... */
+		if (yet another operation fails)
+			goto err2;
+
+		/* Success! */
+		return (0);
+
+	err2:
+		/* Clean up something. */
+	err1:
+		/* Clean up something else. */
+	err0:
+		/* Failure! */
+		return (-1);
+	}
+
+As an exception to the above, if there is only one way for the function to
+fail, the idioms
+	return (baz(bar));
+and
+	int rc;
+
+	rc = baz(bar);
+	/* ... cleanup code here ... */
+	return (rc);
+are allowed; furthermore, in cases such as foo_free(), the idiom
+	if (we shouldn't do anything)
+		return;
+is preferred over
+	if (we shouldn't do anything)
+		goto done;
+at the start of a function.
+
+Headers should be included in the following groups, with a blank line after
+each (non-empty) group:
+1. <sys/*.h>, with <sys/types.h> first followed by others alphabetically.
+2. <net/*.h>, in alphabetical order.
+3. <*.h>, in alphabetical order.
+4. header files from /lib/, in alphabetical order.
+5. header files from the program being built, in alphabetical order.
+6. header files (usually just one) defining the interface for this C file.
+
+If ssize_t is needed, <unistd.h> should be included to provide it.
+
+If size_t is needed, <stddef.h> should be included to provide it unless
+<stdio.h>, <stdlib.h>, <string.h>, or <unistd.h> is already required.
+
+If the C99 integer types (uint8_t, int64_t, etc.) are required, <stdint.h>
+should be included to provide them unless <inttypes.h> is already required.
+
+The type 'char' should only be used to represent human-readable characters
+(input from users, output to users, pathnames, et cetera).  The type
+'char *' should normally be a NUL-terminated string.  The types 'signed
+char' and 'unsigned char' should never be used; C99 integer types should
+be used instead.
+
+When a variable is declared to have a pointer type, there should be a space
+between the '*' and the variable name, e.g.,
+	int
+	main(int argc, char * argv[])
+	{
+		char * opt_p = NULL;
+Note that this is inconsistent with FreeBSD style(9).  When used as a unary
+operator, '*' is not separated from its argument, e.g.,
+	while (*p != '\0')
+		p++;
+
+When a struct is referenced, the idiom
+	/* Opaque types. */
+	struct foo;
+
+	struct bar * bar_from_foo(struct foo *);
+is preferable to
+	#include "foo.h"	/* needed for struct foo */
+
+	struct bar * bar_from_foo(struct foo *);
+unless there is some reason why the internal layout of struct foo is needed
+(e.g., if struct bar contains a struct foo rather than a struct foo *).  Such
+struct declarations should be sorted alphabetically.
+
+The file foo.c should only export symbols of the following forms:
+	foo_*	-- most symbols should be of this form.
+	FOO_* / BAR_FOO_*
+		-- allowed in cases where FOO or BAR_FOO is idiomatic (e.g.,
+		   MD5, HMAC_SHA256).
+	foo() / defoo() / unfoo()
+		-- where "foo" is a verb and this improves code clarity.
+
+Functions named foo_free should return void, and foo_free(NULL) should have
+no effect.  The right way to spell a comment about this is
+	/* Behave consistently with free(NULL). */
+
+If static variables need to be initialized to 0 (or NULL) then they should be
+explicitly declared that way; implicit initialization should not be used.
+
+In non-trivial code, comments should be included which describe in English
+what is being done by the surrounding code with sufficient detail that if the
+code were removed, it could be replaced based on reading the comments without
+requiring any significant creativity.
+
+Comments and documentation should be written in en-GB-oed; i.e., with
+the 'u' included in words such as "honour", "colour", and "neighbour",
+and the ending '-ize' in words such as "organize" and "realize".  The
+Oxford (aka. serial) comma should be used in lists.  Quotation marks
+should be placed logically, i.e., not including punctuation marks which
+do not form a logical part of the quoted text.  Two spaces should be used
+after a period which ends a sentence.
+
+When versions of functions are written to exploit special CPU features
+(using the cpusupport framework), that code should be placed into a
+separate file (e.g., crypto_aes_aesni.c) so that it can be compiled with
+different compiler flags.  Such a file should start with
+	#include "cpusupport.h"
+	#ifdef CPUSUPPORT_FOO_BAR
+and end with
+	#endif /* CPUSUPPORT_FOO_BAR */
+
+Functions for which special CPU-feature-exploiting variants exist should
+take the form
+	{
+		/* Variable declarations here. */
+
+		/* Asserts here, if any. */
+
+	#ifdef CPUSUPPORT_FOO_BAR
+		if (/* We've decided we can use the variant code */) {
+			/* Call variant code and return. */
+		}
+	#endif
+
+		/* Normal implementation of the function. */
+	}
--- /dev/null
+++ scrypt-1.3.0/configure.ac
@@ -0,0 +1,79 @@
+AC_PREREQ([2.69])
+AC_INIT([scrypt],[m4_esyscmd([sh get-version.sh])],
+  [https://github.com/Tarsnap/scrypt],[scrypt],[http://www.tarsnap.com/scrypt/])
+AC_CONFIG_SRCDIR([lib/scryptenc/scryptenc.c])
+AC_CONFIG_AUX_DIR([config.aux])
+AC_CONFIG_MACRO_DIR([m4])
+AM_INIT_AUTOMAKE([foreign subdir-objects -Wall])
+
+# Checks for programs.
+AC_PROG_CC_C99
+AM_PROG_AR
+LT_INIT
+
+# Don't rebuild the configure script.  I'm distributing a perfectly good one.
+AM_MAINTAINER_MODE
+
+# Checks for libraries.
+
+AC_SEARCH_LIBS([AES_encrypt], [crypto],,
+    AC_MSG_ERROR([function AES_ENCRYPT not found]))
+
+# Check for a linuxy sysinfo syscall; and while we're doing that, check if
+# struct sysinfo is the old version (total RAM == totalmem) or the new
+# version (total RAM == totalmem * mem_unit).
+AC_CHECK_HEADERS([sys/sysinfo.h])
+AC_CHECK_FUNCS([sysinfo])
+AC_CHECK_TYPES([struct sysinfo], [], [], [[#include <sys/sysinfo.h>]])
+AC_CHECK_MEMBERS([struct sysinfo.totalram, struct sysinfo.mem_unit], [], [],
+    [[#include <sys/sysinfo.h>]])
+
+# Check if we have <sys/param.h>, since some systems require it for sysctl
+# to work.
+AC_CHECK_HEADERS([sys/param.h])
+
+# Check if we have <openssl/aes.h>, to fix the make failing when configure
+# passes.
+AC_CHECK_HEADERS([openssl/aes.h],,
+  [AC_MSG_ERROR([Unable to find the openssl/aes.h header])])
+
+# Check for <sys/sysctl.h>.  If it exists and it defines HW_USERMEM
+# and/or HW_MEMSIZE, we'll try using those as memory limits.
+AC_CHECK_HEADERS([sys/sysctl.h])
+
+# Check for posix_memalign
+AC_CHECK_FUNCS([posix_memalign])
+
+# Check for mmap so we can work around its absence on Minix
+AC_CHECK_FUNCS([mmap])
+
+AC_SYS_LARGEFILE
+
+# Check whether the user has requested to disable compiler warnings
+AC_MSG_CHECKING([compiler_warnings])
+AC_ARG_ENABLE(compiler_warnings,
+   AS_HELP_STRING([--disable-compiler-warnings],
+       [Do not request compiler warnings. @<:@default=enabled@:>@]),
+   [ac_compiler_warnings=$enableval],
+   [ac_compiler_warnings=yes])
+AC_MSG_RESULT([${ac_compiler_warnings}])
+AS_IF([test x${ac_compiler_warnings} = xyes],
+   [AX_CFLAGS_WARN_ALL])
+
+# Check libcperciva POSIX compatibility
+AC_MSG_NOTICE([checking POSIX compatibility...])
+LIBCPERCIVA_DIR=${srcdir}/libcperciva
+LDADD_POSIX=`export CC="${CC}"; command -p sh ${LIBCPERCIVA_DIR}/POSIX/posix-l.sh "$PATH"`
+CFLAGS_POSIX=`export CC="${CC}"; command -p sh ${LIBCPERCIVA_DIR}/POSIX/posix-cflags.sh "$PATH"`
+AC_SUBST([LDADD_POSIX])
+AC_SUBST([CFLAGS_POSIX])
+AC_MSG_RESULT([... done checking POSIX compatibility])
+
+# Check whether the user wants to install libscrypt-kdf
+AC_ARG_ENABLE(libscrypt-kdf, AS_HELP_STRING([--enable-libscrypt-kdf],
+    [Install libscrypt-kdf and development headers.]))
+AM_CONDITIONAL([LIBSCRYPT_KDF], [test "x${enable_libscrypt_kdf}" = "xyes"])
+
+AC_CONFIG_HEADERS([config.h])
+AC_CONFIG_FILES([Makefile])
+AC_OUTPUT
--- /dev/null
+++ scrypt-1.3.0/get-version.sh
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+version=1.3.0-head
+
+# This script outputs a version number for this project to stdout.
+# - if $SCRYPT_VERSION is given, it is used.
+# - otherwise, it uses ${version}.
+# - if there is a ".git/" directory, it will attempt to get a version number
+#   from `git describe` in the form 1.2.0-238-g0a25a7c, where the middle value
+#   is the number of commits since the 1.2.0 tag.
+
+# Use $SCRYPT_VERSION if it exists.
+if [ -n "${SCRYPT_VERSION}" ]; then
+	# Do not use \n; that confuses autoconf.
+	printf "${SCRYPT_VERSION}"
+	exit 0
+fi
+
+# Get a version number from git, if it exists.
+if git rev-parse 2>/dev/null; then
+	# Get a version string from the latest git tag.
+	if version_git=$( git describe --tags --match '[[:digit:]].*' ) \
+	    2>/dev/null ; then
+		version_decapitated=$( echo ${version} | sed "s/-head//" )
+		# Check that the beginning of this tag matches the version.
+		case ${version_git} in
+		"${version_decapitated}"*)
+			# If so, use that version string.
+			version=${version_git};;
+		*)
+			printf "git tag does not match version\n" 1>&2
+			exit 1;;
+		esac
+	fi
+fi
+
+# Output the version to stdout.  Do not use \n; that confuses autoconf.
+printf ${version}
--- scrypt-1.3.0.orig/lib/scryptenc/scryptenc.c
+++ scrypt-1.3.0/lib/scryptenc/scryptenc.c
@@ -77,8 +77,8 @@ display_params(int logN, uint32_t r, uin
 	    "; p = %" PRIu32 ";\n", N, r, p);
 
 	/* Memory */
-	fprintf(stderr, "    This requires at least %s bytes of memory",
-	    human_mem_minimum);
+	fprintf(stderr, "    Decrypting this file requires at least"
+	    " %s bytes of memory", human_mem_minimum);
 	if (memlimit > 0)
 		fprintf(stderr, " (%s available)", human_memlimit);
 
@@ -267,7 +267,7 @@ scryptenc_setup(uint8_t header[96], uint
 	return (0);
 }
 
-/*
+/**
  * scryptdec_file_printparams(infile):
  * Print the encryption parameters (N, r, p) used for the encrypted ${infile}.
  */
--- scrypt-1.3.0.orig/lib/scryptenc/scryptenc.h
+++ scrypt-1.3.0/lib/scryptenc/scryptenc.h
@@ -80,6 +80,7 @@
  * 13	error reading input file
  */
 
+/* Opaque structure. */
 struct scryptdec_file_cookie;
 
 /**
@@ -111,7 +112,7 @@ int scryptdec_buf(const uint8_t *, size_
 int scryptenc_file(FILE *, FILE *, const uint8_t *, size_t,
     size_t, double, double, int);
 
-/*
+/**
  * scryptdec_file_printparams(infile):
  * Print the encryption parameters (N, r, p) used for the encrypted ${infile}.
  */
--- /dev/null
+++ scrypt-1.3.0/release-tools/create-sign-tarball.sh
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+# Process command-line arguments
+SCRYPTVERSION=$1
+GNUPG_SIGNING_HOME=$2
+
+# Check for required arguments
+if [ -z "$SCRYPTVERSION" ] || [ -z "$GNUPG_SIGNING_HOME" ]; then
+	echo "Usage: $0 SCRYPTVERSION GNUPG_SIGNING_HOME"
+	exit 1
+fi
+
+# Check for correct OS
+if [ `uname` != "FreeBSD" ]; then
+	echo "Error: This script only works on FreeBSD due to the"
+	echo "    sha256 \${PKGNAME}.tgz"
+	echo "command, which has a different meaning on other OSes."
+	exit 1
+fi
+
+# Constants
+PKGNAME=scrypt-${SCRYPTVERSION}
+PKGSIGS=scrypt-sigs-${SCRYPTVERSION}
+
+# Get directory of script
+dir=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd -P)
+
+# Create tarball
+sh ${dir}/mktarball.sh $SCRYPTVERSION
+
+# Sign tarball
+sha256 ${PKGNAME}.tgz |			\
+    GNUPGHOME=${GNUPG_SIGNING_HOME} gpg --clearsign \
+    > ${PKGSIGS}.asc
--- /dev/null
+++ scrypt-1.3.0/release-tools/mktarball.sh
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+VERSION=$1
+if [ -z $VERSION ]; then
+	echo "Please specify the version number"
+	exit 1
+fi
+DESTDIR=scrypt-${VERSION}
+RELEASEDATE=`date "+%B %d, %Y"`
+
+# Copy bits in
+mkdir ${DESTDIR} ${DESTDIR}/autotools
+cp main.c FORMAT COPYRIGHT BUILDING STYLE ${DESTDIR}
+cp Makefile.am .autom4te.cfg ${DESTDIR}
+cp Makefile.am ${DESTDIR}/autotools
+mkdir ${DESTDIR}/m4
+cp -R lib libcperciva libscrypt-kdf tests ${DESTDIR}
+# Copy with substitution
+sed -e "s/@DATE@/$RELEASEDATE/" < scrypt.1 > ${DESTDIR}/scrypt.1
+sed -e "s/\[m4_esyscmd(\[sh get-version\.sh\])]/${VERSION}/" \
+	< configure.ac > ${DESTDIR}/configure.ac
+cp ${DESTDIR}/configure.ac ${DESTDIR}/autotools
+
+# Generate autotools files
+( cd ${DESTDIR}
+autoreconf -i
+rm .autom4te.cfg Makefile.am aclocal.m4 configure.ac )
+
+# Create tarball
+tar -czf ${DESTDIR}.tgz ${DESTDIR}
+rm -r ${DESTDIR}
--- scrypt-1.3.0.orig/scrypt.1
+++ scrypt-1.3.0/scrypt.1
@@ -21,7 +21,7 @@
 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
-.Dd September 11, 2019
+.Dd @DATE@
 .Dt SCRYPT 1
 .Os
 .Sh NAME
