fips140.c is freely usable C source code implementing the statistical test for correct operation of a random generator specified by FIPS 140. A "-v" flag reports the gathered statistics of the input file. FIPS 140-2 significantly tightens the tests over the previous version. In October 2001 NIST realised that the bounds on the Runs Test were incorrect, and have updated it again. This program supports all three versions as a compile-time switch.
fips140.c 1.5 (Qualcomm) 02/09/02

skip32.c is a block cipher working on 32-bit blocks. It is based on skipjack, and has 24 feistel-rounds and an 80 bit key. While the blocksize is clearly too short to be useful for securing messages, there are applications where a secret permutation of 32-bit integers is useful. There has been no extensive cryptanalysis of this, but it seems self-evidently secure.

b-m.c is an implementation of the Berlekamp-Massey algorithm for analysing Linear Feedback Shift Registers. See the code itself for how to use it. It reports various cryptographically interesting things like unexpected jumps in linear complexity. Heiko Mahr made a more commented C++ version (I (ggr) haven't looked at his port in any detail).
b-m.c 1.4 (QUALCOMM) 02/09/02

nonlinearity.tgz measures the nonlinearity of an S-box. It reads hex numbers from standard input, reports the nonlinearity of each bit position, the worst nonlinearity, and comments if any function is not balanced. The s-box must have a power of two table entries.
nonlinearity.c 1.1 (QUALCOMM) 02/09/02

lfsr.c is a generator for Linear Feedback shift registers, which can be useful in various forms of analysis. By way of example, "lfsr -n 30 -i 1111 4 1" generates 30 bits of output from the lfsr with characteristic polynomial 1 + x + x^4, initialised to all ones: 111101011001000111101011001000.

"arrsyfor" is a cleanroom implementation of a cipher which interoperates with RC4 (tm) (Trademark of RSA Data Security Inc). Arrsyfor has a bulk encryption interface, and discards the first 256 bytes of output to avoid problems with output/key correlations. Here is the source archive arrsyfor.tgz.

asciirc4.c is an program that uses arrsyfor in a novel way to encrypt or decrypt ASCII text files, without expansion. (See comments in the source code for how this is done, but basically, it reversibly encrypts just the characters in a particular set... by default the alphanumerics, so the output looks ROT13ish.)

checkdig.c is a function and test harness that calculates credit card check digits according to the LUHN formula. You give it something the right length, and it returns 0 if the check digit was correct, otherwise it returns the digit you need to add mod 10 to correct the check digit.

biased.c is a fairly trivial program that reports whether an observed data bias is statistically significant or not. For example, The first argument is the number of bits (or whatever), the second argument is either the proportion that are ones, or the observed bias, or the count of ones.

$ biased 5000000000 .499994
2499970000/5000000000 0.499994 not statistically significant
$ biased 5000000000 .49998
2499900000/5000000000 0.49998 might be non-uniform (>95%)

bias.tgz takes a binary file on standard input (such as output of a stream cipher) and checks for bit biases. It supports a "-v" (for verbose) flag to report everything; normally it only mentions interesting facts. A single numeric argument makes it analyse blocks of that many bytes in parallel, so you might analyse a word-oriented stream cipher with "t32 | bias 4", say. Otherwise it just does a single big count. It's intended to work on very large data sets; I processed 170GB in an hour on a serious PC.

Helix.tgz - we did a cleanroom implementation of the Helix stream cipher/MAC construct.  See Ferguson et. al, Fast Software Encryption 2003, or http://www.macfergus.com/helix/helix.pdf