diff --git a/Makefile.in b/Makefile.in
index 1fa0f99bc4f12ce22ff87a97254c697510bea794..fc820dda75d5c40075b201a4c4368e602cdd2e44 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -69,7 +69,7 @@ AR=@AR@
 RANLIB=@RANLIB@
 STRIP=@STRIP@
 INSTALL=@INSTALL@
-CFLAGS=-I. -I$(srcdir)/libtomcrypt @CFLAGS@
+CFLAGS=-I. -I$(srcdir)/libtomcrypt/src/headers/ @CFLAGS@
 LIBS=$(LTC) $(LTM) @LIBS@
 LDFLAGS=@LDFLAGS@
 
diff --git a/algo.h b/algo.h
index 3e8ebb553416310d69bfb0146764170526642a5b..5ed01cc7ea6a6576e9e52ed6106eb2193f89dbc1 100644
--- a/algo.h
+++ b/algo.h
@@ -51,13 +51,13 @@ extern const struct dropbear_cipher dropbear_nocipher;
 extern const struct dropbear_hash dropbear_nohash;
 
 struct dropbear_cipher {
-	const struct _cipher_descriptor *cipherdesc;
+	const struct ltc_cipher_descriptor *cipherdesc;
 	unsigned long keysize;
 	unsigned char blocksize;
 };
 
 struct dropbear_hash {
-	const struct _hash_descriptor *hashdesc;
+	const struct ltc_hash_descriptor *hashdesc;
 	unsigned long keysize;
 	unsigned char hashsize;
 };
diff --git a/common-algo.c b/common-algo.c
index 1975864e744175b036fb7d734a181cf1cf7d0c41..ea9c31143667af4b6aa78c07fcf6125204609576 100644
--- a/common-algo.c
+++ b/common-algo.c
@@ -125,7 +125,7 @@ algo_type sshkex[] = {
  * This should be run before using any of the ciphers/hashes */
 void crypto_init() {
 
-	const struct _cipher_descriptor *regciphers[] = {
+	const struct ltc_cipher_descriptor *regciphers[] = {
 #ifdef DROPBEAR_AES128_CBC
 		&aes_desc,
 #endif
@@ -141,7 +141,7 @@ void crypto_init() {
 		NULL
 	};
 
-	const struct _hash_descriptor *reghashes[] = {
+	const struct ltc_hash_descriptor *reghashes[] = {
 		/* we need sha1 for hostkey stuff regardless */
 		&sha1_desc,
 #ifdef DROPBEAR_MD5_HMAC
diff --git a/dbutil.c b/dbutil.c
index 5f3a45dfb84192247f72c6b201cbe7c2a2b709ec..45c720e3308189ee1ee968e9dbc9fece6284e288 100644
--- a/dbutil.c
+++ b/dbutil.c
@@ -430,10 +430,11 @@ char* getaddrhostname(struct sockaddr_storage * addr) {
 }
 
 #ifdef DEBUG_TRACE
-void printhex(unsigned char* buf, int len) {
+void printhex(const char * label, const unsigned char * buf, int len) {
 
 	int i;
 
+	fprintf(stderr, "%s\n", label);
 	for (i = 0; i < len; i++) {
 		fprintf(stderr, "%02x", buf[i]);
 		if (i % 16 == 15) {
diff --git a/dbutil.h b/dbutil.h
index 6363f70d1107d135f638c4500c9fe30f89b50fe2..d90494944462e3ee89500f3e7b7a1bfae016c4d0 100644
--- a/dbutil.h
+++ b/dbutil.h
@@ -41,7 +41,7 @@ void dropbear_close(const char* format, ...);
 void dropbear_log(int priority, const char* format, ...);
 #ifdef DEBUG_TRACE
 void dropbear_trace(const char* format, ...);
-void printhex(unsigned char* buf, int len);
+void printhex(const char * label, const unsigned char * buf, int len);
 extern int debug_trace;
 #endif
 char * stripcontrol(const char * text);
diff --git a/includes.h b/includes.h
index 50f2b7be1ad4952d70ecdad9ae54a69cb7f6a41a..6c9f0842161a762da5c2c849528a34e9b43a87f3 100644
--- a/includes.h
+++ b/includes.h
@@ -111,7 +111,7 @@
 #include <libgen.h>
 #endif
 
-#include "libtomcrypt/mycrypt.h"
+#include "libtomcrypt/src/headers/tomcrypt.h"
 #include "libtommath/tommath.h"
 
 #include "compat.h"
diff --git a/packet.c b/packet.c
index 56b31c216c344dceff9b1c4bb62787ed223f856b..ecda4102615a76dc77f68ce02c01ede019b7daa0 100644
--- a/packet.c
+++ b/packet.c
@@ -201,6 +201,7 @@ static void read_packet_init() {
 		/* decrypt it */
 		if (cbc_decrypt(buf_getptr(ses.readbuf, blocksize), 
 					buf_getwriteptr(ses.decryptreadbuf,blocksize),
+					blocksize,
 					&ses.keys->recv_symmetric_struct) != CRYPT_OK) {
 			dropbear_exit("error decrypting");
 		}
@@ -254,6 +255,7 @@ void decrypt_packet() {
 		while (ses.readbuf->pos < ses.readbuf->len - macsize) {
 			if (cbc_decrypt(buf_getptr(ses.readbuf, blocksize), 
 						buf_getwriteptr(ses.decryptreadbuf, blocksize),
+						blocksize,
 						&ses.keys->recv_symmetric_struct) != CRYPT_OK) {
 				dropbear_exit("error decrypting");
 			}
@@ -491,6 +493,7 @@ void encrypt_packet() {
 		while (clearwritebuf->pos < clearwritebuf->len) {
 			if (cbc_encrypt(buf_getptr(clearwritebuf, blocksize),
 						buf_getwriteptr(writebuf, blocksize),
+						blocksize,
 						&ses.keys->trans_symmetric_struct) != CRYPT_OK) {
 				dropbear_exit("error encrypting");
 			}
diff --git a/random.c b/random.c
index 8012148bc04932afefd687a27bed4dcf68dacaba..d58c8a834dd0ad7ad75c6975566763be832a91c0 100644
--- a/random.c
+++ b/random.c
@@ -27,13 +27,13 @@
 #include "dbutil.h"
 #include "bignum.h"
 
-int donerandinit = 0;
+static int donerandinit = 0;
 
 /* this is used to generate unique output from the same hashpool */
-unsigned int counter = 0;
+static unsigned int counter = 0;
 #define MAX_COUNTER 1000000/* the max value for the counter, so it won't loop */
 
-unsigned char hashpool[SHA1_HASH_SIZE];
+static unsigned char hashpool[SHA1_HASH_SIZE];
 
 #define INIT_SEED_SIZE 32 /* 256 bits */
 
diff --git a/rsa.c b/rsa.c
index 8b2436023a44677db596b1ca25e7ec18c88b7acf..f86fdd97946c688e84daa1547c40934f8cd53818 100644
--- a/rsa.c
+++ b/rsa.c
@@ -333,7 +333,7 @@ void buf_put_rsa_sign(buffer* buf, rsa_key *key, const unsigned char* data,
 	mp_clear(&rsa_s);
 
 #if defined(DEBUG_RSA) && defined(DEBUG_TRACE)
-	printhex(buf->data, buf->len);
+	printhex("RSA sig", buf->data, buf->len);
 #endif
 	
 
@@ -357,10 +357,11 @@ static void rsa_pad_em(rsa_key * key,
 		mp_int * rsa_em) {
 
 	/* ASN1 designator (including the 0x00 preceding) */
-	const char rsa_asn1_magic[] = 
+	const unsigned char rsa_asn1_magic[] = 
 		{0x00, 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 
 		 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14};
-#define RSA_ASN1_MAGIC_LEN 16
+	const unsigned int RSA_ASN1_MAGIC_LEN = 16;
+
 	buffer * rsa_EM = NULL;
 	hash_state hs;
 	unsigned int nsize;