diff -Nru libcrypto++-8.4.0/adv_simd.h libcrypto++-8.6.0/adv_simd.h --- libcrypto++-8.4.0/adv_simd.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/adv_simd.h 2021-09-24 11:48:47.000000000 +0000 @@ -4,10 +4,10 @@ /// \brief Template for AdvancedProcessBlocks and SIMD processing // The SIMD based implementations for ciphers that use SSE, NEON and Power7 -// have a commom pattern. Namely, they have a specialized implementation of +// have a common pattern. Namely, they have a specialized implementation of // AdvancedProcessBlocks which processes multiple block using hardware // acceleration. After several implementations we noticed a lot of copy and -// paste occuring. adv_simd.h provides a template to avoid the copy and paste. +// paste occurring. adv_simd.h provides a template to avoid the copy and paste. // // There are 6 templates provided in this file. The number following the // function name, 128, is the block size in bits. The name following the @@ -112,13 +112,13 @@ const size_t blockSize = 16; // const size_t neonBlockSize = 16; - size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize; + size_t inIncrement = (flags & (EnumToInt(BT_InBlockIsCounter)|EnumToInt(BT_DontIncrementInOutPointers))) ? 0 : blockSize; size_t xorIncrement = (xorBlocks != NULLPTR) ? blockSize : 0; - size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize; + size_t outIncrement = (flags & EnumToInt(BT_DontIncrementInOutPointers)) ? 0 : blockSize; // Clang and Coverity are generating findings using xorBlocks as a flag. - const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); - const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); + const bool xorInput = (xorBlocks != NULLPTR) && (flags & EnumToInt(BT_XorInput)); + const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & EnumToInt(BT_XorInput)); if (flags & BT_ReverseDirection) { @@ -266,13 +266,13 @@ const size_t blockSize = 16; // const size_t neonBlockSize = 16; - size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize; + size_t inIncrement = (flags & (EnumToInt(BT_InBlockIsCounter)|EnumToInt(BT_DontIncrementInOutPointers))) ? 0 : blockSize; size_t xorIncrement = (xorBlocks != NULLPTR) ? blockSize : 0; - size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize; + size_t outIncrement = (flags & EnumToInt(BT_DontIncrementInOutPointers)) ? 0 : blockSize; // Clang and Coverity are generating findings using xorBlocks as a flag. - const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); - const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); + const bool xorInput = (xorBlocks != NULLPTR) && (flags & EnumToInt(BT_XorInput)); + const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & EnumToInt(BT_XorInput)); if (flags & BT_ReverseDirection) { @@ -400,13 +400,13 @@ const size_t blockSize = 16; // const size_t neonBlockSize = 16; - size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize; + size_t inIncrement = (flags & (EnumToInt(BT_InBlockIsCounter)|EnumToInt(BT_DontIncrementInOutPointers))) ? 0 : blockSize; size_t xorIncrement = (xorBlocks != NULLPTR) ? blockSize : 0; - size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize; + size_t outIncrement = (flags & EnumToInt(BT_DontIncrementInOutPointers)) ? 0 : blockSize; // Clang and Coverity are generating findings using xorBlocks as a flag. - const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); - const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); + const bool xorInput = (xorBlocks != NULLPTR) && (flags & EnumToInt(BT_XorInput)); + const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & EnumToInt(BT_XorInput)); if (flags & BT_ReverseDirection) { @@ -644,13 +644,13 @@ const size_t blockSize = 16; // const size_t xmmBlockSize = 16; - size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize; + size_t inIncrement = (flags & (EnumToInt(BT_InBlockIsCounter)|EnumToInt(BT_DontIncrementInOutPointers))) ? 0 : blockSize; size_t xorIncrement = (xorBlocks != NULLPTR) ? blockSize : 0; - size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize; + size_t outIncrement = (flags & EnumToInt(BT_DontIncrementInOutPointers)) ? 0 : blockSize; // Clang and Coverity are generating findings using xorBlocks as a flag. - const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); - const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); + const bool xorInput = (xorBlocks != NULLPTR) && (flags & EnumToInt(BT_XorInput)); + const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & EnumToInt(BT_XorInput)); if (flags & BT_ReverseDirection) { @@ -839,13 +839,13 @@ const size_t blockSize = 16; // const size_t xmmBlockSize = 16; - size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize; + size_t inIncrement = (flags & (EnumToInt(BT_InBlockIsCounter)|EnumToInt(BT_DontIncrementInOutPointers))) ? 0 : blockSize; size_t xorIncrement = (xorBlocks != NULLPTR) ? blockSize : 0; - size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize; + size_t outIncrement = (flags & EnumToInt(BT_DontIncrementInOutPointers)) ? 0 : blockSize; // Clang and Coverity are generating findings using xorBlocks as a flag. - const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); - const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); + const bool xorInput = (xorBlocks != NULLPTR) && (flags & EnumToInt(BT_XorInput)); + const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & EnumToInt(BT_XorInput)); if (flags & BT_ReverseDirection) { @@ -986,13 +986,13 @@ const size_t blockSize = 16; // const size_t simdBlockSize = 16; - size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize; + size_t inIncrement = (flags & (EnumToInt(BT_InBlockIsCounter)|EnumToInt(BT_DontIncrementInOutPointers))) ? 0 : blockSize; size_t xorIncrement = (xorBlocks != NULLPTR) ? blockSize : 0; - size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize; + size_t outIncrement = (flags & EnumToInt(BT_DontIncrementInOutPointers)) ? 0 : blockSize; // Clang and Coverity are generating findings using xorBlocks as a flag. - const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); - const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); + const bool xorInput = (xorBlocks != NULLPTR) && (flags & EnumToInt(BT_XorInput)); + const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & EnumToInt(BT_XorInput)); if (flags & BT_ReverseDirection) { @@ -1131,13 +1131,13 @@ const size_t blockSize = 16; // const size_t simdBlockSize = 16; - size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize; + size_t inIncrement = (flags & (EnumToInt(BT_InBlockIsCounter)|EnumToInt(BT_DontIncrementInOutPointers))) ? 0 : blockSize; size_t xorIncrement = (xorBlocks != NULLPTR) ? blockSize : 0; - size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize; + size_t outIncrement = (flags & EnumToInt(BT_DontIncrementInOutPointers)) ? 0 : blockSize; // Clang and Coverity are generating findings using xorBlocks as a flag. - const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); - const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); + const bool xorInput = (xorBlocks != NULLPTR) && (flags & EnumToInt(BT_XorInput)); + const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & EnumToInt(BT_XorInput)); if (flags & BT_ReverseDirection) { diff -Nru libcrypto++-8.4.0/algebra.h libcrypto++-8.6.0/algebra.h --- libcrypto++-8.4.0/algebra.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/algebra.h 2021-09-24 11:48:47.000000000 +0000 @@ -294,7 +294,7 @@ /// \brief Calculates the greatest common denominator in the ring /// \param a the first element /// \param b the second element - /// \return the the greatest common denominator of a and b. + /// \return the greatest common denominator of a and b. virtual const Element& Gcd(const Element &a, const Element &b) const; protected: diff -Nru libcrypto++-8.4.0/aria_simd.cpp libcrypto++-8.6.0/aria_simd.cpp --- libcrypto++-8.4.0/aria_simd.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/aria_simd.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -23,10 +23,6 @@ # include #endif -// Clang intrinsic casts, http://bugs.llvm.org/show_bug.cgi?id=20670 -#define M128_CAST(x) ((__m128i *)(void *)(x)) -#define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x)) - // Squash MS LNK4221 and libtool warnings extern const char ARIA_SIMD_FNAME[] = __FILE__; diff -Nru libcrypto++-8.4.0/arm_simd.h libcrypto++-8.6.0/arm_simd.h --- libcrypto++-8.4.0/arm_simd.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/arm_simd.h 2021-09-24 11:48:47.000000000 +0000 @@ -9,6 +9,7 @@ #include "config.h" #if (CRYPTOPP_ARM_NEON_HEADER) +# include # include #endif @@ -17,18 +18,135 @@ # include #endif +#if (CRYPTOPP_ARM_CRC32_AVAILABLE) || defined(CRYPTOPP_DOXYGEN_PROCESSING) +/// \name CRC32 checksum +//@{ + +/// \brief CRC32 checksum +/// \param crc the starting crc value +/// \param val the value to checksum +/// \return CRC32 value +/// \since Crypto++ 8.6 +inline uint32_t CRC32B (uint32_t crc, uint8_t val) +{ +#if defined(_MSC_VER) + return __crc32b(crc, val); +#else + __asm__ ("crc32b %w0, %w0, %w1 \n\t" + :"+r" (crc) : "r" (val) ); + return crc; +#endif +} + +/// \brief CRC32 checksum +/// \param crc the starting crc value +/// \param val the value to checksum +/// \return CRC32 value +/// \since Crypto++ 8.6 +inline uint32_t CRC32W (uint32_t crc, uint32_t val) +{ +#if defined(_MSC_VER) + return __crc32w(crc, val); +#else + __asm__ ("crc32w %w0, %w0, %w1 \n\t" + :"+r" (crc) : "r" (val) ); + return crc; +#endif +} + +/// \brief CRC32 checksum +/// \param crc the starting crc value +/// \param vals the values to checksum +/// \return CRC32 value +/// \since Crypto++ 8.6 +inline uint32_t CRC32Wx4 (uint32_t crc, const uint32_t vals[4]) +{ +#if defined(_MSC_VER) + return __crc32w(__crc32w(__crc32w(__crc32w( + crc, vals[0]), vals[1]), vals[2]), vals[3]); +#else + __asm__ ("crc32w %w0, %w0, %w1 \n\t" + "crc32w %w0, %w0, %w2 \n\t" + "crc32w %w0, %w0, %w3 \n\t" + "crc32w %w0, %w0, %w4 \n\t" + :"+r" (crc) : "r" (vals[0]), "r" (vals[1]), + "r" (vals[2]), "r" (vals[3])); + return crc; +#endif +} + +//@} +/// \name CRC32-C checksum + +/// \brief CRC32-C checksum +/// \param crc the starting crc value +/// \param val the value to checksum +/// \return CRC32-C value +/// \since Crypto++ 8.6 +inline uint32_t CRC32CB (uint32_t crc, uint8_t val) +{ +#if defined(_MSC_VER) + return __crc32cb(crc, val); +#else + __asm__ ("crc32cb %w0, %w0, %w1 \n\t" + :"+r" (crc) : "r" (val) ); + return crc; +#endif +} + +/// \brief CRC32-C checksum +/// \param crc the starting crc value +/// \param val the value to checksum +/// \return CRC32-C value +/// \since Crypto++ 8.6 +inline uint32_t CRC32CW (uint32_t crc, uint32_t val) +{ +#if defined(_MSC_VER) + return __crc32cw(crc, val); +#else + __asm__ ("crc32cw %w0, %w0, %w1 \n\t" + :"+r" (crc) : "r" (val) ); + return crc; +#endif +} + +/// \brief CRC32-C checksum +/// \param crc the starting crc value +/// \param vals the values to checksum +/// \return CRC32-C value +/// \since Crypto++ 8.6 +inline uint32_t CRC32CWx4 (uint32_t crc, const uint32_t vals[4]) +{ +#if defined(_MSC_VER) + return __crc32cw(__crc32cw(__crc32cw(__crc32cw( + crc, vals[0]), vals[1]), vals[2]), vals[3]); +#else + __asm__ ("crc32cw %w0, %w0, %w1 \n\t" + "crc32cw %w0, %w0, %w2 \n\t" + "crc32cw %w0, %w0, %w3 \n\t" + "crc32cw %w0, %w0, %w4 \n\t" + :"+r" (crc) : "r" (vals[0]), "r" (vals[1]), + "r" (vals[2]), "r" (vals[3])); + return crc; +#endif +} +//@} +#endif // CRYPTOPP_ARM_CRC32_AVAILABLE + #if (CRYPTOPP_ARM_PMULL_AVAILABLE) || defined(CRYPTOPP_DOXYGEN_PROCESSING) +/// \name Polynomial multiplication +//@{ /// \brief Polynomial multiplication -/// \param a the first term -/// \param b the second term +/// \param a the first value +/// \param b the second value /// \return vector product /// \details PMULL_00() performs polynomial multiplication and presents /// the result like Intel's c = _mm_clmulepi64_si128(a, b, 0x00). /// The 0x00 indicates the low 64-bits of a and b /// are multiplied. /// \note An Intel XMM register is composed of 128-bits. The leftmost bit -/// is MSB and numbered 127, while the the rightmost bit is LSB and +/// is MSB and numbered 127, while the rightmost bit is LSB and /// numbered 0. /// \since Crypto++ 8.0 inline uint64x2_t PMULL_00(const uint64x2_t a, const uint64x2_t b) @@ -39,8 +157,8 @@ return vmull_p64(x, y); #elif defined(__GNUC__) uint64x2_t r; - __asm __volatile("pmull %0.1q, %1.1d, %2.1d \n\t" - :"=w" (r) : "w" (a), "w" (b) ); + __asm__ ("pmull %0.1q, %1.1d, %2.1d \n\t" + :"=w" (r) : "w" (a), "w" (b) ); return r; #else return (uint64x2_t)(vmull_p64( @@ -50,15 +168,15 @@ } /// \brief Polynomial multiplication -/// \param a the first term -/// \param b the second term +/// \param a the first value +/// \param b the second value /// \return vector product /// \details PMULL_01 performs() polynomial multiplication and presents /// the result like Intel's c = _mm_clmulepi64_si128(a, b, 0x01). /// The 0x01 indicates the low 64-bits of a and high /// 64-bits of b are multiplied. /// \note An Intel XMM register is composed of 128-bits. The leftmost bit -/// is MSB and numbered 127, while the the rightmost bit is LSB and +/// is MSB and numbered 127, while the rightmost bit is LSB and /// numbered 0. /// \since Crypto++ 8.0 inline uint64x2_t PMULL_01(const uint64x2_t a, const uint64x2_t b) @@ -69,8 +187,8 @@ return vmull_p64(x, y); #elif defined(__GNUC__) uint64x2_t r; - __asm __volatile("pmull %0.1q, %1.1d, %2.1d \n\t" - :"=w" (r) : "w" (a), "w" (vget_high_u64(b)) ); + __asm__ ("pmull %0.1q, %1.1d, %2.1d \n\t" + :"=w" (r) : "w" (a), "w" (vget_high_u64(b)) ); return r; #else return (uint64x2_t)(vmull_p64( @@ -80,15 +198,15 @@ } /// \brief Polynomial multiplication -/// \param a the first term -/// \param b the second term +/// \param a the first value +/// \param b the second value /// \return vector product /// \details PMULL_10() performs polynomial multiplication and presents /// the result like Intel's c = _mm_clmulepi64_si128(a, b, 0x10). /// The 0x10 indicates the high 64-bits of a and low /// 64-bits of b are multiplied. /// \note An Intel XMM register is composed of 128-bits. The leftmost bit -/// is MSB and numbered 127, while the the rightmost bit is LSB and +/// is MSB and numbered 127, while the rightmost bit is LSB and /// numbered 0. /// \since Crypto++ 8.0 inline uint64x2_t PMULL_10(const uint64x2_t a, const uint64x2_t b) @@ -99,8 +217,8 @@ return vmull_p64(x, y); #elif defined(__GNUC__) uint64x2_t r; - __asm __volatile("pmull %0.1q, %1.1d, %2.1d \n\t" - :"=w" (r) : "w" (vget_high_u64(a)), "w" (b) ); + __asm__ ("pmull %0.1q, %1.1d, %2.1d \n\t" + :"=w" (r) : "w" (vget_high_u64(a)), "w" (b) ); return r; #else return (uint64x2_t)(vmull_p64( @@ -110,15 +228,15 @@ } /// \brief Polynomial multiplication -/// \param a the first term -/// \param b the second term +/// \param a the first value +/// \param b the second value /// \return vector product /// \details PMULL_11() performs polynomial multiplication and presents /// the result like Intel's c = _mm_clmulepi64_si128(a, b, 0x11). /// The 0x11 indicates the high 64-bits of a and b /// are multiplied. /// \note An Intel XMM register is composed of 128-bits. The leftmost bit -/// is MSB and numbered 127, while the the rightmost bit is LSB and +/// is MSB and numbered 127, while the rightmost bit is LSB and /// numbered 0. /// \since Crypto++ 8.0 inline uint64x2_t PMULL_11(const uint64x2_t a, const uint64x2_t b) @@ -129,8 +247,8 @@ return vmull_p64(x, y); #elif defined(__GNUC__) uint64x2_t r; - __asm __volatile("pmull2 %0.1q, %1.2d, %2.2d \n\t" - :"=w" (r) : "w" (a), "w" (b) ); + __asm__ ("pmull2 %0.1q, %1.2d, %2.2d \n\t" + :"=w" (r) : "w" (a), "w" (b) ); return r; #else return (uint64x2_t)(vmull_p64( @@ -139,50 +257,193 @@ #endif } +/// \brief Polynomial multiplication +/// \param a the first value +/// \param b the second value +/// \return vector product +/// \details PMULL() performs vmull_p64(). PMULL is provided as +/// GCC inline assembly due to Clang and lack of support for the intrinsic. +/// \since Crypto++ 8.0 +inline uint64x2_t PMULL(const uint64x2_t a, const uint64x2_t b) +{ +#if defined(_MSC_VER) + const __n64 x = { vgetq_lane_u64(a, 0) }; + const __n64 y = { vgetq_lane_u64(b, 0) }; + return vmull_p64(x, y); +#elif defined(__GNUC__) + uint64x2_t r; + __asm__ ("pmull %0.1q, %1.1d, %2.1d \n\t" + :"=w" (r) : "w" (a), "w" (b) ); + return r; +#else + return (uint64x2_t)(vmull_p64( + vgetq_lane_u64(vreinterpretq_u64_u8(a),0), + vgetq_lane_u64(vreinterpretq_u64_u8(b),0))); +#endif +} + +/// \brief Polynomial multiplication +/// \param a the first value +/// \param b the second value +/// \return vector product +/// \details PMULL_HIGH() performs vmull_high_p64(). PMULL_HIGH is provided as +/// GCC inline assembly due to Clang and lack of support for the intrinsic. +/// \since Crypto++ 8.0 +inline uint64x2_t PMULL_HIGH(const uint64x2_t a, const uint64x2_t b) +{ +#if defined(_MSC_VER) + const __n64 x = { vgetq_lane_u64(a, 1) }; + const __n64 y = { vgetq_lane_u64(b, 1) }; + return vmull_p64(x, y); +#elif defined(__GNUC__) + uint64x2_t r; + __asm__ ("pmull2 %0.1q, %1.2d, %2.2d \n\t" + :"=w" (r) : "w" (a), "w" (b) ); + return r; +#else + return (uint64x2_t)(vmull_p64( + vgetq_lane_u64(vreinterpretq_u64_u8(a),1), + vgetq_lane_u64(vreinterpretq_u64_u8(b),1)))); +#endif +} + /// \brief Vector extraction -/// \param a the first term -/// \param b the second term +/// \param a the first value +/// \param b the second value /// \param c the byte count /// \return vector /// \details VEXT_U8() extracts the first c bytes of vector -/// a and the remaining bytes in b. +/// a and the remaining bytes in b. VEXT_U8 is provided +/// as GCC inline assembly due to Clang and lack of support for the intrinsic. /// \since Crypto++ 8.0 inline uint64x2_t VEXT_U8(uint64x2_t a, uint64x2_t b, unsigned int c) { #if defined(_MSC_VER) - return (uint64x2_t)vextq_u8( - vreinterpretq_u8_u64(a), vreinterpretq_u8_u64(b), c); + return vreinterpretq_u64_u8(vextq_u8( + vreinterpretq_u8_u64(a), vreinterpretq_u8_u64(b), c)); #else uint64x2_t r; - __asm __volatile("ext %0.16b, %1.16b, %2.16b, %3 \n\t" - :"=w" (r) : "w" (a), "w" (b), "I" (c) ); + __asm__ ("ext %0.16b, %1.16b, %2.16b, %3 \n\t" + :"=w" (r) : "w" (a), "w" (b), "I" (c) ); return r; #endif } /// \brief Vector extraction /// \tparam C the byte count -/// \param a the first term -/// \param b the second term +/// \param a the first value +/// \param b the second value /// \return vector /// \details VEXT_U8() extracts the first C bytes of vector -/// a and the remaining bytes in b. +/// a and the remaining bytes in b. VEXT_U8 is provided +/// as GCC inline assembly due to Clang and lack of support for the intrinsic. /// \since Crypto++ 8.0 template inline uint64x2_t VEXT_U8(uint64x2_t a, uint64x2_t b) { // https://github.com/weidai11/cryptopp/issues/366 #if defined(_MSC_VER) - return (uint64x2_t)vextq_u8( - vreinterpretq_u8_u64(a), vreinterpretq_u8_u64(b), C); + return vreinterpretq_u64_u8(vextq_u8( + vreinterpretq_u8_u64(a), vreinterpretq_u8_u64(b), C)); #else uint64x2_t r; - __asm __volatile("ext %0.16b, %1.16b, %2.16b, %3 \n\t" - :"=w" (r) : "w" (a), "w" (b), "I" (C) ); + __asm__ ("ext %0.16b, %1.16b, %2.16b, %3 \n\t" + :"=w" (r) : "w" (a), "w" (b), "I" (C) ); return r; #endif +//@} } #endif // CRYPTOPP_ARM_PMULL_AVAILABLE +#if CRYPTOPP_ARM_SHA3_AVAILABLE || defined(CRYPTOPP_DOXYGEN_PROCESSING) +/// \name ARMv8.2 operations +//@{ + +/// \brief Three-way XOR +/// \param a the first value +/// \param b the second value +/// \param c the third value +/// \return three-way exclusive OR of the values +/// \details VEOR3() performs veor3q_u64(). VEOR3 is provided as GCC inline assembly due +/// to Clang and lack of support for the intrinsic. +/// \details VEOR3 requires ARMv8.2. +/// \since Crypto++ 8.6 +inline uint64x2_t VEOR3(uint64x2_t a, uint64x2_t b, uint64x2_t c) +{ +#if defined(_MSC_VER) + return veor3q_u64(a, b, c); +#else + uint64x2_t r; + __asm__ ("eor3 %0.16b, %1.16b, %2.16b, %3.16b \n\t" + :"=w" (r) : "w" (a), "w" (b), "w" (c)); + return r; +#endif +} + +/// \brief XOR and rotate +/// \param a the first value +/// \param b the second value +/// \param c the third value +/// \return two-way exclusive OR of the values, then rotated by imm6 +/// \details VXARQ() performs vxarq_u64(). VXARQ is provided as GCC inline assembly due +/// to Clang and lack of support for the intrinsic. +/// \details VXARQ requires ARMv8.2. +/// \since Crypto++ 8.6 +inline uint64x2_t VXAR(uint64x2_t a, uint64x2_t b, const int imm6) +{ +#if defined(_MSC_VER) + return vxarq_u64(a, b, imm6); +#else + uint64x2_t r; + __asm__ ("xar %0.2d, %1.2d, %2.2d, %3 \n\t" + :"=w" (r) : "w" (a), "w" (b), "I" (imm6)); + return r; +#endif +} + +/// \brief XOR and rotate +/// \tparam C the rotate amount +/// \param a the first value +/// \param b the second value +/// \return two-way exclusive OR of the values, then rotated by C +/// \details VXARQ() performs vxarq_u64(). VXARQ is provided as GCC inline assembly due +/// to Clang and lack of support for the intrinsic. +/// \details VXARQ requires ARMv8.2. +/// \since Crypto++ 8.6 +template +inline uint64x2_t VXAR(uint64x2_t a, uint64x2_t b) +{ +#if defined(_MSC_VER) + return vxarq_u64(a, b, C); +#else + uint64x2_t r; + __asm__ ("xar %0.2d, %1.2d, %2.2d, %3 \n\t" + :"=w" (r) : "w" (a), "w" (b), "I" (C)); + return r; +#endif +} + +/// \brief XOR and rotate +/// \param a the first value +/// \param b the second value +/// \return two-way exclusive OR of the values, then rotated 1-bit +/// \details VRAX1() performs vrax1q_u64(). VRAX1 is provided as GCC inline assembly due +/// to Clang and lack of support for the intrinsic. +/// \details VRAX1 requires ARMv8.2. +/// \since Crypto++ 8.6 +inline uint64x2_t VRAX1(uint64x2_t a, uint64x2_t b) +{ +#if defined(_MSC_VER) + return vrax1q_u64(a, b); +#else + uint64x2_t r; + __asm__ ("rax1 %0.2d, %1.2d, %2.2d \n\t" + :"=w" (r) : "w" (a), "w" (b)); + return r; +#endif +} +//@} +#endif // CRYPTOPP_ARM_SHA3_AVAILABLE + #endif // CRYPTOPP_ARM_SIMD_H diff -Nru libcrypto++-8.4.0/asn.h libcrypto++-8.6.0/asn.h --- libcrypto++-8.4.0/asn.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/asn.h 2021-09-24 11:48:47.000000000 +0000 @@ -380,7 +380,7 @@ { public: /// \brief Default ASN.1 tag - enum {DefaultTag = SEQUENCE | CONSTRUCTED}; + enum {DefaultTag = SEQUENCE | EnumToInt(CONSTRUCTED)}; virtual ~BERGeneralDecoder(); @@ -491,7 +491,7 @@ { public: /// \brief Default ASN.1 tag - enum {DefaultTag = SEQUENCE | CONSTRUCTED}; + enum {DefaultTag = SEQUENCE | EnumToInt(CONSTRUCTED)}; virtual ~DERGeneralEncoder(); @@ -525,7 +525,7 @@ { public: /// \brief Default ASN.1 tag - enum {DefaultTag = SEQUENCE | CONSTRUCTED}; + enum {DefaultTag = SEQUENCE | EnumToInt(CONSTRUCTED)}; /// \brief Construct an ASN.1 decoder /// \param inQueue input byte queue @@ -557,7 +557,7 @@ { public: /// \brief Default ASN.1 tag - enum {DefaultTag = SEQUENCE | CONSTRUCTED}; + enum {DefaultTag = SEQUENCE | EnumToInt(CONSTRUCTED)}; /// \brief Construct an ASN.1 encoder /// \param outQueue output byte queue @@ -589,7 +589,7 @@ { public: /// \brief Default ASN.1 tag - enum {DefaultTag = SET | CONSTRUCTED}; + enum {DefaultTag = SET | EnumToInt(CONSTRUCTED)}; /// \brief Construct an ASN.1 decoder /// \param inQueue input byte queue @@ -621,7 +621,7 @@ { public: /// \brief Default ASN.1 tag - enum {DefaultTag = SET | CONSTRUCTED}; + enum {DefaultTag = SET | EnumToInt(CONSTRUCTED)}; /// \brief Construct an ASN.1 encoder /// \param outQueue output byte queue @@ -687,7 +687,7 @@ /// \param bt BufferedTransformation object /// \details Save() will write the OID associated with algorithm or scheme. /// In the case of public and private keys, this function writes the - /// subjectPubicKeyInfo and privateKeyInfo parts. + /// subjectPublicKeyInfo and privateKeyInfo parts. void Save(BufferedTransformation &bt) const {BEREncode(bt);} diff -Nru libcrypto++-8.4.0/bench1.cpp libcrypto++-8.6.0/bench1.cpp --- libcrypto++-8.4.0/bench1.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/bench1.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -322,8 +322,8 @@ oss << "\n"; - oss << "\n

Crypto++ " << CRYPTOPP_VERSION / 100; - oss << '.' << (CRYPTOPP_VERSION % 100) / 10 << '.' << CRYPTOPP_VERSION % 10 << " Benchmarks

"; + oss << "\n

Crypto++ " << CRYPTOPP_VERSION / 100; + oss << '.' << (CRYPTOPP_VERSION % 100) / 10 << '.' << CRYPTOPP_VERSION % 10 << " Benchmarks

"; oss << "\n

Here are speed benchmarks for some commonly used cryptographic algorithms.

"; @@ -509,6 +509,8 @@ BenchMarkByNameKeyLess("SM3"); BenchMarkByNameKeyLess("BLAKE2s"); BenchMarkByNameKeyLess("BLAKE2b"); + BenchMarkByNameKeyLess("LSH-256"); + BenchMarkByNameKeyLess("LSH-512"); } std::cout << "\n" << std::endl; diff -Nru libcrypto++-8.4.0/bench3.cpp libcrypto++-8.6.0/bench3.cpp --- libcrypto++-8.4.0/bench3.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/bench3.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -426,7 +426,7 @@ ECDSA::Signer spriv(cpriv); ECDSA::Verifier spub(spriv); ECDSA_RFC6979::Signer spriv2(cpriv); - ECDSA_RFC6979::Verifier spub2(spriv); + ECDSA_RFC6979::Verifier spub2(spriv2); ECGDSA::Signer spriv3(Test::GlobalRNG(), ASN1::secp256k1()); ECGDSA::Verifier spub3(spriv3); ECDH::Domain ecdhc(ASN1::secp256k1()); @@ -453,7 +453,7 @@ ECDSA::Signer spriv(cpriv); ECDSA::Verifier spub(spriv); ECDSA_RFC6979::Signer spriv2(cpriv); - ECDSA_RFC6979::Verifier spub2(spriv); + ECDSA_RFC6979::Verifier spub2(spriv2); ECGDSA::Signer spriv3(Test::GlobalRNG(), ASN1::sect233r1()); ECGDSA::Verifier spub3(spriv3); ECDH::Domain ecdhc(ASN1::sect233r1()); diff -Nru libcrypto++-8.4.0/cbcmac.h libcrypto++-8.6.0/cbcmac.h --- libcrypto++-8.4.0/cbcmac.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/cbcmac.h 2021-09-24 11:48:47.000000000 +0000 @@ -43,7 +43,11 @@ class CBC_MAC : public MessageAuthenticationCodeImpl >, public SameKeyLengthAs { public: + /// \brief Construct a CBC_MAC CBC_MAC() {} + /// \brief Construct a CBC_MAC + /// \param key a byte buffer used to key the cipher + /// \param length the length of the byte buffer CBC_MAC(const byte *key, size_t length=SameKeyLengthAs::DEFAULT_KEYLENGTH) {this->SetKey(key, length);} diff -Nru libcrypto++-8.4.0/chacha_avx.cpp libcrypto++-8.6.0/chacha_avx.cpp --- libcrypto++-8.4.0/chacha_avx.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/chacha_avx.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -100,30 +100,31 @@ const __m256i state3 = _mm256_broadcastsi128_si256( _mm_loadu_si128(reinterpret_cast(state+3*4))); - const __m256i CTR0 = _mm256_set_epi32(0, 0, 0, 0, 0, 0, 0, 4); - const __m256i CTR1 = _mm256_set_epi32(0, 0, 0, 1, 0, 0, 0, 5); - const __m256i CTR2 = _mm256_set_epi32(0, 0, 0, 2, 0, 0, 0, 6); - const __m256i CTR3 = _mm256_set_epi32(0, 0, 0, 3, 0, 0, 0, 7); + const word32 C = 0xFFFFFFFFu - state[12]; + const __m256i CTR0 = _mm256_set_epi32(0, 0, 0, 0, 0, 0, C < 4, 4); + const __m256i CTR1 = _mm256_set_epi32(0, 0, C < 1, 1, 0, 0, C < 5, 5); + const __m256i CTR2 = _mm256_set_epi32(0, 0, C < 2, 2, 0, 0, C < 6, 6); + const __m256i CTR3 = _mm256_set_epi32(0, 0, C < 3, 3, 0, 0, C < 7, 7); __m256i X0_0 = state0; __m256i X0_1 = state1; __m256i X0_2 = state2; - __m256i X0_3 = _mm256_add_epi64(state3, CTR0); + __m256i X0_3 = _mm256_add_epi32(state3, CTR0); __m256i X1_0 = state0; __m256i X1_1 = state1; __m256i X1_2 = state2; - __m256i X1_3 = _mm256_add_epi64(state3, CTR1); + __m256i X1_3 = _mm256_add_epi32(state3, CTR1); __m256i X2_0 = state0; __m256i X2_1 = state1; __m256i X2_2 = state2; - __m256i X2_3 = _mm256_add_epi64(state3, CTR2); + __m256i X2_3 = _mm256_add_epi32(state3, CTR2); __m256i X3_0 = state0; __m256i X3_1 = state1; __m256i X3_2 = state2; - __m256i X3_3 = _mm256_add_epi64(state3, CTR3); + __m256i X3_3 = _mm256_add_epi32(state3, CTR3); for (int i = static_cast(rounds); i > 0; i -= 2) { @@ -284,25 +285,25 @@ X0_1 = _mm256_add_epi32(X0_1, state1); X0_2 = _mm256_add_epi32(X0_2, state2); X0_3 = _mm256_add_epi32(X0_3, state3); - X0_3 = _mm256_add_epi64(X0_3, CTR0); + X0_3 = _mm256_add_epi32(X0_3, CTR0); X1_0 = _mm256_add_epi32(X1_0, state0); X1_1 = _mm256_add_epi32(X1_1, state1); X1_2 = _mm256_add_epi32(X1_2, state2); X1_3 = _mm256_add_epi32(X1_3, state3); - X1_3 = _mm256_add_epi64(X1_3, CTR1); + X1_3 = _mm256_add_epi32(X1_3, CTR1); X2_0 = _mm256_add_epi32(X2_0, state0); X2_1 = _mm256_add_epi32(X2_1, state1); X2_2 = _mm256_add_epi32(X2_2, state2); X2_3 = _mm256_add_epi32(X2_3, state3); - X2_3 = _mm256_add_epi64(X2_3, CTR2); + X2_3 = _mm256_add_epi32(X2_3, CTR2); X3_0 = _mm256_add_epi32(X3_0, state0); X3_1 = _mm256_add_epi32(X3_1, state1); X3_2 = _mm256_add_epi32(X3_2, state2); X3_3 = _mm256_add_epi32(X3_3, state3); - X3_3 = _mm256_add_epi64(X3_3, CTR3); + X3_3 = _mm256_add_epi32(X3_3, CTR3); if (input) { diff -Nru libcrypto++-8.4.0/chacha.cpp libcrypto++-8.6.0/chacha.cpp --- libcrypto++-8.4.0/chacha.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/chacha.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -102,7 +102,7 @@ { while (iterationCount >= 8 && MultiBlockSafe(state[12], 8)) { - const bool xorInput = (operation & INPUT_NULL) != INPUT_NULL; + const bool xorInput = (operation & EnumToInt(INPUT_NULL)) != EnumToInt(INPUT_NULL); ChaCha_OperateKeystream_AVX2(state, xorInput ? input : NULLPTR, output, rounds); // MultiBlockSafe avoids overflow on the counter words @@ -120,7 +120,7 @@ { while (iterationCount >= 4 && MultiBlockSafe(state[12], 4)) { - const bool xorInput = (operation & INPUT_NULL) != INPUT_NULL; + const bool xorInput = (operation & EnumToInt(INPUT_NULL)) != EnumToInt(INPUT_NULL); ChaCha_OperateKeystream_SSE2(state, xorInput ? input : NULLPTR, output, rounds); // MultiBlockSafe avoids overflow on the counter words @@ -138,7 +138,7 @@ { while (iterationCount >= 4 && MultiBlockSafe(state[12], 4)) { - const bool xorInput = (operation & INPUT_NULL) != INPUT_NULL; + const bool xorInput = (operation & EnumToInt(INPUT_NULL)) != EnumToInt(INPUT_NULL); ChaCha_OperateKeystream_NEON(state, xorInput ? input : NULLPTR, output, rounds); // MultiBlockSafe avoids overflow on the counter words @@ -156,7 +156,7 @@ { while (iterationCount >= 4 && MultiBlockSafe(state[12], 4)) { - const bool xorInput = (operation & INPUT_NULL) != INPUT_NULL; + const bool xorInput = (operation & EnumToInt(INPUT_NULL)) != EnumToInt(INPUT_NULL); ChaCha_OperateKeystream_ALTIVEC(state, xorInput ? input : NULLPTR, output, rounds); // MultiBlockSafe avoids overflow on the counter words diff -Nru libcrypto++-8.4.0/cham.cpp libcrypto++-8.6.0/cham.cpp --- libcrypto++-8.4.0/cham.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/cham.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -123,12 +123,12 @@ // Do not cast the buffer. It will SIGBUS on some ARM and SPARC. const word32 rk = GetWord(false, BIG_ENDIAN_ORDER, userKey); - const word16 rk1 = rk >> 16; + const word16 rk1 = static_cast(rk >> 16); m_rk[i] = rk1 ^ rotlConstant<1>(rk1) ^ rotlConstant<8>(rk1); m_rk[(i + m_kw) ^ 1] = rk1 ^ rotlConstant<1>(rk1) ^ rotlConstant<11>(rk1); i++; - const word16 rk2 = rk & 0xffff; + const word16 rk2 = static_cast(rk & 0xffff); m_rk[i] = rk2 ^ rotlConstant<1>(rk2) ^ rotlConstant<8>(rk2); m_rk[(i + m_kw) ^ 1] = rk2 ^ rotlConstant<1>(rk2) ^ rotlConstant<11>(rk2); i++; diff -Nru libcrypto++-8.4.0/cmac.cpp libcrypto++-8.6.0/cmac.cpp --- libcrypto++-8.4.0/cmac.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/cmac.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -151,7 +151,9 @@ else cipher.AdvancedProcessBlocks(m_reg, m_reg+blockSize, m_reg, blockSize, BlockTransformation::BT_DontIncrementInOutPointers|BlockTransformation::BT_XorInput); - memcpy(mac, m_reg, size); + // UBsan finding + if (mac) + memcpy(mac, m_reg, size); m_counter = 0; memset(m_reg, 0, blockSize); diff -Nru libcrypto++-8.4.0/config_asm.h libcrypto++-8.6.0/config_asm.h --- libcrypto++-8.4.0/config_asm.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/config_asm.h 2021-09-24 11:48:47.000000000 +0000 @@ -31,7 +31,7 @@ // compiled using C++ only. The library code will not include SSE2 (and // above), NEON, Aarch32, Aarch64, or Altivec (and above). Note the compiler // may use higher ISAs depending on compiler options, but the library will not -// explictly use the ISAs. When disabling ASM, it is best to do it from +// explicitly use the ISAs. When disabling ASM, it is best to do it from // config.h to ensure the library and all programs share the setting. // #define CRYPTOPP_DISABLE_ASM 1 @@ -52,9 +52,13 @@ # define CRYPTOPP_DISABLE_MIXED_ASM 1 #endif -// CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS is no longer honored. It -// was removed at https://github.com/weidai11/cryptopp/issues/682 -// #define CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS 1 +// Define this if you need to disable Android advanced ISAs. +// The problem is, Android-mk does not allow us to specify an +// ISA option, like -maes or -march=armv8-a+crypto for AES. +// Lack of an option results in a compile failure. To avoid +// the compile failure, set this define. Also see +// https://github.com/weidai11/cryptopp/issues/1015 +// CRYPTOPP_DISABLE_ANDROID_ADVANCED_ISA 1 // ***************** IA32 CPU features ******************** @@ -108,7 +112,7 @@ # endif #endif -// Intrinsics availible in GCC 4.3 (http://gcc.gnu.org/gcc-4.3/changes.html) and +// Intrinsics available in GCC 4.3 (http://gcc.gnu.org/gcc-4.3/changes.html) and // MSVC 2008 (http://msdn.microsoft.com/en-us/library/bb892950%28v=vs.90%29.aspx) // SunCC could generate SSE4 at 12.1, but the intrinsics are missing until 12.4. #if !defined(CRYPTOPP_DISABLE_SSE4) && defined(CRYPTOPP_SSSE3_AVAILABLE) && \ @@ -165,9 +169,11 @@ // Guessing at SHA for SunCC. Its not in Sun Studio 12.6. Also see // http://stackoverflow.com/questions/45872180/which-xarch-for-sha-extensions-on-solaris +// Guessing for Intel ICPC. A slide deck says SHA support is in version 16.0-beta +// https://www.alcf.anl.gov/files/ken_intel_compiler_optimization.pdf #if !defined(CRYPTOPP_DISABLE_SHANI) && defined(CRYPTOPP_SSE42_AVAILABLE) && \ (defined(__SHA__) || (CRYPTOPP_MSC_VERSION >= 1900) || (__SUNPRO_CC >= 0x5160) || \ - (CRYPTOPP_GCC_VERSION >= 40900) || (__INTEL_COMPILER >= 1300) || \ + (CRYPTOPP_GCC_VERSION >= 40900) || (__INTEL_COMPILER >= 1600) || \ (CRYPTOPP_LLVM_CLANG_VERSION >= 30400) || (CRYPTOPP_APPLE_CLANG_VERSION >= 50100)) #define CRYPTOPP_SHANI_AVAILABLE 1 #endif @@ -196,31 +202,6 @@ #define CRYPTOPP_PADLOCK_PMM_AVAILABLE 1 #endif -// Fixup Android and SSE, Crypto. It may be enabled based on compiler version. -// Also see https://developer.android.com/ndk/guides/abis -#if defined(__ANDROID__) || defined(ANDROID) -# if (CRYPTOPP_BOOL_X86) -# undef CRYPTOPP_SSE41_AVAILABLE -# undef CRYPTOPP_SSE42_AVAILABLE -# undef CRYPTOPP_CLMUL_AVAILABLE -# undef CRYPTOPP_AESNI_AVAILABLE -# undef CRYPTOPP_SHANI_AVAILABLE -# undef CRYPTOPP_RDRAND_AVAILABLE -# undef CRYPTOPP_RDSEED_AVAILABLE -# undef CRYPTOPP_AVX_AVAILABLE -# undef CRYPTOPP_AVX2_AVAILABLE -# endif -# if (CRYPTOPP_BOOL_X64) -# undef CRYPTOPP_CLMUL_AVAILABLE -# undef CRYPTOPP_AESNI_AVAILABLE -# undef CRYPTOPP_SHANI_AVAILABLE -# undef CRYPTOPP_RDRAND_AVAILABLE -# undef CRYPTOPP_RDSEED_AVAILABLE -# undef CRYPTOPP_AVX_AVAILABLE -# undef CRYPTOPP_AVX2_AVAILABLE -# endif -#endif - // Fixup for SunCC 12.1-12.4. Bad code generation in AES_Encrypt and friends. #if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x5130) # undef CRYPTOPP_AESNI_AVAILABLE @@ -232,6 +213,12 @@ # undef CRYPTOPP_CLMUL_AVAILABLE #endif +// Clang intrinsic casts, http://bugs.llvm.org/show_bug.cgi?id=20670 +#define M128_CAST(x) ((__m128i *)(void *)(x)) +#define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x)) +#define M256_CAST(x) ((__m256i *)(void *)(x)) +#define CONST_M256_CAST(x) ((const __m256i *)(const void *)(x)) + #endif // CRYPTOPP_DISABLE_ASM #endif // X86, X32, X64 @@ -255,7 +242,7 @@ #if !defined(CRYPTOPP_ARM_NEON_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ARM_NEON) # if defined(__arm__) || defined(__ARM_NEON) || defined(__ARM_FEATURE_NEON) || defined(_M_ARM) # if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_LLVM_CLANG_VERSION >= 20800) || \ - (CRYPTOPP_MSC_VERSION >= 1700) + (CRYPTOPP_APPLE_CLANG_VERSION >= 30200) || (CRYPTOPP_MSC_VERSION >= 1700) # define CRYPTOPP_ARM_NEON_AVAILABLE 1 # endif // Compilers # endif // Platforms @@ -265,10 +252,10 @@ // Requires GCC 4.8, Clang 3.3 or Visual Studio 2017 // Do not use APPLE_CLANG_VERSION; use __ARM_FEATURE_XXX instead. #if !defined(CRYPTOPP_ARM_ASIMD_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ARM_ASIMD) -# if defined(__aarch32__) || defined(__aarch64__) || defined(_M_ARM64) -# if defined(__ARM_NEON) || defined(__ARM_FEATURE_NEON) || defined(__ARM_FEATURE_ASIMD) || \ +# if defined(__aarch32__) || defined(__aarch64__) || defined(__arm64__) || defined(_M_ARM64) +# if defined(__ARM_NEON) || defined(__ARM_ASIMD) || defined(__ARM_FEATURE_NEON) || defined(__ARM_FEATURE_ASIMD) || \ (CRYPTOPP_GCC_VERSION >= 40800) || (CRYPTOPP_LLVM_CLANG_VERSION >= 30300) || \ - (CRYPTOPP_MSC_VERSION >= 1916) + (CRYPTOPP_APPLE_CLANG_VERSION >= 40000) || (CRYPTOPP_MSC_VERSION >= 1916) # define CRYPTOPP_ARM_NEON_AVAILABLE 1 # define CRYPTOPP_ARM_ASIMD_AVAILABLE 1 # endif // Compilers @@ -277,66 +264,66 @@ // ARMv8 and ASIMD. -march=armv8-a+crc or above must be present // Requires GCC 4.8, Clang 3.3 or Visual Studio 2017 -// Do not use APPLE_CLANG_VERSION; use __ARM_FEATURE_XXX instead. #if !defined(CRYPTOPP_ARM_CRC32_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ARM_CRC32) # if defined(__aarch32__) || defined(__aarch64__) || defined(_M_ARM64) # if defined(__ARM_FEATURE_CRC32) || (CRYPTOPP_GCC_VERSION >= 40800) || \ - (CRYPTOPP_LLVM_CLANG_VERSION >= 30300) || (CRYPTOPP_MSC_VERSION >= 1916) + (CRYPTOPP_LLVM_CLANG_VERSION >= 30300) || (CRYPTOPP_APPLE_CLANG_VERSION >= 40300) || \ + (CRYPTOPP_MSC_VERSION >= 1916) # define CRYPTOPP_ARM_CRC32_AVAILABLE 1 # endif // Compilers # endif // Platforms #endif -// ARMv8 and ASIMD. -march=armv8-a+crypto or above must be present +// ARMv8 and AES. -march=armv8-a+crypto or above must be present // Requires GCC 4.8, Clang 3.3 or Visual Studio 2017 -// Do not use APPLE_CLANG_VERSION; use __ARM_FEATURE_XXX instead. -#if !defined(CRYPTOPP_ARM_PMULL_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ARM_PMULL) +#if !defined(CRYPTOPP_ARM_AES_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ARM_AES) # if defined(__aarch32__) || defined(__aarch64__) || defined(_M_ARM64) # if defined(__ARM_FEATURE_CRYPTO) || (CRYPTOPP_GCC_VERSION >= 40800) || \ - (CRYPTOPP_LLVM_CLANG_VERSION >= 30300) || (CRYPTOPP_MSC_VERSION >= 1916) -# define CRYPTOPP_ARM_PMULL_AVAILABLE 1 + (CRYPTOPP_LLVM_CLANG_VERSION >= 30300) || (CRYPTOPP_APPLE_CLANG_VERSION >= 40300) || \ + (CRYPTOPP_MSC_VERSION >= 1916) +# define CRYPTOPP_ARM_AES_AVAILABLE 1 # endif // Compilers # endif // Platforms #endif -// ARMv8 and AES. -march=armv8-a+crypto or above must be present +// ARMv8 and PMULL. -march=armv8-a+crypto or above must be present // Requires GCC 4.8, Clang 3.3 or Visual Studio 2017 -// Do not use APPLE_CLANG_VERSION; use __ARM_FEATURE_XXX instead. -#if !defined(CRYPTOPP_ARM_AES_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ARM_AES) +#if !defined(CRYPTOPP_ARM_PMULL_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ARM_PMULL) # if defined(__aarch32__) || defined(__aarch64__) || defined(_M_ARM64) # if defined(__ARM_FEATURE_CRYPTO) || (CRYPTOPP_GCC_VERSION >= 40800) || \ - (CRYPTOPP_LLVM_CLANG_VERSION >= 30300) || (CRYPTOPP_MSC_VERSION >= 1916) -# define CRYPTOPP_ARM_AES_AVAILABLE 1 + (CRYPTOPP_LLVM_CLANG_VERSION >= 30300) || (CRYPTOPP_APPLE_CLANG_VERSION >= 40300) || \ + (CRYPTOPP_MSC_VERSION >= 1916) +# define CRYPTOPP_ARM_PMULL_AVAILABLE 1 # endif // Compilers # endif // Platforms #endif // ARMv8 and SHA-1, SHA-256. -march=armv8-a+crypto or above must be present // Requires GCC 4.8, Clang 3.3 or Visual Studio 2017 -// Do not use APPLE_CLANG_VERSION; use __ARM_FEATURE_XXX instead. #if !defined(CRYPTOPP_ARM_SHA_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ARM_SHA) # if defined(__aarch32__) || defined(__aarch64__) || defined(_M_ARM64) # if defined(__ARM_FEATURE_CRYPTO) || (CRYPTOPP_GCC_VERSION >= 40800) || \ - (CRYPTOPP_LLVM_CLANG_VERSION >= 30300) || (CRYPTOPP_MSC_VERSION >= 1916) + (CRYPTOPP_LLVM_CLANG_VERSION >= 30300) || (CRYPTOPP_APPLE_CLANG_VERSION >= 40300) || \ + (CRYPTOPP_MSC_VERSION >= 1916) # define CRYPTOPP_ARM_SHA1_AVAILABLE 1 # define CRYPTOPP_ARM_SHA2_AVAILABLE 1 # endif // Compilers # endif // Platforms #endif -// ARMv8 and SHA-512, SHA-3. -march=armv8.4-a+crypto or above must be present -// Requires GCC 8.0, Clang ??? or Visual Studio 20?? -// Do not use APPLE_CLANG_VERSION; use __ARM_FEATURE_XXX instead. +// ARMv8 and SHA-512, SHA-3. -march=armv8.2-a+crypto or above must be present +// Requires GCC 8.0, Clang 11.0, Apple Clang 12.0 or Visual Studio 20?? #if !defined(CRYPTOPP_ARM_SHA3_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ARM_SHA) # if defined(__aarch32__) || defined(__aarch64__) || defined(_M_ARM64) -# if defined(__ARM_FEATURE_SHA3) || (CRYPTOPP_GCC_VERSION >= 80000) +# if defined(__ARM_FEATURE_SHA3) || (CRYPTOPP_GCC_VERSION >= 80000) || \ + (CRYPTOPP_APPLE_CLANG_VERSION >= 120000) || (CRYPTOPP_LLVM_CLANG_VERSION >= 110000) # define CRYPTOPP_ARM_SHA512_AVAILABLE 1 # define CRYPTOPP_ARM_SHA3_AVAILABLE 1 # endif // Compilers # endif // Platforms #endif -// ARMv8 and SM3, SM4. -march=armv8.4-a+crypto or above must be present +// ARMv8 and SM3, SM4. -march=armv8.2-a+crypto or above must be present // Requires GCC 8.0, Clang ??? or Visual Studio 20?? // Do not use APPLE_CLANG_VERSION; use __ARM_FEATURE_XXX instead. #if !defined(CRYPTOPP_ARM_SM3_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ARM_SM3) @@ -360,30 +347,16 @@ // Limit the include. #if !defined(CRYPTOPP_ARM_ACLE_HEADER) # if defined(__aarch32__) || defined(__aarch64__) || (__ARM_ARCH >= 8) || defined(__ARM_ACLE) -# if !defined(__ANDROID__) && !defined(ANDROID) && !defined(__APPLE__) -# define CRYPTOPP_ARM_ACLE_HEADER 1 -# endif +# define CRYPTOPP_ARM_ACLE_HEADER 1 # endif #endif -// Fixup Apple Clang and PMULL. Apple defines __ARM_FEATURE_CRYPTO for Xcode 6 -// but does not provide PMULL. TODO: determine when PMULL is available. -#if defined(CRYPTOPP_APPLE_CLANG_VERSION) && (CRYPTOPP_APPLE_CLANG_VERSION < 70000) -# undef CRYPTOPP_ARM_PMULL_AVAILABLE -#endif - -// Disable for Android. Android only offers the base Aarch64 architecture. -// Also see https://developer.android.com/ndk/guides/abis -#if defined(__ANDROID__) || defined(ANDROID) -# undef CRYPTOPP_ARM_CRC32_AVAILABLE -# undef CRYPTOPP_ARM_PMULL_AVAILABLE -# undef CRYPTOPP_ARM_AES_AVAILABLE -# undef CRYPTOPP_ARM_SHA1_AVAILABLE -# undef CRYPTOPP_ARM_SHA2_AVAILABLE -# undef CRYPTOPP_ARM_SHA3_AVAILABLE -# undef CRYPTOPP_ARM_SHA512_AVAILABLE -# undef CRYPTOPP_ARM_SM3_AVAILABLE -# undef CRYPTOPP_ARM_SM4_AVAILABLE +// Apple M1 hack. Xcode cross-compiles for iOS lack +// arm_acle.h. Apple M1 needs arm_acle.h. The problem +// in practice is, we can't get CRYPTOPP_ARM_ACLE_HEADER +// quite right based on ARM preprocessor macros. +#if defined(__APPLE__) && !defined(__ARM_FEATURE_CRC32) +# undef CRYPTOPP_ARM_ACLE_HEADER #endif // Cryptogams offers an ARM asm implementations for AES and SHA. Crypto++ does @@ -401,6 +374,10 @@ # endif #endif +// Clang intrinsic casts, http://bugs.llvm.org/show_bug.cgi?id=20670 +#define UINT64_CAST(x) ((uint64_t *)(void *)(x)) +#define CONST_UINT64_CAST(x) ((const uint64_t *)(const void *)(x)) + #endif // CRYPTOPP_DISABLE_ASM #endif // ARM32, ARM64 @@ -467,4 +444,37 @@ #endif // CRYPTOPP_DISABLE_ASM #endif // PPC32, PPC64 +// https://github.com/weidai11/cryptopp/issues/1015 +#if defined(CRYPTOPP_DISABLE_ANDROID_ADVANCED_ISA) +# if defined(__ANDROID__) || defined(ANDROID) +# if (CRYPTOPP_BOOL_X86) +# undef CRYPTOPP_SSE41_AVAILABLE +# undef CRYPTOPP_SSE42_AVAILABLE +# undef CRYPTOPP_CLMUL_AVAILABLE +# undef CRYPTOPP_AESNI_AVAILABLE +# undef CRYPTOPP_SHANI_AVAILABLE +# undef CRYPTOPP_RDRAND_AVAILABLE +# undef CRYPTOPP_RDSEED_AVAILABLE +# undef CRYPTOPP_AVX_AVAILABLE +# undef CRYPTOPP_AVX2_AVAILABLE +# endif +# if (CRYPTOPP_BOOL_X64) +# undef CRYPTOPP_CLMUL_AVAILABLE +# undef CRYPTOPP_AESNI_AVAILABLE +# undef CRYPTOPP_SHANI_AVAILABLE +# undef CRYPTOPP_RDRAND_AVAILABLE +# undef CRYPTOPP_RDSEED_AVAILABLE +# undef CRYPTOPP_AVX_AVAILABLE +# undef CRYPTOPP_AVX2_AVAILABLE +# endif +# if (CRYPTOPP_BOOL_ARMV8) +# undef CRYPTOPP_ARM_CRC32_AVAILABLE +# undef CRYPTOPP_ARM_PMULL_AVAILABLE +# undef CRYPTOPP_ARM_AES_AVAILABLE +# undef CRYPTOPP_ARM_SHA1_AVAILABLE +# undef CRYPTOPP_ARM_SHA2_AVAILABLE +# endif +# endif // ANDROID +#endif // CRYPTOPP_DISABLE_ANDROID_ADVANCED_ISA + #endif // CRYPTOPP_CONFIG_ASM_H diff -Nru libcrypto++-8.4.0/config_cxx.h libcrypto++-8.6.0/config_cxx.h --- libcrypto++-8.4.0/config_cxx.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/config_cxx.h 2021-09-24 11:48:47.000000000 +0000 @@ -54,21 +54,9 @@ # define __has_feature(x) 0 #endif -// Define CRYPTOPP_NO_CXX11 to avoid C++11 related features shown at the -// end of this file. Some compilers and standard C++ headers advertise C++11 -// but they are really just C++03 with some additional C++11 headers and -// non-conforming classes. Also see Issues 529. -// #define CRYPTOPP_NO_CXX11 1 - -// Define CRYPTOPP_NO_CXX17 to avoid C++17 related features shown at the end of -// this file. At the moment it should only affect std::uncaught_exceptions. -// #define CRYPTOPP_NO_CXX17 1 - // C++11 macro version, https://stackoverflow.com/q/7223991/608639 -#if !defined(CRYPTOPP_NO_CXX11) -# if ((_MSC_VER >= 1600) || (__cplusplus >= 201103L)) && !defined(_STLPORT_VERSION) -# define CRYPTOPP_CXX11 1 -# endif +#if ((_MSC_VER >= 1600) || (__cplusplus >= 201103L)) && !defined(_STLPORT_VERSION) +# define CRYPTOPP_CXX11 1 #endif // Hack ahead. Apple's standard library does not have C++'s unique_ptr in C++11. diff -Nru libcrypto++-8.4.0/config_dll.h libcrypto++-8.6.0/config_dll.h --- libcrypto++-8.4.0/config_dll.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/config_dll.h 2021-09-24 11:48:47.000000000 +0000 @@ -9,9 +9,9 @@ /// classes and template classes from the Win32 dynamic link library. /// When not building the Win32 dynamic link library they are mostly an extern /// template declaration. -/// \detail In practice they are a furball coughed up by a cat and then peed +/// \details In practice they are a furball coughed up by a cat and then peed /// on by a dog. They are awful to get just right because of inconsistent -/// compiler supprt for extern templates, manual instantiation and the FIPS DLL. +/// compiler support for extern templates, manual instantiation and the FIPS DLL. /// \details config.h was split into components in May 2019 to better /// integrate with Autoconf and its feature tests. The splitting occurred so /// users could continue to include config.h while allowing Autoconf diff -Nru libcrypto++-8.4.0/config_misc.h libcrypto++-8.6.0/config_misc.h --- libcrypto++-8.4.0/config_misc.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/config_misc.h 2021-09-24 11:48:47.000000000 +0000 @@ -72,9 +72,12 @@ // raises a SIGTRAP (Unix) or calls DebugBreak() (Windows). CRYPTOPP_ASSERT // is only in effect when CRYPTOPP_DEBUG, DEBUG or _DEBUG is defined. Unlike // Posix assert, CRYPTOPP_ASSERT is not affected by NDEBUG (or failure to -// define it). -// Also see http://github.com/weidai11/cryptopp/issues/277, CVE-2016-7420 -#if (defined(DEBUG) || defined(_DEBUG)) && !defined(CRYPTOPP_DEBUG) +// define it). According to the ndk-build docs, Android use NDK_DEBUG=1 to +// signal a DEBUG build (and NDK_DEBUG=0 to signal non-DEBUG build). +// Also see http://github.com/weidai11/cryptopp/issues/277, CVE-2016-7420 and +// https://developer.android.com/ndk/guides/ndk-build +#if (defined(DEBUG) || defined(_DEBUG)) || (defined(NDK_DEBUG) && (NDK_DEBUG > 0)) +# undef CRYPTOPP_DEBUG # define CRYPTOPP_DEBUG 1 #endif diff -Nru libcrypto++-8.4.0/config_os.h libcrypto++-8.6.0/config_os.h --- libcrypto++-8.4.0/config_os.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/config_os.h 2021-09-24 11:48:47.000000000 +0000 @@ -27,9 +27,10 @@ // It is OK to remove the hard stop below, but you are on your own. // After building the library be sure to run self tests described // https://www.cryptopp.com/wiki/Release_Process#Self_Tests -// Some relevant bug reports can be found at: -// * Clang: http://github.com/weidai11/cryptopp/issues/147 -#if (defined(_MSC_VER) && defined(__clang__) && !(defined( __clang_analyzer__))) +// The problems with Clang pretending to be other compilers is +// discussed at http://github.com/weidai11/cryptopp/issues/147. +#if (defined(_MSC_VER) && defined(__clang__) && \ + !(defined( __clang_analyzer__)) && !defined(__INTEL_LLVM_COMPILER)) # error: "Unsupported configuration" #endif diff -Nru libcrypto++-8.4.0/config_ver.h libcrypto++-8.6.0/config_ver.h --- libcrypto++-8.4.0/config_ver.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/config_ver.h 2021-09-24 11:48:47.000000000 +0000 @@ -35,7 +35,7 @@ /// as a shared object if versions are inadvertently mixed and matched. /// \sa CRYPTOPP_VERSION, LibraryVersion(), HeaderVersion() /// \since Crypto++ 8.2 -#define CRYPTOPP_MINOR 4 +#define CRYPTOPP_MINOR 6 /// \brief Library revision number /// \details CRYPTOPP_REVISION reflects the revision number of the library the /// headers came from. It is not necessarily the revision of the library built @@ -50,7 +50,7 @@ /// shared object if versions are inadvertently mixed and matched. /// \sa CRYPTOPP_MAJOR, CRYPTOPP_MINOR, CRYPTOPP_REVISION, LibraryVersion(), HeaderVersion() /// \since Crypto++ 5.6 -#define CRYPTOPP_VERSION 840 +#define CRYPTOPP_VERSION 860 // Compiler version macros @@ -58,12 +58,8 @@ # define CRYPTOPP_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) #endif -#if defined(__xlc__) || defined(__xlC__) -# define CRYPTOPP_XLC_VERSION ((__xlC__ / 256) * 10000 + (__xlC__ % 256) * 100) -#endif - -// Apple and LLVM's Clang. Apple Clang version 7.0 roughly equals LLVM Clang version 3.7 -// Also see https://gist.github.com/yamaya/2924292 +// Apple and LLVM Clang versions. Apple Clang version 7.0 roughly equals +// LLVM Clang version 3.7. Also see https://gist.github.com/yamaya/2924292 #if defined(__clang__) && defined(__apple_build_version__) # undef CRYPTOPP_GCC_VERSION # define CRYPTOPP_APPLE_CLANG_VERSION (__clang_major__ * 10000 + __clang_minor__ * 100 + __clang_patchlevel__) @@ -72,7 +68,22 @@ # define CRYPTOPP_LLVM_CLANG_VERSION (__clang_major__ * 10000 + __clang_minor__ * 100 + __clang_patchlevel__) #endif +// Clang pretends to be other compilers. The compiler gets into +// code paths that it cannot compile. Unset Clang to save the grief. +// Also see http://github.com/weidai11/cryptopp/issues/147. + +#if defined(__xlc__) || defined(__xlC__) +# undef CRYPTOPP_LLVM_CLANG_VERSION +# define CRYPTOPP_XLC_VERSION ((__xlC__ / 256) * 10000 + (__xlC__ % 256) * 100) +#endif + +#ifdef __INTEL_COMPILER +# undef CRYPTOPP_LLVM_CLANG_VERSION +# define CRYPTOPP_INTEL_VERSION (__INTEL_COMPILER) +#endif + #ifdef _MSC_VER +# undef CRYPTOPP_LLVM_CLANG_VERSION # define CRYPTOPP_MSC_VERSION (_MSC_VER) #endif diff -Nru libcrypto++-8.4.0/cpu.cpp libcrypto++-8.6.0/cpu.cpp --- libcrypto++-8.4.0/cpu.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/cpu.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -20,6 +20,13 @@ # include #endif +// For IsProcessorFeaturePresent on Microsoft Arm64 platforms, +// https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-isprocessorfeaturepresent +#if defined(_WIN32) && defined(_M_ARM64) +# include +# include +#endif + #ifdef _AIX # include #endif @@ -48,6 +55,14 @@ #if defined(__APPLE__) # include +# include +#endif + +// FreeBSD headers are giving us trouble... +// https://github.com/weidai11/cryptopp/pull/1029 +#if defined(__FreeBSD__) +# include +# include #endif // The cpu-features header and source file are located in @@ -140,7 +155,7 @@ { public: enum { PowerMac=1, Mac, iPhone, iPod, iPad, AppleTV, AppleWatch }; - enum { PowerPC=1, I386, I686, X86_64, ARM32, ARMV8, ARMV84 }; + enum { PowerPC=1, I386, I686, X86_64, ARM32, ARMV8, ARMV82, ARMV83 }; AppleMachineInfo() : m_device(0), m_version(0), m_arch(0) { @@ -208,6 +223,38 @@ if (m_version >= 4) { m_arch = ARMV8; } else { m_arch = ARM32; } } + else if (machine.find("arm64") != std::string::npos) + { + // M1 machine? + std::string brand; + size_t size = 32; + + // Supply an oversized buffer, and avoid + // an extra call to sysctlbyname. + brand.resize(size); + if (sysctlbyname("machdep.cpu.brand_string", &brand[0], &size, NULL, 0) == 0 && size > 0) + { + if (brand[size-1] == '\0') + size--; + brand.resize(size); + } + + if (brand == "Apple M1") + { + m_device = Mac; + m_arch = ARMV82; + } + else + { + // ??? + m_device = 0; + m_arch = ARMV8; + } + } + else + { + CRYPTOPP_ASSERT(0); + } } unsigned int Device() const { @@ -227,11 +274,15 @@ } bool IsARMv8() const { - return m_arch == ARMV8; + return m_arch >= ARMV8; } - bool IsARMv84() const { - return m_arch == ARMV84; + bool IsARMv82() const { + return m_arch >= ARMV82; + } + + bool IsARMv83() const { + return m_arch >= ARMV83; } private: @@ -271,7 +322,29 @@ unsigned int unused; GetAppleMachineInfo(unused, unused, arch); } - return arch == AppleMachineInfo::ARMV8; + return arch >= AppleMachineInfo::ARMV8; +} + +inline bool IsAppleMachineARMv82() +{ + static unsigned int arch; + if (arch == 0) + { + unsigned int unused; + GetAppleMachineInfo(unused, unused, arch); + } + return arch >= AppleMachineInfo::ARMV82; +} + +inline bool IsAppleMachineARMv83() +{ + static unsigned int arch; + if (arch == 0) + { + unsigned int unused; + GetAppleMachineInfo(unused, unused, arch); + } + return arch >= AppleMachineInfo::ARMV83; } #endif // __APPLE__ @@ -509,7 +582,8 @@ // x86_64 machines don't check some flags because SSE2 // is part of the core instruction set architecture CRYPTOPP_UNUSED(MMX_FLAG); CRYPTOPP_UNUSED(SSE_FLAG); - CRYPTOPP_UNUSED(SSE3_FLAG); CRYPTOPP_UNUSED(XSAVE_FLAG); + CRYPTOPP_UNUSED(SSE2_FLAG); CRYPTOPP_UNUSED(SSE3_FLAG); + CRYPTOPP_UNUSED(XSAVE_FLAG); #if (CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64) // 64-bit core instruction set includes SSE2. Just check @@ -773,6 +847,9 @@ #elif defined(__APPLE__) && defined(__arm__) // Apple hardware is ARMv7 or above. return true; +#elif defined(_WIN32) && defined(_M_ARM64) + // Windows 10 ARM64 is only supported on Armv8a and above + return true; #endif return false; } @@ -798,7 +875,12 @@ return true; #elif defined(__APPLE__) && defined(__aarch64__) // Core feature set for Aarch32 and Aarch64. - return true; + if (IsAppleMachineARMv8()) + return true; +#elif defined(_WIN32) && defined(_M_ARM64) + // Windows 10 ARM64 is only supported on Armv8a and above + if (IsProcessorFeaturePresent(PF_ARM_V8_INSTRUCTIONS_AVAILABLE) != 0) + return true; #endif return false; } @@ -820,8 +902,12 @@ if ((getauxval(AT_HWCAP2) & HWCAP2_CRC32) != 0) return true; #elif defined(__APPLE__) && defined(__aarch64__) - // No compiler support. CRC intrinsics result in a failed compiled. - return false; + // M1 processor + if (IsAppleMachineARMv82()) + return true; +#elif defined(_WIN32) && defined(_M_ARM64) + if (IsProcessorFeaturePresent(PF_ARM_V8_CRC32_INSTRUCTIONS_AVAILABLE) != 0) + return true; #endif return false; } @@ -843,8 +929,12 @@ if ((getauxval(AT_HWCAP2) & HWCAP2_PMULL) != 0) return true; #elif defined(__APPLE__) && defined(__aarch64__) - // No compiler support. PMULL intrinsics result in a failed compiled. - return false; + // M1 processor + if (IsAppleMachineARMv82()) + return true; +#elif defined(_WIN32) && defined(_M_ARM64) + if (IsProcessorFeaturePresent(PF_ARM_V8_CRYPTO_INSTRUCTIONS_AVAILABLE) != 0) + return true; #endif return false; } @@ -866,7 +956,12 @@ if ((getauxval(AT_HWCAP2) & HWCAP2_AES) != 0) return true; #elif defined(__APPLE__) && defined(__aarch64__) - return IsAppleMachineARMv8(); + // M1 processor + if (IsAppleMachineARMv82()) + return true; +#elif defined(_WIN32) && defined(_M_ARM64) + if (IsProcessorFeaturePresent(PF_ARM_V8_CRYPTO_INSTRUCTIONS_AVAILABLE) != 0) + return true; #endif return false; } @@ -888,7 +983,12 @@ if ((getauxval(AT_HWCAP2) & HWCAP2_SHA1) != 0) return true; #elif defined(__APPLE__) && defined(__aarch64__) - return IsAppleMachineARMv8(); + // M1 processor + if (IsAppleMachineARMv82()) + return true; +#elif defined(_WIN32) && defined(_M_ARM64) + if (IsProcessorFeaturePresent(PF_ARM_V8_CRYPTO_INSTRUCTIONS_AVAILABLE) != 0) + return true; #endif return false; } @@ -910,60 +1010,81 @@ if ((getauxval(AT_HWCAP2) & HWCAP2_SHA2) != 0) return true; #elif defined(__APPLE__) && defined(__aarch64__) - return IsAppleMachineARMv8(); + // M1 processor + if (IsAppleMachineARMv82()) + return true; +#elif defined(_WIN32) && defined(_M_ARM64) + if (IsProcessorFeaturePresent(PF_ARM_V8_CRYPTO_INSTRUCTIONS_AVAILABLE) != 0) + return true; #endif return false; } -inline bool CPU_QuerySHA512() +// Some ARMv8.2 features are disabled at the moment +inline bool CPU_QuerySHA3() { -// Some ARMv8.4 features are disabled at the moment + // According to the ARM manual, SHA3 depends upon SHA1 and SHA2. + // If SHA1 and SHA2 are not present, then SHA3 and SHA512 are + // not present. Also see Arm A64 Instruction Set Architecture, + // https://developer.arm.com/documentation/ddi0596/2020-12/ + if (!g_hasSHA1 || !g_hasSHA2) { return false; } + #if defined(__ANDROID__) && defined(__aarch64__) && 0 if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM64) != 0) && - ((android_getCpuFeatures() & ANDROID_CPU_ARM64_FEATURE_SHA512) != 0)) + ((android_getCpuFeatures() & ANDROID_CPU_ARM64_FEATURE_SHA3) != 0)) return true; #elif defined(__ANDROID__) && defined(__aarch32__) && 0 if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM) != 0) && - ((android_getCpuFeatures() & ANDROID_CPU_ARM_FEATURE_SHA512) != 0)) + ((android_getCpuFeatures() & ANDROID_CPU_ARM_FEATURE_SHA3) != 0)) return true; #elif defined(__linux__) && defined(__aarch64__) - if ((getauxval(AT_HWCAP) & HWCAP_SHA512) != 0) + if ((getauxval(AT_HWCAP) & HWCAP_SHA3) != 0) return true; #elif defined(__linux__) && defined(__aarch32__) - if ((getauxval(AT_HWCAP2) & HWCAP2_SHA512) != 0) + if ((getauxval(AT_HWCAP2) & HWCAP2_SHA3) != 0) + return true; +#elif defined(__APPLE__) && defined(__aarch64__) + // M1 processor + if (IsAppleMachineARMv82()) return true; -#elif defined(__APPLE__) && defined(__aarch64__) && 0 - return false; #endif return false; } -inline bool CPU_QuerySHA3() +// Some ARMv8.2 features are disabled at the moment +inline bool CPU_QuerySHA512() { -// Some ARMv8.4 features are disabled at the moment + // According to the ARM manual, SHA512 depends upon SHA1 and SHA2. + // If SHA1 and SHA2 are not present, then SHA3 and SHA512 are + // not present. Also see Arm A64 Instruction Set Architecture, + // https://developer.arm.com/documentation/ddi0596/2020-12/ + if (!g_hasSHA1 || !g_hasSHA2) { return false; } + #if defined(__ANDROID__) && defined(__aarch64__) && 0 if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM64) != 0) && - ((android_getCpuFeatures() & ANDROID_CPU_ARM64_FEATURE_SHA3) != 0)) + ((android_getCpuFeatures() & ANDROID_CPU_ARM64_FEATURE_SHA512) != 0)) return true; #elif defined(__ANDROID__) && defined(__aarch32__) && 0 if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM) != 0) && - ((android_getCpuFeatures() & ANDROID_CPU_ARM_FEATURE_SHA3) != 0)) + ((android_getCpuFeatures() & ANDROID_CPU_ARM_FEATURE_SHA512) != 0)) return true; #elif defined(__linux__) && defined(__aarch64__) - if ((getauxval(AT_HWCAP) & HWCAP_SHA3) != 0) + if ((getauxval(AT_HWCAP) & HWCAP_SHA512) != 0) return true; #elif defined(__linux__) && defined(__aarch32__) - if ((getauxval(AT_HWCAP2) & HWCAP2_SHA3) != 0) + if ((getauxval(AT_HWCAP2) & HWCAP2_SHA512) != 0) + return true; +#elif defined(__APPLE__) && defined(__aarch64__) + // M1 processor + if (IsAppleMachineARMv82()) return true; -#elif defined(__APPLE__) && defined(__aarch64__) && 0 - return false; #endif return false; } +// Some ARMv8.2 features are disabled at the moment inline bool CPU_QuerySM3() { -// Some ARMv8.4 features are disabled at the moment #if defined(__ANDROID__) && defined(__aarch64__) && 0 if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM64) != 0) && ((android_getCpuFeatures() & ANDROID_CPU_ARM64_FEATURE_SM3) != 0)) @@ -979,14 +1100,14 @@ if ((getauxval(AT_HWCAP2) & HWCAP2_SM3) != 0) return true; #elif defined(__APPLE__) && defined(__aarch64__) && 0 - return false; + // No Apple support yet. #endif return false; } +// Some ARMv8.2 features are disabled at the moment inline bool CPU_QuerySM4() { -// Some ARMv8.4 features are disabled at the moment #if defined(__ANDROID__) && defined(__aarch64__) && 0 if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM64) != 0) && ((android_getCpuFeatures() & ANDROID_CPU_ARM64_FEATURE_SM4) != 0)) @@ -1002,7 +1123,7 @@ if ((getauxval(AT_HWCAP2) & HWCAP2_SM4) != 0) return true; #elif defined(__APPLE__) && defined(__aarch64__) && 0 - return false; + // No Apple support yet. #endif return false; } @@ -1094,6 +1215,11 @@ unsigned int unused, arch; GetAppleMachineInfo(unused, unused, arch); return arch == AppleMachineInfo::PowerMac; +#elif defined(__FreeBSD__) && defined(PPC_FEATURE_HAS_ALTIVEC) + unsigned long cpufeatures; + if (elf_aux_info(AT_HWCAP, &cpufeatures, sizeof(cpufeatures)) == 0) + if ((cpufeatures & PPC_FEATURE_HAS_ALTIVEC) != 0) + return true; #endif return false; } @@ -1107,6 +1233,11 @@ #elif defined(_AIX) if (__power_7_andup() != 0) return true; +#elif defined(__FreeBSD__) && defined(PPC_FEATURE_ARCH_2_06) + unsigned long cpufeatures; + if (elf_aux_info(AT_HWCAP, &cpufeatures, sizeof(cpufeatures)) == 0) + if ((cpufeatures & PPC_FEATURE_ARCH_2_06) != 0) + return true; #endif return false; } @@ -1120,6 +1251,11 @@ #elif defined(_AIX) if (__power_8_andup() != 0) return true; +#elif defined(__FreeBSD__) && defined(PPC_FEATURE2_ARCH_2_07) + unsigned long cpufeatures; + if (elf_aux_info(AT_HWCAP, &cpufeatures, sizeof(cpufeatures)) == 0) + if ((cpufeatures & PPC_FEATURE_ARCH_2_07) != 0) + return true; #endif return false; } @@ -1133,6 +1269,11 @@ #elif defined(_AIX) if (__power_9_andup() != 0) return true; +#elif defined(__FreeBSD__) && defined(PPC_FEATURE2_ARCH_3_00) + unsigned long cpufeatures; + if (elf_aux_info(AT_HWCAP, &cpufeatures, sizeof(cpufeatures)) == 0) + if ((cpufeatures & PPC_FEATURE_ARCH2_3_00) != 0) + return true; #endif return false; } @@ -1147,6 +1288,11 @@ #elif defined(_AIX) if (__power_8_andup() != 0) return true; +#elif defined(__FreeBSD__) && defined(PPC_FEATURE2_HAS_VEC_CRYPTO) + unsigned long cpufeatures; + if (elf_aux_info(AT_HWCAP2, &cpufeatures, sizeof(cpufeatures)) == 0) + if ((cpufeatures & PPC_FEATURE2_HAS_VEC_CRYPTO != 0) + return true; #endif return false; } @@ -1161,6 +1307,11 @@ #elif defined(_AIX) if (__power_8_andup() != 0) return true; +#elif defined(__FreeBSD__) && defined(PPC_FEATURE2_HAS_VEC_CRYPTO) + unsigned long cpufeatures; + if (elf_aux_info(AT_HWCAP2, &cpufeatures, sizeof(cpufeatures)) == 0) + if ((cpufeatures & PPC_FEATURE2_HAS_VEC_CRYPTO != 0) + return true; #endif return false; } @@ -1175,6 +1326,11 @@ #elif defined(_AIX) if (__power_8_andup() != 0) return true; +#elif defined(__FreeBSD__) && defined(PPC_FEATURE2_HAS_VEC_CRYPTO) + unsigned long cpufeatures; + if (elf_aux_info(AT_HWCAP2, &cpufeatures, sizeof(cpufeatures)) == 0) + if ((cpufeatures & PPC_FEATURE2_HAS_VEC_CRYPTO != 0) + return true; #endif return false; } @@ -1188,6 +1344,11 @@ #elif defined(_AIX) if (__power_8_andup() != 0) return true; +#elif defined(__FreeBSD__) && defined(PPC_FEATURE2_HAS_VEC_CRYPTO) + unsigned long cpufeatures; + if (elf_aux_info(AT_HWCAP2, &cpufeatures, sizeof(cpufeatures)) == 0) + if ((cpufeatures & PPC_FEATURE2_HAS_VEC_CRYPTO != 0) + return true; #endif return false; } @@ -1195,13 +1356,19 @@ // Power9 random number generator inline bool CPU_QueryDARN() { - // Power9 and ISA 3.0 provide DARN. + // Power9 and ISA 3.0 provide DARN. It looks like + // Glibc offers PPC_FEATURE2_DARN. #if defined(__linux__) && defined(PPC_FEATURE2_ARCH_3_00) if ((getauxval(AT_HWCAP2) & PPC_FEATURE2_ARCH_3_00) != 0) return true; #elif defined(_AIX) if (__power_9_andup() != 0) return true; +#elif defined(__FreeBSD__) && defined(PPC_FEATURE2_ARCH_3_00) + unsigned long cpufeatures; + if (elf_aux_info(AT_HWCAP2, &cpufeatures, sizeof(cpufeatures)) == 0) + if ((cpufeatures & PPC_FEATURE2_ARCH_3_00) != 0) + return true; #endif return false; } diff -Nru libcrypto++-8.4.0/cpu.h libcrypto++-8.6.0/cpu.h --- libcrypto++-8.4.0/cpu.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/cpu.h 2021-09-24 11:48:47.000000000 +0000 @@ -17,7 +17,7 @@ /// g_hasAES = CPU_QueryAES() || CPU_ProbeAES(); /// /// \details Generally speaking, CPU_Query() is in the source file cpu.cpp because it -/// does not require special architectural flags. CPU_Probe() is in a source file that recieves +/// does not require special architectural flags. CPU_Probe() is in a source file that receives /// architectural flags, like sse_simd.cpp, neon_simd.cpp and /// ppc_simd.cpp. For example, compiling neon_simd.cpp on an ARM64 machine will /// have -march=armv8-a applied during a compile to make the instruction set architecture @@ -469,30 +469,12 @@ inline bool HasNEON() { // ASIMD is a core feature on Aarch32 and Aarch64 like SSE2 is a core feature on x86_64 -#if defined(__aarch32__) || defined(__aarch64__) +#if defined(CRYPTOPP_ARM_ASIMD_AVAILABLE) return true; -#else +#elif defined(CRYPTOPP_ARM_NEON_AVAILABLE) if (!g_ArmDetectionDone) DetectArmFeatures(); return g_hasNEON; -#endif -} - -/// \brief Determine if an ARM processor provides Polynomial Multiplication -/// \return true if the hardware is capable of polynomial multiplications at runtime, -/// false otherwise. -/// \details The multiplication instructions are available under Aarch32 and Aarch64. -/// \details Runtime support requires compile time support. When compiling with GCC, -/// you may need to compile with -march=armv8-a+crypto; while Apple requires -/// -arch arm64. Also see ARM's __ARM_FEATURE_CRYPTO preprocessor macro. -/// \since Crypto++ 5.6.4 -/// \note This function is only available on Aarch32 and Aarch64 platforms -inline bool HasPMULL() -{ -#if defined(__aarch32__) || defined(__aarch64__) - if (!g_ArmDetectionDone) - DetectArmFeatures(); - return g_hasPMULL; #else return false; #endif @@ -510,7 +492,7 @@ /// \note This function is only available on Aarch32 and Aarch64 platforms inline bool HasCRC32() { -#if defined(__aarch32__) || defined(__aarch64__) +#if defined(CRYPTOPP_ARM_CRC32_AVAILABLE) if (!g_ArmDetectionDone) DetectArmFeatures(); return g_hasCRC32; @@ -530,7 +512,7 @@ /// \note This function is only available on Aarch32 and Aarch64 platforms inline bool HasAES() { -#if defined(__aarch32__) || defined(__aarch64__) +#if defined(CRYPTOPP_ARM_AES_AVAILABLE) if (!g_ArmDetectionDone) DetectArmFeatures(); return g_hasAES; @@ -539,6 +521,26 @@ #endif } +/// \brief Determine if an ARM processor provides Polynomial Multiplication +/// \return true if the hardware is capable of polynomial multiplications at runtime, +/// false otherwise. +/// \details The multiplication instructions are available under Aarch32 and Aarch64. +/// \details Runtime support requires compile time support. When compiling with GCC, +/// you may need to compile with -march=armv8-a+crypto; while Apple requires +/// -arch arm64. Also see ARM's __ARM_FEATURE_CRYPTO preprocessor macro. +/// \since Crypto++ 5.6.4 +/// \note This function is only available on Aarch32 and Aarch64 platforms +inline bool HasPMULL() +{ +#if defined(CRYPTOPP_ARM_PMULL_AVAILABLE) + if (!g_ArmDetectionDone) + DetectArmFeatures(); + return g_hasPMULL; +#else + return false; +#endif +} + /// \brief Determine if an ARM processor has SHA1 available /// \return true if the hardware is capable of SHA1 at runtime, false otherwise. /// \details SHA1 is part of the optional Crypto extensions on Aarch32 and Aarch64. They are @@ -550,7 +552,7 @@ /// \note This function is only available on Aarch32 and Aarch64 platforms inline bool HasSHA1() { -#if defined(__aarch32__) || defined(__aarch64__) +#if defined(CRYPTOPP_ARM_SHA1_AVAILABLE) if (!g_ArmDetectionDone) DetectArmFeatures(); return g_hasSHA1; @@ -570,7 +572,7 @@ /// \note This function is only available on Aarch32 and Aarch64 platforms inline bool HasSHA2() { -#if defined(__aarch32__) || defined(__aarch64__) +#if defined(CRYPTOPP_ARM_SHA2_AVAILABLE) if (!g_ArmDetectionDone) DetectArmFeatures(); return g_hasSHA2; @@ -579,41 +581,41 @@ #endif } -/// \brief Determine if an ARM processor has SHA512 available -/// \return true if the hardware is capable of SHA512 at runtime, false otherwise. -/// \details SHA512 is part of the ARMv8.4 Crypto extensions on Aarch32 and Aarch64. They +/// \brief Determine if an ARM processor has SHA3 available +/// \return true if the hardware is capable of SHA3 at runtime, false otherwise. +/// \details SHA3 is part of the ARMv8.2 Crypto extensions on Aarch32 and Aarch64. They /// are accessed using ARM C Language Extensions 2.0 (ACLE 2.0). /// \details Runtime support requires compile time support. When compiling with GCC, you -/// may need to compile with -march=armv8.4-a+crypto; while Apple requires +/// may need to compile with -march=armv8.2-a+crypto; while Apple requires /// -arch arm64. Also see ARM's __ARM_FEATURE_CRYPTO preprocessor macro. /// \since Crypto++ 8.0 /// \note This function is only available on Aarch32 and Aarch64 platforms -inline bool HasSHA512() +inline bool HasSHA3() { -#if defined(__aarch32__) || defined(__aarch64__) +#if defined(CRYPTOPP_ARM_SHA3_AVAILABLE) if (!g_ArmDetectionDone) DetectArmFeatures(); - return g_hasSHA512; + return g_hasSHA3; #else return false; #endif } -/// \brief Determine if an ARM processor has SHA3 available -/// \return true if the hardware is capable of SHA3 at runtime, false otherwise. -/// \details SHA3 is part of the ARMv8.4 Crypto extensions on Aarch32 and Aarch64. They +/// \brief Determine if an ARM processor has SHA512 available +/// \return true if the hardware is capable of SHA512 at runtime, false otherwise. +/// \details SHA512 is part of the ARMv8.2 Crypto extensions on Aarch32 and Aarch64. They /// are accessed using ARM C Language Extensions 2.0 (ACLE 2.0). /// \details Runtime support requires compile time support. When compiling with GCC, you -/// may need to compile with -march=armv8.4-a+crypto; while Apple requires +/// may need to compile with -march=armv8.2-a+crypto; while Apple requires /// -arch arm64. Also see ARM's __ARM_FEATURE_CRYPTO preprocessor macro. /// \since Crypto++ 8.0 /// \note This function is only available on Aarch32 and Aarch64 platforms -inline bool HasSHA3() +inline bool HasSHA512() { -#if defined(__aarch32__) || defined(__aarch64__) +#if defined(CRYPTOPP_ARM_SHA512_AVAILABLE) if (!g_ArmDetectionDone) DetectArmFeatures(); - return g_hasSHA3; + return g_hasSHA512; #else return false; #endif @@ -621,16 +623,16 @@ /// \brief Determine if an ARM processor has SM3 available /// \return true if the hardware is capable of SM3 at runtime, false otherwise. -/// \details SM3 is part of the ARMv8.4 Crypto extensions on Aarch32 and Aarch64. They +/// \details SM3 is part of the ARMv8.2 Crypto extensions on Aarch32 and Aarch64. They /// are accessed using ARM C Language Extensions 2.0 (ACLE 2.0). /// \details Runtime support requires compile time support. When compiling with GCC, you -/// may need to compile with -march=armv8.4-a+crypto; while Apple requires +/// may need to compile with -march=armv8.2-a+crypto; while Apple requires /// -arch arm64. Also see ARM's __ARM_FEATURE_CRYPTO preprocessor macro. /// \since Crypto++ 8.0 /// \note This function is only available on Aarch32 and Aarch64 platforms inline bool HasSM3() { -#if defined(__aarch32__) || defined(__aarch64__) +#if defined(CRYPTOPP_ARM_SM3_AVAILABLE) if (!g_ArmDetectionDone) DetectArmFeatures(); return g_hasSM3; @@ -641,16 +643,16 @@ /// \brief Determine if an ARM processor has SM4 available /// \return true if the hardware is capable of SM4 at runtime, false otherwise. -/// \details SM4 is part of the ARMv8.4 Crypto extensions on Aarch32 and Aarch64. They +/// \details SM4 is part of the ARMv8.2 Crypto extensions on Aarch32 and Aarch64. They /// are accessed using ARM C Language Extensions 2.0 (ACLE 2.0). /// \details Runtime support requires compile time support. When compiling with GCC, you -/// may need to compile with -march=armv8.4-a+crypto; while Apple requires +/// may need to compile with -march=armv8.2-a+crypto; while Apple requires /// -arch arm64. Also see ARM's __ARM_FEATURE_CRYPTO preprocessor macro. /// \since Crypto++ 8.0 /// \note This function is only available on Aarch32 and Aarch64 platforms inline bool HasSM4() { -#if defined(__aarch32__) || defined(__aarch64__) +#if defined(CRYPTOPP_ARM_SM4_AVAILABLE) if (!g_ArmDetectionDone) DetectArmFeatures(); return g_hasSM4; diff -Nru libcrypto++-8.4.0/crc_simd.cpp libcrypto++-8.6.0/crc_simd.cpp --- libcrypto++-8.4.0/crc_simd.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/crc_simd.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -14,15 +14,15 @@ # include #endif -#if (CRYPTOPP_ARM_NEON_HEADER) -# include -#endif - #if (CRYPTOPP_ARM_ACLE_HEADER) # include # include #endif +#if (CRYPTOPP_ARM_CRC32_AVAILABLE) +# include "arm_simd.h" +#endif + #ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY # include # include @@ -32,6 +32,8 @@ # define EXCEPTION_EXECUTE_HANDLER 1 #endif +#define CONST_WORD32_CAST(x) ((const word32 *)(void*)(x)) + // Squash MS LNK4221 and libtool warnings extern const char CRC_SIMD_FNAME[] = __FILE__; @@ -54,19 +56,17 @@ bool CPU_ProbeCRC32() { #if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) - return false; + return false; #elif (CRYPTOPP_ARM_CRC32_AVAILABLE) # if defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY) volatile bool result = true; __try { - word32 w=0, x=1; word16 y=2; byte z=3; - w = __crc32w(w,x); - w = __crc32h(w,y); - w = __crc32b(w,z); - w = __crc32cw(w,x); - w = __crc32ch(w,y); - w = __crc32cb(w,z); + word32 w=0, x=1; byte z=3; + w = CRC32W(w,x); + w = CRC32B(w,z); + w = CRC32CW(w,x); + w = CRC32CB(w,z); result = !!w; } @@ -96,13 +96,11 @@ result = false; else { - word32 w=0, x=1; word16 y=2; byte z=3; - w = __crc32w(w,x); - w = __crc32h(w,y); - w = __crc32b(w,z); - w = __crc32cw(w,x); - w = __crc32ch(w,y); - w = __crc32cb(w,z); + word32 w=0, x=1; byte z=3; + w = CRC32W(w,x); + w = CRC32B(w,z); + w = CRC32CW(w,x); + w = CRC32CB(w,z); // Hack... GCC optimizes away the code and returns true result = !!w; @@ -122,25 +120,31 @@ void CRC32_Update_ARMV8(const byte *s, size_t n, word32& c) { for(; !IsAligned(s) && n > 0; s++, n--) - c = __crc32b(c, *s); + c = CRC32B(c, *s); + + for(; n >= 16; s+=16, n-=16) + c = CRC32Wx4(c, CONST_WORD32_CAST(s)); - for(; n > 4; s+=4, n-=4) - c = __crc32w(c, *(const word32 *)(void*)s); + for(; n >= 4; s+=4, n-=4) + c = CRC32W(c, *CONST_WORD32_CAST(s)); for(; n > 0; s++, n--) - c = __crc32b(c, *s); + c = CRC32B(c, *s); } void CRC32C_Update_ARMV8(const byte *s, size_t n, word32& c) { for(; !IsAligned(s) && n > 0; s++, n--) - c = __crc32cb(c, *s); + c = CRC32CB(c, *s); - for(; n > 4; s+=4, n-=4) - c = __crc32cw(c, *(const word32 *)(void*)s); + for(; n >= 16; s+=16, n-=16) + c = CRC32CWx4(c, CONST_WORD32_CAST(s)); + + for(; n >= 4; s+=4, n-=4) + c = CRC32CW(c, *CONST_WORD32_CAST(s)); for(; n > 0; s++, n--) - c = __crc32cb(c, *s); + c = CRC32CB(c, *s); } #endif @@ -150,8 +154,15 @@ for(; !IsAligned(s) && n > 0; s++, n--) c = _mm_crc32_u8(c, *s); - for(; n > 4; s+=4, n-=4) - c = _mm_crc32_u32(c, *(const word32 *)(void*)s); + for(; n >= 16; s+=16, n-=16) + { + c = _mm_crc32_u32(_mm_crc32_u32(_mm_crc32_u32(_mm_crc32_u32(c, + *CONST_WORD32_CAST(s+ 0)), *CONST_WORD32_CAST(s+ 4)), + *CONST_WORD32_CAST(s+ 8)), *CONST_WORD32_CAST(s+12)); + } + + for(; n >= 4; s+=4, n-=4) + c = _mm_crc32_u32(c, *CONST_WORD32_CAST(s)); for(; n > 0; s++, n--) c = _mm_crc32_u8(c, *s); diff -Nru libcrypto++-8.4.0/cryptest.nmake libcrypto++-8.6.0/cryptest.nmake --- libcrypto++-8.4.0/cryptest.nmake 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/cryptest.nmake 2021-09-24 11:48:47.000000000 +0000 @@ -7,7 +7,7 @@ # apparent problems under Microsoft ARM and Metro UI apps. # The makefile is not intended for production use, though it may be used as a -# starting point. For example, you can add switches like /MT and /MTd for +# starting point. For example, you can add switches like /MD and /MDd for # dynamic runtime linking against the Microsoft C++ Runtime libraries. If you # are building for Windows Phone or Windows Store, then you probably want to # remove /D_MBCS. The resulting cryptlib.lib may be suitable as a starting @@ -28,7 +28,7 @@ # "make sources | fold -w73 -s". The list of LIB_OBJS and TEST_OBJS was # generated with "make sources | fold -w73 -s | sed 's|.cpp|.obj|g'". The # order of the first three object files are significant. See C++ Static -# Initialization Order Fisaco on the Crypto++ wiki for details. +# Initialization Order Fiasco on the Crypto++ wiki for details. # You are free to add and remove files to the list. For example, you can remove # rdrand.asm build it using NASM, and then include the NASM object file @@ -40,7 +40,7 @@ # - /DDEBUG /D_DEBUG /Oi /Oy- /Od # To test release builds, use the following CXXFLAGS: # - /DNDEBUG /D_NDEBUG /Oi /Oy /O2 -# To test with static C++ runtime linking, use the following CXXFLAGS (default below): +# To test with static C++ runtime linking, use the following CXXFLAGS: # - /MT (release) or /MTd (debug) # To test with dynamic C++ runtime linking, use the following CXXFLAGS: # - /MD (release) or /MDd (debug) @@ -57,65 +57,65 @@ LIB_SRCS = \ cryptlib.cpp cpu.cpp integer.cpp 3way.cpp adler32.cpp algebra.cpp \ - algparam.cpp allocate.cpp arc4.cpp aria.cpp aria_simd.cpp ariatab.cpp asn.cpp \ - authenc.cpp base32.cpp base64.cpp basecode.cpp bfinit.cpp blake2.cpp \ - blake2b_simd.cpp blake2s_simd.cpp blowfish.cpp blumshub.cpp camellia.cpp \ - cast.cpp casts.cpp cbcmac.cpp ccm.cpp chacha.cpp chacha_avx.cpp \ - chacha_simd.cpp chachapoly.cpp cham.cpp cham_simd.cpp channels.cpp \ - cmac.cpp crc.cpp crc_simd.cpp darn.cpp default.cpp des.cpp dessp.cpp \ - dh.cpp dh2.cpp dll.cpp donna_32.cpp donna_64.cpp donna_sse.cpp dsa.cpp \ - eax.cpp ec2n.cpp eccrypto.cpp ecp.cpp elgamal.cpp emsa2.cpp eprecomp.cpp \ - esign.cpp files.cpp filters.cpp fips140.cpp fipstest.cpp gcm.cpp \ - gcm_simd.cpp gf256.cpp gf2_32.cpp gf2n.cpp gf2n_simd.cpp gfpcrypt.cpp \ - gost.cpp gzip.cpp hc128.cpp hc256.cpp hex.cpp hight.cpp hmac.cpp \ - hrtimer.cpp ida.cpp idea.cpp iterhash.cpp kalyna.cpp kalynatab.cpp \ - keccak.cpp keccak_core.cpp keccak_simd.cpp lea.cpp lea_simd.cpp luc.cpp \ - mars.cpp marss.cpp md2.cpp md4.cpp md5.cpp misc.cpp modes.cpp mqueue.cpp \ - mqv.cpp nbtheory.cpp neon_simd.cpp oaep.cpp osrng.cpp padlkrng.cpp \ - panama.cpp pkcspad.cpp poly1305.cpp polynomi.cpp ppc_power7.cpp \ - ppc_power8.cpp ppc_power9.cpp ppc_simd.cpp pssr.cpp pubkey.cpp queue.cpp \ - rabbit.cpp rabin.cpp randpool.cpp rc2.cpp rc5.cpp rc6.cpp rdrand.cpp \ - rdtables.cpp rijndael.cpp rijndael_simd.cpp ripemd.cpp rng.cpp rsa.cpp \ - rw.cpp safer.cpp salsa.cpp scrypt.cpp seal.cpp seed.cpp serpent.cpp \ - sha.cpp sha3.cpp sha_simd.cpp shacal2.cpp shacal2_simd.cpp shake.cpp \ - shark.cpp sharkbox.cpp simeck.cpp simon.cpp \ - simon128_simd.cpp skipjack.cpp sm3.cpp sm4.cpp \ - sm4_simd.cpp sosemanuk.cpp speck.cpp speck128_simd.cpp \ - square.cpp squaretb.cpp sse_simd.cpp strciphr.cpp tea.cpp tftables.cpp \ - threefish.cpp tiger.cpp tigertab.cpp ttmac.cpp tweetnacl.cpp twofish.cpp \ - vmac.cpp wake.cpp whrlpool.cpp xed25519.cpp xtr.cpp xtrcrypt.cpp xts.cpp \ - zdeflate.cpp zinflate.cpp zlib.cpp + algparam.cpp allocate.cpp arc4.cpp aria.cpp aria_simd.cpp ariatab.cpp \ + asn.cpp authenc.cpp base32.cpp base64.cpp basecode.cpp bfinit.cpp \ + blake2.cpp blake2b_simd.cpp blake2s_simd.cpp blowfish.cpp blumshub.cpp \ + camellia.cpp cast.cpp casts.cpp cbcmac.cpp ccm.cpp chacha.cpp \ + chacha_avx.cpp chacha_simd.cpp chachapoly.cpp cham.cpp cham_simd.cpp \ + channels.cpp cmac.cpp crc.cpp crc_simd.cpp darn.cpp default.cpp des.cpp \ + dessp.cpp dh.cpp dh2.cpp dll.cpp donna_32.cpp donna_64.cpp donna_sse.cpp \ + dsa.cpp eax.cpp ec2n.cpp eccrypto.cpp ecp.cpp elgamal.cpp emsa2.cpp \ + eprecomp.cpp esign.cpp files.cpp filters.cpp fips140.cpp fipstest.cpp \ + gcm.cpp gcm_simd.cpp gf256.cpp gf2_32.cpp gf2n.cpp gf2n_simd.cpp \ + gfpcrypt.cpp gost.cpp gzip.cpp hc128.cpp hc256.cpp hex.cpp hight.cpp \ + hmac.cpp hrtimer.cpp ida.cpp idea.cpp iterhash.cpp kalyna.cpp \ + kalynatab.cpp keccak.cpp keccak_core.cpp keccak_simd.cpp lea.cpp \ + lea_simd.cpp lsh256.cpp lsh256_avx.cpp lsh256_sse.cpp lsh512.cpp \ + lsh512_avx.cpp lsh512_sse.cpp luc.cpp mars.cpp marss.cpp md2.cpp md4.cpp \ + md5.cpp misc.cpp modes.cpp mqueue.cpp mqv.cpp nbtheory.cpp oaep.cpp \ + osrng.cpp padlkrng.cpp panama.cpp pkcspad.cpp poly1305.cpp polynomi.cpp \ + pssr.cpp pubkey.cpp queue.cpp rabbit.cpp rabin.cpp randpool.cpp rc2.cpp \ + rc5.cpp rc6.cpp rdrand.cpp rdtables.cpp rijndael.cpp rijndael_simd.cpp \ + ripemd.cpp rng.cpp rsa.cpp rw.cpp safer.cpp salsa.cpp scrypt.cpp \ + seal.cpp seed.cpp serpent.cpp sha.cpp sha3.cpp sha_simd.cpp shacal2.cpp \ + shacal2_simd.cpp shake.cpp shark.cpp sharkbox.cpp simeck.cpp simon.cpp \ + simon128_simd.cpp skipjack.cpp sm3.cpp sm4.cpp sm4_simd.cpp \ + sosemanuk.cpp speck.cpp speck128_simd.cpp square.cpp squaretb.cpp \ + sse_simd.cpp strciphr.cpp tea.cpp tftables.cpp threefish.cpp tiger.cpp \ + tigertab.cpp ttmac.cpp tweetnacl.cpp twofish.cpp vmac.cpp wake.cpp \ + whrlpool.cpp xed25519.cpp xtr.cpp xtrcrypt.cpp xts.cpp zdeflate.cpp \ + zinflate.cpp zlib.cpp LIB_OBJS = \ cryptlib.obj cpu.obj integer.obj 3way.obj adler32.obj algebra.obj \ - algparam.obj allocate.obj arc4.obj aria.obj aria_simd.obj ariatab.obj asn.obj \ - authenc.obj base32.obj base64.obj basecode.obj bfinit.obj blake2.obj \ - blake2b_simd.obj blake2s_simd.obj blowfish.obj blumshub.obj camellia.obj \ - cast.obj casts.obj cbcmac.obj ccm.obj chacha.obj chacha_avx.obj \ - chacha_simd.obj chachapoly.obj cham.obj cham_simd.obj channels.obj \ - cmac.obj crc.obj crc_simd.obj darn.obj default.obj des.obj dessp.obj \ - dh.obj dh2.obj dll.obj donna_32.obj donna_64.obj donna_sse.obj dsa.obj \ - eax.obj ec2n.obj eccrypto.obj ecp.obj elgamal.obj emsa2.obj eprecomp.obj \ - esign.obj files.obj filters.obj fips140.obj fipstest.obj gcm.obj \ - gcm_simd.obj gf256.obj gf2_32.obj gf2n.obj gf2n_simd.obj gfpcrypt.obj \ - gost.obj gzip.obj hc128.obj hc256.obj hex.obj hight.obj hmac.obj \ - hrtimer.obj ida.obj idea.obj iterhash.obj kalyna.obj kalynatab.obj \ - keccak.obj keccak_core.obj keccak_simd.obj lea.obj lea_simd.obj luc.obj \ - mars.obj marss.obj md2.obj md4.obj md5.obj misc.obj modes.obj mqueue.obj \ - mqv.obj nbtheory.obj neon_simd.obj oaep.obj osrng.obj padlkrng.obj \ - panama.obj pkcspad.obj poly1305.obj polynomi.obj ppc_power7.obj \ - ppc_power8.obj ppc_power9.obj ppc_simd.obj pssr.obj pubkey.obj queue.obj \ - rabbit.obj rabin.obj randpool.obj rc2.obj rc5.obj rc6.obj rdrand.obj \ - rdtables.obj rijndael.obj rijndael_simd.obj ripemd.obj rng.obj rsa.obj \ - rw.obj safer.obj salsa.obj scrypt.obj seal.obj seed.obj serpent.obj \ - sha.obj sha3.obj sha_simd.obj shacal2.obj shacal2_simd.obj shake.obj \ - shark.obj sharkbox.obj simeck.obj simon.obj \ - simon128_simd.obj skipjack.obj sm3.obj sm4.obj \ - sm4_simd.obj sosemanuk.obj speck.obj speck128_simd.obj \ - square.obj squaretb.obj sse_simd.obj strciphr.obj tea.obj tftables.obj \ - threefish.obj tiger.obj tigertab.obj ttmac.obj tweetnacl.obj twofish.obj \ - vmac.obj wake.obj whrlpool.obj xed25519.obj xtr.obj xtrcrypt.obj xts.obj \ - zdeflate.obj zinflate.obj zlib.obj + algparam.obj allocate.obj arc4.obj aria.obj aria_simd.obj ariatab.obj \ + asn.obj authenc.obj base32.obj base64.obj basecode.obj bfinit.obj \ + blake2.obj blake2b_simd.obj blake2s_simd.obj blowfish.obj blumshub.obj \ + camellia.obj cast.obj casts.obj cbcmac.obj ccm.obj chacha.obj \ + chacha_avx.obj chacha_simd.obj chachapoly.obj cham.obj cham_simd.obj \ + channels.obj cmac.obj crc.obj crc_simd.obj darn.obj default.obj des.obj \ + dessp.obj dh.obj dh2.obj dll.obj donna_32.obj donna_64.obj donna_sse.obj \ + dsa.obj eax.obj ec2n.obj eccrypto.obj ecp.obj elgamal.obj emsa2.obj \ + eprecomp.obj esign.obj files.obj filters.obj fips140.obj fipstest.obj \ + gcm.obj gcm_simd.obj gf256.obj gf2_32.obj gf2n.obj gf2n_simd.obj \ + gfpcrypt.obj gost.obj gzip.obj hc128.obj hc256.obj hex.obj hight.obj \ + hmac.obj hrtimer.obj ida.obj idea.obj iterhash.obj kalyna.obj \ + kalynatab.obj keccak.obj keccak_core.obj keccak_simd.obj lea.obj \ + lea_simd.obj lsh256.obj lsh256_avx.obj lsh256_sse.obj lsh512.obj \ + lsh512_avx.obj lsh512_sse.obj luc.obj mars.obj marss.obj md2.obj md4.obj \ + md5.obj misc.obj modes.obj mqueue.obj mqv.obj nbtheory.obj oaep.obj \ + osrng.obj padlkrng.obj panama.obj pkcspad.obj poly1305.obj polynomi.obj \ + pssr.obj pubkey.obj queue.obj rabbit.obj rabin.obj randpool.obj rc2.obj \ + rc5.obj rc6.obj rdrand.obj rdtables.obj rijndael.obj rijndael_simd.obj \ + ripemd.obj rng.obj rsa.obj rw.obj safer.obj salsa.obj scrypt.obj \ + seal.obj seed.obj serpent.obj sha.obj sha3.obj sha_simd.obj shacal2.obj \ + shacal2_simd.obj shake.obj shark.obj sharkbox.obj simeck.obj simon.obj \ + simon128_simd.obj skipjack.obj sm3.obj sm4.obj sm4_simd.obj \ + sosemanuk.obj speck.obj speck128_simd.obj square.obj squaretb.obj \ + sse_simd.obj strciphr.obj tea.obj tftables.obj threefish.obj tiger.obj \ + tigertab.obj ttmac.obj tweetnacl.obj twofish.obj vmac.obj wake.obj \ + whrlpool.obj xed25519.obj xtr.obj xtrcrypt.obj xts.obj zdeflate.obj \ + zinflate.obj zlib.obj ASM_OBJS = \ rdrand-x86.obj rdrand-x64.obj rdseed-x86.obj rdseed-x64.obj x64masm.obj x64dll.obj @@ -308,13 +308,6 @@ x64dll.obj: x64dll.asm $(AS) $(ASFLAGS) /Fo x64dll.obj /c x64dll.asm -# You may need to delete this on early versions of Visual Studio. -# Down-level compilers will simply see chacha_avx.cpp as an empty file. -!IF "$(PLATFORM)" == "x64" || "$(PLATFORM)" == "X64" || "$(PLATFORM)" == "amd64" || "$(PLATFORM)" == "x86" || "$(PLATFORM)" == "X86" -chacha_avx.obj: - $(CXX) $(CXXFLAGS) /arch:AVX /c chacha_avx.cpp -!endif - # For testing cryptopp.dll and CRYPTOPP_IMPORTS #CXXFLAGS_IMPORTS = /wd4275 /wd4251 /DCRYPTOPP_IMPORTS #test.obj: diff -Nru libcrypto++-8.4.0/cryptlib.cpp libcrypto++-8.6.0/cryptlib.cpp --- libcrypto++-8.4.0/cryptlib.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/cryptlib.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -1018,7 +1018,7 @@ class NullNameValuePairs : public NameValuePairs { public: - NullNameValuePairs() {} // Clang complains a default ctor must be avilable + NullNameValuePairs() {} // Clang complains a default ctor must be available bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const {CRYPTOPP_UNUSED(name); CRYPTOPP_UNUSED(valueType); CRYPTOPP_UNUSED(pValue); return false;} }; diff -Nru libcrypto++-8.4.0/cryptlib.h libcrypto++-8.6.0/cryptlib.h --- libcrypto++-8.4.0/cryptlib.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/cryptlib.h 2021-09-24 11:48:47.000000000 +0000 @@ -3,7 +3,7 @@ /// \file cryptlib.h /// \brief Abstract base classes that provide a uniform interface to this library. -/*! \mainpage Crypto++ Library 8.4 API Reference +/*! \mainpage Crypto++ Library 8.6 API Reference
Abstract Base Classes
cryptlib.h @@ -1219,7 +1219,7 @@ /// \brief Computes the hash of the current message /// \param digest a pointer to the buffer to receive the hash /// \param digestSize the size of the truncated digest, in bytes - /// \details TruncatedFinal() call Final() and then copies digestSize bytes to digest. + /// \details TruncatedFinal() calls Final() and then copies digestSize bytes to digest. /// The hash is restarted the hash for the next message. /// \pre COUNTOF(digest) <= DigestSize() or COUNTOF(digest) <= HASH::DIGESTSIZE ensures /// the output byte buffer is a valid size. @@ -1340,7 +1340,7 @@ /// \return the maximum length of encrypted data virtual lword MaxMessageLength() const =0; - /// \brief Provides the the maximum length of AAD + /// \brief Provides the maximum length of AAD /// \return the maximum length of AAD that can be input after the encrypted data virtual lword MaxFooterLength() const {return 0;} @@ -1400,6 +1400,23 @@ /// Shoup's ECIES. virtual std::string AlgorithmName() const; + /// \brief Retrieve the provider of this algorithm + /// \return the algorithm provider + /// \details The algorithm provider can be a name like "C++", "SSE", "NEON", "AESNI", + /// "ARMv8" and "Power8". C++ is standard C++ code. Other labels, like SSE, + /// usually indicate a specialized implementation using instructions from a higher + /// instruction set architecture (ISA). Future labels may include external hardware + /// like a hardware security module (HSM). + /// \details Generally speaking Wei Dai's original IA-32 ASM code falls under "SSE2". + /// Labels like "SSSE3" and "SSE4.1" follow after Wei's code and use intrinsics + /// instead of ASM. + /// \details Algorithms which combine different instructions or ISAs provide the + /// dominant one. For example on x86 AES/GCM returns "AESNI" rather than + /// "CLMUL" or "AES+SSE4.1" or "AES+CLMUL" or "AES+SSE4.1+CLMUL". + /// \note Provider is not universally implemented yet. + /// \since Crypto++ 8.0 + virtual std::string AlgorithmProvider() const {return "C++";} + protected: const Algorithm & GetAlgorithm() const {return *static_cast(this);} @@ -2537,7 +2554,7 @@ /// \brief Interface for asymmetric algorithms /// \details BERDecode() and DEREncode() were removed under Issue 569 /// and Commit 9b174e84de7a. Programs should use AccessMaterial().Load(bt) -/// or AccessMaterial().Save(bt) instead. +/// or GetMaterial().Save(bt) instead. /// \sa Issue 569 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AsymmetricAlgorithm : public Algorithm { @@ -2725,7 +2742,7 @@ /// \param parameters a set of NameValuePairs to initialize this object /// \return the result of the decryption operation /// \details If DecodingResult::isValidCoding is true, then DecodingResult::messageLength - /// is valid and holds the the actual length of the plaintext recovered. The result is undefined + /// is valid and holds the actual length of the plaintext recovered. The result is undefined /// if decryption failed. If DecodingResult::isValidCoding is false, then DecodingResult::messageLength /// is undefined. /// \pre COUNTOF(plaintext) == MaxPlaintextLength(ciphertextLength) ensures the output @@ -2751,7 +2768,7 @@ /// \param parameters a set of NameValuePairs to initialize this object /// \return the result of the decryption operation /// \details If DecodingResult::isValidCoding is true, then DecodingResult::messageLength - /// is valid and holds the the actual length of the plaintext recovered. The result is undefined + /// is valid and holds the actual length of the plaintext recovered. The result is undefined /// if decryption failed. If DecodingResult::isValidCoding is false, then DecodingResult::messageLength /// is undefined. /// \pre COUNTOF(plaintext) == MaxPlaintextLength(ciphertextLength) ensures the output diff -Nru libcrypto++-8.4.0/cryptlib.vcxproj libcrypto++-8.6.0/cryptlib.vcxproj --- libcrypto++-8.4.0/cryptlib.vcxproj 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/cryptlib.vcxproj 2021-09-24 11:48:47.000000000 +0000 @@ -262,6 +262,12 @@ + + + + + + @@ -484,6 +490,7 @@ + diff -Nru libcrypto++-8.4.0/cryptlib.vcxproj.filters libcrypto++-8.6.0/cryptlib.vcxproj.filters --- libcrypto++-8.4.0/cryptlib.vcxproj.filters 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/cryptlib.vcxproj.filters 2021-09-24 11:48:47.000000000 +0000 @@ -272,6 +272,24 @@ Source Files + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + Source Files + Source Files @@ -801,6 +819,9 @@ Header Files + + Header Files + Header Files diff -Nru libcrypto++-8.4.0/cryptopp.rc libcrypto++-8.6.0/cryptopp.rc --- libcrypto++-8.4.0/cryptopp.rc 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/cryptopp.rc 2021-09-24 11:48:47.000000000 +0000 @@ -27,8 +27,8 @@ // VS_VERSION_INFO VERSIONINFO - FILEVERSION 8,4,0,0 - PRODUCTVERSION 8,4,0,0 + FILEVERSION 8,6,0,0 + PRODUCTVERSION 8,6,0,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -44,15 +44,15 @@ BLOCK "040904b0" BEGIN VALUE "Comments", "Free crypto library, more information available at www.cryptopp.com" - VALUE "CompanyName", "Wei Dai" + VALUE "CompanyName", "Crypto++® project" VALUE "FileDescription", "Crypto++® Library DLL" - VALUE "FileVersion", "8, 3, 0, 0" + VALUE "FileVersion", "8, 6, 0, 0" VALUE "InternalName", "cryptopp" - VALUE "LegalCopyright", "Copyright© 1995-2019 by Wei Dai" + VALUE "LegalCopyright", "Copyright© 1995-2021 by Wei Dai" VALUE "LegalTrademarks", "Crypto++®" VALUE "OriginalFilename", "cryptopp.dll" VALUE "ProductName", "Crypto++® Library" - VALUE "ProductVersion", "8, 3, 0, 0" + VALUE "ProductVersion", "8, 6, 0, 0" END END BLOCK "VarFileInfo" diff -Nru libcrypto++-8.4.0/darn.cpp libcrypto++-8.6.0/darn.cpp --- libcrypto++-8.4.0/darn.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/darn.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -15,7 +15,7 @@ // GCC inline assembly or the builtin will fail the compile. // Inline assembler available in GCC 3.2 or above. For practical -// purposes we check for GCC 4.0 or above. GCC imposters claim +// purposes we check for GCC 4.0 or above. GCC impostors claim // to be GCC 4.2.1 so it will capture them, too. We exclude the // Apple machines because they are not Power9 and use a slightly // different syntax in their assembler. diff -Nru libcrypto++-8.4.0/datatest.cpp libcrypto++-8.6.0/datatest.cpp --- libcrypto++-8.4.0/datatest.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/datatest.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -41,18 +41,57 @@ NAMESPACE_BEGIN(CryptoPP) NAMESPACE_BEGIN(Test) +ANONYMOUS_NAMESPACE_BEGIN + +bool s_thorough = false; typedef std::map TestData; -static bool s_thorough = false; +const TestData *s_currentTestData = NULLPTR; +const std::string testDataFilename = "cryptest.dat"; -class TestFailure : public Exception +// Handles CR, LF, and CRLF properly +// For istream.fail() see https://stackoverflow.com/q/34395801/608639. +bool Readline(std::istream& stream, std::string& line) { -public: - TestFailure() : Exception(OTHER_ERROR, "Validation test failed") {} -}; + // Ensure old data is cleared + line.clear(); + + std::string temp; + temp.reserve(64); + + while (!stream.fail()) + { + int ch = stream.get(); + if (ch == '\r') + { + int next = stream.peek(); + if (next == '\n') + (void)stream.get(); + + break; + } + else if (ch == '\n') + { + break; + } + + // Let string class manage its own capacity. + // The string will grow as needed. + temp.push_back(static_cast(ch)); + } -static const TestData *s_currentTestData = NULLPTR; +#if defined(CRYPTOPP_CXX11) + temp.shrink_to_fit(); +#else + // Non-binding shrink to fit + temp.reserve(0); +#endif -std::string TrimSpace(std::string str) + std::swap(line, temp); + + return !stream.fail(); +} + +std::string TrimSpace(const std::string& str) { if (str.empty()) return ""; @@ -68,7 +107,7 @@ return ""; } -std::string TrimComment(std::string str) +std::string TrimComment(const std::string& str) { if (str.empty()) return ""; @@ -80,7 +119,13 @@ return TrimSpace(str); } -static void OutputTestData(const TestData &v) +class TestFailure : public Exception +{ +public: + TestFailure() : Exception(OTHER_ERROR, "Validation test failed") {} +}; + +void OutputTestData(const TestData &v) { std::cerr << "\n"; for (TestData::const_iterator i = v.begin(); i != v.end(); ++i) @@ -89,19 +134,19 @@ } } -static void SignalTestFailure() +void SignalTestFailure() { OutputTestData(*s_currentTestData); throw TestFailure(); } -static void SignalUnknownAlgorithmError(const std::string& algType) +void SignalUnknownAlgorithmError(const std::string& algType) { OutputTestData(*s_currentTestData); throw Exception(Exception::OTHER_ERROR, "Unknown algorithm " + algType + " during validation test"); } -static void SignalTestError(const char* msg = NULLPTR) +void SignalTestError(const char* msg = NULLPTR) { OutputTestData(*s_currentTestData); @@ -147,18 +192,18 @@ while (!s1.empty()) { - while (s1[0] == ' ') - { - s1 = s1.substr(1); - if (s1.empty()) - goto end; // avoid invalid read if s1 is empty - } + std::string::size_type pos = s1.find_first_not_of(" "); + if (pos != std::string::npos) + s1.erase(0, pos); + + if (s1.empty()) + goto end; int repeat = 1; if (s1[0] == 'r') { s1 = s1.erase(0, 1); - repeat = ::atoi(s1.c_str()); + repeat = std::atoi(s1.c_str()); s1 = s1.substr(s1.find(' ')+1); } @@ -196,15 +241,15 @@ } else if (s1.substr(0, 2) == "0x") { - std::string::size_type pos = s1.find(' '); - StringSource(s1.substr(2, pos), true, new HexDecoder(new StringSink(s2))); - s1 = s1.substr(STDMIN(pos, s1.length())); + std::string::size_type n = s1.find(' '); + StringSource(s1.substr(2, n), true, new HexDecoder(new StringSink(s2))); + s1 = s1.substr(STDMIN(n, s1.length())); } else { - std::string::size_type pos = s1.find(' '); - StringSource(s1.substr(0, pos), true, new HexDecoder(new StringSink(s2))); - s1 = s1.substr(STDMIN(pos, s1.length())); + std::string::size_type n = s1.find(' '); + StringSource(s1.substr(0, n), true, new HexDecoder(new StringSink(s2))); + s1 = s1.substr(STDMIN(n, s1.length())); } while (repeat--) @@ -294,8 +339,10 @@ mutable std::string m_temp; }; -void TestKeyPairValidAndConsistent(CryptoMaterial &pub, const CryptoMaterial &priv) +void TestKeyPairValidAndConsistent(CryptoMaterial &pub, const CryptoMaterial &priv, unsigned int &totalTests) { + totalTests++; + if (!pub.Validate(Test::GlobalRNG(), 2U+!!s_thorough)) SignalTestFailure(); if (!priv.Validate(Test::GlobalRNG(), 2U+!!s_thorough)) @@ -309,24 +356,34 @@ SignalTestFailure(); } -void TestSignatureScheme(TestData &v) +void TestSignatureScheme(TestData &v, unsigned int &totalTests) { std::string name = GetRequiredDatum(v, "Name"); std::string test = GetRequiredDatum(v, "Test"); - member_ptr signer(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); - member_ptr verifier(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); + static member_ptr signer; + static member_ptr verifier; + static std::string lastName; + + if (name != lastName) + { + signer.reset(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); + verifier.reset(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); + lastName = name; - // Code coverage - (void)signer->AlgorithmName(); - (void)verifier->AlgorithmName(); - (void)signer->AlgorithmProvider(); - (void)verifier->AlgorithmProvider(); + // Code coverage + (void)signer->AlgorithmName(); + (void)verifier->AlgorithmName(); + (void)signer->AlgorithmProvider(); + (void)verifier->AlgorithmProvider(); + } TestDataNameValuePairs pairs(v); if (test == "GenerateKey") { + totalTests++; + signer->AccessPrivateKey().GenerateRandom(Test::GlobalRNG(), pairs); verifier->AccessPublicKey().AssignFrom(signer->AccessPrivateKey()); } @@ -334,6 +391,7 @@ { std::string keyFormat = GetRequiredDatum(v, "KeyFormat"); + totalTests++; // key format if (keyFormat == "DER") verifier->AccessMaterial().Load(StringStore(GetDecodedDatum(v, "PublicKey")).Ref()); else if (keyFormat == "Component") @@ -341,6 +399,8 @@ if (test == "Verify" || test == "NotVerify") { + totalTests++; + SignatureVerificationFilter verifierFilter(*verifier, NULLPTR, SignatureVerificationFilter::SIGNATURE_AT_BEGIN); PutDecodedDatumInto(v, "Signature", verifierFilter); PutDecodedDatumInto(v, "Message", verifierFilter); @@ -351,11 +411,14 @@ } else if (test == "PublicKeyValid") { + totalTests++; + if (!verifier->GetMaterial().Validate(Test::GlobalRNG(), 3)) SignalTestFailure(); return; } + totalTests++; // key format if (keyFormat == "DER") signer->AccessMaterial().Load(StringStore(GetDecodedDatum(v, "PrivateKey")).Ref()); else if (keyFormat == "Component") @@ -364,7 +427,9 @@ if (test == "GenerateKey" || test == "KeyPairValidAndConsistent") { - TestKeyPairValidAndConsistent(verifier->AccessMaterial(), signer->GetMaterial()); + totalTests++; + + TestKeyPairValidAndConsistent(verifier->AccessMaterial(), signer->GetMaterial(),totalTests); SignatureVerificationFilter verifierFilter(*verifier, NULLPTR, SignatureVerificationFilter::THROW_EXCEPTION); const byte msg[3] = {'a', 'b', 'c'}; verifierFilter.Put(msg, sizeof(msg)); @@ -372,12 +437,16 @@ } else if (test == "Sign") { + totalTests++; + SignerFilter f(Test::GlobalRNG(), *signer, new HexEncoder(new FileSink(std::cout))); StringSource ss(GetDecodedDatum(v, "Message"), true, new Redirector(f)); SignalTestFailure(); } else if (test == "DeterministicSign") { + totalTests++; + // This test is specialized for RFC 6979. The RFC is a drop-in replacement // for DSA and ECDSA, and access to the seed or secret is not needed. If // additional deterministic signatures are added, then the test harness will @@ -388,8 +457,6 @@ if (GetDecodedDatum(v, "Signature") != signature) SignalTestFailure(); - - return; } else { @@ -399,29 +466,110 @@ } } -void TestAsymmetricCipher(TestData &v) +// Subset of TestSignatureScheme. We picked the tests that have data that is easy to write to a file. +// Also see https://github.com/weidai11/cryptopp/issues/1010, where HIGHT broke when using FileSource. +void TestSignatureSchemeWithFileSource(TestData &v, unsigned int &totalTests) { std::string name = GetRequiredDatum(v, "Name"); std::string test = GetRequiredDatum(v, "Test"); - member_ptr encryptor(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); - member_ptr decryptor(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); + if (test != "Sign" && test != "DeterministicSign") { return; } + + static member_ptr signer; + static member_ptr verifier; + static std::string lastName; + + if (name != lastName) + { + signer.reset(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); + verifier.reset(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); + name = lastName; - // Code coverage - (void)encryptor->AlgorithmName(); - (void)decryptor->AlgorithmName(); - (void)encryptor->AlgorithmProvider(); - (void)decryptor->AlgorithmProvider(); + // Code coverage + (void)signer->AlgorithmName(); + (void)verifier->AlgorithmName(); + (void)signer->AlgorithmProvider(); + (void)verifier->AlgorithmProvider(); + } + + TestDataNameValuePairs pairs(v); std::string keyFormat = GetRequiredDatum(v, "KeyFormat"); + totalTests++; // key format + if (keyFormat == "DER") + verifier->AccessMaterial().Load(StringStore(GetDecodedDatum(v, "PublicKey")).Ref()); + else if (keyFormat == "Component") + verifier->AccessMaterial().AssignFrom(pairs); + + totalTests++; // key format if (keyFormat == "DER") + signer->AccessMaterial().Load(StringStore(GetDecodedDatum(v, "PrivateKey")).Ref()); + else if (keyFormat == "Component") + signer->AccessMaterial().AssignFrom(pairs); + + if (test == "Sign") + { + totalTests++; + + SignerFilter f(Test::GlobalRNG(), *signer, new HexEncoder(new FileSink(std::cout))); + StringSource ss(GetDecodedDatum(v, "Message"), true, new FileSink(testDataFilename.c_str())); + FileSource fs(testDataFilename.c_str(), true, new Redirector(f)); + SignalTestFailure(); + } + else if (test == "DeterministicSign") { + totalTests++; + + // This test is specialized for RFC 6979. The RFC is a drop-in replacement + // for DSA and ECDSA, and access to the seed or secret is not needed. If + // additional deterministic signatures are added, then the test harness will + // likely need to be extended. + std::string signature; + SignerFilter f(Test::GlobalRNG(), *signer, new StringSink(signature)); + StringSource ss(GetDecodedDatum(v, "Message"), true, new FileSink(testDataFilename.c_str())); + FileSource fs(testDataFilename.c_str(), true, new Redirector(f)); + + if (GetDecodedDatum(v, "Signature") != signature) + SignalTestFailure(); + } +} + +void TestAsymmetricCipher(TestData &v, unsigned int &totalTests) +{ + std::string name = GetRequiredDatum(v, "Name"); + std::string test = GetRequiredDatum(v, "Test"); + + static member_ptr encryptor; + static member_ptr decryptor; + static std::string lastName; + + if (name != lastName) + { + encryptor.reset(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); + decryptor.reset(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); + lastName = name; + + // Code coverage + (void)encryptor->AlgorithmName(); + (void)decryptor->AlgorithmName(); + (void)encryptor->AlgorithmProvider(); + (void)decryptor->AlgorithmProvider(); + } + + std::string keyFormat = GetRequiredDatum(v, "KeyFormat"); + + if (keyFormat == "DER") + { + totalTests++; + decryptor->AccessMaterial().Load(StringStore(GetDecodedDatum(v, "PrivateKey")).Ref()); encryptor->AccessMaterial().Load(StringStore(GetDecodedDatum(v, "PublicKey")).Ref()); } else if (keyFormat == "Component") { + totalTests++; + TestDataNameValuePairs pairs(v); decryptor->AccessMaterial().AssignFrom(pairs); encryptor->AccessMaterial().AssignFrom(pairs); @@ -429,6 +577,8 @@ if (test == "DecryptMatch") { + totalTests++; + std::string decrypted, expected = GetDecodedDatum(v, "Plaintext"); StringSource ss(GetDecodedDatum(v, "Ciphertext"), true, new PK_DecryptorFilter(Test::GlobalRNG(), *decryptor, new StringSink(decrypted))); if (decrypted != expected) @@ -436,7 +586,9 @@ } else if (test == "KeyPairValidAndConsistent") { - TestKeyPairValidAndConsistent(encryptor->AccessMaterial(), decryptor->GetMaterial()); + totalTests++; + + TestKeyPairValidAndConsistent(encryptor->AccessMaterial(), decryptor->GetMaterial(), totalTests); } else { @@ -446,7 +598,7 @@ } } -void TestSymmetricCipher(TestData &v, const NameValuePairs &overrideParameters) +void TestSymmetricCipher(TestData &v, const NameValuePairs &overrideParameters, unsigned int &totalTests) { std::string name = GetRequiredDatum(v, "Name"); std::string test = GetRequiredDatum(v, "Test"); @@ -462,6 +614,8 @@ static member_ptr encryptor, decryptor; static std::string lastName; + totalTests++; + if (name != lastName) { encryptor.reset(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); @@ -473,6 +627,8 @@ (void)decryptor->AlgorithmName(); (void)encryptor->AlgorithmProvider(); (void)decryptor->AlgorithmProvider(); + (void)encryptor->IsRandomAccess(); + (void)decryptor->IsRandomAccess(); (void)encryptor->MinKeyLength(); (void)decryptor->MinKeyLength(); (void)encryptor->MaxKeyLength(); @@ -481,12 +637,6 @@ (void)decryptor->DefaultKeyLength(); } - // Most block ciphers don't specify BlockPaddingScheme. Kalyna uses it in test vectors. - // 0 is NoPadding, 1 is ZerosPadding, 2 is PkcsPadding, 3 is OneAndZerosPadding, etc - // Note: The machinery is wired such that paddingScheme is effectively latched. An - // old paddingScheme may be unintentionally used in a subsequent test. - int paddingScheme = pairs.GetIntValueWithDefault(Name::BlockPaddingScheme(), 0); - ConstByteArrayParameter iv; if (pairs.GetValue(Name::IV(), iv) && iv.size() != encryptor->IVSize()) SignalTestFailure(); @@ -518,18 +668,12 @@ } } - // If a per-test vector parameter was set for a test, like BlockPadding, - // BlockSize or Tweak, then it becomes latched in testDataPairs. The old - // value is used in subsequent tests, and it could cause a self test - // failure in the next test. The behavior surfaced under Kalyna and - // Threefish. The Kalyna test vectors use NO_PADDING for all tests excpet - // one. For Threefish, using (and not using) a Tweak caused problems as - // we marched through test vectors. For BlockPadding, BlockSize or Tweak, - // unlatch them now, after the key has been set and NameValuePairs have - // been processed. Also note we only unlatch from testDataPairs. If - // overrideParameters are specified, the caller is responsible for - // managing the parameter. - v.erase("Tweak"); v.erase("InitialBlock"); v.erase("BlockSize"); v.erase("BlockPaddingScheme"); + // Most block ciphers don't specify BlockPaddingScheme. Kalyna uses it + // in test vectors. 0 is NoPadding, 1 is ZerosPadding, 2 is PkcsPadding, + // 3 is OneAndZerosPadding, etc. Note: The machinery is wired such that + // paddingScheme is effectively latched. An old paddingScheme may be + // unintentionally used in a subsequent test. + int paddingScheme = pairs.GetIntValueWithDefault(Name::BlockPaddingScheme(), 0); std::string encrypted, xorDigest, ciphertext, ciphertextXorDigest; if (test == "EncryptionMCT" || test == "DecryptionMCT") @@ -563,8 +707,8 @@ if (encrypted != ciphertext) { std::cout << "\nincorrectly encrypted: "; - StringSource xx(encrypted, false, new HexEncoder(new FileSink(std::cout))); - xx.Pump(256); xx.Flush(false); + StringSource ss(encrypted, false, new HexEncoder(new FileSink(std::cout))); + ss.Pump(256); ss.Flush(false); std::cout << "\n"; SignalTestFailure(); } @@ -572,7 +716,7 @@ } StreamTransformationFilter encFilter(*encryptor, new StringSink(encrypted), - static_cast(paddingScheme)); + static_cast(paddingScheme)); StringStore pstore(plaintext); RandomizedTransfer(pstore, encFilter, true); @@ -592,15 +736,15 @@ if (test != "EncryptXorDigest" ? encrypted != ciphertext : xorDigest != ciphertextXorDigest) { std::cout << "\nincorrectly encrypted: "; - StringSource xx(encrypted, false, new HexEncoder(new FileSink(std::cout))); - xx.Pump(2048); xx.Flush(false); + StringSource ss(encrypted, false, new HexEncoder(new FileSink(std::cout))); + ss.Pump(2048); ss.Flush(false); std::cout << "\n"; SignalTestFailure(); } std::string decrypted; StreamTransformationFilter decFilter(*decryptor, new StringSink(decrypted), - static_cast(paddingScheme)); + static_cast(paddingScheme)); StringStore cstore(encrypted); RandomizedTransfer(cstore, decFilter, true); @@ -609,8 +753,8 @@ if (decrypted != plaintext) { std::cout << "\nincorrectly decrypted: "; - StringSource xx(decrypted, false, new HexEncoder(new FileSink(std::cout))); - xx.Pump(256); xx.Flush(false); + StringSource ss(decrypted, false, new HexEncoder(new FileSink(std::cout))); + ss.Pump(256); ss.Flush(false); std::cout << "\n"; SignalTestFailure(); } @@ -622,7 +766,115 @@ } } -void TestAuthenticatedSymmetricCipher(TestData &v, const NameValuePairs &overrideParameters) +// Subset of TestSymmetricCipher. We picked the tests that have data that is easy to write to a file. +// Also see https://github.com/weidai11/cryptopp/issues/1010, where HIGHT broke when using FileSource. +void TestSymmetricCipherWithFileSource(TestData &v, const NameValuePairs &overrideParameters, unsigned int &totalTests) +{ + std::string name = GetRequiredDatum(v, "Name"); + std::string test = GetRequiredDatum(v, "Test"); + + // Limit FileSource tests to Encrypt only. + if (test != "Encrypt") { return; } + + totalTests++; + + std::string key = GetDecodedDatum(v, "Key"); + std::string plaintext = GetDecodedDatum(v, "Plaintext"); + + TestDataNameValuePairs testDataPairs(v); + CombinedNameValuePairs pairs(overrideParameters, testDataPairs); + + static member_ptr encryptor, decryptor; + static std::string lastName; + + if (name != lastName) + { + encryptor.reset(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); + decryptor.reset(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); + lastName = name; + + // Code coverage + (void)encryptor->AlgorithmName(); + (void)decryptor->AlgorithmName(); + (void)encryptor->AlgorithmProvider(); + (void)decryptor->AlgorithmProvider(); + (void)encryptor->MinKeyLength(); + (void)decryptor->MinKeyLength(); + (void)encryptor->MaxKeyLength(); + (void)decryptor->MaxKeyLength(); + (void)encryptor->DefaultKeyLength(); + (void)decryptor->DefaultKeyLength(); + } + + ConstByteArrayParameter iv; + if (pairs.GetValue(Name::IV(), iv) && iv.size() != encryptor->IVSize()) + SignalTestFailure(); + + encryptor->SetKey(ConstBytePtr(key), BytePtrSize(key), pairs); + decryptor->SetKey(ConstBytePtr(key), BytePtrSize(key), pairs); + + word64 seek64 = pairs.GetWord64ValueWithDefault("Seek64", 0); + if (seek64) + { + encryptor->Seek(seek64); + decryptor->Seek(seek64); + } + else + { + int seek = pairs.GetIntValueWithDefault("Seek", 0); + if (seek) + { + encryptor->Seek(seek); + decryptor->Seek(seek); + } + } + + // Most block ciphers don't specify BlockPaddingScheme. Kalyna uses it + // in test vectors. 0 is NoPadding, 1 is ZerosPadding, 2 is PkcsPadding, + // 3 is OneAndZerosPadding, etc. Note: The machinery is wired such that + // paddingScheme is effectively latched. An old paddingScheme may be + // unintentionally used in a subsequent test. + int paddingScheme = pairs.GetIntValueWithDefault(Name::BlockPaddingScheme(), 0); + + std::string encrypted, ciphertext; + StreamTransformationFilter encFilter(*encryptor, new StringSink(encrypted), + static_cast(paddingScheme)); + + StringSource ss(plaintext, true, new FileSink(testDataFilename.c_str())); + FileSource pstore(testDataFilename.c_str(), true); + RandomizedTransfer(pstore, encFilter, true); + encFilter.MessageEnd(); + + ciphertext = GetDecodedDatum(v, "Ciphertext"); + + if (encrypted != ciphertext) + { + std::cout << "\nincorrectly encrypted: "; + StringSource sss(encrypted, false, new HexEncoder(new FileSink(std::cout))); + sss.Pump(2048); sss.Flush(false); + std::cout << "\n"; + SignalTestFailure(); + } + + std::string decrypted; + StreamTransformationFilter decFilter(*decryptor, new StringSink(decrypted), + static_cast(paddingScheme)); + + StringStore cstore(encrypted); + RandomizedTransfer(cstore, decFilter, true); + decFilter.MessageEnd(); + + if (decrypted != plaintext) + { + std::cout << "\nincorrectly decrypted: "; + StringSource sss(decrypted, false, new HexEncoder(new FileSink(std::cout))); + sss.Pump(256); sss.Flush(false); + std::cout << "\n"; + SignalTestFailure(); + } +} + +void TestAuthenticatedSymmetricCipher(TestData &v, const NameValuePairs &overrideParameters, unsigned int &totalTests) { std::string type = GetRequiredDatum(v, "AlgorithmType"); std::string name = GetRequiredDatum(v, "Name"); @@ -640,16 +892,46 @@ if (test == "Encrypt" || test == "EncryptXorDigest" || test == "NotVerify") { - member_ptr encryptor, decryptor; - encryptor.reset(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); - decryptor.reset(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); + totalTests++; + + static member_ptr encryptor; + static member_ptr decryptor; + static std::string lastName; + + if (name != lastName) + { + encryptor.reset(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); + decryptor.reset(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); + name = lastName; + + // Code coverage + (void)encryptor->AlgorithmName(); + (void)decryptor->AlgorithmName(); + (void)encryptor->AlgorithmProvider(); + (void)decryptor->AlgorithmProvider(); + (void)encryptor->MinKeyLength(); + (void)decryptor->MinKeyLength(); + (void)encryptor->MaxKeyLength(); + (void)decryptor->MaxKeyLength(); + (void)encryptor->DefaultKeyLength(); + (void)decryptor->DefaultKeyLength(); + (void)encryptor->IsRandomAccess(); + (void)decryptor->IsRandomAccess(); + (void)encryptor->IsSelfInverting(); + (void)decryptor->IsSelfInverting(); + (void)encryptor->MaxHeaderLength(); + (void)decryptor->MaxHeaderLength(); + (void)encryptor->MaxMessageLength(); + (void)decryptor->MaxMessageLength(); + (void)encryptor->MaxFooterLength(); + (void)decryptor->MaxFooterLength(); + (void)encryptor->NeedsPrespecifiedDataLengths(); + (void)decryptor->NeedsPrespecifiedDataLengths(); + } + encryptor->SetKey(ConstBytePtr(key), BytePtrSize(key), pairs); decryptor->SetKey(ConstBytePtr(key), BytePtrSize(key), pairs); - // Code coverage - (void)encryptor->AlgorithmName(); - (void)decryptor->AlgorithmName(); - std::string encrypted, decrypted; AuthenticatedEncryptionFilter ef(*encryptor, new StringSink(encrypted)); bool macAtBegin = !mac.empty() && !Test::GlobalRNG().GenerateBit(); // test both ways randomly @@ -680,16 +962,16 @@ if (test == "Encrypt" && encrypted != ciphertext+mac) { std::cout << "\nincorrectly encrypted: "; - StringSource xx(encrypted, false, new HexEncoder(new FileSink(std::cout))); - xx.Pump(2048); xx.Flush(false); + StringSource ss(encrypted, false, new HexEncoder(new FileSink(std::cout))); + ss.Pump(2048); ss.Flush(false); std::cout << "\n"; SignalTestFailure(); } if (test == "Encrypt" && decrypted != plaintext) { std::cout << "\nincorrectly decrypted: "; - StringSource xx(decrypted, false, new HexEncoder(new FileSink(std::cout))); - xx.Pump(256); xx.Flush(false); + StringSource ss(decrypted, false, new HexEncoder(new FileSink(std::cout))); + ss.Pump(256); ss.Flush(false); std::cout << "\n"; SignalTestFailure(); } @@ -712,7 +994,7 @@ } } -void TestDigestOrMAC(TestData &v, bool testDigest) +void TestDigestOrMAC(TestData &v, bool testDigest, unsigned int &totalTests) { std::string name = GetRequiredDatum(v, "Name"); std::string test = GetRequiredDatum(v, "Test"); @@ -732,6 +1014,9 @@ // Code coverage (void)hash->AlgorithmName(); (void)hash->AlgorithmProvider(); + (void)hash->TagSize(); + (void)hash->DigestSize(); + (void)hash->Restart(); } else { @@ -743,10 +1028,18 @@ // Code coverage (void)mac->AlgorithmName(); (void)mac->AlgorithmProvider(); + (void)mac->TagSize(); + (void)mac->DigestSize(); + (void)mac->Restart(); + (void)mac->MinKeyLength(); + (void)mac->MaxKeyLength(); + (void)mac->DefaultKeyLength(); } if (test == "Verify" || test == "VerifyTruncated" || test == "NotVerify") { + totalTests++; + int digestSize = -1; if (test == "VerifyTruncated") digestSize = pairs.GetIntValueWithDefault(Name::DigestSize(), digestSize); @@ -764,21 +1057,34 @@ } } -void TestKeyDerivationFunction(TestData &v) +void TestKeyDerivationFunction(TestData &v, unsigned int &totalTests) { + totalTests++; + std::string name = GetRequiredDatum(v, "Name"); std::string test = GetRequiredDatum(v, "Test"); if(test == "Skip") return; - CRYPTOPP_ASSERT(test == "Verify"); std::string secret = GetDecodedDatum(v, "Secret"); std::string expected = GetDecodedDatum(v, "DerivedKey"); TestDataNameValuePairs pairs(v); - member_ptr kdf; - kdf.reset(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); + static member_ptr kdf; + static std::string lastName; + + if (name != lastName) + { + kdf.reset(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); + name = lastName; + + // Code coverage + (void)kdf->AlgorithmName(); + (void)kdf->AlgorithmProvider(); + (void)kdf->MinDerivedKeyLength(); + (void)kdf->MaxDerivedKeyLength(); + } std::string calculated; calculated.resize(expected.size()); kdf->DeriveKey(BytePtr(calculated), BytePtrSize(calculated), BytePtr(secret), BytePtrSize(secret), pairs); @@ -803,20 +1109,18 @@ return str[str.length()-1]; } -// GetField parses the name/value pairs. The tricky part is the insertion operator -// because Unix&Linux uses LF, OS X uses CR, and Windows uses CRLF. If this function -// is modified, then run 'cryptest.exe tv rsa_pkcs1_1_5' as a test. Its the parser -// file from hell. If it can be parsed without error, then things are likely OK. -// For istream.fail() see https://stackoverflow.com/q/34395801/608639. +// GetField parses the name/value pairs. If this function is modified, +// then run 'cryptest.exe tv all' to ensure parsing still works. bool GetField(std::istream &is, std::string &name, std::string &value) { std::string line; name.clear(); value.clear(); // ***** Name ***** - while (is >> std::ws && std::getline(is, line)) + while (Readline(is, line)) { - // Eat whitespace and comments gracefully + // Eat empty lines and comments gracefully + line = TrimSpace(line); if (line.empty() || line[0] == '#') continue; @@ -825,7 +1129,7 @@ SignalTestError("Unable to parse name/value pair"); name = TrimSpace(line.substr(0, pos)); - line = TrimSpace(line.substr(pos + 1)); + line = TrimSpace(line.substr(pos +1)); // Empty name is bad if (name.empty()) @@ -843,29 +1147,24 @@ do { - // Trim leading and trailing whitespace, including OS X and Windows - // new lines. Don't parse comments here because there may be a line - // continuation at the end. + continueLine = false; + + // Trim leading and trailing whitespace. Don't parse comments + // here because there may be a line continuation at the end. line = TrimSpace(line); - continueLine = false; if (line.empty()) continue; - // Early out for immediate line continuation - if (line[0] == '\\') { - continueLine = true; - continue; - } - // Check end of line. It must be last character + // Check for continuation. The slash must be the last character. if (LastChar(line) == '\\') { continueLine = true; line.erase(line.end()-1); - line = TrimSpace(line); } // Re-trim after parsing line = TrimComment(line); + line = TrimSpace(line); if (line.empty()) continue; @@ -876,7 +1175,7 @@ if (continueLine) value += ' '; } - while (continueLine && is >> std::ws && std::getline(is, line)); + while (continueLine && Readline(is, line)); return true; } @@ -914,10 +1213,9 @@ void TestDataFile(std::string filename, const NameValuePairs &overrideParameters, unsigned int &totalTests, unsigned int &failedTests) { - filename = DataDir(filename); - std::ifstream file(filename.c_str()); + std::ifstream file(DataDir(filename).c_str()); if (!file.good()) - throw Exception(Exception::OTHER_ERROR, "Can not open file " + filename + " for reading"); + throw Exception(Exception::OTHER_ERROR, "Can not open file " + DataDir(filename) + " for reading"); TestData v; s_currentTestData = &v; @@ -935,65 +1233,113 @@ // CRYPTOPP_ASSERT(!value.empty()); v[name] = value; + // The name "Test" is special. It tells the framework + // to run the test. Otherwise, name/value pairs are + // parsed and added to TestData 'v'. if (name == "Test" && (s_thorough || v["SlowTest"] != "1")) { - bool failed = true; + bool failed = false; std::string algType = GetRequiredDatum(v, "AlgorithmType"); + std::string algName = GetRequiredDatum(v, "Name"); - if (lastAlgName != GetRequiredDatum(v, "Name")) + if (lastAlgName != algName) { - lastAlgName = GetRequiredDatum(v, "Name"); - std::cout << "\nTesting " << algType.c_str() << " algorithm " << lastAlgName.c_str() << ".\n"; + std::cout << "\nTesting " << algType << " algorithm " << algName << ".\n"; + lastAlgName = algName; } + // In the old days each loop ran one test. Later, things were modified to run the + // the same test twice. Some tests are run with both a StringSource and a FileSource + // to catch FileSource specific errors. currentTests and deltaTests (below) keep + // the book keeping in order. + unsigned int currentTests = totalTests; + try { if (algType == "Signature") - TestSignatureScheme(v); + { + TestSignatureScheme(v, totalTests); + TestSignatureSchemeWithFileSource(v, totalTests); + } else if (algType == "SymmetricCipher") - TestSymmetricCipher(v, overrideParameters); + { + TestSymmetricCipher(v, overrideParameters, totalTests); + TestSymmetricCipherWithFileSource(v, overrideParameters, totalTests); + } else if (algType == "AuthenticatedSymmetricCipher") - TestAuthenticatedSymmetricCipher(v, overrideParameters); + TestAuthenticatedSymmetricCipher(v, overrideParameters, totalTests); else if (algType == "AsymmetricCipher") - TestAsymmetricCipher(v); + TestAsymmetricCipher(v, totalTests); else if (algType == "MessageDigest") - TestDigestOrMAC(v, true); + TestDigestOrMAC(v, true, totalTests); else if (algType == "MAC") - TestDigestOrMAC(v, false); + TestDigestOrMAC(v, false, totalTests); else if (algType == "KDF") - TestKeyDerivationFunction(v); + TestKeyDerivationFunction(v, totalTests); else if (algType == "FileList") TestDataFile(GetRequiredDatum(v, "Test"), g_nullNameValuePairs, totalTests, failedTests); else SignalUnknownAlgorithmError(algType); - failed = false; } catch (const TestFailure &) { + failed = true; std::cout << "\nTest FAILED.\n"; } - catch (const CryptoPP::Exception &e) + catch (const Exception &e) { + failed = true; std::cout << "\nCryptoPP::Exception caught: " << e.what() << std::endl; } catch (const std::exception &e) { + failed = true; std::cout << "\nstd::exception caught: " << e.what() << std::endl; } if (failed) { - std::cout << "Skipping to next test.\n"; + std::cout << "Skipping to next test." << std::endl; failedTests++; } else - std::cout << "." << std::flush; + { + if (algType != "FileList") + { + unsigned int deltaTests = totalTests-currentTests; + if (deltaTests) + { + std::string progress(deltaTests, '.'); + std::cout << progress; + if (currentTests % 4 == 0) + std::cout << std::flush; + } + } + } - totalTests++; + // Most tests fully specify parameters, like key and iv. Each test gets + // its own unique value. Since each test gets a new value for each test + // case, latching a value in 'TestData v' does not matter. The old key + // or iv will get overwritten on the next test. + // + // If a per-test vector parameter was set for a test, like BlockPadding, + // BlockSize or Tweak, then it becomes latched in 'TestData v'. The old + // value is used in subsequent tests, and it could cause a self test + // failure in the next test. The behavior surfaced under Kalyna and + // Threefish. The Kalyna test vectors use NO_PADDING for all tests except + // one. Threefish occasionally uses a Tweak. + // + // Unlatch BlockPadding, BlockSize and Tweak now, after the test has been + // run. Also note we only unlatch from 'TestData v'. If overrideParameters + // are specified, the caller is responsible for managing the parameter. + v.erase("Tweak"); v.erase("InitialBlock"); + v.erase("BlockSize"); v.erase("BlockPaddingScheme"); } } } +ANONYMOUS_NAMESPACE_END + bool RunTestDataFile(const char *filename, const NameValuePairs &overrideParameters, bool thorough) { s_thorough = thorough; diff -Nru libcrypto++-8.4.0/debian/changelog libcrypto++-8.6.0/debian/changelog --- libcrypto++-8.4.0/debian/changelog 2021-01-02 07:22:09.000000000 +0000 +++ libcrypto++-8.6.0/debian/changelog 2021-12-19 20:21:58.000000000 +0000 @@ -1,3 +1,31 @@ +libcrypto++ (8.6.0-2ubuntu1) jammy; urgency=medium + + * debian/patches/correct-arm-arch.patch: Use the correct architecture + target for armhf. + + -- Steve Langasek Sun, 19 Dec 2021 12:21:58 -0800 + +libcrypto++ (8.6.0-2) unstable; urgency=medium + + * Fix armel and armhf link breakage. + * Update Standards-Version to 4.6.0 . + + -- Laszlo Boszormenyi (GCS) Sat, 25 Sep 2021 19:44:37 +0200 + +libcrypto++ (8.6.0-1) unstable; urgency=high + + * New upstream release. + * Fix CVE-2021-40530: ElGamal encryption using a work estimate to size + encryption exponents instead subgroup order (closes: #993841). + + -- Laszlo Boszormenyi (GCS) Sat, 25 Sep 2021 11:23:06 +0200 + +libcrypto++ (8.5.0-1) unstable; urgency=medium + + * New upstream release. + + -- Laszlo Boszormenyi (GCS) Tue, 07 Sep 2021 22:41:51 +0200 + libcrypto++ (8.4.0-1) unstable; urgency=medium * New upstream release. @@ -333,7 +361,7 @@ * Inlcude missing testvector for AES, thanks to Nelson A. de Oliveira. (Closes: #549150) * Do not include .la file per request from Kartik Mistry. - + -- Jens Peter Secher Thu, 01 Oct 2009 22:08:44 +0200 libcrypto++ (5.6.0-3) unstable; urgency=low @@ -407,7 +435,7 @@ portability of client code. (Closes: #448766) * Bumped automake to 1.10 instead of 1.9 . - + -- Jens Peter Secher Sun, 11 Nov 2007 21:51:53 +0100 libcrypto++ (5.5-4) unstable; urgency=low @@ -425,7 +453,7 @@ * Use ${binary:Version} instead of ${Source-Version} to facilitate binNMU. * Do not ignore 'make clean' errors. - + -- Jens Peter Secher Sat, 30 Jun 2007 16:39:14 +0200 libcrypto++ (5.5-2) unstable; urgency=low @@ -446,7 +474,7 @@ libcrypto++ (5.4-1) experimental; urgency=low - * New upstream release. + * New upstream release. * Removed all patches that have now been included upstream. * Now that things are stable with both Crypto++ and GCC, the shared library has a proper SO name. @@ -554,14 +582,14 @@ (Closes: #318518) * Started using dpatch since some of the above patches probably could make it upstream. - + -- Jens Peter Secher Sun, 31 Jul 2005 02:07:29 +0200 libcrypto++ (5.2.1a-1) unstable; urgency=high * Urgency set to high because lastest upload was unclean * Rename libcrypto++-5.2.1.orig.tar.gz in libcrypto++-5.2.1a.orig.tar.gz - + -- Pierre Machard Fri, 27 Aug 2004 12:35:05 +0200 libcrypto++ (5.2.1-2) unstable; urgency=high @@ -683,4 +711,3 @@ Closes: #79131 -- Stephen Zander Fri, 5 Jul 2002 09:45:26 -0700 - diff -Nru libcrypto++-8.4.0/debian/control libcrypto++-8.6.0/debian/control --- libcrypto++-8.4.0/debian/control 2020-12-20 16:35:29.000000000 +0000 +++ libcrypto++-8.6.0/debian/control 2021-12-19 20:21:58.000000000 +0000 @@ -1,8 +1,9 @@ Source: libcrypto++ Section: libs Priority: optional -Maintainer: Laszlo Boszormenyi (GCS) -Standards-Version: 4.5.1 +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Laszlo Boszormenyi (GCS) +Standards-Version: 4.6.0 Build-Depends: debhelper-compat (= 13), automake, autoconf, libtool Build-Depends-Indep: doxygen Homepage: https://www.cryptopp.com diff -Nru libcrypto++-8.4.0/debian/patches/correct-arm-arch.patch libcrypto++-8.6.0/debian/patches/correct-arm-arch.patch --- libcrypto++-8.4.0/debian/patches/correct-arm-arch.patch 1970-01-01 00:00:00.000000000 +0000 +++ libcrypto++-8.6.0/debian/patches/correct-arm-arch.patch 2021-12-19 20:21:44.000000000 +0000 @@ -0,0 +1,25 @@ +Description: Use the correct architecture target for armhf. +Author: Steve Langasek +Last-Update: 2021-12-19 +Forwarded: no + +Index: libcrypto++-8.6.0/GNUmakefile +=================================================================== +--- libcrypto++-8.6.0.orig/GNUmakefile ++++ libcrypto++-8.6.0/GNUmakefile +@@ -1174,11 +1174,11 @@ + # Also see https://www.cryptopp.com/wiki/Cryptogams. + ifeq ($(IS_ARM32)$(IS_LINUX),11) + ifeq ($(CLANG_COMPILER),1) +- CRYPTOGAMS_ARMV4_FLAG = -march=armv7-a -Wa,--noexecstack +- CRYPTOGAMS_ARMV4_THUMB_FLAG = -march=armv7-a -mthumb -Wa,--noexecstack ++ CRYPTOGAMS_ARMV4_FLAG = -march=armv7-a+fp -Wa,--noexecstack ++ CRYPTOGAMS_ARMV4_THUMB_FLAG = -march=armv7-a+fp -mthumb -Wa,--noexecstack + else +- CRYPTOGAMS_ARMV4_FLAG = -march=armv7-a -Wa,--noexecstack +- CRYPTOGAMS_ARMV4_THUMB_FLAG = -march=armv7-a -Wa,--noexecstack ++ CRYPTOGAMS_ARMV4_FLAG = -march=armv7-a+fp -Wa,--noexecstack ++ CRYPTOGAMS_ARMV4_THUMB_FLAG = -march=armv7-a+fp -Wa,--noexecstack + endif + SRCS += aes_armv4.S sha1_armv4.S sha256_armv4.S sha512_armv4.S + endif diff -Nru libcrypto++-8.4.0/debian/patches/fix_library_name.patch libcrypto++-8.6.0/debian/patches/fix_library_name.patch --- libcrypto++-8.4.0/debian/patches/fix_library_name.patch 2021-01-02 07:22:09.000000000 +0000 +++ libcrypto++-8.6.0/debian/patches/fix_library_name.patch 2021-09-25 17:37:40.000000000 +0000 @@ -1,7 +1,7 @@ Description: use crypto++ instead of cryptopp Author: Laszlo Boszormenyi (GCS) Forwarded: not-needed -Last-Update: 2021-01-02 +Last-Update: 2021-09-25 --- @@ -14,14 +14,14 @@ -# Allow override for the cryptest.exe recipe. Change to -# ./libcryptopp.so or ./libcryptopp.dylib to suit your +# Allow override for the cryptest recipe. Change to -+# ./libcrypto++.so or ./libcryptopp.dylib to suit your ++# ./libcrypto++.so or ./libcrypto++.dylib to suit your # taste. https://github.com/weidai11/cryptopp/issues/866 -LINK_LIBRARY ?= libcryptopp.a +LINK_LIBRARY ?= libcrypto++.a LINK_LIBRARY_PATH ?= ./ # Command and arguments -@@ -1077,7 +1077,7 @@ SOLIB_COMPAT_SUFFIX=.$(LIB_MAJOR) +@@ -1128,7 +1128,7 @@ SOLIB_COMPAT_SUFFIX=.$(LIB_MAJOR) ifneq ($(IS_LINUX)$(IS_HURD),00) # Linux uses full version suffix for shared library SOLIB_VERSION_SUFFIX=.$(LIB_MAJOR).$(LIB_MINOR).$(LIB_PATCH) @@ -30,7 +30,7 @@ endif # Solaris uses -Wl,-h ifeq ($(IS_SUN),1) -@@ -1085,7 +1085,7 @@ ifeq ($(IS_SUN),1) +@@ -1136,7 +1136,7 @@ ifeq ($(IS_SUN),1) # The minor version allows previous version to remain and not overwritten. # https://blogs.oracle.com/solaris/how-to-name-a-solaris-shared-object-v2 SOLIB_VERSION_SUFFIX=.$(LIB_MAJOR).$(LIB_MINOR) @@ -39,7 +39,7 @@ endif endif # HAS_SOLIB_VERSION -@@ -1191,36 +1191,36 @@ LDFLAGS := $(strip $(CRYPTOPP_LDFLAGS) +@@ -1242,36 +1242,36 @@ LDFLAGS := $(strip $(CRYPTOPP_LDFLAGS) # Default builds program with static library only .PHONY: default @@ -52,8 +52,9 @@ ifneq ($(IS_DARWIN),0) -static: libcryptopp.a +-shared dynamic dylib: libcryptopp.dylib +static: libcrypto++.a - shared dynamic dylib: libcryptopp.dylib ++shared dynamic dylib: libcrypto++.dylib else -static: libcryptopp.a -shared dynamic: libcryptopp.so$(SOLIB_VERSION_SUFFIX) @@ -87,7 +88,7 @@ lcov --base-directory . --directory . -c -o cryptest.info lcov --remove cryptest.info "adhoc.*" -o cryptest.info lcov --remove cryptest.info "fips140.*" -o cryptest.info -@@ -1230,20 +1230,20 @@ lcov coverage: cryptest.exe +@@ -1281,20 +1281,20 @@ lcov coverage: cryptest.exe # Travis CI and CodeCov rule .PHONY: gcov codecov @@ -115,32 +116,38 @@ # Used to generate list of source files for Autotools, CMakeList, Android.mk, etc .PHONY: sources -@@ -1283,9 +1283,9 @@ docs html: +@@ -1334,13 +1334,13 @@ docs html: .PHONY: clean clean: -$(RM) adhoc.cpp.o adhoc.cpp.proto.o $(CLEAN_OBJS) rdrand-*.o - @-$(RM) libcryptopp.a libcryptopp.dylib cryptopp.dll libcryptopp.dll.a libcryptopp.import.a - @-$(RM) libcryptopp.so libcryptopp.so$(SOLIB_COMPAT_SUFFIX) libcryptopp.so$(SOLIB_VERSION_SUFFIX) -- @-$(RM) cryptest.exe dlltest.exe cryptest.import.exe cryptest.info ct et -+ @-$(RM) libcrypto++.a libcryptopp.dylib cryptopp.dll libcryptopp.dll.a libcryptopp.import.a +- @-$(RM) cryptest.exe dlltest.exe cryptest.import.exe cryptest.dat ct et ++ @-$(RM) libcrypto++.a libcrypto++.dylib cryptopp.dll libcrypto++.dll.a libcrypto++.import.a + @-$(RM) libcrypto++.so libcrypto++.so$(SOLIB_COMPAT_SUFFIX) libcrypto++.so$(SOLIB_VERSION_SUFFIX) -+ @-$(RM) cryptest dlltest.exe cryptest.import.exe cryptest.info ct et ++ @-$(RM) cryptest dlltest cryptest.import cryptest.dat ct et @-$(RM) *.la *.lo *.gcov *.gcno *.gcda *.stackdump core core-* - @-$(RM) /tmp/adhoc.exe +- @-$(RM) /tmp/adhoc.exe ++ @-$(RM) /tmp/adhoc @-$(RM) -r /tmp/cryptopp_test/ -@@ -1297,7 +1297,7 @@ autotools-clean: +- @-$(RM) -r *.exe.dSYM/ *.dylib.dSYM/ ++ @-$(RM) -r *.dSYM/ *.dylib.dSYM/ + @-$(RM) -r cov-int/ + + .PHONY: autotools-clean +@@ -1348,7 +1348,7 @@ autotools-clean: @-$(RM) -f configure.ac configure configure.in Makefile.am Makefile.in Makefile @-$(RM) -f config.guess config.status config.sub config.h.in compile depcomp @-$(RM) -f install-sh stamp-h1 ar-lib *.lo *.la *.m4 local.* lt*.sh missing - @-$(RM) -f cryptest cryptestcwd libtool* libcryptopp.la libcryptopp.pc* -+ @-$(RM) -f cryptest cryptestcwd libtool* libcryptopp.la libcrypto++.pc* ++ @-$(RM) -f cryptest cryptestcwd libtool* libcrypto++.la libcrypto++.pc* @-$(RM) -rf build-aux/ m4/ auto*.cache/ .deps/ .libs/ .PHONY: cmake-clean -@@ -1313,40 +1313,40 @@ android-clean: - .PHONY: distclean +@@ -1365,145 +1365,145 @@ android-clean: distclean: clean autotools-clean cmake-clean android-clean -$(RM) adhoc.cpp adhoc.cpp.copied GNUmakefile.deps benchmarks.html cryptest.txt + -$(RM) cryptest_all.info cryptest_debug.info cryptest_noasm.info cryptest_base.info cryptest.info cryptest_release.info - @-$(RM) cryptest-*.txt cryptopp.tgz libcryptopp.pc *.o *.bc *.ii *~ - @-$(RM) -r cryptlib.lib cryptest.exe *.suo *.sdf *.pdb Win32/ x64/ ipch/ + @-$(RM) cryptest-*.txt cryptopp.tgz libcrypto++.pc *.o *.bc *.ii *~ @@ -158,21 +165,21 @@ +install: cryptest install-lib @-$(MKDIR) $(DESTDIR)$(BINDIR) - $(CP) cryptest.exe $(DESTDIR)$(BINDIR) -- $(CHMOD) 0755 $(DESTDIR)$(BINDIR)/cryptest.exe +- $(CHMOD) u=rwx,go=rx $(DESTDIR)$(BINDIR)/cryptest.exe - @-$(MKDIR) $(DESTDIR)$(DATADIR)/cryptopp/TestData - @-$(MKDIR) $(DESTDIR)$(DATADIR)/cryptopp/TestVectors - $(CP) TestData/*.dat $(DESTDIR)$(DATADIR)/cryptopp/TestData -- $(CHMOD) 0644 $(DESTDIR)$(DATADIR)/cryptopp/TestData/*.dat +- $(CHMOD) u=rw,go=r $(DESTDIR)$(DATADIR)/cryptopp/TestData/*.dat - $(CP) TestVectors/*.txt $(DESTDIR)$(DATADIR)/cryptopp/TestVectors -- $(CHMOD) 0644 $(DESTDIR)$(DATADIR)/cryptopp/TestVectors/*.txt +- $(CHMOD) u=rw,go=r $(DESTDIR)$(DATADIR)/cryptopp/TestVectors/*.txt + $(CP) cryptest $(DESTDIR)$(BINDIR) -+ $(CHMOD) 0755 $(DESTDIR)$(BINDIR)/cryptest ++ $(CHMOD) u=rwx,go=rx $(DESTDIR)$(BINDIR)/cryptest + @-$(MKDIR) $(DESTDIR)$(DATADIR)/crypto++/TestData + @-$(MKDIR) $(DESTDIR)$(DATADIR)/crypto++/TestVectors + $(CP) TestData/*.dat $(DESTDIR)$(DATADIR)/crypto++/TestData -+ $(CHMOD) 0644 $(DESTDIR)$(DATADIR)/crypto++/TestData/*.dat ++ $(CHMOD) u=rw,go=r $(DESTDIR)$(DATADIR)/crypto++/TestData/*.dat + $(CP) TestVectors/*.txt $(DESTDIR)$(DATADIR)/crypto++/TestVectors -+ $(CHMOD) 0644 $(DESTDIR)$(DATADIR)/crypto++/TestVectors/*.txt ++ $(CHMOD) u=rw,go=r $(DESTDIR)$(DATADIR)/crypto++/TestVectors/*.txt -# A recipe to install only the library, and not cryptest.exe. Also +# A recipe to install only the library, and not cryptest. Also @@ -185,31 +192,35 @@ install-lib: - @-$(MKDIR) $(DESTDIR)$(INCLUDEDIR)/cryptopp - $(CP) *.h $(DESTDIR)$(INCLUDEDIR)/cryptopp -- $(CHMOD) 0644 $(DESTDIR)$(INCLUDEDIR)/cryptopp/*.h +- $(CHMOD) u=rw,go=r $(DESTDIR)$(INCLUDEDIR)/cryptopp/*.h -ifneq ($(wildcard libcryptopp.a),) + @-$(MKDIR) $(DESTDIR)$(INCLUDEDIR)/crypto++ + $(CP) *.h $(DESTDIR)$(INCLUDEDIR)/crypto++ -+ $(CHMOD) 0644 $(DESTDIR)$(INCLUDEDIR)/crypto++/*.h ++ $(CHMOD) u=rw,go=r $(DESTDIR)$(INCLUDEDIR)/crypto++/*.h +ifneq ($(wildcard libcrypto++.a),) @-$(MKDIR) $(DESTDIR)$(LIBDIR) - $(CP) libcryptopp.a $(DESTDIR)$(LIBDIR) -- $(CHMOD) 0644 $(DESTDIR)$(LIBDIR)/libcryptopp.a +- $(CHMOD) u=rw,go=r $(DESTDIR)$(LIBDIR)/libcryptopp.a + $(CP) libcrypto++.a $(DESTDIR)$(LIBDIR) -+ $(CHMOD) 0644 $(DESTDIR)$(LIBDIR)/libcrypto++.a ++ $(CHMOD) u=rw,go=r $(DESTDIR)$(LIBDIR)/libcrypto++.a endif - ifneq ($(wildcard libcryptopp.dylib),) +-ifneq ($(wildcard libcryptopp.dylib),) ++ifneq ($(wildcard libcrypto++.dylib),) @-$(MKDIR) $(DESTDIR)$(LIBDIR) -@@ -1354,63 +1354,63 @@ ifneq ($(wildcard libcryptopp.dylib),) - $(CHMOD) 0755 $(DESTDIR)$(LIBDIR)/libcryptopp.dylib - -install_name_tool -id $(DESTDIR)$(LIBDIR)/libcryptopp.dylib $(DESTDIR)$(LIBDIR)/libcryptopp.dylib +- $(CP) libcryptopp.dylib $(DESTDIR)$(LIBDIR) +- $(CHMOD) u=rwx,go=rx $(DESTDIR)$(LIBDIR)/libcryptopp.dylib +- -install_name_tool -id $(DESTDIR)$(LIBDIR)/libcryptopp.dylib $(DESTDIR)$(LIBDIR)/libcryptopp.dylib ++ $(CP) libcrypto++.dylib $(DESTDIR)$(LIBDIR) ++ $(CHMOD) u=rwx,go=rx $(DESTDIR)$(LIBDIR)/libcrypto++.dylib ++ -install_name_tool -id $(DESTDIR)$(LIBDIR)/libcrypto++.dylib $(DESTDIR)$(LIBDIR)/libcrypto++.dylib endif -ifneq ($(wildcard libcryptopp.so$(SOLIB_VERSION_SUFFIX)),) +ifneq ($(wildcard libcrypto++.so$(SOLIB_VERSION_SUFFIX)),) @-$(MKDIR) $(DESTDIR)$(LIBDIR) - $(CP) libcryptopp.so$(SOLIB_VERSION_SUFFIX) $(DESTDIR)$(LIBDIR) -- $(CHMOD) 0755 $(DESTDIR)$(LIBDIR)/libcryptopp.so$(SOLIB_VERSION_SUFFIX) +- $(CHMOD) u=rwx,go=rx $(DESTDIR)$(LIBDIR)/libcryptopp.so$(SOLIB_VERSION_SUFFIX) + $(CP) libcrypto++.so$(SOLIB_VERSION_SUFFIX) $(DESTDIR)$(LIBDIR) -+ $(CHMOD) 0755 $(DESTDIR)$(LIBDIR)/libcrypto++.so$(SOLIB_VERSION_SUFFIX) ++ $(CHMOD) u=rwx,go=rx $(DESTDIR)$(LIBDIR)/libcrypto++.so$(SOLIB_VERSION_SUFFIX) ifeq ($(HAS_SOLIB_VERSION),1) - -$(LN) libcryptopp.so$(SOLIB_VERSION_SUFFIX) $(DESTDIR)$(LIBDIR)/libcryptopp.so + -$(LN) libcrypto++.so$(SOLIB_VERSION_SUFFIX) $(DESTDIR)$(LIBDIR)/libcrypto++.so @@ -220,9 +231,9 @@ +ifneq ($(wildcard libcrypto++.pc),) @-$(MKDIR) $(DESTDIR)$(LIBDIR)/pkgconfig - $(CP) libcryptopp.pc $(DESTDIR)$(LIBDIR)/pkgconfig -- $(CHMOD) 0644 $(DESTDIR)$(LIBDIR)/pkgconfig/libcryptopp.pc +- $(CHMOD) u=rw,go=r $(DESTDIR)$(LIBDIR)/pkgconfig/libcryptopp.pc + $(CP) libcrypto++.pc $(DESTDIR)$(LIBDIR)/pkgconfig -+ $(CHMOD) 0644 $(DESTDIR)$(LIBDIR)/pkgconfig/libcrypto++.pc ++ $(CHMOD) u=rw,go=r $(DESTDIR)$(LIBDIR)/pkgconfig/libcrypto++.pc endif .PHONY: remove uninstall @@ -230,27 +241,32 @@ - -$(RM) -r $(DESTDIR)$(INCLUDEDIR)/cryptopp - -$(RM) $(DESTDIR)$(LIBDIR)/libcryptopp.a - -$(RM) $(DESTDIR)$(BINDIR)/cryptest.exe -+ -$(RM) -r $(DESTDIR)$(INCLUDEDIR)/crypto++ -+ -$(RM) $(DESTDIR)$(LIBDIR)/libcrypto++.a -+ -$(RM) $(DESTDIR)$(BINDIR)/cryptest - ifneq ($(wildcard $(DESTDIR)$(LIBDIR)/libcryptopp.dylib),) - -$(RM) $(DESTDIR)$(LIBDIR)/libcryptopp.dylib - endif +-ifneq ($(wildcard $(DESTDIR)$(LIBDIR)/libcryptopp.dylib),) +- -$(RM) $(DESTDIR)$(LIBDIR)/libcryptopp.dylib +-endif -ifneq ($(wildcard $(DESTDIR)$(LIBDIR)/libcryptopp.so),) - -$(RM) $(DESTDIR)$(LIBDIR)/libcryptopp.so -+ifneq ($(wildcard $(DESTDIR)$(LIBDIR)/libcrypto++.so),) -+ -$(RM) $(DESTDIR)$(LIBDIR)/libcrypto++.so - endif +-endif - @-$(RM) $(DESTDIR)$(LIBDIR)/libcryptopp.so$(SOLIB_VERSION_SUFFIX) - @-$(RM) $(DESTDIR)$(LIBDIR)/libcryptopp.so$(SOLIB_COMPAT_SUFFIX) - @-$(RM) $(DESTDIR)$(LIBDIR)/pkgconfig/libcryptopp.pc +- @-$(RM) -r $(DESTDIR)$(DATADIR)/cryptopp ++ -$(RM) -r $(DESTDIR)$(INCLUDEDIR)/crypto++ ++ -$(RM) $(DESTDIR)$(LIBDIR)/libcrypto++.a ++ -$(RM) $(DESTDIR)$(BINDIR)/cryptest ++ifneq ($(wildcard $(DESTDIR)$(LIBDIR)/libcrypto++.dylib),) ++ -$(RM) $(DESTDIR)$(LIBDIR)/libcrypto++.dylib ++endif ++ifneq ($(wildcard $(DESTDIR)$(LIBDIR)/libcrypto++.so),) ++ -$(RM) $(DESTDIR)$(LIBDIR)/libcrypto++.so ++endif + @-$(RM) $(DESTDIR)$(LIBDIR)/libcrypto++.so$(SOLIB_VERSION_SUFFIX) + @-$(RM) $(DESTDIR)$(LIBDIR)/libcrypto++.so$(SOLIB_COMPAT_SUFFIX) + @-$(RM) $(DESTDIR)$(LIBDIR)/pkgconfig/libcrypto++.pc - @-$(RM) -r $(DESTDIR)$(DATADIR)/cryptopp ++ @-$(RM) -r $(DESTDIR)$(DATADIR)/crypto++ --libcryptopp.a: $(LIBOBJS) -+libcrypto++.a: $(LIBOBJS) +-libcryptopp.a: $(LIBOBJS) | osx_warning ++libcrypto++.a: $(LIBOBJS) | osx_warning $(AR) $(ARFLAGS) $@ $(LIBOBJS) ifeq ($(IS_SUN),0) $(RANLIB) $@ @@ -277,16 +293,38 @@ + -$(LN) libcrypto++.so$(SOLIB_VERSION_SUFFIX) libcrypto++.so$(SOLIB_COMPAT_SUFFIX) endif - libcryptopp.dylib: $(LIBOBJS) +-libcryptopp.dylib: $(LIBOBJS) | osx_warning ++libcrypto++.dylib: $(LIBOBJS) | osx_warning $(CXX) -dynamiclib -o $@ $(CXXFLAGS) -install_name "$@" -current_version "$(LIB_MAJOR).$(LIB_MINOR).$(LIB_PATCH)" -compatibility_version "$(LIB_MAJOR).$(LIB_MINOR)" -headerpad_max_install_names $(LDFLAGS) $(LIBOBJS) --cryptest.exe: $(LINK_LIBRARY) $(TESTOBJS) -+cryptest: $(LINK_LIBRARY) $(TESTOBJS) +-cryptest.exe: $(LINK_LIBRARY) $(TESTOBJS) | osx_warning ++cryptest: $(LINK_LIBRARY) $(TESTOBJS) | osx_warning $(CXX) -o $@ $(CXXFLAGS) $(TESTOBJS) $(LINK_LIBRARY_PATH)$(LINK_LIBRARY) $(LDFLAGS) $(LDLIBS) # Makes it faster to test changes -@@ -1434,24 +1434,24 @@ cryptest.import.exe: cryptopp.dll libcry - dlltest.exe: cryptopp.dll $(DLLTESTOBJS) + nolib: $(OBJS) + $(CXX) -o ct $(CXXFLAGS) $(OBJS) $(LDFLAGS) $(LDLIBS) + +-dll: cryptest.import.exe dlltest.exe ++dll: cryptest.import dlltest + + cryptopp.dll: $(DLLOBJS) +- $(CXX) -shared -o $@ $(CXXFLAGS) $(DLLOBJS) $(LDFLAGS) $(LDLIBS) -Wl,--out-implib=libcryptopp.dll.a ++ $(CXX) -shared -o $@ $(CXXFLAGS) $(DLLOBJS) $(LDFLAGS) $(LDLIBS) -Wl,--out-implib=libcrypto++.dll.a + +-libcryptopp.import.a: $(LIBIMPORTOBJS) ++libcrypto++.import.a: $(LIBIMPORTOBJS) + $(AR) $(ARFLAGS) $@ $(LIBIMPORTOBJS) + ifeq ($(IS_SUN),0) + $(RANLIB) $@ + endif + +-cryptest.import.exe: cryptopp.dll libcryptopp.import.a $(TESTIMPORTOBJS) ++cryptest.import: cryptopp.dll libcrypto++.import.a $(TESTIMPORTOBJS) + $(CXX) -o $@ $(CXXFLAGS) $(TESTIMPORTOBJS) -L. -lcryptopp.dll -lcryptopp.import $(LDFLAGS) $(LDLIBS) + +-dlltest.exe: cryptopp.dll $(DLLTESTOBJS) ++dlltest: cryptopp.dll $(DLLTESTOBJS) $(CXX) -o $@ $(CXXFLAGS) $(DLLTESTOBJS) -L. -lcryptopp.dll $(LDFLAGS) $(LDLIBS) -# Some users already have a libcryptopp.pc. We install it if the file @@ -294,7 +332,7 @@ +# Some users already have a libcrypto++.pc. We install it if the file +# is present. If you want one, then issue 'make libcrypto++.pc'. Be sure # to use/verify PREFIX and LIBDIR below after writing the file. --libcryptopp.pc: +-cryptopp.pc libcryptopp.pc: - @echo '# Crypto++ package configuration file' > libcryptopp.pc - @echo '' >> libcryptopp.pc - @echo 'prefix=$(PC_PREFIX)' >> libcryptopp.pc @@ -304,12 +342,12 @@ - @echo '' >> libcryptopp.pc - @echo 'Name: Crypto++' >> libcryptopp.pc - @echo 'Description: Crypto++ cryptographic library' >> libcryptopp.pc -- @echo 'Version: 8.4' >> libcryptopp.pc +- @echo 'Version: 8.6' >> libcryptopp.pc - @echo 'URL: https://cryptopp.com/' >> libcryptopp.pc - @echo '' >> libcryptopp.pc - @echo 'Cflags: -I$${includedir}' >> libcryptopp.pc - @echo 'Libs: -L$${libdir} -lcryptopp' >> libcryptopp.pc -+libcrypto++.pc: ++cryptopp.pc libcrypto++.pc: + @echo '# Crypto++ package configuration file' > libcrypto++.pc + @echo '' >> libcrypto++.pc + @echo 'prefix=$(PC_PREFIX)' >> libcrypto++.pc @@ -319,15 +357,15 @@ + @echo '' >> libcrypto++.pc + @echo 'Name: Crypto++' >> libcrypto++.pc + @echo 'Description: Crypto++ cryptographic library' >> libcrypto++.pc -+ @echo 'Version: 8.4' >> libcrypto++.pc ++ @echo 'Version: 8.6' >> libcrypto++.pc + @echo 'URL: https://cryptopp.com/' >> libcrypto++.pc + @echo '' >> libcrypto++.pc + @echo 'Cflags: -I$${includedir}' >> libcrypto++.pc -+ @echo 'Libs: -L$${libdir} -lcryptopp' >> libcrypto++.pc ++ @echo 'Libs: -L$${libdir} -lcrypto++' >> libcrypto++.pc # This recipe prepares the distro files - TEXT_FILES := *.h *.cpp License.txt Readme.txt Install.txt Filelist.txt Doxyfile cryptest* cryptlib* dlltest* cryptdll* *.sln *.vcxproj *.filters cryptopp.rc TestVectors/*.txt TestData/*.dat TestPrograms/*.cxx TestScripts/*.sh TestScripts/*.cmd -@@ -1510,9 +1510,9 @@ endif + TEXT_FILES := *.h *.cpp *.S GNUmakefile GNUmakefile-cross License.txt Readme.txt Install.txt Filelist.txt Doxyfile cryptest* cryptlib* dlltest* cryptdll* *.sln *.vcxproj *.filters cryptopp.rc TestVectors/*.txt TestData/*.dat TestPrograms/*.cpp +@@ -1562,9 +1562,9 @@ endif # CRYPTOPP_CPU_FREQ in GHz CRYPTOPP_CPU_FREQ ?= 0.0 .PHONY: bench benchmark benchmarks diff -Nru libcrypto++-8.4.0/debian/patches/series libcrypto++-8.6.0/debian/patches/series --- libcrypto++-8.4.0/debian/patches/series 2021-01-02 07:22:09.000000000 +0000 +++ libcrypto++-8.6.0/debian/patches/series 2021-12-19 20:20:29.000000000 +0000 @@ -1 +1,2 @@ fix_library_name.patch +correct-arm-arch.patch diff -Nru libcrypto++-8.4.0/debian/rules libcrypto++-8.6.0/debian/rules --- libcrypto++-8.4.0/debian/rules 2021-01-02 07:22:09.000000000 +0000 +++ libcrypto++-8.6.0/debian/rules 2021-09-25 09:23:06.000000000 +0000 @@ -66,7 +66,7 @@ # skip files failing with "Unknown DWARF DW_OP_255" (see bug#949296) override_dh_dwz: dh_dwz --exclude=usr/bin/cryptest \ - --exclude=usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto++.so.8.4.0 + --exclude=usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto++.so.8.6.0 %: dh $@ diff -Nru libcrypto++-8.4.0/default.cpp libcrypto++-8.6.0/default.cpp --- libcrypto++-8.4.0/default.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/default.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -73,8 +73,8 @@ memcpy(temp+passphraseLength, salt, saltLength); // OK. Derived params, cannot be NULL - SecByteBlock keyIV(Info::KEYLENGTH+Info::BLOCKSIZE); - Mash(temp, passphraseLength + saltLength, keyIV, Info::KEYLENGTH+Info::BLOCKSIZE, iterations); + SecByteBlock keyIV(EnumToInt(Info::KEYLENGTH)+EnumToInt(+Info::BLOCKSIZE)); + Mash(temp, passphraseLength + saltLength, keyIV, EnumToInt(Info::KEYLENGTH)+EnumToInt(+Info::BLOCKSIZE), iterations); memcpy(key, keyIV, Info::KEYLENGTH); memcpy(IV, keyIV+Info::KEYLENGTH, Info::BLOCKSIZE); } @@ -140,7 +140,7 @@ template DataDecryptor::DataDecryptor(const char *p, BufferedTransformation *attachment, bool throwException) - : ProxyFilter(NULLPTR, SALTLENGTH+BLOCKSIZE, 0, attachment) + : ProxyFilter(NULLPTR, EnumToInt(SALTLENGTH)+EnumToInt(BLOCKSIZE), 0, attachment) , m_state(WAITING_FOR_KEYCHECK) , m_passphrase((const byte *)p, strlen(p)) , m_throwException(throwException) @@ -151,7 +151,7 @@ template DataDecryptor::DataDecryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment, bool throwException) - : ProxyFilter(NULLPTR, SALTLENGTH+BLOCKSIZE, 0, attachment) + : ProxyFilter(NULLPTR, EnumToInt(SALTLENGTH)+EnumToInt(BLOCKSIZE), 0, attachment) , m_state(WAITING_FOR_KEYCHECK) , m_passphrase(passphrase, passphraseLength) , m_throwException(throwException) @@ -202,11 +202,11 @@ decryptor->Put(keyCheck, BLOCKSIZE); decryptor->ForceNextPut(); - decryptor->Get(check+BLOCKSIZE, BLOCKSIZE); + decryptor->Get(check+EnumToInt(BLOCKSIZE), BLOCKSIZE); SetFilter(decryptor.release()); - if (!VerifyBufsEqual(check, check+BLOCKSIZE, BLOCKSIZE)) + if (!VerifyBufsEqual(check, check+EnumToInt(BLOCKSIZE), BLOCKSIZE)) { m_state = KEY_BAD; if (m_throwException) diff -Nru libcrypto++-8.4.0/default.h libcrypto++-8.6.0/default.h --- libcrypto++-8.4.0/default.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/default.h 2021-09-24 11:48:47.000000000 +0000 @@ -125,14 +125,14 @@ /// \brief Constructs a DataDecryptor /// \param passphrase a C-String password /// \param attachment a BufferedTransformation to attach to this object - /// \param throwException a flag specifiying whether an Exception should be thrown on error + /// \param throwException a flag specifying whether an Exception should be thrown on error DataDecryptor(const char *passphrase, BufferedTransformation *attachment = NULLPTR, bool throwException=true); /// \brief Constructs a DataDecryptor /// \param passphrase a byte string password /// \param passphraseLength the length of the byte string password /// \param attachment a BufferedTransformation to attach to this object - /// \param throwException a flag specifiying whether an Exception should be thrown on error + /// \param throwException a flag specifying whether an Exception should be thrown on error DataDecryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULLPTR, bool throwException=true); enum State {WAITING_FOR_KEYCHECK, KEY_GOOD, KEY_BAD}; @@ -227,14 +227,14 @@ /// \brief Constructs a DataDecryptor /// \param passphrase a C-String password /// \param attachment a BufferedTransformation to attach to this object - /// \param throwException a flag specifiying whether an Exception should be thrown on error + /// \param throwException a flag specifying whether an Exception should be thrown on error DataDecryptorWithMAC(const char *passphrase, BufferedTransformation *attachment = NULLPTR, bool throwException=true); /// \brief Constructs a DataDecryptor /// \param passphrase a byte string password /// \param passphraseLength the length of the byte string password /// \param attachment a BufferedTransformation to attach to this object - /// \param throwException a flag specifiying whether an Exception should be thrown on error + /// \param throwException a flag specifying whether an Exception should be thrown on error DataDecryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULLPTR, bool throwException=true); typename DataDecryptor::State CurrentState() const; diff -Nru libcrypto++-8.4.0/dll.cpp libcrypto++-8.6.0/dll.cpp --- libcrypto++-8.4.0/dll.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/dll.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -23,7 +23,7 @@ NAMESPACE_BEGIN(CryptoPP) // Guarding based on DLL due to Clang, http://github.com/weidai11/cryptopp/issues/300 -#if defined(CRYPTOPP_IS_DLL) +#ifdef CRYPTOPP_IS_DLL template<> const byte PKCS_DigestDecoration::decoration[] = {0x30,0x21,0x30,0x09,0x06,0x05,0x2B,0x0E,0x03,0x02,0x1A,0x05,0x00,0x04,0x14}; template<> const unsigned int PKCS_DigestDecoration::length = sizeof(PKCS_DigestDecoration::decoration); diff -Nru libcrypto++-8.4.0/Doxyfile libcrypto++-8.6.0/Doxyfile --- libcrypto++-8.4.0/Doxyfile 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/Doxyfile 2021-09-24 11:48:47.000000000 +0000 @@ -38,7 +38,7 @@ # could be handy for archiving the generated documentation or if some version # control system is used. -PROJECT_NUMBER = 8.4 +PROJECT_NUMBER = 8.6 # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer a diff -Nru libcrypto++-8.4.0/drbg.h libcrypto++-8.6.0/drbg.h --- libcrypto++-8.4.0/drbg.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/drbg.h 2021-09-24 11:48:47.000000000 +0000 @@ -127,12 +127,12 @@ virtual unsigned int MaxNonceLength() const=0; /// \brief Provides the maximum size of a request to GenerateBlock - /// \return The the maximum size of a request to GenerateBlock(), in bytes + /// \return The maximum size of a request to GenerateBlock(), in bytes /// \details The equivalent class constant is MAXIMUM_BYTES_PER_REQUEST virtual unsigned int MaxBytesPerRequest() const=0; /// \brief Provides the maximum number of requests before a reseed - /// \return The the maximum number of requests before a reseed, in bytes + /// \return The maximum number of requests before a reseed, in bytes /// \details The equivalent class constant is MAXIMUM_REQUESTS_BEFORE_RESEED. /// MAXIMUM_REQUESTS_BEFORE_RESEED has been reduced from 248 to INT_MAX /// to fit the underlying C++ datatype. diff -Nru libcrypto++-8.4.0/ec2n.h libcrypto++-8.6.0/ec2n.h --- libcrypto++-8.4.0/ec2n.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/ec2n.h 2021-09-24 11:48:47.000000000 +0000 @@ -44,7 +44,7 @@ /// \brief Construct an EC2N from BER encoded parameters /// \param bt BufferedTransformation derived object - /// \details This constructor will decode and extract the the fields fieldID and curve of the sequence ECParameters + /// \details This constructor will decode and extract the fields fieldID and curve of the sequence ECParameters EC2N(BufferedTransformation &bt); /// \brief Encode the fields fieldID and curve of the sequence ECParameters diff -Nru libcrypto++-8.4.0/eccrypto.h libcrypto++-8.6.0/eccrypto.h --- libcrypto++-8.4.0/eccrypto.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/eccrypto.h 2021-09-24 11:48:47.000000000 +0000 @@ -34,7 +34,7 @@ /// \brief Elliptic Curve Parameters /// \tparam EC elliptic curve field /// \details This class corresponds to the ASN.1 sequence of the same name -/// in ANSI X9.62 and SEC 1. EC is currently defined for ECP and EC2N. +/// in ANSI X9.62 and SEC 1. EC is currently defined for ECP and EC2N. template class DL_GroupParameters_EC : public DL_GroupParametersImpl > { @@ -233,8 +233,8 @@ /// \param rng a RandomNumberGenerator derived class /// \param params the EC group parameters /// \details This function overload of Initialize() creates a new private key because it - /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair, - /// then use one of the other Initialize() overloads. + /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair, + /// then use one of the other Initialize() overloads. void Initialize(RandomNumberGenerator &rng, const DL_GroupParameters_EC ¶ms) {this->GenerateRandom(rng, params);} @@ -244,8 +244,8 @@ /// \param G the base point /// \param n the order of the base point /// \details This function overload of Initialize() creates a new private key because it - /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair, - /// then use one of the other Initialize() overloads. + /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair, + /// then use one of the other Initialize() overloads. void Initialize(RandomNumberGenerator &rng, const EC &ec, const Element &G, const Integer &n) {this->GenerateRandom(rng, DL_GroupParameters_EC(ec, G, n));} @@ -283,7 +283,7 @@ /// \tparam EC elliptic curve field /// \tparam COFACTOR_OPTION cofactor multiplication option /// \details This implementation follows Hugo Krawczyk's HMQV: A High-Performance -/// Secure Diffie-Hellman Protocol. Note: this implements HMQV only. HMQV-C with Key Confirmation is not provided. +/// Secure Diffie-Hellman Protocol. Note: this implements HMQV only. HMQV-C with Key Confirmation is not provided. /// \sa CofactorMultiplicationOption template ::DefaultCofactorOption, class HASH = SHA256> struct ECHMQV @@ -300,8 +300,8 @@ /// \tparam EC elliptic curve field /// \tparam COFACTOR_OPTION cofactor multiplication option /// \details This implementation follows Augustin P. Sarr and Philippe Elbaz–Vincent, and Jean–Claude Bajard's -/// A Secure and Efficient Authenticated Diffie-Hellman Protocol. -/// Note: this is FHMQV, Protocol 5, from page 11; and not FHMQV-C. +/// A Secure and Efficient Authenticated Diffie-Hellman Protocol. +/// Note: this is FHMQV, Protocol 5, from page 11; and not FHMQV-C. /// \sa CofactorMultiplicationOption template ::DefaultCofactorOption, class HASH = SHA256> struct ECFHMQV @@ -350,7 +350,7 @@ /// \brief Elliptic Curve DSA (ECDSA) signature algorithm based on RFC 6979 /// \tparam EC elliptic curve field /// \sa RFC 6979, Deterministic Usage of the -/// Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA) +/// Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA) /// \since Crypto++ 6.0 template class DL_Algorithm_ECDSA_RFC6979 : public DL_Algorithm_DSA_RFC6979 @@ -382,7 +382,7 @@ /// \tparam EC elliptic curve field /// \tparam H HashTransformation derived class /// \sa Deterministic Usage of the -/// Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA) +/// Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA) /// \since Crypto++ 6.0 template struct ECDSA_RFC6979 : public DL_SS< @@ -450,8 +450,8 @@ /// \param rng a RandomNumberGenerator derived class /// \param params the EC group parameters /// \details This function overload of Initialize() creates a new private key because it - /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair, - /// then use one of the other Initialize() overloads. + /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair, + /// then use one of the other Initialize() overloads. void Initialize(RandomNumberGenerator &rng, const DL_GroupParameters_EC ¶ms) {this->GenerateRandom(rng, params);} @@ -461,8 +461,8 @@ /// \param G the base point /// \param n the order of the base point /// \details This function overload of Initialize() creates a new private key because it - /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair, - /// then use one of the other Initialize() overloads. + /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair, + /// then use one of the other Initialize() overloads. void Initialize(RandomNumberGenerator &rng, const EC &ec, const Element &G, const Integer &n) {this->GenerateRandom(rng, DL_GroupParameters_EC(ec, G, n));} @@ -570,8 +570,8 @@ /// \tparam EC elliptic curve field /// \tparam H HashTransformation derived class /// \sa Erwin Hess, Marcus Schafheutle, and Pascale Serf The Digital Signature Scheme -/// ECGDSA (October 24, 2006) +/// HREF="http://www.teletrust.de/fileadmin/files/oid/ecgdsa_final.pdf">The Digital Signature Scheme +/// ECGDSA (October 24, 2006) /// \since Crypto++ 6.0 template struct ECGDSA : public DL_SS< @@ -591,32 +591,18 @@ /// \tparam DHAES_MODE flag indicating if the MAC includes additional context parameters such as u·V, v·U and label /// \tparam LABEL_OCTETS flag indicating if the label size is specified in octets or bits /// \details ECIES is an Elliptic Curve based Integrated Encryption Scheme (IES). The scheme combines a Key Encapsulation -/// Method (KEM) with a Data Encapsulation Method (DEM) and a MAC tag. The scheme is -/// IND-CCA2, which is a strong notion of security. -/// You should prefer an Integrated Encryption Scheme over homegrown schemes. -/// \details The library's original implementation is based on an early P1363 draft, which itself appears to be based on an early Certicom -/// SEC-1 draft (or an early SEC-1 draft was based on a P1363 draft). Crypto++ 4.2 used the early draft in its Integrated Ecryption -/// Schemes with NoCofactorMultiplication, DHAES_MODE=false and LABEL_OCTETS=true. -/// \details If you desire an Integrated Encryption Scheme with Crypto++ 4.2 compatibility, then use the ECIES template class with -/// NoCofactorMultiplication, DHAES_MODE=false and LABEL_OCTETS=true. -/// \details If you desire an Integrated Encryption Scheme with Bouncy Castle 1.54 and Botan 1.11 compatibility, then use the ECIES -/// template class with NoCofactorMultiplication, DHAES_MODE=true and LABEL_OCTETS=false. +/// Method (KEM) with a Data Encapsulation Method (DEM) and a MAC tag. The scheme is +/// IND-CCA2, which is a strong notion of security. +/// You should prefer an Integrated Encryption Scheme over homegrown schemes. +/// \details If you desire an Integrated Encryption Scheme with Crypto++ 4.2 compatibility, then use the ECIES_P1363. +/// If you desire an Integrated Encryption Scheme compatibile with Bouncy Castle 1.54 and Botan 1.11 compatibility, then use the ECIES +/// template class with NoCofactorMultiplication, DHAES_MODE=true and LABEL_OCTETS=false. /// \details The default template parameters ensure compatibility with Bouncy Castle 1.54 and Botan 1.11. The combination of -/// IncompatibleCofactorMultiplication and DHAES_MODE=true is recommended for best efficiency and security. -/// SHA1 is used for compatibility reasons, but it can be changed if desired. SHA-256 or another hash will likely improve the -/// security provided by the MAC. The hash is also used in the key derivation function as a PRF. -/// \details Below is an example of constructing a Crypto++ 4.2 compatible ECIES encryptor and decryptor. -/// 
-///     AutoSeededRandomPool prng;
-///     DL_PrivateKey_EC key;
-///     key.Initialize(prng, ASN1::secp160r1());
-///
-///     ECIES::Decryptor decryptor(key);
-///     ECIES::Encryptor encryptor(decryptor);
-///
-/// \sa DLIES, Elliptic Curve Integrated Encryption Scheme (ECIES), -/// Martínez, Encinas, and Ãvila's A Survey of the Elliptic -/// Curve Integrated Encryption Schemes +/// IncompatibleCofactorMultiplication and DHAES_MODE=true is recommended for best efficiency and security. +/// SHA1 is used for compatibility reasons, but it can be changed if desired. +/// \sa DLIES, ECIES_P1363, Elliptic Curve Integrated Encryption Scheme (ECIES), +/// Martínez, Encinas, and Ãvila's A Survey of the Elliptic +/// Curve Integrated Encryption Schemes /// \since Crypto++ 4.0, Crypto++ 5.7 for Bouncy Castle and Botan compatibility template struct ECIES @@ -631,6 +617,39 @@ CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "ECIES";} }; +/// \brief Elliptic Curve Integrated Encryption Scheme for P1363 +/// \tparam COFACTOR_OPTION cofactor multiplication option +/// \tparam HASH HashTransformation derived class used for key drivation and MAC computation +/// \details ECIES_P1363 is an Elliptic Curve based Integrated Encryption Scheme (IES) for P1363. The scheme combines a Key Encapsulation +/// Method (KEM) with a Data Encapsulation Method (DEM) and a MAC tag. The scheme is +/// IND-CCA2, which is a strong notion of security. +/// You should prefer an Integrated Encryption Scheme over homegrown schemes. +/// \details The library's original implementation is based on an early P1363 draft, which itself appears to be based on an early Certicom +/// SEC-1 draft (or an early SEC-1 draft was based on a P1363 draft). Crypto++ 4.2 used the early draft in its Integrated Ecryption +/// Schemes with NoCofactorMultiplication, DHAES_MODE=false and LABEL_OCTETS=true. +/// \details If you desire an Integrated Encryption Scheme with Crypto++ 4.2 compatibility, then use the ECIES_P1363. +/// If you desire an Integrated Encryption Scheme compatibile with Bouncy Castle 1.54 and Botan 1.11 compatibility, then use the ECIES +/// template class with NoCofactorMultiplication, DHAES_MODE=true and LABEL_OCTETS=false. +/// \details The default template parameters ensure compatibility with P1363. The combination of +/// IncompatibleCofactorMultiplication and DHAES_MODE=true is recommended for best efficiency and security. +/// SHA1 is used for compatibility reasons, but it can be changed if desired. +/// \sa DLIES, ECIES, Elliptic Curve Integrated Encryption Scheme (ECIES), +/// Martínez, Encinas, and Ãvila's A Survey of the Elliptic +/// Curve Integrated Encryption Schemes +/// \since Crypto++ 4.0 +template +struct ECIES_P1363 + : public DL_ES< + DL_Keys_EC, + DL_KeyAgreementAlgorithm_DH, + DL_KeyDerivationAlgorithm_P1363 >, + DL_EncryptionAlgorithm_Xor, false, true>, + ECIES > +{ + // TODO: fix this after name is standardized + CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "ECIES-P1363";} +}; + NAMESPACE_END #ifdef CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES diff -Nru libcrypto++-8.4.0/ecp.h libcrypto++-8.6.0/ecp.h --- libcrypto++-8.4.0/ecp.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/ecp.h 2021-09-24 11:48:47.000000000 +0000 @@ -54,7 +54,7 @@ /// \brief Construct an ECP from BER encoded parameters /// \param bt BufferedTransformation derived object - /// \details This constructor will decode and extract the the fields + /// \details This constructor will decode and extract the fields /// fieldID and curve of the sequence ECParameters ECP(BufferedTransformation &bt); diff -Nru libcrypto++-8.4.0/elgamal.h libcrypto++-8.6.0/elgamal.h --- libcrypto++-8.4.0/elgamal.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/elgamal.h 2021-09-24 11:48:47.000000000 +0000 @@ -251,17 +251,21 @@ /// If you need to Load an ElGamal key with the wrong OID then /// see ElGamal on /// the Crypto++ wiki. +/// \details At Crypto++ 8.6 ElGamalKeys were changed to use DL_CryptoKeys_ElGamal +/// due to Issue 1069 and CVE-2021-40530. DL_CryptoKeys_ElGamal group parameters +/// use the subgroup order, and not an estimated work factor. /// \sa Issue 876, -/// Issue 567 +/// Issue 567, +/// Issue 1059 /// \since Crypto++ 1.0 struct ElGamalKeys { /// \brief Implements DL_GroupParameters interface - typedef DL_CryptoKeys_GFP::GroupParameters GroupParameters; + typedef DL_CryptoKeys_ElGamal::GroupParameters GroupParameters; /// \brief Implements DL_PrivateKey interface - typedef DL_PrivateKey_ElGamal PrivateKey; + typedef DL_PrivateKey_ElGamal PrivateKey; /// \brief Implements DL_PublicKey interface - typedef DL_PublicKey_ElGamal PublicKey; + typedef DL_PublicKey_ElGamal PublicKey; }; /// \brief ElGamal encryption scheme with non-standard padding diff -Nru libcrypto++-8.4.0/eprecomp.h libcrypto++-8.6.0/eprecomp.h --- libcrypto++-8.4.0/eprecomp.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/eprecomp.h 2021-09-24 11:48:47.000000000 +0000 @@ -90,14 +90,14 @@ virtual void Precompute(const DL_GroupPrecomputation &group, unsigned int maxExpBits, unsigned int storage) =0; /// \brief Retrieve previously saved precomputation - /// \param group the the group + /// \param group the group /// \param storedPrecomputation BufferedTransformation with the saved precomputation /// \throw NotImplemented /// \sa SupportsPrecomputation(), Precompute() virtual void Load(const DL_GroupPrecomputation &group, BufferedTransformation &storedPrecomputation) =0; /// \brief Save precomputation for later use - /// \param group the the group + /// \param group the group /// \param storedPrecomputation BufferedTransformation to write the precomputation /// \throw NotImplemented /// \sa SupportsPrecomputation(), Precompute() diff -Nru libcrypto++-8.4.0/Filelist.txt libcrypto++-8.6.0/Filelist.txt --- libcrypto++-8.4.0/Filelist.txt 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/Filelist.txt 2021-09-24 11:48:47.000000000 +0000 @@ -204,6 +204,13 @@ lea.cpp lea_simd.cpp lea.h +lsh256.cpp +lsh256_sse.cpp +lsh256_avx.cpp +lsh512.cpp +lsh512_sse.cpp +lsh512_avx.cpp +lsh.h luc.cpp luc.h mars.cpp @@ -525,6 +532,10 @@ TestVectors/kalyna.txt TestVectors/keccak.txt TestVectors/lea.txt +TestVectors/lsh.txt +TestVectors/lsh256.txt +TestVectors/lsh512.txt +TestVectors/lsh512_256.txt TestVectors/mars.txt TestVectors/nr.txt TestVectors/panama.txt @@ -572,68 +583,68 @@ TestVectors/whrlpool.txt TestVectors/xchacha.txt TestVectors/xts.txt -TestPrograms/test_32bit.cxx -TestPrograms/test_64bit.cxx -TestPrograms/test_arm_acle_header.cxx -TestPrograms/test_arm_aes.cxx -TestPrograms/test_arm_asimd.cxx -TestPrograms/test_arm_crc.cxx -TestPrograms/test_arm_neon.cxx -TestPrograms/test_arm_neon_header.cxx -TestPrograms/test_arm_pmull.cxx -TestPrograms/test_arm_sha1.cxx -TestPrograms/test_arm_sha256.cxx -TestPrograms/test_arm_sha3.cxx -TestPrograms/test_arm_sha512.cxx -TestPrograms/test_arm_sm3.cxx -TestPrograms/test_arm_sm4.cxx -TestPrograms/test_asm_mixed.cxx -TestPrograms/test_cxx11_alignas.cxx -TestPrograms/test_cxx11_alignof.cxx -TestPrograms/test_cxx11_assert.cxx -TestPrograms/test_cxx11_atomic.cxx -TestPrograms/test_cxx11_auto.cxx -TestPrograms/test_cxx11_constexpr.cxx -TestPrograms/test_cxx11.cxx -TestPrograms/test_cxx11_deletefn.cxx -TestPrograms/test_cxx11_staticinit.cxx -TestPrograms/test_cxx11_enumtype.cxx -TestPrograms/test_cxx11_initializer.cxx -TestPrograms/test_cxx11_lambda.cxx -TestPrograms/test_cxx11_noexcept.cxx -TestPrograms/test_cxx11_nullptr.cxx -TestPrograms/test_cxx11_sync.cxx -TestPrograms/test_cxx11_vartemplates.cxx -TestPrograms/test_cxx14.cxx -TestPrograms/test_cxx17_assert.cxx -TestPrograms/test_cxx17.cxx -TestPrograms/test_cxx17_exceptions.cxx -TestPrograms/test_cxx98_exception.cxx -TestPrograms/test_cxx.cxx -TestPrograms/test_glibc.cxx -TestPrograms/test_newlib.cxx -TestPrograms/test_ppc_aes.cxx -TestPrograms/test_ppc_altivec.cxx -TestPrograms/test_ppc_power7.cxx -TestPrograms/test_ppc_power8.cxx -TestPrograms/test_ppc_power9.cxx -TestPrograms/test_ppc_sha.cxx -TestPrograms/test_ppc_vmull.cxx -TestPrograms/test_pthreads.cxx -TestPrograms/test_x86_aes.cxx -TestPrograms/test_x86_avx2.cxx -TestPrograms/test_x86_avx512.cxx -TestPrograms/test_x86_avx.cxx -TestPrograms/test_x86_clmul.cxx -TestPrograms/test_x86_cpuid.cxx -TestPrograms/test_x86_rdrand.cxx -TestPrograms/test_x86_rdseed.cxx -TestPrograms/test_x86_sha.cxx -TestPrograms/test_x86_sse2.cxx -TestPrograms/test_x86_sse3.cxx -TestPrograms/test_x86_sse41.cxx -TestPrograms/test_x86_sse42.cxx -TestPrograms/test_x86_ssse3.cxx -TestPrograms/test_x86_via_aes.cxx -TestPrograms/test_x86_via_rng.cxx -TestPrograms/test_x86_via_sha.cxx +TestPrograms/test_32bit.cpp +TestPrograms/test_64bit.cpp +TestPrograms/test_arm_acle_header.cpp +TestPrograms/test_arm_aes.cpp +TestPrograms/test_arm_asimd.cpp +TestPrograms/test_arm_crc.cpp +TestPrograms/test_arm_neon.cpp +TestPrograms/test_arm_neon_header.cpp +TestPrograms/test_arm_pmull.cpp +TestPrograms/test_arm_sha1.cpp +TestPrograms/test_arm_sha256.cpp +TestPrograms/test_arm_sha3.cpp +TestPrograms/test_arm_sha512.cpp +TestPrograms/test_arm_sm3.cpp +TestPrograms/test_arm_sm4.cpp +TestPrograms/test_asm_mixed.cpp +TestPrograms/test_cxx11_alignas.cpp +TestPrograms/test_cxx11_alignof.cpp +TestPrograms/test_cxx11_assert.cpp +TestPrograms/test_cxx11_atomic.cpp +TestPrograms/test_cxx11_auto.cpp +TestPrograms/test_cxx11_constexpr.cpp +TestPrograms/test_cxx11.cpp +TestPrograms/test_cxx11_deletefn.cpp +TestPrograms/test_cxx11_staticinit.cpp +TestPrograms/test_cxx11_enumtype.cpp +TestPrograms/test_cxx11_initializer.cpp +TestPrograms/test_cxx11_lambda.cpp +TestPrograms/test_cxx11_noexcept.cpp +TestPrograms/test_cxx11_nullptr.cpp +TestPrograms/test_cxx11_sync.cpp +TestPrograms/test_cxx11_vartemplates.cpp +TestPrograms/test_cxx14.cpp +TestPrograms/test_cxx17_assert.cpp +TestPrograms/test_cxx17.cpp +TestPrograms/test_cxx17_exceptions.cpp +TestPrograms/test_cxx98_exception.cpp +TestPrograms/test_cxx.cpp +TestPrograms/test_glibc.cpp +TestPrograms/test_newlib.cpp +TestPrograms/test_ppc_aes.cpp +TestPrograms/test_ppc_altivec.cpp +TestPrograms/test_ppc_power7.cpp +TestPrograms/test_ppc_power8.cpp +TestPrograms/test_ppc_power9.cpp +TestPrograms/test_ppc_sha.cpp +TestPrograms/test_ppc_vmull.cpp +TestPrograms/test_pthreads.cpp +TestPrograms/test_x86_aes.cpp +TestPrograms/test_x86_avx2.cpp +TestPrograms/test_x86_avx512.cpp +TestPrograms/test_x86_avx.cpp +TestPrograms/test_x86_clmul.cpp +TestPrograms/test_x86_cpuid.cpp +TestPrograms/test_x86_rdrand.cpp +TestPrograms/test_x86_rdseed.cpp +TestPrograms/test_x86_sha.cpp +TestPrograms/test_x86_sse2.cpp +TestPrograms/test_x86_sse3.cpp +TestPrograms/test_x86_sse41.cpp +TestPrograms/test_x86_sse42.cpp +TestPrograms/test_x86_ssse3.cpp +TestPrograms/test_x86_via_aes.cpp +TestPrograms/test_x86_via_rng.cpp +TestPrograms/test_x86_via_sha.cpp diff -Nru libcrypto++-8.4.0/files.cpp libcrypto++-8.6.0/files.cpp --- libcrypto++-8.4.0/files.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/files.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -129,16 +129,14 @@ if (m_waiting) goto output; + size_t spaceSize, blockedBytes; while (size && m_stream->good()) { - { - size_t spaceSize = 1024; + spaceSize = 1024; m_space = HelpCreatePutSpace(target, channel, 1, UnsignedMin(size_t(SIZE_MAX), size), spaceSize); - - m_stream->read((char *)m_space, (unsigned int)STDMIN(size, (lword)spaceSize)); - } + m_stream->read((char *)m_space, (std::streamsize)STDMIN(size, (lword)spaceSize)); m_len = (size_t)m_stream->gcount(); - size_t blockedBytes; + output: blockedBytes = target.ChannelPutModifiable2(channel, m_space, m_len, 0, blocking); m_waiting = blockedBytes > 0; diff -Nru libcrypto++-8.4.0/filters.cpp libcrypto++-8.6.0/filters.cpp --- libcrypto++-8.4.0/filters.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/filters.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -701,7 +701,7 @@ // This block is new to StreamTransformationFilter. It is somewhat of a hack and was // added for OCB mode; see GitHub Issue 515. The rub with OCB is, its a block cipher // and the last block size can be 0. However, "last block = 0" is not the 0 predicated - // in the original code. In the orginal code 0 means "nothing special" so + // in the original code. In the original code 0 means "nothing special" so // DEFAULT_PADDING is applied. OCB's 0 literally means a final block size can be 0 or // non-0; and no padding is needed in either case because OCB has its own scheme (see // handling of P_* and A_*). diff -Nru libcrypto++-8.4.0/filters.h libcrypto++-8.6.0/filters.h --- libcrypto++-8.4.0/filters.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/filters.h 2021-09-24 11:48:47.000000000 +0000 @@ -267,23 +267,23 @@ {CRYPTOPP_UNUSED(parameters); ResetMeter();} /// \brief Number of bytes in the current message - /// \return GetCurrentMessageBytes() returns the number of bytes in the current message + /// \return the number of bytes in the current message lword GetCurrentMessageBytes() const {return m_currentMessageBytes;} /// \brief Number of bytes processed by the filter - /// \return GetTotalBytes() returns the number of bytes processed by the filter + /// \return the number of bytes processed by the filter lword GetTotalBytes() const {return m_totalBytes;} /// \brief Message number in the series - /// \return GetCurrentSeriesMessages() returns the message number in the series + /// \return the message number in the series unsigned int GetCurrentSeriesMessages() const {return m_currentSeriesMessages;} /// \brief Number of messages in the message series - /// \return GetTotalMessages() returns the number of messages in the message series + /// \return the number of messages in the message series unsigned int GetTotalMessages() const {return m_totalMessages;} /// \brief Number of messages processed by the filter - /// \return GetTotalMessageSeries() returns the number of messages processed by the filter + /// \return the number of messages processed by the filter unsigned int GetTotalMessageSeries() const {return m_totalMessageSeries;} // BufferedTransformation in cryptlib.h diff -Nru libcrypto++-8.4.0/gcm.cpp libcrypto++-8.6.0/gcm.cpp --- libcrypto++-8.4.0/gcm.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/gcm.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -44,10 +44,6 @@ #endif #endif // CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64 -// Clang intrinsic casts, http://bugs.llvm.org/show_bug.cgi?id=20670 -#define M128_CAST(x) ((__m128i *)(void *)(x)) -#define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x)) - word16 GCM_Base::s_reductionTable[256]; volatile bool GCM_Base::s_reductionTableInitialized = false; diff -Nru libcrypto++-8.4.0/gcm_simd.cpp libcrypto++-8.6.0/gcm_simd.cpp --- libcrypto++-8.4.0/gcm_simd.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/gcm_simd.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -30,12 +30,8 @@ #endif #if (CRYPTOPP_ARM_NEON_HEADER) -# include -#endif - -#if (CRYPTOPP_ARM_ACLE_HEADER) # include -# include +# include #endif #if defined(CRYPTOPP_ARM_PMULL_AVAILABLE) @@ -55,10 +51,6 @@ # define EXCEPTION_EXECUTE_HANDLER 1 #endif -// Clang intrinsic casts, http://bugs.llvm.org/show_bug.cgi?id=20670 -#define M128_CAST(x) ((__m128i *)(void *)(x)) -#define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x)) - // Squash MS LNK4221 and libtool warnings extern const char GCM_SIMD_FNAME[] = __FILE__; @@ -268,18 +260,18 @@ for (i=0; i(hbuffer), x); + vst1q_u64(UINT64_CAST(hbuffer), x); return len; } diff -Nru libcrypto++-8.4.0/gf2n_simd.cpp libcrypto++-8.6.0/gf2n_simd.cpp --- libcrypto++-8.4.0/gf2n_simd.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/gf2n_simd.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -16,7 +16,7 @@ // expected to perform, like Common Subexpression Elimination to save // on variables (among others). Note that the compiler may miss the // optimization so the IACR paper is useful. However, the code is GPL3 -// and toxic for some users of the library... +// and toxic for some users of the library, so it is not used here... #include "pch.h" #include "config.h" diff -Nru libcrypto++-8.4.0/gfpcrypt.h libcrypto++-8.6.0/gfpcrypt.h --- libcrypto++-8.4.0/gfpcrypt.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/gfpcrypt.h 2021-09-24 11:48:47.000000000 +0000 @@ -47,8 +47,8 @@ /// \param rng a RandomNumberGenerator derived class /// \param pbits the size of p, in bits /// \details This function overload of Initialize() creates a new private key because it - /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair, - /// then use one of the other Initialize() overloads. + /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair, + /// then use one of the other Initialize() overloads. void Initialize(RandomNumberGenerator &rng, unsigned int pbits) {GenerateRandom(rng, MakeParameters("ModulusSize", (int)pbits));} @@ -85,9 +85,9 @@ /// \return true if the value was retrieved, false otherwise /// \details GetVoidValue() retrieves the value of name if it exists. /// \note GetVoidValue() is an internal function and should be implemented - /// by derived classes. Users should use one of the other functions instead. + /// by derived classes. Users should use one of the other functions instead. /// \sa GetValue(), GetValueWithDefault(), GetIntValue(), GetIntValueWithDefault(), - /// GetRequiredParameter() and GetRequiredIntParameter() + /// GetRequiredParameter() and GetRequiredIntParameter() bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; /// \brief Initialize or reinitialize this key @@ -254,9 +254,9 @@ /// \return true if the value was retrieved, false otherwise /// \details GetVoidValue() retrieves the value of name if it exists. /// \note GetVoidValue() is an internal function and should be implemented - /// by derived classes. Users should use one of the other functions instead. + /// by derived classes. Users should use one of the other functions instead. /// \sa GetValue(), GetValueWithDefault(), GetIntValue(), GetIntValueWithDefault(), - /// GetRequiredParameter() and GetRequiredIntParameter() + /// GetRequiredParameter() and GetRequiredIntParameter() bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const { return GetValueHelper(this, name, valueType, pValue).Assignable(); @@ -282,8 +282,28 @@ unsigned int GetDefaultSubgroupOrderSize(unsigned int modulusSize) const {return modulusSize-1;} }; +/// ElGamal encryption for safe interop +/// \sa On the +/// (in)security of ElGamal in OpenPGP, +/// Issue 1059, +/// CVE-2021-40530 +/// \since Crypto++ 8.6 +class CRYPTOPP_DLL DL_GroupParameters_ElGamal : public DL_GroupParameters_GFP_DefaultSafePrime +{ +public: + typedef NoCofactorMultiplication DefaultCofactorOption; + + virtual ~DL_GroupParameters_ElGamal() {} + + Integer GetMaxExponent() const + { + return GetSubgroupOrder()-1; + } +}; + /// \brief GDSA algorithm /// \tparam T FieldElement type or class +/// \details FieldElement T can be Integer, ECP or EC2N. template class DL_Algorithm_GDSA : public DL_ElgamalLikeSignatureAlgorithm { @@ -318,8 +338,9 @@ /// \brief DSA signature algorithm based on RFC 6979 /// \tparam T FieldElement type or class /// \tparam H HashTransformation derived class +/// \details FieldElement T can be Integer, ECP or EC2N. /// \sa RFC 6979, Deterministic Usage of the -/// Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA) +/// Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA) /// \since Crypto++ 6.0 template class DL_Algorithm_DSA_RFC6979 : public DL_Algorithm_GDSA, public DeterministicSignatureAlgorithm @@ -474,11 +495,12 @@ /// \brief German Digital Signature Algorithm /// \tparam T FieldElement type or class +/// \details FieldElement T can be Integer, ECP or EC2N. /// \details The Digital Signature Scheme ECGDSA does not define the algorithm over integers. Rather, the -/// signature algorithm is only defined over elliptic curves. However, The library design is such that the -/// generic algorithm reside in gfpcrypt.h. +/// signature algorithm is only defined over elliptic curves. However, the library design is such that the +/// generic algorithm reside in gfpcrypt.h. /// \sa Erwin Hess, Marcus Schafheutle, and Pascale Serf -/// The Digital Signature Scheme ECGDSA (October 24, 2006) +/// The Digital Signature Scheme ECGDSA (October 24, 2006) template class DL_Algorithm_GDSA_ISO15946 : public DL_ElgamalLikeSignatureAlgorithm { @@ -520,6 +542,7 @@ /// \brief NR algorithm /// \tparam T FieldElement type or class +/// \details FieldElement T can be Integer, ECP or EC2N. template class DL_Algorithm_NR : public DL_ElgamalLikeSignatureAlgorithm { @@ -596,8 +619,8 @@ /// \param rng a RandomNumberGenerator derived class /// \param modulusBits the size of the modulus, in bits /// \details This function overload of Initialize() creates a new private key because it - /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair, - /// then use one of the other Initialize() overloads. + /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair, + /// then use one of the other Initialize() overloads. void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits) {this->GenerateRandomWithKeySize(rng, modulusBits);} @@ -606,8 +629,8 @@ /// \param p the modulus /// \param g the generator /// \details This function overload of Initialize() creates a new private key because it - /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair, - /// then use one of the other Initialize() overloads. + /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair, + /// then use one of the other Initialize() overloads. void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &g) {this->GenerateRandom(rng, MakeParameters("Modulus", p)("SubgroupGenerator", g));} @@ -617,8 +640,8 @@ /// \param q the subgroup order /// \param g the generator /// \details This function overload of Initialize() creates a new private key because it - /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair, - /// then use one of the other Initialize() overloads. + /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair, + /// then use one of the other Initialize() overloads. void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &q, const Integer &g) {this->GenerateRandom(rng, MakeParameters("Modulus", p)("SubgroupOrder", q)("SubgroupGenerator", g));} @@ -664,6 +687,19 @@ typedef DL_PrivateKey_GFP PrivateKey; }; +/// ElGamal encryption keys for safe interop +/// \sa On the +/// (in)security of ElGamal in OpenPGP, +/// Issue 1059, +/// CVE-2021-40530 +/// \since Crypto++ 8.6 +struct DL_CryptoKeys_ElGamal +{ + typedef DL_GroupParameters_ElGamal GroupParameters; + typedef DL_PublicKey_GFP PublicKey; + typedef DL_PrivateKey_GFP PrivateKey; +}; + /// \brief DSA signature scheme /// \tparam H HashTransformation derived class /// \sa DSA-1363 @@ -705,12 +741,12 @@ /// \details ValidateGroup() also checks that the lengths of p and q are allowed /// by the DSA standard. /// \details There are four levels of thoroughness: - ///
    - ///
  • 0 - using this object won't cause a crash or exception - ///
  • 1 - this object will probably function, and encrypt, sign, other operations correctly - ///
  • 2 - ensure this object will function correctly, and perform reasonable security checks - ///
  • 3 - perform reasonable security checks, and do checks that may take a long time - ///
+ ///
    + ///
  • 0 - using this object won't cause a crash or exception + ///
  • 1 - this object will probably function, and encrypt, sign, other operations correctly + ///
  • 2 - ensure this object will function correctly, and perform reasonable security checks + ///
  • 3 - perform reasonable security checks, and do checks that may take a long time + ///
/// \details Level 0 does not require a RandomNumberGenerator. A NullRNG() can be used for level 0. /// Level 1 may not check for weak keys and such. Levels 2 and 3 are recommended. bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const; @@ -723,11 +759,11 @@ /// DSA::MAX_PRIME_LENGTH, and divisible by DSA::PRIME_LENGTH_MULTIPLE. /// \details An example of changing the modulus size using NameValuePairs is shown below. /// 
-    ///   AlgorithmParameters params = MakeParameters
-    ///     (Name::ModulusSize(), 2048);
+    ///  AlgorithmParameters params = MakeParameters
+    ///    (Name::ModulusSize(), 2048);
     ///
-    ///   DL_GroupParameters_DSA groupParams;
-    ///   groupParams.GenerateRandom(prng, params);
+    ///  DL_GroupParameters_DSA groupParams;
+    ///  groupParams.GenerateRandom(prng, params);
     ///
/// \throw KeyingErr if a key can't be generated or algorithm parameters are invalid. void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); @@ -764,25 +800,25 @@ /// \brief DSA signature scheme /// \tparam H HashTransformation derived class /// \details The class is named DSA2 instead of DSA for backwards compatibility because -/// DSA was a non-template class. +/// DSA was a non-template class. /// \details DSA default method GenerateRandom uses a 2048-bit modulus and a 224-bit subgoup by default. -/// The modulus can be changed using the following code: +/// The modulus can be changed using the following code: /// 
-///   DSA::PrivateKey privateKey;
-///   privateKey.GenerateRandomWithKeySize(prng, 2048);
+///  DSA::PrivateKey privateKey;
+///  privateKey.GenerateRandomWithKeySize(prng, 2048);
 ///
/// \details The subgroup order can be changed using the following code: /// 
-///   AlgorithmParameters params = MakeParameters
-///     (Name::ModulusSize(), 2048)
-///     (Name::SubgroupOrderSize(), 256);
+///  AlgorithmParameters params = MakeParameters
+///    (Name::ModulusSize(), 2048)
+///    (Name::SubgroupOrderSize(), 256);
 ///
-///   DSA::PrivateKey privateKey;
-///   privateKey.GenerateRandom(prng, params);
+///  DSA::PrivateKey privateKey;
+///  privateKey.GenerateRandom(prng, params);
 ///
/// \sa DSA, as specified in FIPS 186-3, -/// Digital Signature Algorithm on the wiki, and -/// NameValuePairs on the wiki. +/// Digital Signature Algorithm on the wiki, and +/// NameValuePairs on the wiki. /// \since Crypto++ 1.0 for DSA, Crypto++ 5.6.2 for DSA2, Crypto++ 6.1 for 2048-bit modulus. template class DSA2 : public DL_SS< @@ -823,12 +859,12 @@ /// \tparam DHAES_MODE flag indicating DHAES mode /// \tparam LABEL_OCTETS flag indicating the label is octet count /// \details DL_EncryptionAlgorithm_Xor is based on an early P1363 draft, which itself appears to be based on an -/// early Certicom SEC-1 draft (or an early SEC-1 draft was based on a P1363 draft). Crypto++ 4.2 used it in its Integrated -/// Ecryption Schemes with NoCofactorMultiplication, DHAES_MODE=false and LABEL_OCTETS=true. +/// early Certicom SEC-1 draft (or an early SEC-1 draft was based on a P1363 draft). Crypto++ 4.2 used it in its Integrated +/// Ecryption Schemes with NoCofactorMultiplication, DHAES_MODE=false and LABEL_OCTETS=true. /// \details If you need this method for Crypto++ 4.2 compatibility, then use the ECIES template class with -/// NoCofactorMultiplication, DHAES_MODE=false and LABEL_OCTETS=true. +/// NoCofactorMultiplication, DHAES_MODE=false and LABEL_OCTETS=true. /// \details If you need this method for Bouncy Castle 1.54 and Botan 1.11 compatibility, then use the ECIES template class with -/// NoCofactorMultiplication, DHAES_MODE=ture and LABEL_OCTETS=false. +/// NoCofactorMultiplication, DHAES_MODE=ture and LABEL_OCTETS=false. /// \details Bouncy Castle 1.54 and Botan 1.11 compatibility are the default template parameters. /// \since Crypto++ 4.0 template @@ -913,7 +949,11 @@ } }; -/// _ +/// \brief P1363 based Key Derivation Method +/// \tparam T FieldElement type or class +/// \tparam DHAES_MODE flag indicating DHAES mode +/// \tparam KDF key derivation function +/// \details FieldElement T can be Integer, ECP or EC2N. template class DL_KeyDerivationAlgorithm_P1363 : public DL_KeyDerivationAlgorithm { @@ -948,32 +988,32 @@ /// \tparam DHAES_MODE flag indicating if the MAC includes addition context parameters such as the label /// \tparam LABEL_OCTETS flag indicating if the label size is specified in octets or bits /// \details DLIES is an Integer based Integrated Encryption Scheme (IES). The scheme combines a Key Encapsulation Method (KEM) -/// with a Data Encapsulation Method (DEM) and a MAC tag. The scheme is -/// IND-CCA2, which is a strong notion of security. -/// You should prefer an Integrated Encryption Scheme over homegrown schemes. +/// with a Data Encapsulation Method (DEM) and a MAC tag. The scheme is +/// IND-CCA2, which is a strong notion of security. +/// You should prefer an Integrated Encryption Scheme over homegrown schemes. /// \details The library's original implementation is based on an early P1363 draft, which itself appears to be based on an early Certicom -/// SEC-1 draft (or an early SEC-1 draft was based on a P1363 draft). Crypto++ 4.2 used the early draft in its Integrated Ecryption -/// Schemes with NoCofactorMultiplication, DHAES_MODE=false and LABEL_OCTETS=true. +/// SEC-1 draft (or an early SEC-1 draft was based on a P1363 draft). Crypto++ 4.2 used the early draft in its Integrated Ecryption +/// Schemes with NoCofactorMultiplication, DHAES_MODE=false and LABEL_OCTETS=true. /// \details If you desire an Integrated Encryption Scheme with Crypto++ 4.2 compatibility, then use the DLIES template class with -/// NoCofactorMultiplication, DHAES_MODE=false and LABEL_OCTETS=true. +/// NoCofactorMultiplication, DHAES_MODE=false and LABEL_OCTETS=true. /// \details If you desire an Integrated Encryption Scheme with Bouncy Castle 1.54 and Botan 1.11 compatibility, then use the DLIES -/// template class with NoCofactorMultiplication, DHAES_MODE=true and LABEL_OCTETS=false. +/// template class with NoCofactorMultiplication, DHAES_MODE=true and LABEL_OCTETS=false. /// \details The default template parameters ensure compatibility with Bouncy Castle 1.54 and Botan 1.11. The combination of -/// IncompatibleCofactorMultiplication and DHAES_MODE=true is recommended for best efficiency and security. -/// SHA1 is used for compatibility reasons, but it can be changed if desired. SHA-256 or another hash will likely improve the -/// security provided by the MAC. The hash is also used in the key derivation function as a PRF. +/// IncompatibleCofactorMultiplication and DHAES_MODE=true is recommended for best efficiency and security. +/// SHA1 is used for compatibility reasons, but it can be changed if desired. SHA-256 or another hash will likely improve the +/// security provided by the MAC. The hash is also used in the key derivation function as a PRF. /// \details Below is an example of constructing a Crypto++ 4.2 compatible DLIES encryptor and decryptor. /// 
-///     AutoSeededRandomPool prng;
-///     DL_PrivateKey_GFP key;
-///     key.Initialize(prng, 2048);
+///    AutoSeededRandomPool prng;
+///    DL_PrivateKey_GFP key;
+///    key.Initialize(prng, 2048);
 ///
-///     DLIES::Decryptor decryptor(key);
-///     DLIES::Encryptor encryptor(decryptor);
+///    DLIES::Decryptor decryptor(key);
+///    DLIES::Encryptor encryptor(decryptor);
 ///
/// \sa ECIES, Discrete Log Integrated Encryption Scheme (DLIES), -/// Martínez, Encinas, and Ãvila's A Survey of the Elliptic -/// Curve Integrated Encryption Schemes +/// Martínez, Encinas, and Ãvila's A Survey of the Elliptic +/// Curve Integrated Encryption Schemes /// \since Crypto++ 4.0, Crypto++ 5.7 for Bouncy Castle and Botan compatibility template struct DLIES diff -Nru libcrypto++-8.4.0/GNUmakefile libcrypto++-8.6.0/GNUmakefile --- libcrypto++-8.4.0/GNUmakefile 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/GNUmakefile 2021-09-24 11:48:47.000000000 +0000 @@ -62,7 +62,7 @@ IS_PPC64 := $(shell echo "$(HOSTX)" | $(GREP) -i -c -E 'ppc64|powerpc64|power64') IS_SPARC32 := $(shell echo "$(HOSTX)" | $(GREP) -v "64" | $(GREP) -i -c -E 'sun|sparc') IS_SPARC64 := $(shell echo "$(HOSTX)" | $(GREP) -i -c -E 'sun|sparc64') -IS_ARM32 := $(shell echo "$(HOSTX)" | $(GREP) -i -c -E 'arm|armhf|armv7|eabihf|armv8') +IS_ARM32 := $(shell echo "$(HOSTX)" | $(GREP) -v "64" | $(GREP) -i -c -E 'arm|armhf|armv7|eabihf|armv8') IS_ARMV8 := $(shell echo "$(HOSTX)" | $(GREP) -i -c -E 'aarch32|aarch64|arm64') # Attempt to determine platform @@ -86,34 +86,17 @@ CLANG_COMPILER := $(shell $(CXX) --version 2>/dev/null | $(GREP) -i -c -E '(llvm|clang)') INTEL_COMPILER := $(shell $(CXX) --version 2>/dev/null | $(GREP) -i -c '\(icc\)') -# Various Port compilers on OS X -MACPORTS_COMPILER := $(shell $(CXX) --version 2>/dev/null | $(GREP) -i -c "macports") -HOMEBREW_COMPILER := $(shell $(CXX) --version 2>/dev/null | $(GREP) -i -c "homebrew") -ifeq ($(IS_DARWIN),1) - ifneq ($(MACPORTS_COMPILER)$(HOMEBREW_COMPILER),00) - OSXPORT_COMPILER := 1 - endif -endif - # Enable shared object versioning for Linux and Solaris HAS_SOLIB_VERSION ?= 0 ifneq ($(IS_LINUX)$(IS_HURD)$(IS_SUN),000) HAS_SOLIB_VERSION := 1 endif -# Formely adhoc.cpp was created from adhoc.cpp.proto when needed. +# Formerly adhoc.cpp was created from adhoc.cpp.proto when needed. ifeq ($(wildcard adhoc.cpp),) $(shell cp adhoc.cpp.proto adhoc.cpp) endif -# Tell MacPorts and Homebrew GCC to use Clang integrated assembler (only on Intel-based Macs) -# http://github.com/weidai11/cryptopp/issues/190 -ifeq ($(GCC_COMPILER)$(OSXPORT_COMPILER)$(IS_PPC32)$(IS_PPC64),1100) - ifeq ($(findstring -Wa,-q,$(CXXFLAGS)),) - CRYPTOPP_CXXFLAGS += -Wa,-q - endif -endif - # Hack to skip CPU feature tests for some recipes DETECT_FEATURES ?= 1 ifeq ($(findstring -DCRYPTOPP_DISABLE_ASM,$(CXXFLAGS)),-DCRYPTOPP_DISABLE_ASM) @@ -122,26 +105,29 @@ DETECT_FEATURES := 0 else ifeq ($(findstring distclean,$(MAKECMDGOALS)),distclean) DETECT_FEATURES := 0 -else ifeq ($(findstring distclean,$(MAKECMDGOALS)),trim) +else ifeq ($(findstring trim,$(MAKECMDGOALS)),trim) + DETECT_FEATURES := 0 +else ifeq ($(findstring zip,$(MAKECMDGOALS)),zip) DETECT_FEATURES := 0 endif # Strip out -Wall, -Wextra and friends for feature testing. FORTIFY_SOURCE is removed # because it requires -O1 or higher, but we use -O0 to tame the optimizer. -ifeq ($(DETECT_FEATURES),1) - TCXXFLAGS := $(filter-out -D_FORTIFY_SOURCE=% -M -MM -Wall -Wextra -Werror% -Wunused -Wconversion -Wp%, $(CXXFLAGS)) - ifneq ($(strip $(TCXXFLAGS)),) - $(info Using testing flags: $(TCXXFLAGS)) - endif - #TPROG = TestPrograms/test_cxx.cxx - #$(info Testing compile... ) - #$(info $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 1>/dev/null)) +# Always print testing flags since some tests always happen, like 64-bit. +TCXXFLAGS := $(filter-out -D_FORTIFY_SOURCE=% -M -MM -Wall -Wextra -Werror% -Wunused -Wconversion -Wp%, $(CPPFLAGS) $(CXXFLAGS)) +ifneq ($(strip $(TCXXFLAGS)),) + $(info Using testing flags: $(TCXXFLAGS)) endif +# TCOMMAND is used for just about all tests. Make will lazy-evaluate +# the variables when executed by $(shell $(TCOMMAND) ...). +TCOMMAND = $(CXX) $(TCXXFLAGS) $(TEXTRA) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) + # Fixup AIX ifeq ($(IS_AIX),1) - TPROG = TestPrograms/test_64bit.cxx - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + TPROG = TestPrograms/test_64bit.cpp + TOPT = + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) IS_PPC64=1 else @@ -149,15 +135,8 @@ endif endif -# libc++ is LLVM's standard C++ library. If we add libc++ -# here then all user programs must use it too. The open -# question is, which choice is easier on users? -ifneq ($(IS_DARWIN),0) - CXX ?= c++ - # CRYPTOPP_CXXFLAGS += -stdlib=libc++ - AR = libtool - ARFLAGS = -static -o -endif +# Uncomment for debugging +# $(info Here's what we found... IS_X86: $(IS_X86), IS_X64: $(IS_X64), IS_ARM32: $(IS_ARM32), IS_ARMV8: $(IS_ARMV8)) ########################################################### ##### General Variables ##### @@ -188,31 +167,31 @@ # http://www.gnu.org/prep/standards/html_node/Directory-Variables.html ifeq ($(PREFIX),) -PREFIX = /usr/local -PC_PREFIX = /usr/local + PREFIX = /usr/local + PC_PREFIX = /usr/local else -PC_PREFIX = $(PREFIX) + PC_PREFIX = $(PREFIX) endif ifeq ($(LIBDIR),) -LIBDIR := $(PREFIX)/lib -PC_LIBDIR = $${prefix}/lib + LIBDIR := $(PREFIX)/lib + PC_LIBDIR = $${prefix}/lib else -PC_LIBDIR = $(LIBDIR) + PC_LIBDIR = $(LIBDIR) endif ifeq ($(DATADIR),) -DATADIR := $(PREFIX)/share -PC_DATADIR = $${prefix}/share + DATADIR := $(PREFIX)/share + PC_DATADIR = $${prefix}/share else -PC_DATADIR = $(DATADIR) + PC_DATADIR = $(DATADIR) endif ifeq ($(INCLUDEDIR),) -INCLUDEDIR := $(PREFIX)/include -PC_INCLUDEDIR = $${prefix}/include + INCLUDEDIR := $(PREFIX)/include + PC_INCLUDEDIR = $${prefix}/include else -PC_INCLUDEDIR = $(INCLUDEDIR) + PC_INCLUDEDIR = $(INCLUDEDIR) endif ifeq ($(BINDIR),) -BINDIR := $(PREFIX)/bin + BINDIR := $(PREFIX)/bin endif # We honor ARFLAGS, but the "v" option used by default causes a noisy make @@ -235,8 +214,9 @@ endif # IS_MINGW # Newlib needs _XOPEN_SOURCE=600 for signals -TPROG = TestPrograms/test_newlib.cxx -HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) +TPROG = TestPrograms/test_newlib.cpp +TOPT = +HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) ifeq ($(findstring -D_XOPEN_SOURCE,$(CXXFLAGS)),) CRYPTOPP_CXXFLAGS += -D_XOPEN_SOURCE=600 @@ -274,159 +254,194 @@ SHANI_FLAG = -msha endif - TPROG = TestPrograms/test_x86_sse2.cxx + # Tell MacPorts and Homebrew GCC to use Clang integrated assembler + # Intel-based Macs. http://github.com/weidai11/cryptopp/issues/190 + ifneq ($(IS_DARWIN),0) + ifeq ($(findstring -Wa,-q,$(CXXFLAGS)),) + TPROG = TestPrograms/test_cxx.cpp + TOPT = -Wa,-q + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) + ifeq ($(strip $(HAVE_OPT)),0) + TEXTRA += -Wa,-q + CRYPTOPP_CXXFLAGS += -Wa,-q + endif + endif + endif + + TPROG = TestPrograms/test_x86_sse2.cpp TOPT = $(SSE2_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) CHACHA_FLAG = $(SSE2_FLAG) SUN_LDFLAGS += $(SSE2_FLAG) else + # Make does not have useful debugging facilities. Show the user + # what happened by compiling again without the pipe. + $(info Running make again to see what failed) + $(info $(shell $(TCOMMAND))) SSE2_FLAG = endif - TPROG = TestPrograms/test_x86_ssse3.cxx - TOPT = $(SSSE3_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) - ifeq ($(strip $(HAVE_OPT)),0) - ARIA_FLAG = $(SSSE3_FLAG) - CHAM_FLAG = $(SSSE3_FLAG) - KECCAK_FLAG = $(SSSE3_FLAG) - LEA_FLAG = $(SSSE3_FLAG) - SIMON128_FLAG = $(SSSE3_FLAG) - SPECK128_FLAG = $(SSSE3_FLAG) - SUN_LDFLAGS += $(SSSE3_FLAG) - else - SSSE3_FLAG = + ifeq ($(SSE2_FLAG),) + CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_ASM endif - TPROG = TestPrograms/test_x86_sse41.cxx - TOPT = $(SSE41_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) - ifeq ($(strip $(HAVE_OPT)),0) - BLAKE2B_FLAG = $(SSE41_FLAG) - BLAKE2S_FLAG = $(SSE41_FLAG) - SUN_LDFLAGS += $(SSE41_FLAG) - else - SSE41_FLAG = - endif + # Need SSE2 or higher for these tests + ifneq ($(SSE2_FLAG),) - TPROG = TestPrograms/test_x86_sse42.cxx - TOPT = $(SSE42_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) - ifeq ($(strip $(HAVE_OPT)),0) - CRC_FLAG = $(SSE42_FLAG) - SUN_LDFLAGS += $(SSE42_FLAG) - else - SSE42_FLAG = - endif + TPROG = TestPrograms/test_x86_ssse3.cpp + TOPT = $(SSSE3_FLAG) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) + ifeq ($(strip $(HAVE_OPT)),0) + ARIA_FLAG = $(SSSE3_FLAG) + CHAM_FLAG = $(SSSE3_FLAG) + KECCAK_FLAG = $(SSSE3_FLAG) + LEA_FLAG = $(SSSE3_FLAG) + LSH256_FLAG = $(SSSE3_FLAG) + LSH512_FLAG = $(SSSE3_FLAG) + SIMON128_FLAG = $(SSSE3_FLAG) + SPECK128_FLAG = $(SSSE3_FLAG) + SUN_LDFLAGS += $(SSSE3_FLAG) + else + SSSE3_FLAG = + endif - TPROG = TestPrograms/test_x86_clmul.cxx - TOPT = $(CLMUL_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) - ifeq ($(strip $(HAVE_OPT)),0) - GCM_FLAG = $(SSSE3_FLAG) $(CLMUL_FLAG) - GF2N_FLAG = $(CLMUL_FLAG) - SUN_LDFLAGS += $(CLMUL_FLAG) - else - CLMUL_FLAG = - endif + # The first Apple MacBooks were Core2's with SSE4.1 + ifneq ($(IS_DARWIN),0) + # Add SSE2 algo's here as required + # They get a free upgrade + endif - TPROG = TestPrograms/test_x86_aes.cxx - TOPT = $(AESNI_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) - ifeq ($(strip $(HAVE_OPT)),0) - AES_FLAG = $(SSE41_FLAG) $(AESNI_FLAG) - SM4_FLAG = $(SSSE3_FLAG) $(AESNI_FLAG) - SUN_LDFLAGS += $(AESNI_FLAG) - else - AESNI_FLAG = - endif + TPROG = TestPrograms/test_x86_sse41.cpp + TOPT = $(SSE41_FLAG) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) + ifeq ($(strip $(HAVE_OPT)),0) + BLAKE2B_FLAG = $(SSE41_FLAG) + BLAKE2S_FLAG = $(SSE41_FLAG) + SUN_LDFLAGS += $(SSE41_FLAG) + else + SSE41_FLAG = + endif - TPROG = TestPrograms/test_x86_avx.cxx - TOPT = $(AVX_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) - ifeq ($(strip $(HAVE_OPT)),0) - # XXX_FLAG = $(AVX_FLAG) - SUN_LDFLAGS += $(AVX_FLAG) - else - AVX_FLAG = - endif + TPROG = TestPrograms/test_x86_sse42.cpp + TOPT = $(SSE42_FLAG) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) + ifeq ($(strip $(HAVE_OPT)),0) + CRC_FLAG = $(SSE42_FLAG) + SUN_LDFLAGS += $(SSE42_FLAG) + else + SSE42_FLAG = + endif - TPROG = TestPrograms/test_x86_avx2.cxx - TOPT = $(AVX2_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) - ifeq ($(strip $(HAVE_OPT)),0) - CHACHA_AVX2_FLAG = $(AVX2_FLAG) - SUN_LDFLAGS += $(AVX2_FLAG) - else - AVX2_FLAG = - endif + TPROG = TestPrograms/test_x86_clmul.cpp + TOPT = $(CLMUL_FLAG) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) + ifeq ($(strip $(HAVE_OPT)),0) + GCM_FLAG = $(SSSE3_FLAG) $(CLMUL_FLAG) + GF2N_FLAG = $(CLMUL_FLAG) + SUN_LDFLAGS += $(CLMUL_FLAG) + else + CLMUL_FLAG = + endif - TPROG = TestPrograms/test_x86_sha.cxx - TOPT = $(SHANI_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) - ifeq ($(strip $(HAVE_OPT)),0) - SHA_FLAG = $(SSE42_FLAG) $(SHANI_FLAG) - SUN_LDFLAGS += $(SHANI_FLAG) - else - SHANI_FLAG = - endif + TPROG = TestPrograms/test_x86_aes.cpp + TOPT = $(AESNI_FLAG) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) + ifeq ($(strip $(HAVE_OPT)),0) + AES_FLAG = $(SSE41_FLAG) $(AESNI_FLAG) + SM4_FLAG = $(SSSE3_FLAG) $(AESNI_FLAG) + SUN_LDFLAGS += $(AESNI_FLAG) + else + AESNI_FLAG = + endif - ifeq ($(SUN_COMPILER),1) - CRYPTOPP_LDFLAGS += $(SUN_LDFLAGS) - endif + TPROG = TestPrograms/test_x86_avx.cpp + TOPT = $(AVX_FLAG) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) + ifeq ($(strip $(HAVE_OPT)),0) + # XXX_FLAG = $(AVX_FLAG) + SUN_LDFLAGS += $(AVX_FLAG) + else + AVX_FLAG = + endif - ifeq ($(SSE2_FLAG),) - CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_ASM - else ifeq ($(SSE3_FLAG),) - CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_SSE3 - else ifeq ($(SSSE3_FLAG),) - CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_SSSE3 - else ifeq ($(SSE41_FLAG),) - CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_SSE4 - else ifeq ($(SSE42_FLAG),) - CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_SSE4 - endif + TPROG = TestPrograms/test_x86_avx2.cpp + TOPT = $(AVX2_FLAG) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) + ifeq ($(strip $(HAVE_OPT)),0) + CHACHA_AVX2_FLAG = $(AVX2_FLAG) + LSH256_AVX2_FLAG = $(AVX2_FLAG) + LSH512_AVX2_FLAG = $(AVX2_FLAG) + SUN_LDFLAGS += $(AVX2_FLAG) + else + AVX2_FLAG = + endif - ifneq ($(SSE42_FLAG),) + TPROG = TestPrograms/test_x86_sha.cpp + TOPT = $(SHANI_FLAG) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) + ifeq ($(strip $(HAVE_OPT)),0) + SHA_FLAG = $(SSE42_FLAG) $(SHANI_FLAG) + SUN_LDFLAGS += $(SHANI_FLAG) + else + SHANI_FLAG = + endif - # Unusual GCC/Clang on Macports. It assembles AES, but not CLMUL. - # test_x86_clmul.s:15: no such instruction: 'pclmulqdq $0, %xmm1,%xmm0' - ifeq ($(CLMUL_FLAG),) - CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_CLMUL + ifeq ($(SUN_COMPILER),1) + CRYPTOPP_LDFLAGS += $(SUN_LDFLAGS) endif - ifeq ($(AESNI_FLAG),) - CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_AESNI + + ifeq ($(SSE3_FLAG),) + CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_SSE3 + else ifeq ($(SSSE3_FLAG),) + CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_SSSE3 + else ifeq ($(SSE41_FLAG),) + CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_SSE4 + else ifeq ($(SSE42_FLAG),) + CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_SSE4 endif - ifeq ($(AVX_FLAG),) - CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_AVX - else ifeq ($(AVX2_FLAG),) - CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_AVX2 - else ifeq ($(SHANI_FLAG),) - CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_SHANI + ifneq ($(SSE42_FLAG),) + # Unusual GCC/Clang on Macports. It assembles AES, but not CLMUL. + # test_x86_clmul.s:15: no such instruction: 'pclmulqdq $0, %xmm1,%xmm0' + ifeq ($(CLMUL_FLAG),) + CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_CLMUL + endif + ifeq ($(AESNI_FLAG),) + CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_AESNI + endif + + ifeq ($(AVX_FLAG),) + CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_AVX + else ifeq ($(AVX2_FLAG),) + CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_AVX2 + endif + # SHANI independent of AVX per GH #1045 + ifeq ($(SHANI_FLAG),) + CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_SHANI + endif endif - endif - # Drop to SSE2 if available - ifeq ($(GCM_FLAG),) - ifneq ($(SSE2_FLAG),) + # Drop to SSE2 if available + ifeq ($(GCM_FLAG),) GCM_FLAG = $(SSE2_FLAG) endif - endif - # Most Clang cannot handle mixed asm with positional arguments, where the - # body is Intel style with no prefix and the templates are AT&T style. - # Also see https://bugs.llvm.org/show_bug.cgi?id=39895 . - - # CRYPTOPP_DISABLE_MIXED_ASM is now being added in config_asm.h for all - # Clang compilers. This test will need to be re-enabled if Clang fixes it. - #TPROG = TestPrograms/test_asm_mixed.cxx - #HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) - #ifneq ($(strip $(HAVE_OPT)),0) - # CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_MIXED_ASM - #endif + # Most Clang cannot handle mixed asm with positional arguments, where the + # body is Intel style with no prefix and the templates are AT&T style. + # Also see https://bugs.llvm.org/show_bug.cgi?id=39895 . + + # CRYPTOPP_DISABLE_MIXED_ASM is now being added in config_asm.h for all + # Clang compilers. This test will need to be re-enabled if Clang fixes it. + #TPROG = TestPrograms/test_asm_mixed.cpp + #TOPT = + #HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) + #ifneq ($(strip $(HAVE_OPT)),0) + # CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_MIXED_ASM + #endif + # SSE2_FLAGS + endif # DETECT_FEATURES endif @@ -461,32 +476,37 @@ ifeq ($(DETECT_FEATURES),1) # Clang needs an option to include - TPROG = TestPrograms/test_arm_neon_header.cxx - TOPT = -march=armv7-a -mfpu=neon - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + TPROG = TestPrograms/test_arm_neon_header.cpp + TOPT = -DCRYPTOPP_ARM_NEON_HEADER=1 -march=armv7-a -mfpu=neon + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) - THEADER += -DCRYPTOPP_ARM_NEON_HEADER=1 + TEXTRA += -DCRYPTOPP_ARM_NEON_HEADER=1 endif - TPROG = TestPrograms/test_arm_neon.cxx + TPROG = TestPrograms/test_arm_neon.cpp TOPT = -march=armv7-a -mfpu=neon - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(THEADER) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) NEON_FLAG = -march=armv7-a -mfpu=neon ARIA_FLAG = -march=armv7-a -mfpu=neon - AES_FLAG = -march=armv7-a -mfpu=neon - CRC_FLAG = -march=armv7-a -mfpu=neon GCM_FLAG = -march=armv7-a -mfpu=neon BLAKE2B_FLAG = -march=armv7-a -mfpu=neon BLAKE2S_FLAG = -march=armv7-a -mfpu=neon CHACHA_FLAG = -march=armv7-a -mfpu=neon CHAM_FLAG = -march=armv7-a -mfpu=neon LEA_FLAG = -march=armv7-a -mfpu=neon - SHA_FLAG = -march=armv7-a -mfpu=neon SIMON128_FLAG = -march=armv7-a -mfpu=neon SPECK128_FLAG = -march=armv7-a -mfpu=neon SM4_FLAG = -march=armv7-a -mfpu=neon else + # Make does not have useful debugging facilities. Show the user + # what happened by compiling again without the pipe. + $(info Running make again to see what failed) + $(info $(shell $(TCOMMAND))) + NEON_FLAG = + endif + + ifeq ($(NEON_FLAG),) CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_ASM endif @@ -502,23 +522,23 @@ ifneq ($(IS_ARMV8),0) ifeq ($(DETECT_FEATURES),1) - TPROG = TestPrograms/test_arm_neon_header.cxx - TOPT = - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + TPROG = TestPrograms/test_arm_neon_header.cpp + TOPT = -DCRYPTOPP_ARM_NEON_HEADER=1 + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) - THEADER += -DCRYPTOPP_ARM_NEON_HEADER=1 + TEXTRA += -DCRYPTOPP_ARM_NEON_HEADER=1 endif - TPROG = TestPrograms/test_arm_acle_header.cxx - TOPT = -march=armv8-a - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + TPROG = TestPrograms/test_arm_acle_header.cpp + TOPT = -DCRYPTOPP_ARM_ACLE_HEADER=1 -march=armv8-a + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) - THEADER += -DCRYPTOPP_ARM_ACLE_HEADER=1 + TEXTRA += -DCRYPTOPP_ARM_ACLE_HEADER=1 endif - TPROG = TestPrograms/test_arm_asimd.cxx + TPROG = TestPrograms/test_arm_asimd.cpp TOPT = -march=armv8-a - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(THEADER) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) ASIMD_FLAG = -march=armv8-a ARIA_FLAG = -march=armv8-a @@ -532,31 +552,39 @@ SPECK128_FLAG = -march=armv8-a SM4_FLAG = -march=armv8-a else + # Make does not have useful debugging facilities. Show the user + # what happened by compiling again without the pipe. + $(info Running make again to see what failed) + $(info $(shell $(TCOMMAND))) + ASIMD_FLAG = + endif + + ifeq ($(ASIMD_FLAG),) CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_ASM endif ifneq ($(ASIMD_FLAG),) - TPROG = TestPrograms/test_arm_crc.cxx + TPROG = TestPrograms/test_arm_crc.cpp TOPT = -march=armv8-a+crc - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(THEADER) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) CRC_FLAG = -march=armv8-a+crc else CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_ARM_CRC32 endif - TPROG = TestPrograms/test_arm_aes.cxx + TPROG = TestPrograms/test_arm_aes.cpp TOPT = -march=armv8-a+crypto - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(THEADER) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) AES_FLAG = -march=armv8-a+crypto else CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_ARM_AES endif - TPROG = TestPrograms/test_arm_pmull.cxx + TPROG = TestPrograms/test_arm_pmull.cpp TOPT = -march=armv8-a+crypto - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(THEADER) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) GCM_FLAG = -march=armv8-a+crypto GF2N_FLAG = -march=armv8-a+crypto @@ -564,49 +592,49 @@ CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_ARM_PMULL endif - TPROG = TestPrograms/test_arm_sha1.cxx + TPROG = TestPrograms/test_arm_sha1.cpp TOPT = -march=armv8-a+crypto - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(THEADER) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) SHA_FLAG = -march=armv8-a+crypto else CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_ARM_SHA1 endif - TPROG = TestPrograms/test_arm_sha256.cxx + TPROG = TestPrograms/test_arm_sha256.cpp TOPT = -march=armv8-a+crypto - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(THEADER) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) SHA_FLAG = -march=armv8-a+crypto else CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_ARM_SHA2 endif - TPROG = TestPrograms/test_arm_sm3.cxx - TOPT = -march=armv8.4-a+crypto - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(THEADER) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + TPROG = TestPrograms/test_arm_sm3.cpp + TOPT = -march=armv8.4-a+sm3 + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) - SM3_FLAG = -march=armv8.4-a+crypto - SM4_FLAG = -march=armv8.4-a+crypto + SM3_FLAG = -march=armv8.4-a+sm3 + SM4_FLAG = -march=armv8.4-a+sm3 else #CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_ARM_SM3 #CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_ARM_SM4 endif - TPROG = TestPrograms/test_arm_sha3.cxx - TOPT = -march=armv8.4-a+crypto - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(THEADER) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + TPROG = TestPrograms/test_arm_sha3.cpp + TOPT = -march=armv8.4-a+sha3 + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) - SHA3_FLAG = -march=armv8.4-a+crypto + SHA3_FLAG = -march=armv8.4-a+sha3 else #CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_ARM_SHA3 endif - TPROG = TestPrograms/test_arm_sha512.cxx - TOPT = -march=armv8.4-a+crypto - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(THEADER) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + TPROG = TestPrograms/test_arm_sha512.cpp + TOPT = -march=armv8.4-a+sha512 + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) - SHA512_FLAG = -march=armv8.4-a+crypto + SHA512_FLAG = -march=armv8.4-a+sha512 else #CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_ARM_SHA512 endif @@ -662,9 +690,9 @@ # XLC with LLVM front-ends failed to define XLC defines. #ifeq ($(findstring -qxlcompatmacros,$(CXXFLAGS)),) - # TPROG = TestPrograms/test_ppc_altivec.cxx + # TPROG = TestPrograms/test_ppc_altivec.cpp # TOPT = -qxlcompatmacros - # HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + # HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) # ifeq ($(strip $(HAVE_OPT)),0) # CRYPTOPP_CXXFLAGS += -qxlcompatmacros # endif @@ -673,9 +701,9 @@ ##################################################################### # Looking for a POWER9 option - #TPROG = TestPrograms/test_ppc_power9.cxx + #TPROG = TestPrograms/test_ppc_power9.cpp #TOPT = $(POWER9_FLAG) - #HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + #HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) #ifeq ($(strip $(HAVE_OPT)),0) # DARN_FLAG = $(POWER9_FLAG) #else @@ -685,9 +713,9 @@ ##################################################################### # Looking for a POWER8 option - TPROG = TestPrograms/test_ppc_power8.cxx + TPROG = TestPrograms/test_ppc_power8.cpp TOPT = $(POWER8_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) AES_FLAG = $(POWER8_FLAG) BLAKE2B_FLAG = $(POWER8_FLAG) @@ -707,15 +735,15 @@ # GCC needs -mvsx for Power7 to enable 64-bit vector elements. # XLC provides 64-bit vector elements without an option. - TPROG = TestPrograms/test_ppc_power7.cxx + TPROG = TestPrograms/test_ppc_power7.cpp TOPT = $(POWER7_VSX_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) POWER7_FLAG = $(POWER7_VSX_FLAG) else - TPROG = TestPrograms/test_ppc_power7.cxx + TPROG = TestPrograms/test_ppc_power7.cpp TOPT = $(POWER7_PWR_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) POWER7_FLAG = $(POWER7_PWR_FLAG) else @@ -726,12 +754,16 @@ ##################################################################### # Looking for an Altivec option - TPROG = TestPrograms/test_ppc_altivec.cxx + TPROG = TestPrograms/test_ppc_altivec.cpp TOPT = $(ALTIVEC_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) ALTIVEC_FLAG := $(ALTIVEC_FLAG) else + # Make does not have useful debugging facilities. Show the user + # what happened by compiling again without the pipe. + $(info Running make again to see what failed) + $(info $(shell $(TCOMMAND))) ALTIVEC_FLAG = endif @@ -798,18 +830,18 @@ ifeq ($(DETECT_FEATURES),1) ifeq ($(XLC_COMPILER),1) ifeq ($(findstring -qthreaded,$(CXXFLAGS)),) - TPROG = TestPrograms/test_pthreads.cxx + TPROG = TestPrograms/test_pthreads.cpp TOPT = -qthreaded - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) CRYPTOPP_CXXFLAGS += -qthreaded endif # CRYPTOPP_CXXFLAGS endif # qthreaded else ifeq ($(findstring -pthread,$(CXXFLAGS)),) - TPROG = TestPrograms/test_pthreads.cxx + TPROG = TestPrograms/test_pthreads.cpp TOPT = -pthread - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) CRYPTOPP_CXXFLAGS += -pthread endif # CRYPTOPP_CXXFLAGS @@ -833,14 +865,32 @@ # Disable IBM XL C++ "1500-036: (I) The NOSTRICT option (default at OPT(3)) # has the potential to alter the semantics of a program." ifeq ($(XLC_COMPILER),1) - TPROG = TestPrograms/test_cxx.cxx + TPROG = TestPrograms/test_cxx.cpp TOPT = -qsuppress=1500-036 - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) CRYPTOPP_CXXFLAGS += -qsuppress=1500-036 endif # -qsuppress endif # IBM XL C++ compiler +# libc++ is LLVM's standard C++ library. If we add libc++ +# here then all user programs must use it too. The open +# question is, which choice is easier on users? +ifneq ($(IS_DARWIN),0) + CXX ?= c++ + # CRYPTOPP_CXXFLAGS += -stdlib=libc++ + ifeq ($(findstring -fno-common,$(CXXFLAGS)),) + CRYPTOPP_CXXFLAGS += -fno-common + endif + IS_APPLE_LIBTOOL=$(shell libtool -V 2>&1 | $(GREP) -i -c 'Apple') + ifeq ($(IS_APPLE_LIBTOOL),1) + AR = libtool + else + AR = /usr/bin/libtool + endif + ARFLAGS = -static -o +endif + # Add -xregs=no%appl SPARC. SunCC should not use certain registers in library code. # https://docs.oracle.com/cd/E18659_01/html/821-1383/bkamt.html ifneq ($(IS_SPARC32)$(IS_SPARC64),00) @@ -910,9 +960,9 @@ NATIVE_OPT = # Try GCC and compatibles first - TPROG = TestPrograms/test_cxx.cxx + TPROG = TestPrograms/test_cxx.cpp TOPT = -march=native - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) NATIVE_OPT = -march=native endif # NATIVE_OPT @@ -920,7 +970,7 @@ # And tune ifeq ($(NATIVE_OPT),) TOPT = -mtune=native - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) NATIVE_OPT = -mtune=native endif # NATIVE_OPT @@ -929,7 +979,7 @@ # Try SunCC next ifeq ($(NATIVE_OPT),) TOPT = -native - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) NATIVE_OPT = -native endif # NATIVE_OPT @@ -1021,8 +1071,9 @@ # Debug testing on GNU systems. Triggered by -DDEBUG. # Newlib test due to http://sourceware.org/bugzilla/show_bug.cgi?id=20268 ifneq ($(filter -DDEBUG -DDEBUG=1,$(CXXFLAGS)),) - TPROG = TestPrograms/test_cxx.cxx - USING_GLIBCXX := $(shell $(CXX)$(CXXFLAGS) -E $(TPROG) -o $(TOUT) 2>&1 | $(GREP) -i -c "__GLIBCXX__") + TPROG = TestPrograms/test_cxx.cpp + TOPT = + USING_GLIBCXX := $(shell $(CXX)$(CXXFLAGS) -E $(TPROG) -c 2>&1 | $(GREP) -i -c "__GLIBCXX__") ifneq ($(USING_GLIBCXX),0) ifeq ($(HAS_NEWLIB),0) ifeq ($(findstring -D_GLIBCXX_DEBUG,$(CXXFLAGS)),) @@ -1032,9 +1083,9 @@ endif # USING_GLIBCXX ifeq ($(XLC_COMPILER),1) - TPROG = TestPrograms/test_cxx.cxx + TPROG = TestPrograms/test_cxx.cpp TOPT = -qheapdebug -qro - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) CRYPTOPP_CXXFLAGS += -qheapdebug -qro endif # CRYPTOPP_CXXFLAGS @@ -1169,7 +1220,7 @@ DLLTESTOBJS := dlltest.dllonly.o # Clean recipe, Issue 998. Don't filter-out some artifacts from the list of objects -# The *.S is a hack. It makes the ASM appear like C++ so the object files make the CLEAN_OBJS list +# The *.S is a hack. It makes the ASM appear like C++ so the object files make the CLEAN_OBJS list CLEAN_SRCS := $(wildcard *.cpp) $(patsubst %.S,%.cpp,$(wildcard *.S)) CLEAN_OBJS := $(CLEAN_SRCS:.cpp=.o) $(CLEAN_SRCS:.cpp=.import.o) $(CLEAN_SRCS:.cpp=.export.o) @@ -1285,7 +1336,7 @@ -$(RM) adhoc.cpp.o adhoc.cpp.proto.o $(CLEAN_OBJS) rdrand-*.o @-$(RM) libcryptopp.a libcryptopp.dylib cryptopp.dll libcryptopp.dll.a libcryptopp.import.a @-$(RM) libcryptopp.so libcryptopp.so$(SOLIB_COMPAT_SUFFIX) libcryptopp.so$(SOLIB_VERSION_SUFFIX) - @-$(RM) cryptest.exe dlltest.exe cryptest.import.exe cryptest.info ct et + @-$(RM) cryptest.exe dlltest.exe cryptest.import.exe cryptest.dat ct et @-$(RM) *.la *.lo *.gcov *.gcno *.gcda *.stackdump core core-* @-$(RM) /tmp/adhoc.exe @-$(RM) -r /tmp/cryptopp_test/ @@ -1313,6 +1364,7 @@ .PHONY: distclean distclean: clean autotools-clean cmake-clean android-clean -$(RM) adhoc.cpp adhoc.cpp.copied GNUmakefile.deps benchmarks.html cryptest.txt + -$(RM) cryptest_all.info cryptest_debug.info cryptest_noasm.info cryptest_base.info cryptest.info cryptest_release.info @-$(RM) cryptest-*.txt cryptopp.tgz libcryptopp.pc *.o *.bc *.ii *~ @-$(RM) -r cryptlib.lib cryptest.exe *.suo *.sdf *.pdb Win32/ x64/ ipch/ @-$(RM) -r $(LIBOBJS:.o=.obj) $(TESTOBJS:.o=.obj) @@ -1326,13 +1378,13 @@ install: cryptest.exe install-lib @-$(MKDIR) $(DESTDIR)$(BINDIR) $(CP) cryptest.exe $(DESTDIR)$(BINDIR) - $(CHMOD) 0755 $(DESTDIR)$(BINDIR)/cryptest.exe + $(CHMOD) u=rwx,go=rx $(DESTDIR)$(BINDIR)/cryptest.exe @-$(MKDIR) $(DESTDIR)$(DATADIR)/cryptopp/TestData @-$(MKDIR) $(DESTDIR)$(DATADIR)/cryptopp/TestVectors $(CP) TestData/*.dat $(DESTDIR)$(DATADIR)/cryptopp/TestData - $(CHMOD) 0644 $(DESTDIR)$(DATADIR)/cryptopp/TestData/*.dat + $(CHMOD) u=rw,go=r $(DESTDIR)$(DATADIR)/cryptopp/TestData/*.dat $(CP) TestVectors/*.txt $(DESTDIR)$(DATADIR)/cryptopp/TestVectors - $(CHMOD) 0644 $(DESTDIR)$(DATADIR)/cryptopp/TestVectors/*.txt + $(CHMOD) u=rw,go=r $(DESTDIR)$(DATADIR)/cryptopp/TestVectors/*.txt # A recipe to install only the library, and not cryptest.exe. Also # see https://github.com/weidai11/cryptopp/issues/653. Some users @@ -1342,22 +1394,22 @@ install-lib: @-$(MKDIR) $(DESTDIR)$(INCLUDEDIR)/cryptopp $(CP) *.h $(DESTDIR)$(INCLUDEDIR)/cryptopp - $(CHMOD) 0644 $(DESTDIR)$(INCLUDEDIR)/cryptopp/*.h + $(CHMOD) u=rw,go=r $(DESTDIR)$(INCLUDEDIR)/cryptopp/*.h ifneq ($(wildcard libcryptopp.a),) @-$(MKDIR) $(DESTDIR)$(LIBDIR) $(CP) libcryptopp.a $(DESTDIR)$(LIBDIR) - $(CHMOD) 0644 $(DESTDIR)$(LIBDIR)/libcryptopp.a + $(CHMOD) u=rw,go=r $(DESTDIR)$(LIBDIR)/libcryptopp.a endif ifneq ($(wildcard libcryptopp.dylib),) @-$(MKDIR) $(DESTDIR)$(LIBDIR) $(CP) libcryptopp.dylib $(DESTDIR)$(LIBDIR) - $(CHMOD) 0755 $(DESTDIR)$(LIBDIR)/libcryptopp.dylib + $(CHMOD) u=rwx,go=rx $(DESTDIR)$(LIBDIR)/libcryptopp.dylib -install_name_tool -id $(DESTDIR)$(LIBDIR)/libcryptopp.dylib $(DESTDIR)$(LIBDIR)/libcryptopp.dylib endif ifneq ($(wildcard libcryptopp.so$(SOLIB_VERSION_SUFFIX)),) @-$(MKDIR) $(DESTDIR)$(LIBDIR) $(CP) libcryptopp.so$(SOLIB_VERSION_SUFFIX) $(DESTDIR)$(LIBDIR) - $(CHMOD) 0755 $(DESTDIR)$(LIBDIR)/libcryptopp.so$(SOLIB_VERSION_SUFFIX) + $(CHMOD) u=rwx,go=rx $(DESTDIR)$(LIBDIR)/libcryptopp.so$(SOLIB_VERSION_SUFFIX) ifeq ($(HAS_SOLIB_VERSION),1) -$(LN) libcryptopp.so$(SOLIB_VERSION_SUFFIX) $(DESTDIR)$(LIBDIR)/libcryptopp.so $(LDCONF) $(DESTDIR)$(LIBDIR) @@ -1366,7 +1418,7 @@ ifneq ($(wildcard libcryptopp.pc),) @-$(MKDIR) $(DESTDIR)$(LIBDIR)/pkgconfig $(CP) libcryptopp.pc $(DESTDIR)$(LIBDIR)/pkgconfig - $(CHMOD) 0644 $(DESTDIR)$(LIBDIR)/pkgconfig/libcryptopp.pc + $(CHMOD) u=rw,go=r $(DESTDIR)$(LIBDIR)/pkgconfig/libcryptopp.pc endif .PHONY: remove uninstall @@ -1385,7 +1437,7 @@ @-$(RM) $(DESTDIR)$(LIBDIR)/pkgconfig/libcryptopp.pc @-$(RM) -r $(DESTDIR)$(DATADIR)/cryptopp -libcryptopp.a: $(LIBOBJS) +libcryptopp.a: $(LIBOBJS) | osx_warning $(AR) $(ARFLAGS) $@ $(LIBOBJS) ifeq ($(IS_SUN),0) $(RANLIB) $@ @@ -1407,10 +1459,10 @@ -$(LN) libcryptopp.so$(SOLIB_VERSION_SUFFIX) libcryptopp.so$(SOLIB_COMPAT_SUFFIX) endif -libcryptopp.dylib: $(LIBOBJS) +libcryptopp.dylib: $(LIBOBJS) | osx_warning $(CXX) -dynamiclib -o $@ $(CXXFLAGS) -install_name "$@" -current_version "$(LIB_MAJOR).$(LIB_MINOR).$(LIB_PATCH)" -compatibility_version "$(LIB_MAJOR).$(LIB_MINOR)" -headerpad_max_install_names $(LDFLAGS) $(LIBOBJS) -cryptest.exe: $(LINK_LIBRARY) $(TESTOBJS) +cryptest.exe: $(LINK_LIBRARY) $(TESTOBJS) | osx_warning $(CXX) -o $@ $(CXXFLAGS) $(TESTOBJS) $(LINK_LIBRARY_PATH)$(LINK_LIBRARY) $(LDFLAGS) $(LDLIBS) # Makes it faster to test changes @@ -1437,7 +1489,7 @@ # Some users already have a libcryptopp.pc. We install it if the file # is present. If you want one, then issue 'make libcryptopp.pc'. Be sure # to use/verify PREFIX and LIBDIR below after writing the file. -libcryptopp.pc: +cryptopp.pc libcryptopp.pc: @echo '# Crypto++ package configuration file' > libcryptopp.pc @echo '' >> libcryptopp.pc @echo 'prefix=$(PC_PREFIX)' >> libcryptopp.pc @@ -1447,15 +1499,16 @@ @echo '' >> libcryptopp.pc @echo 'Name: Crypto++' >> libcryptopp.pc @echo 'Description: Crypto++ cryptographic library' >> libcryptopp.pc - @echo 'Version: 8.4' >> libcryptopp.pc + @echo 'Version: 8.6' >> libcryptopp.pc @echo 'URL: https://cryptopp.com/' >> libcryptopp.pc @echo '' >> libcryptopp.pc @echo 'Cflags: -I$${includedir}' >> libcryptopp.pc @echo 'Libs: -L$${libdir} -lcryptopp' >> libcryptopp.pc # This recipe prepares the distro files -TEXT_FILES := *.h *.cpp License.txt Readme.txt Install.txt Filelist.txt Doxyfile cryptest* cryptlib* dlltest* cryptdll* *.sln *.vcxproj *.filters cryptopp.rc TestVectors/*.txt TestData/*.dat TestPrograms/*.cxx TestScripts/*.sh TestScripts/*.cmd -EXEC_FILES := GNUmakefile GNUmakefile-cross TestData/ TestVectors/ TestScripts/ TestPrograms/ +TEXT_FILES := *.h *.cpp *.S GNUmakefile GNUmakefile-cross License.txt Readme.txt Install.txt Filelist.txt Doxyfile cryptest* cryptlib* dlltest* cryptdll* *.sln *.vcxproj *.filters cryptopp.rc TestVectors/*.txt TestData/*.dat TestPrograms/*.cpp +EXEC_FILES := TestScripts/*.sh TestScripts/*.cmd +EXEC_DIRS := TestData/ TestVectors/ TestScripts/ TestPrograms/ ifeq ($(wildcard Filelist.txt),Filelist.txt) DIST_FILES := $(shell cat Filelist.txt) @@ -1466,23 +1519,22 @@ ifneq ($(IS_DARWIN),0) $(SED) -i '' -e's/[[:space:]]*$$//' *.supp *.txt .*.yml *.h *.cpp *.asm *.S $(SED) -i '' -e's/[[:space:]]*$$//' *.sln *.vcxproj *.filters GNUmakefile GNUmakefile-cross - $(SED) -i '' -e's/[[:space:]]*$$//' TestData/*.dat TestVectors/*.txt TestPrograms/*.cxx TestScripts/*.* + $(SED) -i '' -e's/[[:space:]]*$$//' TestData/*.dat TestVectors/*.txt TestPrograms/*.cpp TestScripts/*.* make convert else $(SED) -i -e's/[[:space:]]*$$//' *.supp *.txt .*.yml *.h *.cpp *.asm *.S $(SED) -i -e's/[[:space:]]*$$//' *.sln *.vcxproj *.filters GNUmakefile GNUmakefile-cross - $(SED) -i -e's/[[:space:]]*$$//' TestData/*.dat TestVectors/*.txt TestPrograms/*.cxx TestScripts/*.* + $(SED) -i -e's/[[:space:]]*$$//' TestData/*.dat TestVectors/*.txt TestPrograms/*.cpp TestScripts/*.* make convert endif .PHONY: convert convert: - @-$(CHMOD) 0700 TestVectors/ TestData/ TestPrograms/ TestScripts/ - @-$(CHMOD) 0600 $(TEXT_FILES) *.supp .*.yml *.asm *.zip TestVectors/*.txt TestData/*.dat TestPrograms/*.cxx TestScripts/*.* - @-$(CHMOD) 0700 $(EXEC_FILES) TestScripts/*.sh TestScripts/*.cmd - @-$(CHMOD) 0700 GNUmakefile GNUmakefile-cross TestScripts/*.sh - -unix2dos --keepdate --quiet $(TEXT_FILES) .*.yml *.asm TestScripts/*.* - -dos2unix --keepdate --quiet GNUmakefile* *.supp *.mapfile TestScripts/*.sh + @-$(CHMOD) u=rwx,go=rx $(EXEC_DIRS) + @-$(CHMOD) u=rw,go=r $(TEXT_FILES) *.supp .*.yml *.asm *.zip TestVectors/*.txt TestData/*.dat TestPrograms/*.cpp + @-$(CHMOD) u=rwx,go=rx $(EXEC_FILES) *.sh + -unix2dos --keepdate --quiet $(TEXT_FILES) .*.yml *.asm TestScripts/*.cmd TestScripts/*.txt TestScripts/*.cpp + -dos2unix --keepdate --quiet GNUmakefile GNUmakefile-cross *.sh *.S *.supp *.mapfile TestScripts/*.sh ifneq ($(IS_DARWIN),0) @-xattr -c * endif @@ -1526,9 +1578,12 @@ -include GNUmakefile.deps endif # Dependencies +# A few recipes trigger warnings for -std=c++11 and -stdlib=c++ +NOSTD_CXXFLAGS=$(filter-out -stdlib=%,$(filter-out -std=%,$(CXXFLAGS))) + # Cryptogams ARM asm implementation. AES needs -mthumb for Clang aes_armv4.o : aes_armv4.S - $(CXX) $(strip $(CPPFLAGS) $(CXXFLAGS) $(CRYPTOGAMS_ARMV4_THUMB_FLAG) -c) $< + $(CXX) $(strip $(CPPFLAGS) $(NOSTD_CXXFLAGS) $(CRYPTOGAMS_ARMV4_THUMB_FLAG) -c) $< # SSSE3 or NEON available aria_simd.o : aria_simd.cpp @@ -1582,6 +1637,22 @@ lea_simd.o : lea_simd.cpp $(CXX) $(strip $(CPPFLAGS) $(CXXFLAGS) $(LEA_FLAG) -c) $< +# SSSE3 available +lsh256_sse.o : lsh256_sse.cpp + $(CXX) $(strip $(CPPFLAGS) $(CXXFLAGS) $(LSH256_FLAG) -c) $< + +# AVX2 available +lsh256_avx.o : lsh256_avx.cpp + $(CXX) $(strip $(CPPFLAGS) $(CXXFLAGS) $(LSH256_AVX2_FLAG) -c) $< + +# SSSE3 available +lsh512_sse.o : lsh512_sse.cpp + $(CXX) $(strip $(CPPFLAGS) $(CXXFLAGS) $(LSH512_FLAG) -c) $< + +# AVX2 available +lsh512_avx.o : lsh512_avx.cpp + $(CXX) $(strip $(CPPFLAGS) $(CXXFLAGS) $(LSH512_AVX2_FLAG) -c) $< + # NEON available neon_simd.o : neon_simd.cpp $(CXX) $(strip $(CPPFLAGS) $(CXXFLAGS) $(NEON_FLAG) -c) $< @@ -1612,15 +1683,15 @@ # Cryptogams SHA1 asm implementation. sha1_armv4.o : sha1_armv4.S - $(CXX) $(strip $(CPPFLAGS) $(CXXFLAGS) $(CRYPTOGAMS_ARMV4_FLAG) -c) $< + $(CXX) $(strip $(CPPFLAGS) $(NOSTD_CXXFLAGS) $(CRYPTOGAMS_ARMV4_FLAG) -c) $< # Cryptogams SHA256 asm implementation. sha256_armv4.o : sha256_armv4.S - $(CXX) $(strip $(CPPFLAGS) $(CXXFLAGS) $(CRYPTOGAMS_ARMV4_FLAG) -c) $< + $(CXX) $(strip $(CPPFLAGS) $(NOSTD_CXXFLAGS) $(CRYPTOGAMS_ARMV4_FLAG) -c) $< # Cryptogams SHA512 asm implementation. sha512_armv4.o : sha512_armv4.S - $(CXX) $(strip $(CPPFLAGS) $(CXXFLAGS) $(CRYPTOGAMS_ARMV4_FLAG) -c) $< + $(CXX) $(strip $(CPPFLAGS) $(NOSTD_CXXFLAGS) $(CRYPTOGAMS_ARMV4_FLAG) -c) $< sha3_simd.o : sha3_simd.cpp $(CXX) $(strip $(CPPFLAGS) $(CXXFLAGS) $(SHA3_FLAG) -c) $< @@ -1700,12 +1771,25 @@ .PHONY: so_warning so_warning: ifeq ($(HAS_SOLIB_VERSION),1) + $(info ) $(info WARNING: Only the symlinks to the shared-object library have been updated.) $(info WARNING: If the library is installed in a system directory you will need) $(info WARNING: to run 'ldconfig' to update the shared-object library cache.) $(info ) endif +.PHONY: osx_warning +osx_warning: +ifeq ($(IS_DARWIN)$(CLANG_COMPILER),11) + ifeq ($(findstring -stdlib=libc++,$(CRYPTOPP_CXXFLAGS)$(CXXFLAGS)),) + $(info ) + $(info INFO: Crypto++ was built without LLVM's libc++. If you are using the library) + $(info INFO: with modern Xcode, then you should add -stdlib=libc++ to CXXFLAGS. It is) + $(info INFO: already present in the makefile, and you only need to uncomment it.) + $(info ) + endif +endif + .PHONY: dep deps depend dep deps depend GNUmakefile.deps: $(CXX) $(strip $(CPPFLAGS) $(CXXFLAGS)) -MM *.cpp > GNUmakefile.deps diff -Nru libcrypto++-8.4.0/GNUmakefile-cross libcrypto++-8.6.0/GNUmakefile-cross --- libcrypto++-8.4.0/GNUmakefile-cross 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/GNUmakefile-cross 2021-09-24 11:48:47.000000000 +0000 @@ -5,8 +5,6 @@ # If needed TMPDIR ?= /tmp -# Used for ARMv7a and NEON. Android hard codes softfp -FP_ABI ?= hard # Used for feature tests TOUT ?= a.out TOUT := $(strip $(TOUT)) @@ -17,8 +15,9 @@ LINK_LIBRARY ?= libcryptopp.a LINK_LIBRARY_PATH ?= ./ -# Default CXXFLAGS if none were provided -CXXFLAGS ?= -DNDEBUG -g2 -O3 -fPIC -pipe +# Default FLAGS if none were provided +CPPFLAGS ?= -DNDEBUG +CXXFLAGS ?= -g2 -O3 -fPIC -pipe AR ?= ar ARFLAGS ?= cr @@ -47,11 +46,11 @@ IS_LINUX := $(shell echo $(MACHINEX) | $(GREP) -i -c "Linux") -# Can be used by Android and Embeeded cross-compiles. Disable by default because +# Can be used by Android and Embedded cross-compiles. Disable by default because # Android and embedded users typically don't run this configuration. HAS_SOLIB_VERSION ?= 0 -# Formely adhoc.cpp was created from adhoc.cpp.proto when needed. +# Formerly adhoc.cpp was created from adhoc.cpp.proto when needed. # This is now needed because ISA tests are performed using adhoc.cpp. ifeq ($(wildcard adhoc.cpp),) $(shell cp adhoc.cpp.proto adhoc.cpp) @@ -61,23 +60,21 @@ ##### General Variables ##### ########################################################### -# Default prefix for make install -ifeq ($(PREFIX),) -PREFIX = /usr/local -endif - # http://www.gnu.org/prep/standards/html_node/Directory-Variables.html -ifeq ($(DATADIR),) -DATADIR := $(PREFIX)/share +ifeq ($(PREFIX),) + PREFIX = /usr/local endif ifeq ($(LIBDIR),) -LIBDIR := $(PREFIX)/lib + LIBDIR := $(PREFIX)/lib endif -ifeq ($(BINDIR),) -BINDIR := $(PREFIX)/bin +ifeq ($(DATADIR),) + DATADIR := $(PREFIX)/share endif ifeq ($(INCLUDEDIR),) -INCLUDEDIR := $(PREFIX)/include + INCLUDEDIR := $(PREFIX)/include +endif +ifeq ($(BINDIR),) + BINDIR := $(PREFIX)/bin endif # We honor ARFLAGS, but the "v" option used by default causes a noisy make @@ -85,11 +82,21 @@ ARFLAGS = r endif -# Sadly, we can't actually use GCC_PRAGMA_AWARE because of GCC bug 53431. -# Its a shame because GCC has so much to offer by the way of analysis. -# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53431 -ifneq ($(CLANG_COMPILER),0) - CXXFLAGS += -Wall +########################################################### +##### MacOS ##### +########################################################### + +# MacOS cross-compile configuration. +# See http://www.cryptopp.com/wiki/MacOS_(Command_Line). +ifeq ($(IS_MACOS),1) + # setenv-macos.sh sets CPPFLAGS, CXXFLAGS and LDFLAGS + IS_APPLE_LIBTOOL=$(shell libtool -V 2>&1 | $(GREP) -i -c 'Apple') + ifeq ($(IS_APPLE_LIBTOOL),1) + AR = libtool + else + AR = /usr/bin/libtool + endif + ARFLAGS = -static -o endif ########################################################### @@ -99,9 +106,7 @@ # iOS cross-compile configuration. # See http://www.cryptopp.com/wiki/iOS_(Command_Line). ifeq ($(IS_IOS),1) - CXXFLAGS += $(IOS_CXXFLAGS) -stdlib=libc++ - CXXFLAGS += --sysroot "$(IOS_SYSROOT)" - + # setenv-ios.sh sets CPPFLAGS, CXXFLAGS and LDFLAGS AR = libtool ARFLAGS = -static -o endif @@ -113,9 +118,7 @@ # Android cross-compile configuration. # See http://www.cryptopp.com/wiki/Android_(Command_Line). ifeq ($(IS_ANDROID),1) - CXXFLAGS += $(ANDROID_CXXFLAGS) -D__ANDROID_API__=$(ANDROID_API) - CXXFLAGS += --sysroot=$(ANDROID_SYSROOT) - CXXFLAGS += -Wa,--noexecstack + # setenv-android.sh sets CPPFLAGS, CXXFLAGS and LDFLAGS # Source files copied into PWD for Android cpu-features # setenv-android.sh does the copying. Its a dirty compile. @@ -130,8 +133,7 @@ # See http://www.cryptopp.com/wiki/ARM_Embedded_(Command_Line) # and http://www.cryptopp.com/wiki/ARM_Embedded_(Bare Metal). ifeq ($(IS_ARM_EMBEDDED),1) - # CPP, CXX, AR, RANLIB, LD, etc are set in 'setenv-embedded.sh' - CXXFLAGS += $(ARM_EMBEDDED_FLAGS) --sysroot=$(ARM_EMBEDDED_SYSROOT) + # setenv-android.sh sets CPPFLAGS, CXXFLAGS and LDFLAGS endif ########################################################### @@ -149,13 +151,14 @@ endif # This dance is because Clang reports the host architecture instead -# of the target architecture. Running Clang on an x86_64 machine with -# -arch arm64 yields x86_64 instead of aarch64 or arm64. +# of the target architecture for -dumpmachine. Running Clang on an +# x86_64 machine with -arch arm64 yields x86_64 instead of arm64. ifeq ($(CLANG_COMPILER),1) + # The compiler is either GCC or Clang IS_X86 := $(shell echo $(CXXFLAGS) | $(GREP) -v 64 | $(GREP) -i -c -E 'i.86') IS_X64 := $(shell echo $(CXXFLAGS) | $(GREP) -i -c -E 'x86_64|amd64') - IS_ARM32 := $(shell echo $(CXXFLAGS) | $(GREP) -v 64 | $(GREP) -i -c -E 'arm|armhf|arm7l|eabihf') + IS_ARM32 := $(shell echo $(CXXFLAGS) | $(GREP) -v 64 | $(GREP) -i -c -E 'arm|armhf|arm7l|armeabihf') IS_ARMV8 := $(shell echo $(CXXFLAGS) | $(GREP) -i -c -E 'aarch32|aarch64|arm64|armv8') else IS_X86 := $(shell echo $(HOSTX) | $(GREP) -v 64 | $(GREP) -i -c -E 'i.86') @@ -172,7 +175,8 @@ IS_PPC32 := 0 IS_PPC64 := 0 -$(info Here's what we found... IS_X86: $(IS_X86), IS_X64: $(IS_X64), IS_ARM32: $(IS_ARM32), IS_ARMV8: $(IS_ARMV8)) +# Uncomment for debugging +# $(info Here's what we found... IS_X86: $(IS_X86), IS_X64: $(IS_X64), IS_ARM32: $(IS_ARM32), IS_ARMV8: $(IS_ARMV8)) ########################################################### ##### Test Program ##### @@ -186,26 +190,23 @@ DETECT_FEATURES := 0 else ifeq ($(findstring distclean,$(MAKECMDGOALS)),distclean) DETECT_FEATURES := 0 -else ifeq ($(findstring distclean,$(MAKECMDGOALS)),trim) +else ifeq ($(findstring trim,$(MAKECMDGOALS)),trim) DETECT_FEATURES := 0 -else ifeq ($(IS_IOS),1) +else ifeq ($(findstring zip,$(MAKECMDGOALS)),zip) DETECT_FEATURES := 0 endif # Strip out -Wall, -Wextra and friends for feature testing. FORTIFY_SOURCE is removed # because it requires -O1 or higher, but we use -O0 to tame the optimizer. -ifeq ($(DETECT_FEATURES),1) - TCXXFLAGS := $(filter-out -D_FORTIFY_SOURCE=% -M -MM -Wall -Wextra -Werror% -Wunused -Wconversion -Wp%, $(CXXFLAGS)) - ifneq ($(strip $(TCXXFLAGS)),) - $(info Using testing flags: $(TCXXFLAGS)) - endif - #TPROG = TestPrograms/test_cxx.cxx - #$(info Testing compile... ) - #$(info $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 1>/dev/null)) +# Always print testing flags since some tests always happen, like 64-bit. +TCXXFLAGS := $(filter-out -D_FORTIFY_SOURCE=% -M -MM -Wall -Wextra -Werror% -Wunused -Wconversion -Wp%, $(CPPFLAGS) $(CXXFLAGS)) +ifneq ($(strip $(TCXXFLAGS)),) + $(info Using testing flags: $(TCXXFLAGS)) endif -# For the previous messages -$(info ) +# TCOMMAND is used for just about all tests. Make will lazy-evaluate +# the variables when executed by $(shell $(TCOMMAND) ...). +TCOMMAND = $(CXX) $(TCXXFLAGS) $(TEXTRA) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) ########################################################### ##### X86/X32/X64 Options ##### @@ -225,144 +226,166 @@ AVX2_FLAG = -mavx2 SHANI_FLAG = -msha - TPROG = TestPrograms/test_x86_sse2.cxx + TPROG = TestPrograms/test_x86_sse2.cpp TOPT = $(SSE2_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) CHACHA_FLAG = $(SSE2_FLAG) else + # Make does not have useful debugging facilities. Show the user + # what happened by compiling again without the pipe. + $(info Running make again to see what failed) + $(info $(shell $(TCOMMAND))) SSE2_FLAG = endif - TPROG = TestPrograms/test_x86_ssse3.cxx - TOPT = $(SSSE3_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) - ifeq ($(strip $(HAVE_OPT)),0) - ARIA_FLAG = $(SSSE3_FLAG) - CHAM_FLAG = $(SSSE3_FLAG) - LEA_FLAG = $(SSSE3_FLAG) - SIMON128_FLAG = $(SSSE3_FLAG) - SPECK128_FLAG = $(SSSE3_FLAG) - else - SSSE3_FLAG = - endif - - TPROG = TestPrograms/test_x86_sse41.cxx - TOPT = $(SSE41_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) - ifeq ($(strip $(HAVE_OPT)),0) - BLAKE2B_FLAG = $(SSE41_FLAG) - BLAKE2S_FLAG = $(SSE41_FLAG) - else - SSE41_FLAG = + ifeq ($(SSE2_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_ASM endif - TPROG = TestPrograms/test_x86_sse42.cxx - TOPT = $(SSE42_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) - ifeq ($(strip $(HAVE_OPT)),0) - CRC_FLAG = $(SSE42_FLAG) - else - SSE42_FLAG = - endif + # Need SSE2 or higher for these tests + ifneq ($(SSE2_FLAG),) + TPROG = TestPrograms/test_x86_ssse3.cpp + TOPT = $(SSSE3_FLAG) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) + ifeq ($(strip $(HAVE_OPT)),0) + ARIA_FLAG = $(SSSE3_FLAG) + CHAM_FLAG = $(SSSE3_FLAG) + KECCAK_FLAG = $(SSSE3_FLAG) + LEA_FLAG = $(SSSE3_FLAG) + LSH256_FLAG = $(SSSE3_FLAG) + LSH512_FLAG = $(SSSE3_FLAG) + SIMON128_FLAG = $(SSSE3_FLAG) + SPECK128_FLAG = $(SSSE3_FLAG) + else + SSSE3_FLAG = + endif - TPROG = TestPrograms/test_x86_clmul.cxx - TOPT = $(CLMUL_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) - ifeq ($(strip $(HAVE_OPT)),0) - GCM_FLAG = $(SSSE3_FLAG) $(CLMUL_FLAG) - GF2N_FLAG = $(CLMUL_FLAG) - else - CLMUL_FLAG = - endif + # The first Apple MacBooks were Core2's with SSE4.1 + ifneq ($(IS_DARWIN),0) + # Add SSE2 algo's here as required + # They get a free upgrade + endif - TPROG = TestPrograms/test_x86_aes.cxx - TOPT = $(AESNI_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) - ifeq ($(strip $(HAVE_OPT)),0) - AES_FLAG = $(SSE41_FLAG) $(AESNI_FLAG) - SM4_FLAG = $(SSSE3_FLAG) $(AESNI_FLAG) - else - AESNI_FLAG = - endif + TPROG = TestPrograms/test_x86_sse41.cpp + TOPT = $(SSE41_FLAG) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) + ifeq ($(strip $(HAVE_OPT)),0) + BLAKE2B_FLAG = $(SSE41_FLAG) + BLAKE2S_FLAG = $(SSE41_FLAG) + else + SSE41_FLAG = + endif - TPROG = TestPrograms/test_x86_avx.cxx - TOPT = $(AVX_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) - ifeq ($(strip $(HAVE_OPT)),0) - # XXX_FLAG = $(AVX_FLAG) - else - AVX_FLAG = - endif + TPROG = TestPrograms/test_x86_sse42.cpp + TOPT = $(SSE42_FLAG) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) + ifeq ($(strip $(HAVE_OPT)),0) + CRC_FLAG = $(SSE42_FLAG) + else + SSE42_FLAG = + endif - TPROG = TestPrograms/test_x86_avx2.cxx - TOPT = $(AVX2_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) - ifeq ($(strip $(HAVE_OPT)),0) - CHACHA_AVX2_FLAG = $(AVX2_FLAG) - else - AVX2_FLAG = - endif + TPROG = TestPrograms/test_x86_clmul.cpp + TOPT = $(CLMUL_FLAG) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) + ifeq ($(strip $(HAVE_OPT)),0) + GCM_FLAG = $(SSSE3_FLAG) $(CLMUL_FLAG) + GF2N_FLAG = $(CLMUL_FLAG) + else + CLMUL_FLAG = + endif - TPROG = TestPrograms/test_x86_sha.cxx - TOPT = $(SHANI_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) - ifeq ($(strip $(HAVE_OPT)),0) - SHA_FLAG = $(SSE42_FLAG) $(SHANI_FLAG) - else - SHANI_FLAG = - endif + TPROG = TestPrograms/test_x86_aes.cpp + TOPT = $(AESNI_FLAG) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) + ifeq ($(strip $(HAVE_OPT)),0) + AES_FLAG = $(SSE41_FLAG) $(AESNI_FLAG) + SM4_FLAG = $(SSSE3_FLAG) $(AESNI_FLAG) + else + AESNI_FLAG = + endif - ifeq ($(SSE2_FLAG),) - CXXFLAGS += -DCRYPTOPP_DISABLE_ASM - else ifeq ($(SSE3_FLAG),) - CXXFLAGS += -DCRYPTOPP_DISABLE_SSE3 - else ifeq ($(SSSE3_FLAG),) - CXXFLAGS += -DCRYPTOPP_DISABLE_SSSE3 - else ifeq ($(SSE41_FLAG),) - CXXFLAGS += -DCRYPTOPP_DISABLE_SSE4 - else ifeq ($(SSE42_FLAG),) - CXXFLAGS += -DCRYPTOPP_DISABLE_SSE4 - endif + TPROG = TestPrograms/test_x86_avx.cpp + TOPT = $(AVX_FLAG) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) + ifeq ($(strip $(HAVE_OPT)),0) + # XXX_FLAG = $(AVX_FLAG) + else + AVX_FLAG = + endif - ifneq ($(SSE42_FLAG),) + TPROG = TestPrograms/test_x86_avx2.cpp + TOPT = $(AVX2_FLAG) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) + ifeq ($(strip $(HAVE_OPT)),0) + CHACHA_AVX2_FLAG = $(AVX2_FLAG) + LSH256_AVX2_FLAG = $(AVX2_FLAG) + LSH512_AVX2_FLAG = $(AVX2_FLAG) + else + AVX2_FLAG = + endif - # Unusual GCC/Clang on Macports. It assembles AES, but not CLMUL. - # test_x86_clmul.s:15: no such instruction: 'pclmulqdq $0, %xmm1,%xmm0' - ifeq ($(CLMUL_FLAG),) - CXXFLAGS += -DCRYPTOPP_DISABLE_CLMUL + TPROG = TestPrograms/test_x86_sha.cpp + TOPT = $(SHANI_FLAG) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) + ifeq ($(strip $(HAVE_OPT)),0) + SHA_FLAG = $(SSE42_FLAG) $(SHANI_FLAG) + else + SHANI_FLAG = endif - ifeq ($(AESNI_FLAG),) - CXXFLAGS += -DCRYPTOPP_DISABLE_AESNI + + ifeq ($(SSE3_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_SSE3 + else ifeq ($(SSSE3_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_SSSE3 + else ifeq ($(SSE41_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_SSE4 + else ifeq ($(SSE42_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_SSE4 endif - ifeq ($(AVX_FLAG),) - CXXFLAGS += -DCRYPTOPP_DISABLE_AVX - else ifeq ($(AVX2_FLAG),) - CXXFLAGS += -DCRYPTOPP_DISABLE_AVX2 - else ifeq ($(SHANI_FLAG),) - CXXFLAGS += -DCRYPTOPP_DISABLE_SHANI + ifneq ($(SSE42_FLAG),) + # Unusual GCC/Clang on Macports. It assembles AES, but not CLMUL. + # test_x86_clmul.s:15: no such instruction: 'pclmulqdq $0, %xmm1,%xmm0' + ifeq ($(CLMUL_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_CLMUL + endif + ifeq ($(AESNI_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_AESNI + endif + + ifeq ($(AVX_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_AVX + else ifeq ($(AVX2_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_AVX2 + endif + # SHANI independent of AVX per GH #1045 + ifeq ($(SHANI_FLAG),) + CRYPTOPP_CXXFLAGS += -DCRYPTOPP_DISABLE_SHANI + endif endif - endif - # Drop to SSE2 if available - ifeq ($(GCM_FLAG),) - ifneq ($(SSE2_FLAG),) + # Drop to SSE2 if available + ifeq ($(GCM_FLAG),) GCM_FLAG = $(SSE2_FLAG) endif - endif - # Most Clang cannot handle mixed asm with positional arguments, where the - # body is Intel style with no prefix and the templates are AT&T style. - # Also see https://bugs.llvm.org/show_bug.cgi?id=39895 . - - # CRYPTOPP_DISABLE_MIXED_ASM is now being added in config_asm.h for all - # Clang compilers. This test will need to be re-enabled if Clang fixes it. - #TPROG = TestPrograms/test_asm_mixed.cxx - #HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) - #ifneq ($(strip $(HAVE_OPT)),0) - # CXXFLAGS += -DCRYPTOPP_DISABLE_MIXED_ASM - #endif + # Most Clang cannot handle mixed asm with positional arguments, where the + # body is Intel style with no prefix and the templates are AT&T style. + # Also see https://bugs.llvm.org/show_bug.cgi?id=39895 . + + # CRYPTOPP_DISABLE_MIXED_ASM is now being added in config_asm.h for all + # Clang compilers. This test will need to be re-enabled if Clang fixes it. + #TPROG = TestPrograms/test_asm_mixed.cpp + #TOPT = + #HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) + #ifneq ($(strip $(HAVE_OPT)),0) + # CXXFLAGS += -DCRYPTOPP_DISABLE_MIXED_ASM + #endif + + # SSE2_FLAGS + endif # DETECT_FEATURES endif @@ -379,22 +402,22 @@ # Android needs -c compile flag for NEON. Otherwise there's an odd linker message. ifeq ($(IS_ANDROID),1) - NEON_FLAG = -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=softfp -mfpu=neon + NEON_FLAG = -march=armv7-a -mfpu=vfpv3-d16 -mfpu=neon else - NEON_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon + NEON_FLAG = -march=armv7-a -mfpu=neon endif # Clang needs an option to include - TPROG = TestPrograms/test_arm_neon_header.cxx - TOPT = $(NEON_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + TPROG = TestPrograms/test_arm_neon_header.cpp + TOPT = -DCRYPTOPP_ARM_NEON_HEADER=1 $(NEON_FLAG) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) - THEADER += -DCRYPTOPP_ARM_NEON_HEADER=1 + TEXTRA += -DCRYPTOPP_ARM_NEON_HEADER=1 endif - TPROG = TestPrograms/test_arm_neon.cxx + TPROG = TestPrograms/test_arm_neon.cpp TOPT = $(NEON_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(THEADER) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) ARIA_FLAG = $(NEON_FLAG) AES_FLAG = $(NEON_FLAG) @@ -410,7 +433,14 @@ SPECK128_FLAG = $(NEON_FLAG) SM4_FLAG = $(NEON_FLAG) else + # Make does not have useful debugging facilities. Show the user + # what happened by compiling again without the pipe. + $(info Running make again to see what failed) + $(info $(shell $(TCOMMAND))) NEON_FLAG = + endif + + ifeq ($(NEON_FLAG),) CXXFLAGS += -DCRYPTOPP_DISABLE_ASM endif @@ -427,11 +457,11 @@ ifeq ($(DETECT_FEATURES),1) ifeq ($(IS_IOS),1) - ASIMD_FLAG = - CRC_FLAG = - AES_FLAG = - PMUL_FLAG = - SHA_FLAG = + ASIMD_FLAG = -arch arm64 + CRC_FLAG = -arch arm64 + AES_FLAG = -arch arm64 + PMUL_FLAG = -arch arm64 + SHA_FLAG = -arch arm64 else ASIMD_FLAG = -march=armv8-a CRC_FLAG = -march=armv8-a+crc @@ -441,23 +471,23 @@ SHA_FLAG = -march=armv8-a+crypto endif - TPROG = TestPrograms/test_arm_neon_header.cxx - TOPT = - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + TPROG = TestPrograms/test_arm_neon_header.cpp + TOPT = -DCRYPTOPP_ARM_NEON_HEADER=1 + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) - THEADER += -DCRYPTOPP_ARM_NEON_HEADER=1 + TEXTRA += -DCRYPTOPP_ARM_NEON_HEADER=1 endif - TPROG = TestPrograms/test_arm_acle_header.cxx - TOPT = $(ASIMD_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + TPROG = TestPrograms/test_arm_acle_header.cpp + TOPT = -DCRYPTOPP_ARM_ACLE_HEADER=1 $(ASIMD_FLAG) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) - THEADER += -DCRYPTOPP_ARM_ACLE_HEADER=1 + TEXTRA += -DCRYPTOPP_ARM_ACLE_HEADER=1 endif - TPROG = TestPrograms/test_arm_asimd.cxx + TPROG = TestPrograms/test_arm_asimd.cpp TOPT = $(ASIMD_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(THEADER) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) ARIA_FLAG = $(ASIMD_FLAG) BLAKE2B_FLAG = $(ASIMD_FLAG) @@ -470,73 +500,92 @@ SPECK128_FLAG = $(ASIMD_FLAG) SM4_FLAG = $(ASIMD_FLAG) else + # Make does not have useful debugging facilities. Show the user + # what happened by compiling again without the pipe. + $(info Running make again to see what failed) + $(info $(shell $(TCOMMAND))) ASIMD_FLAG = + endif + + ifeq ($(ASIMD_FLAG),) CXXFLAGS += -DCRYPTOPP_DISABLE_ASM endif - TPROG = TestPrograms/test_arm_crc.cxx + ifneq ($(ASIMD_FLAG),) + + TPROG = TestPrograms/test_arm_crc.cpp TOPT = $(CRC_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(THEADER) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifneq ($(strip $(HAVE_OPT)),0) CRC_FLAG = CXXFLAGS += -DCRYPTOPP_DISABLE_ARM_CRC32 endif - TPROG = TestPrograms/test_arm_aes.cxx + TPROG = TestPrograms/test_arm_aes.cpp TOPT = $(AES_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(THEADER) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifneq ($(strip $(HAVE_OPT)),0) AES_FLAG = CXXFLAGS += -DCRYPTOPP_DISABLE_ARM_AES endif - TPROG = TestPrograms/test_arm_pmull.cxx + TPROG = TestPrograms/test_arm_pmull.cpp TOPT = $(PMULL_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(THEADER) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifneq ($(strip $(HAVE_OPT)),0) GCM_FLAG = GF2N_FLAG = CXXFLAGS += -DCRYPTOPP_DISABLE_ARM_PMULL endif - TPROG = TestPrograms/test_arm_sha1.cxx + TPROG = TestPrograms/test_arm_sha1.cpp TOPT = $(SHA_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(THEADER) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifneq ($(strip $(HAVE_OPT)),0) SHA_FLAG = CXXFLAGS += -DCRYPTOPP_DISABLE_ARM_SHA1 endif - TPROG = TestPrograms/test_arm_sha256.cxx + TPROG = TestPrograms/test_arm_sha256.cpp TOPT = $(SHA_FLAG) - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(THEADER) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifneq ($(strip $(HAVE_OPT)),0) SHA_FLAG = CXXFLAGS += -DCRYPTOPP_DISABLE_ARM_SHA2 endif - TPROG = TestPrograms/test_arm_sm3.cxx - TOPT = -march=armv8.4-a+crypto - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(THEADER) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + TPROG = TestPrograms/test_arm_sm3.cpp + TOPT = -march=armv8.4-a+sm3 + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) - SM3_FLAG = -march=armv8.4-a+crypto - SM4_FLAG = -march=armv8.4-a+crypto + SM3_FLAG = -march=armv8.4-a+sm3 + SM4_FLAG = -march=armv8.4-a+sm3 else #CXXFLAGS += -DCRYPTOPP_DISABLE_ARM_SM3 #CXXFLAGS += -DCRYPTOPP_DISABLE_ARM_SM4 endif - TPROG = TestPrograms/test_arm_sha3.cxx - TOPT = -march=armv8.4-a+crypto - HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(THEADER) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | wc -w) + TPROG = TestPrograms/test_arm_sha3.cpp + TOPT = -march=armv8.4-a+sha3 + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) ifeq ($(strip $(HAVE_OPT)),0) - SHA3_FLAG = -march=armv8.4-a+crypto - SHA512_FLAG = -march=armv8.4-a+crypto + SHA3_FLAG = -march=armv8.4-a+sha3 else #CXXFLAGS += -DCRYPTOPP_DISABLE_ARM_SHA3 - #CXXFLAGS += -DCRYPTOPP_DISABLE_ARM_SM4 endif + TPROG = TestPrograms/test_arm_sha512.cpp + TOPT = -march=armv8.4-a+sha512 + HAVE_OPT = $(shell $(TCOMMAND) 2>&1 | wc -w) + ifeq ($(strip $(HAVE_OPT)),0) + SHA512_FLAG = -march=armv8.4-a+sha512 + else + #CXXFLAGS += -DCRYPTOPP_DISABLE_ARM_SHA512 + endif + + # ASIMD_FLAG + endif + # DETECT_FEATURES endif # IS_ARMV8 @@ -677,7 +726,7 @@ LIBOBJS := $(filter-out $(TESTOBJS),$(OBJS)) # Clean recipe, Issue 998. Don't filter-out some artifacts from the list of objects -# The *.S is a hack. It makes the ASM appear like C++ so the object files make the CLEAN_OBJS list +# The *.S is a hack. It makes the ASM appear like C++ so the object files make the CLEAN_OBJS list CLEAN_SRCS := $(wildcard *.cpp) $(patsubst %.S,%.cpp,$(wildcard *.S)) CLEAN_OBJS := $(CLEAN_SRCS:.cpp=.o) $(CLEAN_SRCS:.cpp=.import.o) $(CLEAN_SRCS:.cpp=.export.o) @@ -732,7 +781,7 @@ -$(RM) adhoc.cpp.o adhoc.cpp.proto.o $(CLEAN_OBJS) $(ANDROID_CPU_OBJ) rdrand-*.o @-$(RM) libcryptopp.a libcryptopp.dylib cryptopp.dll libcryptopp.dll.a libcryptopp.import.a @-$(RM) libcryptopp.so libcryptopp.so$(SOLIB_COMPAT_SUFFIX) libcryptopp.so$(SOLIB_VERSION_SUFFIX) - @-$(RM) cryptest.exe dlltest.exe cryptest.import.exe cryptest.info ct et + @-$(RM) cryptest.exe dlltest.exe cryptest.import.exe cryptest.dat ct et @-$(RM) *.la *.lo *.gcov *.gcno *.gcda *.stackdump core core-* @-$(RM) /tmp/adhoc.exe @-$(RM) -r /tmp/cryptopp_test/ @@ -761,6 +810,7 @@ .PHONY: distclean distclean: clean autotools-clean cmake-clean android-clean -$(RM) adhoc.cpp adhoc.cpp.copied GNUmakefile.deps benchmarks.html cryptest.txt + -$(RM) cryptest_all.info cryptest_debug.info cryptest_noasm.info cryptest_base.info cryptest.info cryptest_release.info @-$(RM) cryptest-*.txt cryptopp.tgz libcryptopp.pc *.o *.bc *.ii *~ @-$(RM) -r cryptlib.lib cryptest.exe *.suo *.sdf *.pdb Win32/ x64/ ipch/ @-$(RM) -r $(LIBOBJS:.o=.obj) $(TESTOBJS:.o=.obj) @@ -774,13 +824,13 @@ install: cryptest.exe install-lib @-$(MKDIR) $(DESTDIR)$(BINDIR) $(CP) cryptest.exe $(DESTDIR)$(BINDIR) - $(CHMOD) 0755 $(DESTDIR)$(BINDIR)/cryptest.exe + $(CHMOD) u=rwx,go=rx $(DESTDIR)$(BINDIR)/cryptest.exe @-$(MKDIR) $(DESTDIR)$(DATADIR)/cryptopp/TestData @-$(MKDIR) $(DESTDIR)$(DATADIR)/cryptopp/TestVectors $(CP) TestData/*.dat $(DESTDIR)$(DATADIR)/cryptopp/TestData - $(CHMOD) 0644 $(DESTDIR)$(DATADIR)/cryptopp/TestData/*.dat + $(CHMOD) u=rw,go=r $(DESTDIR)$(DATADIR)/cryptopp/TestData/*.dat $(CP) TestVectors/*.txt $(DESTDIR)$(DATADIR)/cryptopp/TestVectors - $(CHMOD) 0644 $(DESTDIR)$(DATADIR)/cryptopp/TestVectors/*.txt + $(CHMOD) u=rw,go=r $(DESTDIR)$(DATADIR)/cryptopp/TestVectors/*.txt # A recipe to install only the library, and not cryptest.exe. Also # see https://github.com/weidai11/cryptopp/issues/653. @@ -788,22 +838,22 @@ install-lib: @-$(MKDIR) $(DESTDIR)$(INCLUDEDIR)/cryptopp $(CP) *.h $(DESTDIR)$(INCLUDEDIR)/cryptopp - $(CHMOD) 0644 $(DESTDIR)$(INCLUDEDIR)/cryptopp/*.h + $(CHMOD) u=rw,go=r $(DESTDIR)$(INCLUDEDIR)/cryptopp/*.h ifneq ($(wildcard libcryptopp.a),) @-$(MKDIR) $(DESTDIR)$(LIBDIR) $(CP) libcryptopp.a $(DESTDIR)$(LIBDIR) - $(CHMOD) 0644 $(DESTDIR)$(LIBDIR)/libcryptopp.a + $(CHMOD) u=rw,go=r $(DESTDIR)$(LIBDIR)/libcryptopp.a endif ifneq ($(wildcard libcryptopp.dylib),) @-$(MKDIR) $(DESTDIR)$(LIBDIR) $(CP) libcryptopp.dylib $(DESTDIR)$(LIBDIR) - $(CHMOD) 0755 $(DESTDIR)$(LIBDIR)/libcryptopp.dylib + $(CHMOD) u=rwx,go=rx $(DESTDIR)$(LIBDIR)/libcryptopp.dylib -install_name_tool -id $(DESTDIR)$(LIBDIR)/libcryptopp.dylib $(DESTDIR)$(LIBDIR)/libcryptopp.dylib endif ifneq ($(wildcard libcryptopp.so$(SOLIB_VERSION_SUFFIX)),) @-$(MKDIR) $(DESTDIR)$(LIBDIR) $(CP) libcryptopp.so$(SOLIB_VERSION_SUFFIX) $(DESTDIR)$(LIBDIR) - $(CHMOD) 0755 $(DESTDIR)$(LIBDIR)/libcryptopp.so$(SOLIB_VERSION_SUFFIX) + $(CHMOD) u=rwx,go=rx $(DESTDIR)$(LIBDIR)/libcryptopp.so$(SOLIB_VERSION_SUFFIX) ifeq ($(HAS_SOLIB_VERSION),1) -$(LN) libcryptopp.so$(SOLIB_VERSION_SUFFIX) $(DESTDIR)$(LIBDIR)/libcryptopp.so $(LDCONF) $(DESTDIR)$(LIBDIR) @@ -812,7 +862,7 @@ ifneq ($(wildcard libcryptopp.pc),) @-$(MKDIR) $(DESTDIR)$(LIBDIR)/pkgconfig $(CP) libcryptopp.pc $(DESTDIR)$(LIBDIR)/pkgconfig - $(CHMOD) 0644 $(DESTDIR)$(LIBDIR)/pkgconfig/libcryptopp.pc + $(CHMOD) u=rw,go=r $(DESTDIR)$(LIBDIR)/pkgconfig/libcryptopp.pc endif .PHONY: remove uninstall @@ -874,14 +924,17 @@ -include GNUmakefile.deps endif # Dependencies +# A few recipes trigger warnings for -std=c++11 and -stdlib=c++ +NOSTD_CXXFLAGS=$(filter-out -stdlib=%,$(filter-out -std=%,$(CXXFLAGS))) + # Cryptogams ARM asm implementation. AES needs -mthumb for Clang aes_armv4.o : aes_armv4.S - $(CXX) $(strip $(CPPFLAGS) $(CXXFLAGS) $(CRYPTOGAMS_ARMV4_THUMB_FLAG) -c) $< + $(CXX) $(strip $(CPPFLAGS) $(NOSTD_CXXFLAGS) $(CRYPTOGAMS_ARMV4_THUMB_FLAG) -c) $< # Use C++ compiler on C source after patching. # https://github.com/weidai11/cryptopp/issues/926 cpu-features.o: cpu-features.h cpu-features.c - $(CXX) -x c $(strip $(CPPFLAGS) $(CXXFLAGS) -c) cpu-features.c + $(CXX) -x c $(strip $(CPPFLAGS) $(NOSTD_CXXFLAGS) -c) cpu-features.c # SSSE3 or NEON available aria_simd.o : aria_simd.cpp @@ -932,9 +985,29 @@ $(CXX) $(strip $(CPPFLAGS) $(CXXFLAGS) $(GF2N_FLAG) -c) $< # SSSE3 available +keccak_simd.o : keccak_simd.cpp + $(CXX) $(strip $(CPPFLAGS) $(CXXFLAGS) $(KECCAK_FLAG) -c) $< + +# SSSE3 available lea_simd.o : lea_simd.cpp $(CXX) $(strip $(CPPFLAGS) $(CXXFLAGS) $(LEA_FLAG) -c) $< +# SSSE3 available +lsh256_sse.o : lsh256_sse.cpp + $(CXX) $(strip $(CPPFLAGS) $(CXXFLAGS) $(LSH256_FLAG) -c) $< + +# AVX2 available +lsh256_avx.o : lsh256_avx.cpp + $(CXX) $(strip $(CPPFLAGS) $(CXXFLAGS) $(LSH256_AVX2_FLAG) -c) $< + +# SSSE3 available +lsh512_sse.o : lsh512_sse.cpp + $(CXX) $(strip $(CPPFLAGS) $(CXXFLAGS) $(LSH512_FLAG) -c) $< + +# AVX2 available +lsh512_avx.o : lsh512_avx.cpp + $(CXX) $(strip $(CPPFLAGS) $(CXXFLAGS) $(LSH512_AVX2_FLAG) -c) $< + # NEON available neon_simd.o : neon_simd.cpp $(CXX) $(strip $(CPPFLAGS) $(CXXFLAGS) $(NEON_FLAG) -c) $< @@ -949,15 +1022,15 @@ # Cryptogams SHA1 asm implementation. sha1_armv4.o : sha1_armv4.S - $(CXX) $(strip $(CPPFLAGS) $(CXXFLAGS) $(CRYPTOGAMS_ARMV4_FLAG) -c) $< + $(CXX) $(strip $(CPPFLAGS) $(NOSTD_CXXFLAGS) $(CRYPTOGAMS_ARMV4_FLAG) -c) $< # Cryptogams SHA256 asm implementation. sha256_armv4.o : sha256_armv4.S - $(CXX) $(strip $(CPPFLAGS) $(CXXFLAGS) $(CRYPTOGAMS_ARMV4_FLAG) -c) $< + $(CXX) $(strip $(CPPFLAGS) $(NOSTD_CXXFLAGS) $(CRYPTOGAMS_ARMV4_FLAG) -c) $< # Cryptogams SHA512 asm implementation. sha512_armv4.o : sha512_armv4.S - $(CXX) $(strip $(CPPFLAGS) $(CXXFLAGS) $(CRYPTOGAMS_ARMV4_FLAG) -c) $< + $(CXX) $(strip $(CPPFLAGS) $(NOSTD_CXXFLAGS) $(CRYPTOGAMS_ARMV4_FLAG) -c) $< # SSE4.2/SHA-NI or ARMv8a available shacal2_simd.o : shacal2_simd.cpp diff -Nru libcrypto++-8.4.0/hc128.cpp libcrypto++-8.6.0/hc128.cpp --- libcrypto++-8.4.0/hc128.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/hc128.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -229,7 +229,7 @@ // writing the result to the output buffer. In all cases the // keystream is written to the output buffer. The optional part is // adding the input buffer and keystream. - if ((operation & INPUT_NULL) != INPUT_NULL) + if ((operation & EnumToInt(INPUT_NULL)) != EnumToInt(INPUT_NULL)) { xorbuf(output, input, BYTES_PER_ITERATION); input += BYTES_PER_ITERATION; diff -Nru libcrypto++-8.4.0/hc256.cpp libcrypto++-8.6.0/hc256.cpp --- libcrypto++-8.4.0/hc256.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/hc256.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -107,7 +107,7 @@ // writing the result to the output buffer. In all cases the // keystream is written to the output buffer. The optional part is // adding the input buffer and keystream. - if ((operation & INPUT_NULL) != INPUT_NULL) + if ((operation & EnumToInt(INPUT_NULL)) != EnumToInt(INPUT_NULL)) { xorbuf(output, input, BYTES_PER_ITERATION); input += BYTES_PER_ITERATION; diff -Nru libcrypto++-8.4.0/History.txt libcrypto++-8.6.0/History.txt --- libcrypto++-8.4.0/History.txt 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/History.txt 2021-09-24 11:48:47.000000000 +0000 @@ -536,3 +536,9 @@ - fix compile on Solaris with SunCC 12.6 - revert changes for constant-time elliptic curve algorithms - fix makefile clean and distclean recipes + +8.5.0 - March 7, 2021 + - minor release, no recompile of programs required + - expanded community input and support + * 70 unique contributors as of this release + - port to Apple M1 hardware diff -Nru libcrypto++-8.4.0/Install.txt libcrypto++-8.6.0/Install.txt --- libcrypto++-8.4.0/Install.txt 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/Install.txt 2021-09-24 11:48:47.000000000 +0000 @@ -2,6 +2,7 @@ --------------------- * Introduction +* Prerequisites * Building the Library * Alternate Build Systems * Installing the Library @@ -16,27 +17,34 @@ Crypto++ Library is a free C++ class library of cryptographic algorithms and schemes. The library was originally written and placed in public domain by Wei Dai, but it is now maintained by the community. The library homepage is at http://www.cryptopp.com/. The latest library source code can be found at http://github.com/weidai11/cryptopp. For licensing and copyright information, please see License.txt. -These are general instructions for the AIX, BSDs, Linux, OS X, Solaris and Unix. The library uses a GNU makefile, which combines configuration and a non-anemic make. On AIX, BSD and Solaris you will likely have to use `gmake` to build the library. On Linux, OS X and Unix, the system's make should be OK. On Windows, Crypto++ provides Visual Studio solutions. +These are general instructions for AIX, BSDs, Linux, OS X, Solaris and Unix. The library uses GNU Make and a GNUmakefile to avoid anemic make. On AIX, BSD and Solaris you will likely have to use `gmake` to build the library. On Linux and OS X, the system's make should be OK. On Windows, Crypto++ provides Visual Studio solutions. You should look through the GNUmakefile and config.h to ensure settings look reasonable before building. There are two wiki pages that help explain them at http://www.cryptopp.com/wiki/GNUmakefile and http://www.cryptopp.com/wiki/Config.h. Wiki pages are available for some platforms with specific build instructions. The pages include Android, ARM, iOS, MSBuild and Solaris. Solaris users should visit the wiki for important information on compiling the library with different versions of SunCC and options, and information on improving library performance and features. -Crypto++ does not depend upon other tools or libraries. It does not use Autotools, does not use CMake, and does not use Boost. If you use an alternate build system, like Autotools or CMake, then see the warning below about CXXFLAGS and lack of -DNDEBUG. CMake is available in Master as a matter of convenience, but its not officially supported. +Crypto++ does not depend upon other tools or libraries. The library only needs GNU Make 3.80 on Unix & Linux; or Visual Studio 2010 and above build tools on Windows. The library does not use Autotools, does not use CMake, and does not use Boost. -There is a partially complete CmakeList.txt available on the wiki at http://www.cryptopp.com/wiki/CMake. It is not recommended for use because it is not in a good state. If you have CMake expertise and can work some problems, then please see the wiki page for tasks related to CMake. +Autotools and CMake projects are not officially supported. The build systems take too much time and effort. Unofficial projects are available at https://github.com/noloader/cryptopp-autotools and https://github.com/noloader/cryptopp-cmake. The projects provide a central location to support Autotools and CMake. Collaborators for Autotools and CMake are welcomed. +PREREQUISITES +------------- + +The library requires a semi-modern C++ compiler and GNU Make 3.81 or above. The compiler must support 64-bit words, C++03, namespaces, RTTI and exceptions. + +The library does not depend on other build systems, like Autotools or CMake. The library does not depend on other libraries, like Boost. + BUILDING THE LIBRARY -------------------- -In general, all you should have to do is open a terminal, and then: +In general, all you should have to do is open a terminal, cd to the cryptopp directory, and then: make make test sudo make install -The command above builds the static library and cryptest.exe program. It also uses a sane set of default flags, which are usually "-DNDEBUG -g2 -O3 -fPIC". +The command above builds the static library and cryptest.exe program. It also uses a sane default flags, which are usually "-DNDEBUG -g2 -O3 -fPIC". If you want to build the shared object, then issue: @@ -70,7 +78,16 @@ export CXXFLAGS="-std=c++11 -stdlib=libc++" make -If you target 32-bit IA-32 machines (i386, i586 or i686), then the makefile forgoes -fPIC due to register pressures. You should add -fPIC yourself in this case: +If you are using the library on OS X with XCode then you should add LLVM's libc++. You can do so by modifying CXXFLAGS, or you can modify the GNUmakefile. To modify the GNUmakefile, open it and find the line for OS X builds around line 150: + + ifneq ($(IS_DARWIN),0) + CXX ?= c++ + CRYPTOPP_CXXFLAGS += -stdlib=libc++ + AR = libtool + ARFLAGS = -static -o + endif + +If you target 32-bit IA-32 machines (i386, i586 or i686), then the makefile forgoes -fPIC due to register pressures. You should add -fPIC yourself, if needed: CXXFLAGS="-DNDEBUG -g2 -O3 -fPIC" make @@ -78,10 +95,13 @@ make CXXFLAGS="-std=c++11" -Crypto++ does not enagage Specter remediations at this time. You can build with Specter resistance with the following flags: +Crypto++ does not engage Specter remediations at this time. You can build with Specter resistance with the following flags: CXXFLAGS="-DNDEBUG -g2 -O3 -mfunction-return=thunk -mindirect-branch=thunk" make +The library does not support out-of-tree builds. You must cd to the Crypto++ directory before building. `make distclean` will return the Crypto++ directory to a pristine state. + + BUILDING WITH VCPKG ------------------- @@ -96,6 +116,7 @@ The cryptopp port in vcpkg is kept up to date by Microsoft team members and community contributors. If the version is out of date, please [create an issue or pull request](https://github.com/Microsoft/vcpkg) on the vcpkg repository. + ALTERNATE BUILD SYSTEMS ----------------------- @@ -137,7 +158,7 @@ `make cryptest.exe` builds the library test harness. -`make test` and `make check` are the same recipe and invoke the test harness with the the validation option. That is, it executes `cryptest.exe v`. +`make test` and `make check` are the same recipe and invoke the test harness with the validation option. That is, it executes `cryptest.exe v`. `make install` installs the library. By default, the makefile copies into `/usr/local` by default. @@ -160,18 +181,16 @@ UBsan and Asan are mutually exclusive options, so you can perform only one of these at a time: make ubsan - ./cryptest.exe v 2>&1 | egrep "(error|FAILED)" - ./cryptest.exe tv all 2>&1 | egrep "(error|FAILED)" + ./cryptest.exe v 2>&1 | grep -E "(error:|FAILED)" + ./cryptest.exe tv all 2>&1 | grep -E "(error:|FAILED)" Or: make asan - ./cryptest.exe v 2>&1 | egrep "(error|FAILED)" - ./cryptest.exe tv all 2>&1 | egrep "(error|FAILED)" - -If you experience self test failures or see reports of undefined behavior, then you should ensure CRYPTOPP_NO_UNALIGNED_DATA_ACCESS is defined in config.h. CRYPTOPP_NO_UNALIGNED_DATA_ACCESS is not defined due to historical purposes. + ./cryptest.exe v 2>&1 | grep -E "(error:|FAILED)" + ./cryptest.exe tv all 2>&1 | grep -E "(error:|FAILED)" -If you experience failures under Asan, then gather more information with: +If you experience failures under Asan, then gather more information with asan_symbolize. You may not need asan_symbolize nowadays: ./cryptest.exe v 2>&1 | asan_symbolize @@ -198,25 +217,25 @@ ./cryptest.exe v ... - All tests passed! - Test ended at Sun Jul 26 02:10:57 2015 - Seed used was: 1437891055 + Seed used was 1612313449 + Test started at Tue Feb 2 19:50:49 2021 + Test ended at Tue Feb 2 19:50:52 2021 Sixth, the test harness provides a "test vector" option which uses many known test vectors, even those published by other people (like Brian Gladman for AES). You run the test vectors as shown below. The tail of the output should indicate 0 failed tests. ./cryptest.exe tv all ... - Testing SymmetricCipher algorithm MARS/ECB. - ................. - Tests complete. Total tests = 4094. Failed tests = 0. + Testing SymmetricCipher algorithm AES/XTS. + ..................... + Tests complete. Total tests = 11260. Failed tests = 0. -The library also offers its test script for those who want to use it. The test script is names cryptest.sh, and it repeatedly builds the library and exectues the tests under various configurations. It takes 2 to 4 hours to run on a semi-modern desktop or server; and days to run on an IoT gadget. Also see http://github.com/weidai11/cryptopp/blob/master/cryptest.sh and http://cryptopp.com/wiki/Cryptest.sh. +The library also offers its test script for those who want to use it. The test script is names cryptest.sh, and it repeatedly builds the library and exectues the tests under various configurations. It takes about 4 hours to run on a semi-modern desktop or server; and several days to run on an IoT gadget. Also see http://github.com/weidai11/cryptopp/blob/master/cryptest.sh and http://cryptopp.com/wiki/Cryptest.sh. REPORTING PROBLEMS ------------------ -Dirty compiles and failures in the validation suite or test vectors should be reported at the Crypto++ User Group. The User Group is located at http://groups.google.com/forum/#!forum/cryptopp-users. +Build failures, dirty compiles and failures in the validation suite or test vectors should be reported at the Crypto++ User Group. The User Group is located at http://groups.google.com/forum/#!forum/cryptopp-users. The library uses Wei Dai's GitHub to track issues. The tracker is located at http://github.com/weidai11/cryptopp/issues. Please do not ask questions in the bug tracker; ask questions on the mailing list instead. Also see http://www.cryptopp.com/wiki/Bug_Report. diff -Nru libcrypto++-8.4.0/integer.cpp libcrypto++-8.6.0/integer.cpp --- libcrypto++-8.4.0/integer.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/integer.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -3199,6 +3199,7 @@ if (length == 0) return Integer::Zero(); + // 'str' is of length 1 or more switch (str[length-1]) { case 'h': @@ -3224,10 +3225,25 @@ str += 1, length -= 1; } - if (length > 2 && str[0] == '0' && (str[1] == 'x' || str[1] == 'X')) + // Recognize common prefixes for hexadecimal, octal and decimal. + // Microsoft's MASM also recognizes 0t for octal, but not here. + if (length > 2 && str[0] == '0') { - radix = 16; - str += 2, length -= 2; + if (str[1] == 'x' || str[1] == 'X') + { + radix = 16; + str += 2, length -= 2; + } + else if (str[1] == 'n' || str[1] == 'N') + { + radix = 10; + str += 2, length -= 2; + } + else if (str[1] == 'o' || str[1] == 'O') + { + radix = 8; + str += 2, length -= 2; + } } if (order == BIG_ENDIAN_ORDER) diff -Nru libcrypto++-8.4.0/iterhash.h libcrypto++-8.6.0/iterhash.h --- libcrypto++-8.4.0/iterhash.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/iterhash.h 2021-09-24 11:48:47.000000000 +0000 @@ -79,7 +79,7 @@ /// \brief Computes the hash of the current message /// \param digest a pointer to the buffer to receive the hash /// \param digestSize the size of the truncated digest, in bytes - /// \details TruncatedFinal() call Final() and then copies digestSize bytes to digest. + /// \details TruncatedFinal() calls Final() and then copies digestSize bytes to digest. /// The hash is restarted the hash for the next message. void TruncatedFinal(byte *digest, size_t digestSize); @@ -191,7 +191,8 @@ unsigned int DigestSize() const {return DIGESTSIZE;} protected: - IteratedHashWithStaticTransform() {this->Init();} + // https://github.com/weidai11/cryptopp/issues/147#issuecomment-766231864 + IteratedHashWithStaticTransform() {IteratedHashWithStaticTransform::Init();} void HashEndianCorrectedBlock(const T_HashWordType *data) {T_Transform::Transform(this->m_state, data);} void Init() {T_Transform::InitState(this->m_state);} diff -Nru libcrypto++-8.4.0/keccak_simd.cpp libcrypto++-8.6.0/keccak_simd.cpp --- libcrypto++-8.4.0/keccak_simd.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/keccak_simd.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -54,10 +54,6 @@ const word64 rho56[2] = {W64LIT(0x0007060504030201), W64LIT(0x080F0E0D0C0B0A09)}; -// Clang intrinsic casts, http://bugs.llvm.org/show_bug.cgi?id=20670 -#define M128_CAST(x) ((__m128i *)(void *)(x)) -#define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x)) - #if defined(__XOP__) # define ROL64in128(a, o) _mm_roti_epi64((a), (o)) # define ROL64in128_8(a) ROL64in128((a), 8) diff -Nru libcrypto++-8.4.0/lea_simd.cpp libcrypto++-8.6.0/lea_simd.cpp --- libcrypto++-8.4.0/lea_simd.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/lea_simd.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -29,11 +29,6 @@ # endif #endif -#if defined(__AVX512F__) -# define CRYPTOPP_AVX512_ROTATE 1 -# include -#endif - #if (CRYPTOPP_ARM_NEON_HEADER) # include "adv_simd.h" # include @@ -183,6 +178,9 @@ { // Should not be instantiated CRYPTOPP_ASSERT(0); + + CRYPTOPP_UNUSED(a); CRYPTOPP_UNUSED(b); + CRYPTOPP_UNUSED(c); CRYPTOPP_UNUSED(d); return vmovq_n_u32(0); } @@ -223,6 +221,8 @@ { // Should not be instantiated CRYPTOPP_ASSERT(0); + + CRYPTOPP_UNUSED(v); return vmovq_n_u32(0); } diff -Nru libcrypto++-8.4.0/lsh256_avx.cpp libcrypto++-8.6.0/lsh256_avx.cpp --- libcrypto++-8.4.0/lsh256_avx.cpp 1970-01-01 00:00:00.000000000 +0000 +++ libcrypto++-8.6.0/lsh256_avx.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -0,0 +1,648 @@ +// lsh.cpp - written and placed in the public domain by Jeffrey Walton +// Based on the specification and source code provided by +// Korea Internet & Security Agency (KISA) website. Also +// see https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do +// and https://seed.kisa.or.kr/kisa/Board/22/detailView.do. + +// We are hitting some sort of GCC bug in the LSH AVX2 code path. +// Clang is OK on the AVX2 code path. We believe it is GCC Issue +// 82735, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82735. It +// makes using zeroupper a little tricky. + +#include "pch.h" +#include "config.h" + +#include "lsh.h" +#include "misc.h" + +#if defined(CRYPTOPP_AVX2_AVAILABLE) && defined(CRYPTOPP_ENABLE_64BIT_SSE) + +#if defined(CRYPTOPP_AVX2_AVAILABLE) +# include +# include +#endif + +// GCC at 4.5. Clang is unknown. Also see https://stackoverflow.com/a/42493893. +#if (CRYPTOPP_GCC_VERSION >= 40500) +# include +#endif + +ANONYMOUS_NAMESPACE_BEGIN + +/* LSH Constants */ + +const unsigned int LSH256_MSG_BLK_BYTE_LEN = 128; +// const unsigned int LSH256_MSG_BLK_BIT_LEN = 1024; +// const unsigned int LSH256_CV_BYTE_LEN = 64; +const unsigned int LSH256_HASH_VAL_MAX_BYTE_LEN = 32; + +// const unsigned int MSG_BLK_WORD_LEN = 32; +const unsigned int CV_WORD_LEN = 16; +const unsigned int CONST_WORD_LEN = 8; +// const unsigned int HASH_VAL_MAX_WORD_LEN = 8; +// const unsigned int WORD_BIT_LEN = 32; +const unsigned int NUM_STEPS = 26; + +const unsigned int ROT_EVEN_ALPHA = 29; +const unsigned int ROT_EVEN_BETA = 1; +const unsigned int ROT_ODD_ALPHA = 5; +const unsigned int ROT_ODD_BETA = 17; + +const unsigned int LSH_TYPE_256_256 = 0x0000020; +const unsigned int LSH_TYPE_256_224 = 0x000001C; + +// const unsigned int LSH_TYPE_224 = LSH_TYPE_256_224; +// const unsigned int LSH_TYPE_256 = LSH_TYPE_256_256; + +/* Error Code */ + +const unsigned int LSH_SUCCESS = 0x0; +// const unsigned int LSH_ERR_NULL_PTR = 0x2401; +// const unsigned int LSH_ERR_INVALID_ALGTYPE = 0x2402; +const unsigned int LSH_ERR_INVALID_DATABITLEN = 0x2403; +const unsigned int LSH_ERR_INVALID_STATE = 0x2404; + +/* Index into our state array */ + +const unsigned int AlgorithmType = 80; +const unsigned int RemainingBits = 81; + +NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(LSH) + +// lsh256.cpp +extern const word32 LSH256_IV224[CV_WORD_LEN]; +extern const word32 LSH256_IV256[CV_WORD_LEN]; +extern const word32 LSH256_StepConstants[CONST_WORD_LEN * NUM_STEPS]; + +NAMESPACE_END // LSH +NAMESPACE_END // Crypto++ + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::byte; +using CryptoPP::word32; +using CryptoPP::rotlFixed; +using CryptoPP::rotlConstant; + +using CryptoPP::GetBlock; +using CryptoPP::LittleEndian; +using CryptoPP::ConditionalByteReverse; +using CryptoPP::LITTLE_ENDIAN_ORDER; + +typedef byte lsh_u8; +typedef word32 lsh_u32; +typedef word32 lsh_uint; +typedef word32 lsh_err; +typedef word32 lsh_type; + +using CryptoPP::LSH::LSH256_IV224; +using CryptoPP::LSH::LSH256_IV256; +using CryptoPP::LSH::LSH256_StepConstants; + +struct LSH256_AVX2_Context +{ + LSH256_AVX2_Context(word32* state, word32 algType, word32& remainingBitLength) : + cv_l(state+0), cv_r(state+8), sub_msgs(state+16), + last_block(reinterpret_cast(state+48)), + remain_databitlen(remainingBitLength), + alg_type(static_cast(algType)) {} + + lsh_u32* cv_l; // start of our state block + lsh_u32* cv_r; + lsh_u32* sub_msgs; + lsh_u8* last_block; + lsh_u32& remain_databitlen; + lsh_type alg_type; +}; + +struct LSH256_AVX2_Internal +{ + LSH256_AVX2_Internal(word32* state) : + submsg_e_l(state+16), submsg_e_r(state+24), + submsg_o_l(state+32), submsg_o_r(state+40) { } + + lsh_u32* submsg_e_l; /* even left sub-message */ + lsh_u32* submsg_e_r; /* even right sub-message */ + lsh_u32* submsg_o_l; /* odd left sub-message */ + lsh_u32* submsg_o_r; /* odd right sub-message */ +}; + +// Zero the upper 128 bits of all YMM registers on exit. +// It avoids AVX state transition penalties when saving state. +// https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82735 +// makes using zeroupper a little tricky. + +struct AVX_Cleanup +{ + ~AVX_Cleanup() { + _mm256_zeroupper(); + } +}; + +// const word32 g_gamma256[8] = { 0, 8, 16, 24, 24, 16, 8, 0 }; + +/* LSH AlgType Macro */ + +inline bool LSH_IS_LSH512(lsh_uint val) { + return (val & 0xf0000) == 0; +} + +inline lsh_uint LSH_GET_SMALL_HASHBIT(lsh_uint val) { + return val >> 24; +} + +inline lsh_uint LSH_GET_HASHBYTE(lsh_uint val) { + return val & 0xffff; +} + +inline lsh_uint LSH_GET_HASHBIT(lsh_uint val) { + return (LSH_GET_HASHBYTE(val) << 3) - LSH_GET_SMALL_HASHBIT(val); +} + +inline lsh_u32 loadLE32(lsh_u32 v) { + return ConditionalByteReverse(LITTLE_ENDIAN_ORDER, v); +} + +lsh_u32 ROTL(lsh_u32 x, lsh_u32 r) { + return rotlFixed(x, r); +} + +// Original code relied upon unaligned lsh_u32 buffer +inline void load_msg_blk(LSH256_AVX2_Internal* i_state, const lsh_u8 msgblk[LSH256_MSG_BLK_BYTE_LEN]) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u32* submsg_e_l = i_state->submsg_e_l; + lsh_u32* submsg_e_r = i_state->submsg_e_r; + lsh_u32* submsg_o_l = i_state->submsg_o_l; + lsh_u32* submsg_o_r = i_state->submsg_o_r; + + _mm256_storeu_si256(M256_CAST(submsg_e_l+0), + _mm256_loadu_si256(CONST_M256_CAST(msgblk+0))); + _mm256_storeu_si256(M256_CAST(submsg_e_r+0), + _mm256_loadu_si256(CONST_M256_CAST(msgblk+32))); + _mm256_storeu_si256(M256_CAST(submsg_o_l+0), + _mm256_loadu_si256(CONST_M256_CAST(msgblk+64))); + _mm256_storeu_si256(M256_CAST(submsg_o_r+0), + _mm256_loadu_si256(CONST_M256_CAST(msgblk+96))); +} + +inline void msg_exp_even(LSH256_AVX2_Internal* i_state) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u32* submsg_e_l = i_state->submsg_e_l; + lsh_u32* submsg_e_r = i_state->submsg_e_r; + lsh_u32* submsg_o_l = i_state->submsg_o_l; + lsh_u32* submsg_o_r = i_state->submsg_o_r; + + const __m256i mask = _mm256_set_epi32(0x1b1a1918, 0x17161514, + 0x13121110, 0x1f1e1d1c, 0x07060504, 0x03020100, 0x0b0a0908, 0x0f0e0d0c); + + _mm256_storeu_si256(M256_CAST(submsg_e_l+0), _mm256_add_epi32( + _mm256_loadu_si256(CONST_M256_CAST(submsg_o_l+0)), + _mm256_shuffle_epi8( + _mm256_loadu_si256(CONST_M256_CAST(submsg_e_l+0)), mask))); + _mm256_storeu_si256(M256_CAST(submsg_e_r+0), _mm256_add_epi32( + _mm256_loadu_si256(CONST_M256_CAST(submsg_o_r+0)), + _mm256_shuffle_epi8( + _mm256_loadu_si256(CONST_M256_CAST(submsg_e_r+0)), mask))); +} + +inline void msg_exp_odd(LSH256_AVX2_Internal* i_state) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u32* submsg_e_l = i_state->submsg_e_l; + lsh_u32* submsg_e_r = i_state->submsg_e_r; + lsh_u32* submsg_o_l = i_state->submsg_o_l; + lsh_u32* submsg_o_r = i_state->submsg_o_r; + + const __m256i mask = _mm256_set_epi32(0x1b1a1918, 0x17161514, + 0x13121110, 0x1f1e1d1c, 0x07060504, 0x03020100, 0x0b0a0908, 0x0f0e0d0c); + + _mm256_storeu_si256(M256_CAST(submsg_o_l+0), _mm256_add_epi32( + _mm256_loadu_si256(CONST_M256_CAST(submsg_e_l+0)), + _mm256_shuffle_epi8( + _mm256_loadu_si256(CONST_M256_CAST(submsg_o_l+0)), mask))); + _mm256_storeu_si256(M256_CAST(submsg_o_r+0), _mm256_add_epi32( + _mm256_loadu_si256(CONST_M256_CAST(submsg_e_r+0)), + _mm256_shuffle_epi8( + _mm256_loadu_si256(CONST_M256_CAST(submsg_o_r+0)), mask))); +} + +inline void load_sc(const lsh_u32** p_const_v, size_t i) +{ + CRYPTOPP_ASSERT(p_const_v != NULLPTR); + + *p_const_v = &LSH256_StepConstants[i]; +} + +inline void msg_add_even(lsh_u32 cv_l[8], lsh_u32 cv_r[8], LSH256_AVX2_Internal* i_state) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u32* submsg_e_l = i_state->submsg_e_l; + lsh_u32* submsg_e_r = i_state->submsg_e_r; + + _mm256_storeu_si256(M256_CAST(cv_l+0), _mm256_xor_si256( + _mm256_loadu_si256(CONST_M256_CAST(cv_l+0)), + _mm256_loadu_si256(CONST_M256_CAST(submsg_e_l+0)))); + _mm256_storeu_si256(M256_CAST(cv_r+0), _mm256_xor_si256( + _mm256_loadu_si256(CONST_M256_CAST(cv_r+0)), + _mm256_loadu_si256(CONST_M256_CAST(submsg_e_r+0)))); +} + +inline void msg_add_odd(lsh_u32 cv_l[8], lsh_u32 cv_r[8], LSH256_AVX2_Internal* i_state) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u32* submsg_o_l = i_state->submsg_o_l; + lsh_u32* submsg_o_r = i_state->submsg_o_r; + + _mm256_storeu_si256(M256_CAST(cv_l), _mm256_xor_si256( + _mm256_loadu_si256(CONST_M256_CAST(cv_l)), + _mm256_loadu_si256(CONST_M256_CAST(submsg_o_l)))); + _mm256_storeu_si256(M256_CAST(cv_r), _mm256_xor_si256( + _mm256_loadu_si256(CONST_M256_CAST(cv_r)), + _mm256_loadu_si256(CONST_M256_CAST(submsg_o_r)))); +} + +inline void add_blk(lsh_u32 cv_l[8], lsh_u32 cv_r[8]) +{ + _mm256_storeu_si256(M256_CAST(cv_l), _mm256_add_epi32( + _mm256_loadu_si256(CONST_M256_CAST(cv_l)), + _mm256_loadu_si256(CONST_M256_CAST(cv_r)))); +} + +template +inline void rotate_blk(lsh_u32 cv[8]) +{ + _mm256_storeu_si256(M256_CAST(cv), _mm256_or_si256( + _mm256_slli_epi32(_mm256_loadu_si256(CONST_M256_CAST(cv)), R), + _mm256_srli_epi32(_mm256_loadu_si256(CONST_M256_CAST(cv)), 32-R))); +} + +inline void xor_with_const(lsh_u32 cv_l[8], const lsh_u32 const_v[8]) +{ + _mm256_storeu_si256(M256_CAST(cv_l), _mm256_xor_si256( + _mm256_loadu_si256(CONST_M256_CAST(cv_l)), + _mm256_loadu_si256(CONST_M256_CAST(const_v)))); +} + +inline void rotate_msg_gamma(lsh_u32 cv_r[8]) +{ + // g_gamma256[8] = { 0, 8, 16, 24, 24, 16, 8, 0 }; + _mm256_storeu_si256(M256_CAST(cv_r+0), + _mm256_shuffle_epi8(_mm256_loadu_si256(CONST_M256_CAST(cv_r+0)), + _mm256_set_epi8( + /* hi lane */ 15,14,13,12, 10,9,8,11, 5,4,7,6, 0,3,2,1, + /* lo lane */ 12,15,14,13, 9,8,11,10, 6,5,4,7, 3,2,1,0))); +} + +inline void word_perm(lsh_u32 cv_l[8], lsh_u32 cv_r[8]) +{ + __m256i temp = _mm256_shuffle_epi32( + _mm256_loadu_si256(CONST_M256_CAST(cv_l)), _MM_SHUFFLE(3,1,0,2)); + _mm256_storeu_si256(M256_CAST(cv_r), + _mm256_shuffle_epi32( + _mm256_loadu_si256(CONST_M256_CAST(cv_r)), _MM_SHUFFLE(1,2,3,0))); + _mm256_storeu_si256(M256_CAST(cv_l), + _mm256_permute2x128_si256(temp, + _mm256_loadu_si256(CONST_M256_CAST(cv_r)), _MM_SHUFFLE(0,3,0,1))); + _mm256_storeu_si256(M256_CAST(cv_r), + _mm256_permute2x128_si256(temp, + _mm256_loadu_si256(CONST_M256_CAST(cv_r)), _MM_SHUFFLE(0,2,0,0))); +}; + +/* -------------------------------------------------------- * +* step function +* -------------------------------------------------------- */ + +template +inline void mix(lsh_u32 cv_l[8], lsh_u32 cv_r[8], const lsh_u32 const_v[8]) +{ + add_blk(cv_l, cv_r); + rotate_blk(cv_l); + xor_with_const(cv_l, const_v); + add_blk(cv_r, cv_l); + rotate_blk(cv_r); + add_blk(cv_l, cv_r); + rotate_msg_gamma(cv_r); +} + +/* -------------------------------------------------------- * +* compression function +* -------------------------------------------------------- */ + +inline void compress(LSH256_AVX2_Context* ctx, const lsh_u8 pdMsgBlk[LSH256_MSG_BLK_BYTE_LEN]) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + LSH256_AVX2_Internal s_state(ctx->cv_l); + LSH256_AVX2_Internal* i_state = &s_state; + + const lsh_u32* const_v = NULL; + lsh_u32* cv_l = ctx->cv_l; + lsh_u32* cv_r = ctx->cv_r; + + load_msg_blk(i_state, pdMsgBlk); + + msg_add_even(cv_l, cv_r, i_state); + load_sc(&const_v, 0); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + + msg_add_odd(cv_l, cv_r, i_state); + load_sc(&const_v, 8); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + + for (size_t i = 1; i < NUM_STEPS / 2; i++) + { + msg_exp_even(i_state); + msg_add_even(cv_l, cv_r, i_state); + load_sc(&const_v, 16 * i); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + + msg_exp_odd(i_state); + msg_add_odd(cv_l, cv_r, i_state); + load_sc(&const_v, 16 * i + 8); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + } + + msg_exp_even(i_state); + msg_add_even(cv_l, cv_r, i_state); +} + +/* -------------------------------------------------------- */ + +inline void load_iv(word32 cv_l[8], word32 cv_r[8], const word32 iv[16]) +{ + // The IV's are 32-byte aligned so we can use aligned loads. + _mm256_storeu_si256(M256_CAST(cv_l+0), + _mm256_load_si256(CONST_M256_CAST(iv+0))); + _mm256_storeu_si256(M256_CAST(cv_r+0), + _mm256_load_si256(CONST_M256_CAST(iv+8))); +} + +inline void zero_iv(lsh_u32 cv_l[8], lsh_u32 cv_r[8]) +{ + _mm256_storeu_si256(M256_CAST(cv_l+0), _mm256_setzero_si256()); + _mm256_storeu_si256(M256_CAST(cv_r+0), _mm256_setzero_si256()); +} + +inline void zero_submsgs(LSH256_AVX2_Context* ctx) +{ + lsh_u32* sub_msgs = ctx->sub_msgs; + + _mm256_storeu_si256(M256_CAST(sub_msgs+ 0), _mm256_setzero_si256()); + _mm256_storeu_si256(M256_CAST(sub_msgs+ 8), _mm256_setzero_si256()); + _mm256_storeu_si256(M256_CAST(sub_msgs+16), _mm256_setzero_si256()); + _mm256_storeu_si256(M256_CAST(sub_msgs+24), _mm256_setzero_si256()); +} + +inline void init224(LSH256_AVX2_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + zero_submsgs(ctx); + load_iv(ctx->cv_l, ctx->cv_r, LSH256_IV224); +} + +inline void init256(LSH256_AVX2_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + zero_submsgs(ctx); + load_iv(ctx->cv_l, ctx->cv_r, LSH256_IV256); +} + +/* -------------------------------------------------------- */ + +inline void fin(LSH256_AVX2_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + _mm256_storeu_si256(M256_CAST(ctx->cv_l+0), _mm256_xor_si256( + _mm256_loadu_si256(CONST_M256_CAST(ctx->cv_l+0)), + _mm256_loadu_si256(CONST_M256_CAST(ctx->cv_r+0)))); +} + +/* -------------------------------------------------------- */ + +inline void get_hash(LSH256_AVX2_Context* ctx, lsh_u8* pbHashVal) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + CRYPTOPP_ASSERT(ctx->alg_type != 0); + CRYPTOPP_ASSERT(pbHashVal != NULLPTR); + + lsh_uint alg_type = ctx->alg_type; + lsh_uint hash_val_byte_len = LSH_GET_HASHBYTE(alg_type); + lsh_uint hash_val_bit_len = LSH_GET_SMALL_HASHBIT(alg_type); + + // Multiplying by looks odd... + memcpy(pbHashVal, ctx->cv_l, hash_val_byte_len); + if (hash_val_bit_len){ + pbHashVal[hash_val_byte_len-1] &= (((lsh_u8)0xff) << hash_val_bit_len); + } +} + +/* -------------------------------------------------------- */ + +lsh_err lsh256_init_avx2(LSH256_AVX2_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + CRYPTOPP_ASSERT(ctx->alg_type != 0); + + lsh_u32 alg_type = ctx->alg_type; + const lsh_u32* const_v = NULL; + ctx->remain_databitlen = 0; + + // https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82735. + AVX_Cleanup cleanup; + + switch (alg_type) + { + case LSH_TYPE_256_256: + init256(ctx); + return LSH_SUCCESS; + case LSH_TYPE_256_224: + init224(ctx); + return LSH_SUCCESS; + default: + break; + } + + lsh_u32* cv_l = ctx->cv_l; + lsh_u32* cv_r = ctx->cv_r; + + zero_iv(cv_l, cv_r); + cv_l[0] = LSH256_HASH_VAL_MAX_BYTE_LEN; + cv_l[1] = LSH_GET_HASHBIT(alg_type); + + for (size_t i = 0; i < NUM_STEPS / 2; i++) + { + //Mix + load_sc(&const_v, i * 16); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + + load_sc(&const_v, i * 16 + 8); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + } + + return LSH_SUCCESS; +} + +lsh_err lsh256_update_avx2(LSH256_AVX2_Context* ctx, const lsh_u8* data, size_t databitlen) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + CRYPTOPP_ASSERT(data != NULLPTR); + CRYPTOPP_ASSERT(databitlen % 8 == 0); + CRYPTOPP_ASSERT(ctx->alg_type != 0); + + // https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82735. + AVX_Cleanup cleanup; + + if (databitlen == 0){ + return LSH_SUCCESS; + } + + // We are byte oriented. tail bits will always be 0. + size_t databytelen = databitlen >> 3; + // lsh_uint pos2 = databitlen & 0x7; + const size_t pos2 = 0; + + size_t remain_msg_byte = ctx->remain_databitlen >> 3; + // lsh_uint remain_msg_bit = ctx->remain_databitlen & 7; + const size_t remain_msg_bit = 0; + + if (remain_msg_byte >= LSH256_MSG_BLK_BYTE_LEN){ + return LSH_ERR_INVALID_STATE; + } + if (remain_msg_bit > 0){ + return LSH_ERR_INVALID_DATABITLEN; + } + + if (databytelen + remain_msg_byte < LSH256_MSG_BLK_BYTE_LEN) + { + memcpy(ctx->last_block + remain_msg_byte, data, databytelen); + ctx->remain_databitlen += (lsh_uint)databitlen; + remain_msg_byte += (lsh_uint)databytelen; + if (pos2){ + ctx->last_block[remain_msg_byte] = data[databytelen] & ((0xff >> pos2) ^ 0xff); + } + return LSH_SUCCESS; + } + + if (remain_msg_byte > 0){ + size_t more_byte = LSH256_MSG_BLK_BYTE_LEN - remain_msg_byte; + memcpy(ctx->last_block + remain_msg_byte, data, more_byte); + compress(ctx, ctx->last_block); + data += more_byte; + databytelen -= more_byte; + remain_msg_byte = 0; + ctx->remain_databitlen = 0; + } + + while (databytelen >= LSH256_MSG_BLK_BYTE_LEN) + { + // This call to compress caused some trouble. + // The data pointer can become unaligned in the + // previous block. + compress(ctx, data); + data += LSH256_MSG_BLK_BYTE_LEN; + databytelen -= LSH256_MSG_BLK_BYTE_LEN; + } + + if (databytelen > 0){ + memcpy(ctx->last_block, data, databytelen); + ctx->remain_databitlen = (lsh_uint)(databytelen << 3); + } + + if (pos2){ + ctx->last_block[databytelen] = data[databytelen] & ((0xff >> pos2) ^ 0xff); + ctx->remain_databitlen += pos2; + } + + return LSH_SUCCESS; +} + +lsh_err lsh256_final_avx2(LSH256_AVX2_Context* ctx, lsh_u8* hashval) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + CRYPTOPP_ASSERT(hashval != NULLPTR); + + // https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82735. + AVX_Cleanup cleanup; + + // We are byte oriented. tail bits will always be 0. + size_t remain_msg_byte = ctx->remain_databitlen >> 3; + // lsh_uint remain_msg_bit = ctx->remain_databitlen & 7; + const size_t remain_msg_bit = 0; + + if (remain_msg_byte >= LSH256_MSG_BLK_BYTE_LEN){ + return LSH_ERR_INVALID_STATE; + } + + if (remain_msg_bit){ + ctx->last_block[remain_msg_byte] |= (0x1 << (7 - remain_msg_bit)); + } + else{ + ctx->last_block[remain_msg_byte] = 0x80; + } + memset(ctx->last_block + remain_msg_byte + 1, 0, LSH256_MSG_BLK_BYTE_LEN - remain_msg_byte - 1); + + compress(ctx, ctx->last_block); + + fin(ctx); + get_hash(ctx, hashval); + + return LSH_SUCCESS; +} + +ANONYMOUS_NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) + +extern +void LSH256_Base_Restart_AVX2(word32* state) +{ + state[RemainingBits] = 0; + LSH256_AVX2_Context ctx(state, state[AlgorithmType], state[RemainingBits]); + lsh_err err = lsh256_init_avx2(&ctx); + + if (err != LSH_SUCCESS) + throw Exception(Exception::OTHER_ERROR, "LSH256_Base: lsh256_init_avx2 failed"); +} + +extern +void LSH256_Base_Update_AVX2(word32* state, const byte *input, size_t size) +{ + LSH256_AVX2_Context ctx(state, state[AlgorithmType], state[RemainingBits]); + lsh_err err = lsh256_update_avx2(&ctx, input, 8*size); + + if (err != LSH_SUCCESS) + throw Exception(Exception::OTHER_ERROR, "LSH256_Base: lsh256_update_avx2 failed"); +} + +extern +void LSH256_Base_TruncatedFinal_AVX2(word32* state, byte *hash, size_t) +{ + LSH256_AVX2_Context ctx(state, state[AlgorithmType], state[RemainingBits]); + lsh_err err = lsh256_final_avx2(&ctx, hash); + + if (err != LSH_SUCCESS) + throw Exception(Exception::OTHER_ERROR, "LSH256_Base: lsh256_final_avx2 failed"); +} + +NAMESPACE_END + +#endif // CRYPTOPP_AVX2_AVAILABLE diff -Nru libcrypto++-8.4.0/lsh256.cpp libcrypto++-8.6.0/lsh256.cpp --- libcrypto++-8.4.0/lsh256.cpp 1970-01-01 00:00:00.000000000 +0000 +++ libcrypto++-8.6.0/lsh256.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -0,0 +1,817 @@ +// lsh.cpp - written and placed in the public domain by Jeffrey Walton +// Based on the specification and source code provided by +// Korea Internet & Security Agency (KISA) website. Also +// see https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do +// and https://seed.kisa.or.kr/kisa/Board/22/detailView.do. + +// We are hitting some sort of GCC bug in the LSH AVX2 code path. +// Clang is OK on the AVX2 code path. We believe it is GCC Issue +// 82735, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82735. It +// makes using zeroupper a little tricky. + +#include "pch.h" +#include "config.h" + +#include "lsh.h" +#include "cpu.h" +#include "misc.h" + +ANONYMOUS_NAMESPACE_BEGIN + +/* LSH Constants */ + +const unsigned int LSH256_MSG_BLK_BYTE_LEN = 128; +// const unsigned int LSH256_MSG_BLK_BIT_LEN = 1024; +// const unsigned int LSH256_CV_BYTE_LEN = 64; +const unsigned int LSH256_HASH_VAL_MAX_BYTE_LEN = 32; + +// const unsigned int MSG_BLK_WORD_LEN = 32; +const unsigned int CV_WORD_LEN = 16; +const unsigned int CONST_WORD_LEN = 8; +const unsigned int HASH_VAL_MAX_WORD_LEN = 8; +// const unsigned int WORD_BIT_LEN = 32; +const unsigned int NUM_STEPS = 26; + +const unsigned int ROT_EVEN_ALPHA = 29; +const unsigned int ROT_EVEN_BETA = 1; +const unsigned int ROT_ODD_ALPHA = 5; +const unsigned int ROT_ODD_BETA = 17; + +const unsigned int LSH_TYPE_256_256 = 0x0000020; +const unsigned int LSH_TYPE_256_224 = 0x000001C; + +// const unsigned int LSH_TYPE_224 = LSH_TYPE_256_224; +// const unsigned int LSH_TYPE_256 = LSH_TYPE_256_256; + +/* Error Code */ + +const unsigned int LSH_SUCCESS = 0x0; +// const unsigned int LSH_ERR_NULL_PTR = 0x2401; +// const unsigned int LSH_ERR_INVALID_ALGTYPE = 0x2402; +const unsigned int LSH_ERR_INVALID_DATABITLEN = 0x2403; +const unsigned int LSH_ERR_INVALID_STATE = 0x2404; + +/* Index into our state array */ + +const unsigned int AlgorithmType = 80; +const unsigned int RemainingBits = 81; + +NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(LSH) + +/* -------------------------------------------------------- * +* LSH: iv +* -------------------------------------------------------- */ + +//extern const word32 LSH256_IV224[CV_WORD_LEN]; +//extern const word32 LSH256_IV256[CV_WORD_LEN]; +//extern const word32 LSH256_StepConstants[CONST_WORD_LEN * NUM_STEPS]; + +CRYPTOPP_ALIGN_DATA(32) +extern +const word32 LSH256_IV224[CV_WORD_LEN] = { + 0x068608D3, 0x62D8F7A7, 0xD76652AB, 0x4C600A43, 0xBDC40AA8, 0x1ECA0B68, 0xDA1A89BE, 0x3147D354, + 0x707EB4F9, 0xF65B3862, 0x6B0B2ABE, 0x56B8EC0A, 0xCF237286, 0xEE0D1727, 0x33636595, 0x8BB8D05F +}; + +CRYPTOPP_ALIGN_DATA(32) +extern +const word32 LSH256_IV256[CV_WORD_LEN] = { + 0x46a10f1f, 0xfddce486, 0xb41443a8, 0x198e6b9d, 0x3304388d, 0xb0f5a3c7, 0xb36061c4, 0x7adbd553, + 0x105d5378, 0x2f74de54, 0x5c2f2d95, 0xf2553fbe, 0x8051357a, 0x138668c8, 0x47aa4484, 0xe01afb41 +}; + +/* -------------------------------------------------------- * +* LSH: step constants +* -------------------------------------------------------- */ + +extern +const word32 LSH256_StepConstants[CONST_WORD_LEN * NUM_STEPS] = { + 0x917caf90, 0x6c1b10a2, 0x6f352943, 0xcf778243, 0x2ceb7472, 0x29e96ff2, 0x8a9ba428, 0x2eeb2642, + 0x0e2c4021, 0x872bb30e, 0xa45e6cb2, 0x46f9c612, 0x185fe69e, 0x1359621b, 0x263fccb2, 0x1a116870, + 0x3a6c612f, 0xb2dec195, 0x02cb1f56, 0x40bfd858, 0x784684b6, 0x6cbb7d2e, 0x660c7ed8, 0x2b79d88a, + 0xa6cd9069, 0x91a05747, 0xcdea7558, 0x00983098, 0xbecb3b2e, 0x2838ab9a, 0x728b573e, 0xa55262b5, + 0x745dfa0f, 0x31f79ed8, 0xb85fce25, 0x98c8c898, 0x8a0669ec, 0x60e445c2, 0xfde295b0, 0xf7b5185a, + 0xd2580983, 0x29967709, 0x182df3dd, 0x61916130, 0x90705676, 0x452a0822, 0xe07846ad, 0xaccd7351, + 0x2a618d55, 0xc00d8032, 0x4621d0f5, 0xf2f29191, 0x00c6cd06, 0x6f322a67, 0x58bef48d, 0x7a40c4fd, + 0x8beee27f, 0xcd8db2f2, 0x67f2c63b, 0xe5842383, 0xc793d306, 0xa15c91d6, 0x17b381e5, 0xbb05c277, + 0x7ad1620a, 0x5b40a5bf, 0x5ab901a2, 0x69a7a768, 0x5b66d9cd, 0xfdee6877, 0xcb3566fc, 0xc0c83a32, + 0x4c336c84, 0x9be6651a, 0x13baa3fc, 0x114f0fd1, 0xc240a728, 0xec56e074, 0x009c63c7, 0x89026cf2, + 0x7f9ff0d0, 0x824b7fb5, 0xce5ea00f, 0x605ee0e2, 0x02e7cfea, 0x43375560, 0x9d002ac7, 0x8b6f5f7b, + 0x1f90c14f, 0xcdcb3537, 0x2cfeafdd, 0xbf3fc342, 0xeab7b9ec, 0x7a8cb5a3, 0x9d2af264, 0xfacedb06, + 0xb052106e, 0x99006d04, 0x2bae8d09, 0xff030601, 0xa271a6d6, 0x0742591d, 0xc81d5701, 0xc9a9e200, + 0x02627f1e, 0x996d719d, 0xda3b9634, 0x02090800, 0x14187d78, 0x499b7624, 0xe57458c9, 0x738be2c9, + 0x64e19d20, 0x06df0f36, 0x15d1cb0e, 0x0b110802, 0x2c95f58c, 0xe5119a6d, 0x59cd22ae, 0xff6eac3c, + 0x467ebd84, 0xe5ee453c, 0xe79cd923, 0x1c190a0d, 0xc28b81b8, 0xf6ac0852, 0x26efd107, 0x6e1ae93b, + 0xc53c41ca, 0xd4338221, 0x8475fd0a, 0x35231729, 0x4e0d3a7a, 0xa2b45b48, 0x16c0d82d, 0x890424a9, + 0x017e0c8f, 0x07b5a3f5, 0xfa73078e, 0x583a405e, 0x5b47b4c8, 0x570fa3ea, 0xd7990543, 0x8d28ce32, + 0x7f8a9b90, 0xbd5998fc, 0x6d7a9688, 0x927a9eb6, 0xa2fc7d23, 0x66b38e41, 0x709e491a, 0xb5f700bf, + 0x0a262c0f, 0x16f295b9, 0xe8111ef5, 0x0d195548, 0x9f79a0c5, 0x1a41cfa7, 0x0ee7638a, 0xacf7c074, + 0x30523b19, 0x09884ecf, 0xf93014dd, 0x266e9d55, 0x191a6664, 0x5c1176c1, 0xf64aed98, 0xa4b83520, + 0x828d5449, 0x91d71dd8, 0x2944f2d6, 0x950bf27b, 0x3380ca7d, 0x6d88381d, 0x4138868e, 0x5ced55c4, + 0x0fe19dcb, 0x68f4f669, 0x6e37c8ff, 0xa0fe6e10, 0xb44b47b0, 0xf5c0558a, 0x79bf14cf, 0x4a431a20, + 0xf17f68da, 0x5deb5fd1, 0xa600c86d, 0x9f6c7eb0, 0xff92f864, 0xb615e07f, 0x38d3e448, 0x8d5d3a6a, + 0x70e843cb, 0x494b312e, 0xa6c93613, 0x0beb2f4f, 0x928b5d63, 0xcbf66035, 0x0cb82c80, 0xea97a4f7, + 0x592c0f3b, 0x947c5f77, 0x6fff49b9, 0xf71a7e5a, 0x1de8c0f5, 0xc2569600, 0xc4e4ac8c, 0x823c9ce1 +}; + +NAMESPACE_END // LSH +NAMESPACE_END // Crypto++ + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::byte; +using CryptoPP::word32; +using CryptoPP::rotlFixed; +using CryptoPP::rotlConstant; + +using CryptoPP::GetBlock; +using CryptoPP::LittleEndian; +using CryptoPP::ConditionalByteReverse; +using CryptoPP::LITTLE_ENDIAN_ORDER; + +using CryptoPP::LSH::LSH256_IV224; +using CryptoPP::LSH::LSH256_IV256; +using CryptoPP::LSH::LSH256_StepConstants; + +typedef byte lsh_u8; +typedef word32 lsh_u32; +typedef word32 lsh_uint; +typedef word32 lsh_err; +typedef word32 lsh_type; + +struct LSH256_Context +{ + LSH256_Context(word32* state, word32 algType, word32& remainingBitLength) : + cv_l(state+0), cv_r(state+8), sub_msgs(state+16), + last_block(reinterpret_cast(state+48)), + remain_databitlen(remainingBitLength), + alg_type(static_cast(algType)) {} + + lsh_u32* cv_l; // start of our state block + lsh_u32* cv_r; + lsh_u32* sub_msgs; + lsh_u8* last_block; + lsh_u32& remain_databitlen; + lsh_type alg_type; +}; + +struct LSH256_Internal +{ + LSH256_Internal(word32* state) : + submsg_e_l(state+16), submsg_e_r(state+24), + submsg_o_l(state+32), submsg_o_r(state+40) { } + + lsh_u32* submsg_e_l; /* even left sub-message */ + lsh_u32* submsg_e_r; /* even right sub-message */ + lsh_u32* submsg_o_l; /* odd left sub-message */ + lsh_u32* submsg_o_r; /* odd right sub-message */ +}; + +const word32 g_gamma256[8] = { 0, 8, 16, 24, 24, 16, 8, 0 }; + +/* LSH AlgType Macro */ + +inline bool LSH_IS_LSH512(lsh_uint val) { + return (val & 0xf0000) == 0; +} + +inline lsh_uint LSH_GET_SMALL_HASHBIT(lsh_uint val) { + return val >> 24; +} + +inline lsh_uint LSH_GET_HASHBYTE(lsh_uint val) { + return val & 0xffff; +} + +inline lsh_uint LSH_GET_HASHBIT(lsh_uint val) { + return (LSH_GET_HASHBYTE(val) << 3) - LSH_GET_SMALL_HASHBIT(val); +} + +inline lsh_u32 loadLE32(lsh_u32 v) { + return ConditionalByteReverse(LITTLE_ENDIAN_ORDER, v); +} + +lsh_u32 ROTL(lsh_u32 x, lsh_u32 r) { + return rotlFixed(x, r); +} + +// Original code relied upon unaligned lsh_u32 buffer +inline void load_msg_blk(LSH256_Internal* i_state, const lsh_u8 msgblk[LSH256_MSG_BLK_BYTE_LEN]) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u32* submsg_e_l = i_state->submsg_e_l; + lsh_u32* submsg_e_r = i_state->submsg_e_r; + lsh_u32* submsg_o_l = i_state->submsg_o_l; + lsh_u32* submsg_o_r = i_state->submsg_o_r; + + typedef GetBlock InBlock; + + InBlock input(msgblk); + input(submsg_e_l[0])(submsg_e_l[1])(submsg_e_l[2])(submsg_e_l[3]) + (submsg_e_l[4])(submsg_e_l[5])(submsg_e_l[6])(submsg_e_l[7]) + (submsg_e_r[0])(submsg_e_r[1])(submsg_e_r[2])(submsg_e_r[3]) + (submsg_e_r[4])(submsg_e_r[5])(submsg_e_r[6])(submsg_e_r[7]) + (submsg_o_l[0])(submsg_o_l[1])(submsg_o_l[2])(submsg_o_l[3]) + (submsg_o_l[4])(submsg_o_l[5])(submsg_o_l[6])(submsg_o_l[7]) + (submsg_o_r[0])(submsg_o_r[1])(submsg_o_r[2])(submsg_o_r[3]) + (submsg_o_r[4])(submsg_o_r[5])(submsg_o_r[6])(submsg_o_r[7]); +} + +inline void msg_exp_even(LSH256_Internal* i_state) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u32* submsg_e_l = i_state->submsg_e_l; + lsh_u32* submsg_e_r = i_state->submsg_e_r; + lsh_u32* submsg_o_l = i_state->submsg_o_l; + lsh_u32* submsg_o_r = i_state->submsg_o_r; + + lsh_u32 temp; + temp = submsg_e_l[0]; + submsg_e_l[0] = submsg_o_l[0] + submsg_e_l[3]; + submsg_e_l[3] = submsg_o_l[3] + submsg_e_l[1]; + submsg_e_l[1] = submsg_o_l[1] + submsg_e_l[2]; + submsg_e_l[2] = submsg_o_l[2] + temp; + temp = submsg_e_l[4]; + submsg_e_l[4] = submsg_o_l[4] + submsg_e_l[7]; + submsg_e_l[7] = submsg_o_l[7] + submsg_e_l[6]; + submsg_e_l[6] = submsg_o_l[6] + submsg_e_l[5]; + submsg_e_l[5] = submsg_o_l[5] + temp; + temp = submsg_e_r[0]; + submsg_e_r[0] = submsg_o_r[0] + submsg_e_r[3]; + submsg_e_r[3] = submsg_o_r[3] + submsg_e_r[1]; + submsg_e_r[1] = submsg_o_r[1] + submsg_e_r[2]; + submsg_e_r[2] = submsg_o_r[2] + temp; + temp = submsg_e_r[4]; + submsg_e_r[4] = submsg_o_r[4] + submsg_e_r[7]; + submsg_e_r[7] = submsg_o_r[7] + submsg_e_r[6]; + submsg_e_r[6] = submsg_o_r[6] + submsg_e_r[5]; + submsg_e_r[5] = submsg_o_r[5] + temp; +} + +inline void msg_exp_odd(LSH256_Internal* i_state) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u32* submsg_e_l = i_state->submsg_e_l; + lsh_u32* submsg_e_r = i_state->submsg_e_r; + lsh_u32* submsg_o_l = i_state->submsg_o_l; + lsh_u32* submsg_o_r = i_state->submsg_o_r; + + lsh_u32 temp; + temp = submsg_o_l[0]; + submsg_o_l[0] = submsg_e_l[0] + submsg_o_l[3]; + submsg_o_l[3] = submsg_e_l[3] + submsg_o_l[1]; + submsg_o_l[1] = submsg_e_l[1] + submsg_o_l[2]; + submsg_o_l[2] = submsg_e_l[2] + temp; + temp = submsg_o_l[4]; + submsg_o_l[4] = submsg_e_l[4] + submsg_o_l[7]; + submsg_o_l[7] = submsg_e_l[7] + submsg_o_l[6]; + submsg_o_l[6] = submsg_e_l[6] + submsg_o_l[5]; + submsg_o_l[5] = submsg_e_l[5] + temp; + temp = submsg_o_r[0]; + submsg_o_r[0] = submsg_e_r[0] + submsg_o_r[3]; + submsg_o_r[3] = submsg_e_r[3] + submsg_o_r[1]; + submsg_o_r[1] = submsg_e_r[1] + submsg_o_r[2]; + submsg_o_r[2] = submsg_e_r[2] + temp; + temp = submsg_o_r[4]; + submsg_o_r[4] = submsg_e_r[4] + submsg_o_r[7]; + submsg_o_r[7] = submsg_e_r[7] + submsg_o_r[6]; + submsg_o_r[6] = submsg_e_r[6] + submsg_o_r[5]; + submsg_o_r[5] = submsg_e_r[5] + temp; +} + +inline void load_sc(const lsh_u32** p_const_v, size_t i) +{ + CRYPTOPP_ASSERT(p_const_v != NULLPTR); + + *p_const_v = &LSH256_StepConstants[i]; +} + +inline void msg_add_even(lsh_u32 cv_l[8], lsh_u32 cv_r[8], LSH256_Internal* i_state) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u32* submsg_e_l = i_state->submsg_e_l; + lsh_u32* submsg_e_r = i_state->submsg_e_r; + + cv_l[0] ^= submsg_e_l[0]; cv_l[1] ^= submsg_e_l[1]; + cv_l[2] ^= submsg_e_l[2]; cv_l[3] ^= submsg_e_l[3]; + cv_l[4] ^= submsg_e_l[4]; cv_l[5] ^= submsg_e_l[5]; + cv_l[6] ^= submsg_e_l[6]; cv_l[7] ^= submsg_e_l[7]; + cv_r[0] ^= submsg_e_r[0]; cv_r[1] ^= submsg_e_r[1]; + cv_r[2] ^= submsg_e_r[2]; cv_r[3] ^= submsg_e_r[3]; + cv_r[4] ^= submsg_e_r[4]; cv_r[5] ^= submsg_e_r[5]; + cv_r[6] ^= submsg_e_r[6]; cv_r[7] ^= submsg_e_r[7]; +} + +inline void msg_add_odd(lsh_u32 cv_l[8], lsh_u32 cv_r[8], LSH256_Internal* i_state) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u32* submsg_o_l = i_state->submsg_o_l; + lsh_u32* submsg_o_r = i_state->submsg_o_r; + + cv_l[0] ^= submsg_o_l[0]; cv_l[1] ^= submsg_o_l[1]; + cv_l[2] ^= submsg_o_l[2]; cv_l[3] ^= submsg_o_l[3]; + cv_l[4] ^= submsg_o_l[4]; cv_l[5] ^= submsg_o_l[5]; + cv_l[6] ^= submsg_o_l[6]; cv_l[7] ^= submsg_o_l[7]; + cv_r[0] ^= submsg_o_r[0]; cv_r[1] ^= submsg_o_r[1]; + cv_r[2] ^= submsg_o_r[2]; cv_r[3] ^= submsg_o_r[3]; + cv_r[4] ^= submsg_o_r[4]; cv_r[5] ^= submsg_o_r[5]; + cv_r[6] ^= submsg_o_r[6]; cv_r[7] ^= submsg_o_r[7]; +} + +inline void add_blk(lsh_u32 cv_l[8], lsh_u32 cv_r[8]) +{ + cv_l[0] += cv_r[0]; + cv_l[1] += cv_r[1]; + cv_l[2] += cv_r[2]; + cv_l[3] += cv_r[3]; + cv_l[4] += cv_r[4]; + cv_l[5] += cv_r[5]; + cv_l[6] += cv_r[6]; + cv_l[7] += cv_r[7]; +} + +template +inline void rotate_blk(lsh_u32 cv[8]) +{ + cv[0] = rotlConstant(cv[0]); + cv[1] = rotlConstant(cv[1]); + cv[2] = rotlConstant(cv[2]); + cv[3] = rotlConstant(cv[3]); + cv[4] = rotlConstant(cv[4]); + cv[5] = rotlConstant(cv[5]); + cv[6] = rotlConstant(cv[6]); + cv[7] = rotlConstant(cv[7]); +} + +inline void xor_with_const(lsh_u32 cv_l[8], const lsh_u32 const_v[8]) +{ + cv_l[0] ^= const_v[0]; + cv_l[1] ^= const_v[1]; + cv_l[2] ^= const_v[2]; + cv_l[3] ^= const_v[3]; + cv_l[4] ^= const_v[4]; + cv_l[5] ^= const_v[5]; + cv_l[6] ^= const_v[6]; + cv_l[7] ^= const_v[7]; +} + +inline void rotate_msg_gamma(lsh_u32 cv_r[8]) +{ + cv_r[1] = rotlFixed(cv_r[1], g_gamma256[1]); + cv_r[2] = rotlFixed(cv_r[2], g_gamma256[2]); + cv_r[3] = rotlFixed(cv_r[3], g_gamma256[3]); + cv_r[4] = rotlFixed(cv_r[4], g_gamma256[4]); + cv_r[5] = rotlFixed(cv_r[5], g_gamma256[5]); + cv_r[6] = rotlFixed(cv_r[6], g_gamma256[6]); +} + +inline void word_perm(lsh_u32 cv_l[8], lsh_u32 cv_r[8]) +{ + lsh_u32 temp; + temp = cv_l[0]; + cv_l[0] = cv_l[6]; + cv_l[6] = cv_r[6]; + cv_r[6] = cv_r[2]; + cv_r[2] = cv_l[1]; + cv_l[1] = cv_l[4]; + cv_l[4] = cv_r[4]; + cv_r[4] = cv_r[0]; + cv_r[0] = cv_l[2]; + cv_l[2] = cv_l[5]; + cv_l[5] = cv_r[7]; + cv_r[7] = cv_r[1]; + cv_r[1] = temp; + temp = cv_l[3]; + cv_l[3] = cv_l[7]; + cv_l[7] = cv_r[5]; + cv_r[5] = cv_r[3]; + cv_r[3] = temp; +}; + +/* -------------------------------------------------------- * +* step function +* -------------------------------------------------------- */ + +template +inline void mix(lsh_u32 cv_l[8], lsh_u32 cv_r[8], const lsh_u32 const_v[8]) +{ + add_blk(cv_l, cv_r); + rotate_blk(cv_l); + xor_with_const(cv_l, const_v); + add_blk(cv_r, cv_l); + rotate_blk(cv_r); + add_blk(cv_l, cv_r); + rotate_msg_gamma(cv_r); +} + +/* -------------------------------------------------------- * +* compression function +* -------------------------------------------------------- */ + +inline void compress(LSH256_Context* ctx, const lsh_u8 pdMsgBlk[LSH256_MSG_BLK_BYTE_LEN]) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + LSH256_Internal s_state(ctx->cv_l); + LSH256_Internal* i_state = &s_state; + + const lsh_u32* const_v = NULL; + lsh_u32* cv_l = ctx->cv_l; + lsh_u32* cv_r = ctx->cv_r; + + load_msg_blk(i_state, pdMsgBlk); + + msg_add_even(cv_l, cv_r, i_state); + load_sc(&const_v, 0); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + + msg_add_odd(cv_l, cv_r, i_state); + load_sc(&const_v, 8); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + + for (size_t i = 1; i < NUM_STEPS / 2; i++) + { + msg_exp_even(i_state); + msg_add_even(cv_l, cv_r, i_state); + load_sc(&const_v, 16 * i); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + + msg_exp_odd(i_state); + msg_add_odd(cv_l, cv_r, i_state); + load_sc(&const_v, 16 * i + 8); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + } + + msg_exp_even(i_state); + msg_add_even(cv_l, cv_r, i_state); +} + +/* -------------------------------------------------------- */ + +inline void load_iv(lsh_u32 cv_l[8], lsh_u32 cv_r[8], const lsh_u32 iv[16]) +{ + cv_l[0] = iv[0]; + cv_l[1] = iv[1]; + cv_l[2] = iv[2]; + cv_l[3] = iv[3]; + cv_l[4] = iv[4]; + cv_l[5] = iv[5]; + cv_l[6] = iv[6]; + cv_l[7] = iv[7]; + cv_r[0] = iv[8]; + cv_r[1] = iv[9]; + cv_r[2] = iv[10]; + cv_r[3] = iv[11]; + cv_r[4] = iv[12]; + cv_r[5] = iv[13]; + cv_r[6] = iv[14]; + cv_r[7] = iv[15]; +} + +inline void zero_iv(lsh_u32 cv_l[8], lsh_u32 cv_r[8]) +{ + memset(cv_l, 0x00, 8*sizeof(lsh_u32)); + memset(cv_r, 0x00, 8*sizeof(lsh_u32)); +} + +inline void zero_submsgs(LSH256_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + lsh_u32* sub_msgs = ctx->sub_msgs; + memset(sub_msgs, 0x00, 32*sizeof(lsh_u32)); +} + +inline void init224(LSH256_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + zero_submsgs(ctx); + load_iv(ctx->cv_l, ctx->cv_r, LSH256_IV224); +} + +inline void init256(LSH256_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + zero_submsgs(ctx); + load_iv(ctx->cv_l, ctx->cv_r, LSH256_IV256); +} + +/* -------------------------------------------------------- */ + +inline void fin(LSH256_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + for (size_t i = 0; i < HASH_VAL_MAX_WORD_LEN; i++){ + ctx->cv_l[i] = loadLE32(ctx->cv_l[i] ^ ctx->cv_r[i]); + } +} + +/* -------------------------------------------------------- */ + +inline void get_hash(LSH256_Context* ctx, lsh_u8* pbHashVal) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + CRYPTOPP_ASSERT(ctx->alg_type != 0); + CRYPTOPP_ASSERT(pbHashVal != NULLPTR); + + lsh_uint alg_type = ctx->alg_type; + lsh_uint hash_val_byte_len = LSH_GET_HASHBYTE(alg_type); + lsh_uint hash_val_bit_len = LSH_GET_SMALL_HASHBIT(alg_type); + + // Multiplying by looks odd... + memcpy(pbHashVal, ctx->cv_l, hash_val_byte_len); + if (hash_val_bit_len){ + pbHashVal[hash_val_byte_len-1] &= (((lsh_u8)0xff) << hash_val_bit_len); + } +} + +/* -------------------------------------------------------- */ + +lsh_err lsh256_init(LSH256_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + CRYPTOPP_ASSERT(ctx->alg_type != 0); + + lsh_u32 alg_type = ctx->alg_type; + const lsh_u32* const_v = NULL; + ctx->remain_databitlen = 0; + + switch (alg_type) + { + case LSH_TYPE_256_256: + init256(ctx); + return LSH_SUCCESS; + case LSH_TYPE_256_224: + init224(ctx); + return LSH_SUCCESS; + default: + break; + } + + lsh_u32* cv_l = ctx->cv_l; + lsh_u32* cv_r = ctx->cv_r; + + zero_iv(cv_l, cv_r); + cv_l[0] = LSH256_HASH_VAL_MAX_BYTE_LEN; + cv_l[1] = LSH_GET_HASHBIT(alg_type); + + for (size_t i = 0; i < NUM_STEPS / 2; i++) + { + //Mix + load_sc(&const_v, i * 16); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + + load_sc(&const_v, i * 16 + 8); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + } + + return LSH_SUCCESS; +} + +lsh_err lsh256_update(LSH256_Context* ctx, const lsh_u8* data, size_t databitlen) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + CRYPTOPP_ASSERT(data != NULLPTR); + CRYPTOPP_ASSERT(databitlen % 8 == 0); + CRYPTOPP_ASSERT(ctx->alg_type != 0); + + if (databitlen == 0){ + return LSH_SUCCESS; + } + + // We are byte oriented. tail bits will always be 0. + size_t databytelen = databitlen >> 3; + // lsh_uint pos2 = databitlen & 0x7; + const size_t pos2 = 0; + + size_t remain_msg_byte = ctx->remain_databitlen >> 3; + // lsh_uint remain_msg_bit = ctx->remain_databitlen & 7; + const size_t remain_msg_bit = 0; + + if (remain_msg_byte >= LSH256_MSG_BLK_BYTE_LEN){ + return LSH_ERR_INVALID_STATE; + } + if (remain_msg_bit > 0){ + return LSH_ERR_INVALID_DATABITLEN; + } + + if (databytelen + remain_msg_byte < LSH256_MSG_BLK_BYTE_LEN) + { + memcpy(ctx->last_block + remain_msg_byte, data, databytelen); + ctx->remain_databitlen += (lsh_uint)databitlen; + remain_msg_byte += (lsh_uint)databytelen; + if (pos2){ + ctx->last_block[remain_msg_byte] = data[databytelen] & ((0xff >> pos2) ^ 0xff); + } + return LSH_SUCCESS; + } + + if (remain_msg_byte > 0){ + size_t more_byte = LSH256_MSG_BLK_BYTE_LEN - remain_msg_byte; + memcpy(ctx->last_block + remain_msg_byte, data, more_byte); + compress(ctx, ctx->last_block); + data += more_byte; + databytelen -= more_byte; + remain_msg_byte = 0; + ctx->remain_databitlen = 0; + } + + while (databytelen >= LSH256_MSG_BLK_BYTE_LEN) + { + // This call to compress caused some trouble. + // The data pointer can become unaligned in the + // previous block. + compress(ctx, data); + data += LSH256_MSG_BLK_BYTE_LEN; + databytelen -= LSH256_MSG_BLK_BYTE_LEN; + } + + if (databytelen > 0){ + memcpy(ctx->last_block, data, databytelen); + ctx->remain_databitlen = (lsh_uint)(databytelen << 3); + } + + if (pos2){ + ctx->last_block[databytelen] = data[databytelen] & ((0xff >> pos2) ^ 0xff); + ctx->remain_databitlen += pos2; + } + + return LSH_SUCCESS; +} + +lsh_err lsh256_final(LSH256_Context* ctx, lsh_u8* hashval) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + CRYPTOPP_ASSERT(hashval != NULLPTR); + + // We are byte oriented. tail bits will always be 0. + size_t remain_msg_byte = ctx->remain_databitlen >> 3; + // lsh_uint remain_msg_bit = ctx->remain_databitlen & 7; + const size_t remain_msg_bit = 0; + + if (remain_msg_byte >= LSH256_MSG_BLK_BYTE_LEN){ + return LSH_ERR_INVALID_STATE; + } + + if (remain_msg_bit){ + ctx->last_block[remain_msg_byte] |= (0x1 << (7 - remain_msg_bit)); + } + else{ + ctx->last_block[remain_msg_byte] = 0x80; + } + memset(ctx->last_block + remain_msg_byte + 1, 0, LSH256_MSG_BLK_BYTE_LEN - remain_msg_byte - 1); + + compress(ctx, ctx->last_block); + + fin(ctx); + get_hash(ctx, hashval); + + return LSH_SUCCESS; +} + +ANONYMOUS_NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) + +#if defined(CRYPTOPP_ENABLE_64BIT_SSE) +# if defined(CRYPTOPP_AVX2_AVAILABLE) + extern void LSH256_Base_Restart_AVX2(word32* state); + extern void LSH256_Base_Update_AVX2(word32* state, const byte *input, size_t size); + extern void LSH256_Base_TruncatedFinal_AVX2(word32* state, byte *hash, size_t size); +# endif +# if defined(CRYPTOPP_SSSE3_AVAILABLE) + extern void LSH256_Base_Restart_SSSE3(word32* state); + extern void LSH256_Base_Update_SSSE3(word32* state, const byte *input, size_t size); + extern void LSH256_Base_TruncatedFinal_SSSE3(word32* state, byte *hash, size_t size); +# endif +#endif + +void LSH256_Base_Restart_CXX(word32* state) +{ + state[RemainingBits] = 0; + LSH256_Context ctx(state, state[AlgorithmType], state[RemainingBits]); + lsh_err err = lsh256_init(&ctx); + + if (err != LSH_SUCCESS) + throw Exception(Exception::OTHER_ERROR, "LSH256_Base: lsh256_init failed"); +} + +void LSH256_Base_Update_CXX(word32* state, const byte *input, size_t size) +{ + LSH256_Context ctx(state, state[AlgorithmType], state[RemainingBits]); + lsh_err err = lsh256_update(&ctx, input, 8*size); + + if (err != LSH_SUCCESS) + throw Exception(Exception::OTHER_ERROR, "LSH256_Base: lsh256_update failed"); +} + +void LSH256_Base_TruncatedFinal_CXX(word32* state, byte *hash, size_t) +{ + LSH256_Context ctx(state, state[AlgorithmType], state[RemainingBits]); + lsh_err err = lsh256_final(&ctx, hash); + + if (err != LSH_SUCCESS) + throw Exception(Exception::OTHER_ERROR, "LSH256_Base: lsh256_final failed"); +} + +std::string LSH256_Base::AlgorithmProvider() const +{ +#if defined(CRYPTOPP_ENABLE_64BIT_SSE) +#if defined(CRYPTOPP_AVX2_AVAILABLE) + if (HasAVX2()) + return "AVX2"; + else +#endif +#if defined(CRYPTOPP_SSSE3_AVAILABLE) + if (HasSSSE3()) + return "SSSE3"; + else +#endif +#endif // CRYPTOPP_ENABLE_64BIT_SSE + + return "C++"; +} + +void LSH256_Base::Restart() +{ +#if defined(CRYPTOPP_AVX2_AVAILABLE) && defined(CRYPTOPP_ENABLE_64BIT_SSE) + if (HasAVX2()) + LSH256_Base_Restart_AVX2(m_state); + else +#endif +#if defined(CRYPTOPP_SSSE3_AVAILABLE) && defined(CRYPTOPP_ENABLE_64BIT_SSE) + if (HasSSSE3()) + LSH256_Base_Restart_SSSE3(m_state); + else +#endif + + LSH256_Base_Restart_CXX(m_state); +} + +void LSH256_Base::Update(const byte *input, size_t size) +{ + CRYPTOPP_ASSERT(input != NULLPTR); + CRYPTOPP_ASSERT(size); + +#if defined(CRYPTOPP_AVX2_AVAILABLE) && defined(CRYPTOPP_ENABLE_64BIT_SSE) + if (HasAVX2()) + LSH256_Base_Update_AVX2(m_state, input, size); + else +#endif +#if defined(CRYPTOPP_SSSE3_AVAILABLE) && defined(CRYPTOPP_ENABLE_64BIT_SSE) + if (HasSSSE3()) + LSH256_Base_Update_SSSE3(m_state, input, size); + else +#endif + + LSH256_Base_Update_CXX(m_state, input, size); +} + +void LSH256_Base::TruncatedFinal(byte *hash, size_t size) +{ + CRYPTOPP_ASSERT(hash != NULLPTR); + ThrowIfInvalidTruncatedSize(size); + + // TODO: determine if LSH256 supports truncated hashes. See the code + // in get_hash(), where a bit-length is added to the last output + // byte of the hash function. + byte fullHash[LSH256_HASH_VAL_MAX_BYTE_LEN]; + bool copyOut = (size < DigestSize()); + +#if defined(CRYPTOPP_AVX2_AVAILABLE) && defined(CRYPTOPP_ENABLE_64BIT_SSE) + if (HasAVX2()) + LSH256_Base_TruncatedFinal_AVX2(m_state, copyOut ? fullHash : hash, size); + else +#endif +#if defined(CRYPTOPP_SSSE3_AVAILABLE) && defined(CRYPTOPP_ENABLE_64BIT_SSE) + if (HasSSSE3()) + LSH256_Base_TruncatedFinal_SSSE3(m_state, copyOut ? fullHash : hash, size); + else +#endif + + LSH256_Base_TruncatedFinal_CXX(m_state, copyOut ? fullHash : hash, size); + + if (copyOut) + memcpy(hash, fullHash, size); + + Restart(); +} + +NAMESPACE_END diff -Nru libcrypto++-8.4.0/lsh256_sse.cpp libcrypto++-8.6.0/lsh256_sse.cpp --- libcrypto++-8.4.0/lsh256_sse.cpp 1970-01-01 00:00:00.000000000 +0000 +++ libcrypto++-8.6.0/lsh256_sse.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -0,0 +1,710 @@ +// lsh.cpp - written and placed in the public domain by Jeffrey Walton +// Based on the specification and source code provided by +// Korea Internet & Security Agency (KISA) website. Also +// see https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do +// and https://seed.kisa.or.kr/kisa/Board/22/detailView.do. + +// We are hitting some sort of GCC bug in the LSH AVX2 code path. +// Clang is OK on the AVX2 code path. We believe it is GCC Issue +// 82735, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82735. It +// makes using zeroupper a little tricky. + +#include "pch.h" +#include "config.h" + +#include "lsh.h" +#include "cpu.h" +#include "misc.h" + +#if defined(CRYPTOPP_SSSE3_AVAILABLE) && defined(CRYPTOPP_ENABLE_64BIT_SSE) + +#if defined(CRYPTOPP_SSSE3_AVAILABLE) +# include +# include +#endif + +#if defined(CRYPTOPP_XOP_AVAILABLE) +# include +#endif + +// GCC at 4.5. Clang is unknown. Also see https://stackoverflow.com/a/42493893. +#if (CRYPTOPP_GCC_VERSION >= 40500) +# include +#endif + +ANONYMOUS_NAMESPACE_BEGIN + +/* LSH Constants */ + +const unsigned int LSH256_MSG_BLK_BYTE_LEN = 128; +// const unsigned int LSH256_MSG_BLK_BIT_LEN = 1024; +// const unsigned int LSH256_CV_BYTE_LEN = 64; +const unsigned int LSH256_HASH_VAL_MAX_BYTE_LEN = 32; + +// const unsigned int MSG_BLK_WORD_LEN = 32; +const unsigned int CV_WORD_LEN = 16; +const unsigned int CONST_WORD_LEN = 8; +// const unsigned int HASH_VAL_MAX_WORD_LEN = 8; +// const unsigned int WORD_BIT_LEN = 32; +const unsigned int NUM_STEPS = 26; + +const unsigned int ROT_EVEN_ALPHA = 29; +const unsigned int ROT_EVEN_BETA = 1; +const unsigned int ROT_ODD_ALPHA = 5; +const unsigned int ROT_ODD_BETA = 17; + +const unsigned int LSH_TYPE_256_256 = 0x0000020; +const unsigned int LSH_TYPE_256_224 = 0x000001C; + +// const unsigned int LSH_TYPE_224 = LSH_TYPE_256_224; +// const unsigned int LSH_TYPE_256 = LSH_TYPE_256_256; + +/* Error Code */ + +const unsigned int LSH_SUCCESS = 0x0; +// const unsigned int LSH_ERR_NULL_PTR = 0x2401; +// const unsigned int LSH_ERR_INVALID_ALGTYPE = 0x2402; +const unsigned int LSH_ERR_INVALID_DATABITLEN = 0x2403; +const unsigned int LSH_ERR_INVALID_STATE = 0x2404; + +/* Index into our state array */ + +const unsigned int AlgorithmType = 80; +const unsigned int RemainingBits = 81; + +NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(LSH) + +// lsh256.cpp +extern const word32 LSH256_IV224[CV_WORD_LEN]; +extern const word32 LSH256_IV256[CV_WORD_LEN]; +extern const word32 LSH256_StepConstants[CONST_WORD_LEN * NUM_STEPS]; + +NAMESPACE_END // LSH +NAMESPACE_END // Crypto++ + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::byte; +using CryptoPP::word32; +using CryptoPP::rotlFixed; +using CryptoPP::rotlConstant; + +using CryptoPP::GetBlock; +using CryptoPP::LittleEndian; +using CryptoPP::ConditionalByteReverse; +using CryptoPP::LITTLE_ENDIAN_ORDER; + +typedef byte lsh_u8; +typedef word32 lsh_u32; +typedef word32 lsh_uint; +typedef word32 lsh_err; +typedef word32 lsh_type; + +using CryptoPP::LSH::LSH256_IV224; +using CryptoPP::LSH::LSH256_IV256; +using CryptoPP::LSH::LSH256_StepConstants; + +struct LSH256_SSSE3_Context +{ + LSH256_SSSE3_Context(word32* state, word32 algType, word32& remainingBitLength) : + cv_l(state+0), cv_r(state+8), sub_msgs(state+16), + last_block(reinterpret_cast(state+48)), + remain_databitlen(remainingBitLength), + alg_type(static_cast(algType)) {} + + lsh_u32* cv_l; // start of our state block + lsh_u32* cv_r; + lsh_u32* sub_msgs; + lsh_u8* last_block; + lsh_u32& remain_databitlen; + lsh_type alg_type; +}; + +struct LSH256_SSSE3_Internal +{ + LSH256_SSSE3_Internal(word32* state) : + submsg_e_l(state+16), submsg_e_r(state+24), + submsg_o_l(state+32), submsg_o_r(state+40) { } + + lsh_u32* submsg_e_l; /* even left sub-message */ + lsh_u32* submsg_e_r; /* even right sub-message */ + lsh_u32* submsg_o_l; /* odd left sub-message */ + lsh_u32* submsg_o_r; /* odd right sub-message */ +}; + +// const word32 g_gamma256[8] = { 0, 8, 16, 24, 24, 16, 8, 0 }; + +/* LSH AlgType Macro */ + +inline bool LSH_IS_LSH512(lsh_uint val) { + return (val & 0xf0000) == 0; +} + +inline lsh_uint LSH_GET_SMALL_HASHBIT(lsh_uint val) { + return val >> 24; +} + +inline lsh_uint LSH_GET_HASHBYTE(lsh_uint val) { + return val & 0xffff; +} + +inline lsh_uint LSH_GET_HASHBIT(lsh_uint val) { + return (LSH_GET_HASHBYTE(val) << 3) - LSH_GET_SMALL_HASHBIT(val); +} + +inline lsh_u32 loadLE32(lsh_u32 v) { + return ConditionalByteReverse(LITTLE_ENDIAN_ORDER, v); +} + +lsh_u32 ROTL(lsh_u32 x, lsh_u32 r) { + return rotlFixed(x, r); +} + +// Original code relied upon unaligned lsh_u32 buffer +inline void load_msg_blk(LSH256_SSSE3_Internal* i_state, const lsh_u8 msgblk[LSH256_MSG_BLK_BYTE_LEN]) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + lsh_u32* submsg_e_l = i_state->submsg_e_l; + lsh_u32* submsg_e_r = i_state->submsg_e_r; + lsh_u32* submsg_o_l = i_state->submsg_o_l; + lsh_u32* submsg_o_r = i_state->submsg_o_r; + + _mm_storeu_si128(M128_CAST(submsg_e_l+0), + _mm_loadu_si128(CONST_M128_CAST(msgblk+0))); + _mm_storeu_si128(M128_CAST(submsg_e_l+4), + _mm_loadu_si128(CONST_M128_CAST(msgblk+16))); + _mm_storeu_si128(M128_CAST(submsg_e_r+0), + _mm_loadu_si128(CONST_M128_CAST(msgblk+32))); + _mm_storeu_si128(M128_CAST(submsg_e_r+4), + _mm_loadu_si128(CONST_M128_CAST(msgblk+48))); + _mm_storeu_si128(M128_CAST(submsg_o_l+0), + _mm_loadu_si128(CONST_M128_CAST(msgblk+64))); + _mm_storeu_si128(M128_CAST(submsg_o_l+4), + _mm_loadu_si128(CONST_M128_CAST(msgblk+80))); + _mm_storeu_si128(M128_CAST(submsg_o_r+0), + _mm_loadu_si128(CONST_M128_CAST(msgblk+96))); + _mm_storeu_si128(M128_CAST(submsg_o_r+4), + _mm_loadu_si128(CONST_M128_CAST(msgblk+112))); +} + +inline void msg_exp_even(LSH256_SSSE3_Internal* i_state) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u32* submsg_e_l = i_state->submsg_e_l; + lsh_u32* submsg_e_r = i_state->submsg_e_r; + lsh_u32* submsg_o_l = i_state->submsg_o_l; + lsh_u32* submsg_o_r = i_state->submsg_o_r; + + _mm_storeu_si128(M128_CAST(submsg_e_l+0), _mm_add_epi32( + _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(submsg_o_l+0)), _MM_SHUFFLE(3,2,1,0)), + _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+0)), _MM_SHUFFLE(1,0,2,3)))); + + _mm_storeu_si128(M128_CAST(submsg_e_l+4), _mm_add_epi32( + _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(submsg_o_l+4)), _MM_SHUFFLE(3,2,1,0)), + _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+4)), _MM_SHUFFLE(2,1,0,3)))); + + _mm_storeu_si128(M128_CAST(submsg_e_r+0), _mm_add_epi32( + _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(submsg_o_r+0)), _MM_SHUFFLE(3,2,1,0)), + _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+0)), _MM_SHUFFLE(1,0,2,3)))); + + _mm_storeu_si128(M128_CAST(submsg_e_r+4), _mm_add_epi32( + _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(submsg_o_r+4)), _MM_SHUFFLE(3,2,1,0)), + _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+4)), _MM_SHUFFLE(2,1,0,3)))); +} + +inline void msg_exp_odd(LSH256_SSSE3_Internal* i_state) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u32* submsg_e_l = i_state->submsg_e_l; + lsh_u32* submsg_e_r = i_state->submsg_e_r; + lsh_u32* submsg_o_l = i_state->submsg_o_l; + lsh_u32* submsg_o_r = i_state->submsg_o_r; + + _mm_storeu_si128(M128_CAST(submsg_o_l+0), _mm_add_epi32( + _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+0)), _MM_SHUFFLE(3,2,1,0)), + _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(submsg_o_l+0)), _MM_SHUFFLE(1,0,2,3)))); + + _mm_storeu_si128(M128_CAST(submsg_o_l+4), _mm_add_epi32( + _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+4)), _MM_SHUFFLE(3,2,1,0)), + _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(submsg_o_l+4)), _MM_SHUFFLE(2,1,0,3)))); + + _mm_storeu_si128(M128_CAST(submsg_o_r+0), _mm_add_epi32( + _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+0)), _MM_SHUFFLE(3,2,1,0)), + _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(submsg_o_r+0)), _MM_SHUFFLE(1,0,2,3)))); + + _mm_storeu_si128(M128_CAST(submsg_o_r+4), _mm_add_epi32( + _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+4)), _MM_SHUFFLE(3,2,1,0)), + _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(submsg_o_r+4)), _MM_SHUFFLE(2,1,0,3)))); +} + +inline void load_sc(const lsh_u32** p_const_v, size_t i) +{ + CRYPTOPP_ASSERT(p_const_v != NULLPTR); + + *p_const_v = &LSH256_StepConstants[i]; +} + +inline void msg_add_even(lsh_u32 cv_l[8], lsh_u32 cv_r[8], LSH256_SSSE3_Internal* i_state) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u32* submsg_e_l = i_state->submsg_e_l; + lsh_u32* submsg_e_r = i_state->submsg_e_r; + + _mm_storeu_si128(M128_CAST(cv_l+0), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_l+0)), + _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+0)))); + _mm_storeu_si128(M128_CAST(cv_l+4), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_l+4)), + _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+4)))); + _mm_storeu_si128(M128_CAST(cv_r+0), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_r+0)), + _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+0)))); + _mm_storeu_si128(M128_CAST(cv_r+4), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_r+4)), + _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+4)))); +} + +inline void msg_add_odd(lsh_u32 cv_l[8], lsh_u32 cv_r[8], LSH256_SSSE3_Internal* i_state) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u32* submsg_o_l = i_state->submsg_o_l; + lsh_u32* submsg_o_r = i_state->submsg_o_r; + + _mm_storeu_si128(M128_CAST(cv_l), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_l)), + _mm_loadu_si128(CONST_M128_CAST(submsg_o_l)))); + _mm_storeu_si128(M128_CAST(cv_l+4), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_l+4)), + _mm_loadu_si128(CONST_M128_CAST(submsg_o_l+4)))); + _mm_storeu_si128(M128_CAST(cv_r), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_r)), + _mm_loadu_si128(CONST_M128_CAST(submsg_o_r)))); + _mm_storeu_si128(M128_CAST(cv_r+4), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_r+4)), + _mm_loadu_si128(CONST_M128_CAST(submsg_o_r+4)))); +} + +inline void add_blk(lsh_u32 cv_l[8], const lsh_u32 cv_r[8]) +{ + _mm_storeu_si128(M128_CAST(cv_l), _mm_add_epi32( + _mm_loadu_si128(CONST_M128_CAST(cv_l)), + _mm_loadu_si128(CONST_M128_CAST(cv_r)))); + _mm_storeu_si128(M128_CAST(cv_l+4), _mm_add_epi32( + _mm_loadu_si128(CONST_M128_CAST(cv_l+4)), + _mm_loadu_si128(CONST_M128_CAST(cv_r+4)))); +} + +template +inline void rotate_blk(lsh_u32 cv[8]) +{ +#if defined(CRYPTOPP_XOP_AVAILABLE) + _mm_storeu_si128(M128_CAST(cv), + _mm_roti_epi32(_mm_loadu_si128(CONST_M128_CAST(cv)), R)); + _mm_storeu_si128(M128_CAST(cv+4), + _mm_roti_epi32(_mm_loadu_si128(CONST_M128_CAST(cv+4)), R)); +#else + _mm_storeu_si128(M128_CAST(cv), _mm_or_si128( + _mm_slli_epi32(_mm_loadu_si128(CONST_M128_CAST(cv)), R), + _mm_srli_epi32(_mm_loadu_si128(CONST_M128_CAST(cv)), 32-R))); + _mm_storeu_si128(M128_CAST(cv+4), _mm_or_si128( + _mm_slli_epi32(_mm_loadu_si128(CONST_M128_CAST(cv+4)), R), + _mm_srli_epi32(_mm_loadu_si128(CONST_M128_CAST(cv+4)), 32-R))); +#endif +} + +inline void xor_with_const(lsh_u32* cv_l, const lsh_u32* const_v) +{ + _mm_storeu_si128(M128_CAST(cv_l), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_l)), + _mm_loadu_si128(CONST_M128_CAST(const_v)))); + _mm_storeu_si128(M128_CAST(cv_l+4), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_l+4)), + _mm_loadu_si128(CONST_M128_CAST(const_v+4)))); +} + +inline void rotate_msg_gamma(lsh_u32 cv_r[8]) +{ + // g_gamma256[8] = { 0, 8, 16, 24, 24, 16, 8, 0 }; + _mm_storeu_si128(M128_CAST(cv_r+0), + _mm_shuffle_epi8(_mm_loadu_si128(CONST_M128_CAST(cv_r+0)), + _mm_set_epi8(12,15,14,13, 9,8,11,10, 6,5,4,7, 3,2,1,0))); + _mm_storeu_si128(M128_CAST(cv_r+4), + _mm_shuffle_epi8(_mm_loadu_si128(CONST_M128_CAST(cv_r+4)), + _mm_set_epi8(15,14,13,12, 10,9,8,11, 5,4,7,6, 0,3,2,1))); +} + +inline void word_perm(lsh_u32 cv_l[8], lsh_u32 cv_r[8]) +{ + _mm_storeu_si128(M128_CAST(cv_l+0), _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(cv_l+0)), _MM_SHUFFLE(3,1,0,2))); + _mm_storeu_si128(M128_CAST(cv_l+4), _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(cv_l+4)), _MM_SHUFFLE(3,1,0,2))); + _mm_storeu_si128(M128_CAST(cv_r+0), _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(cv_r+0)), _MM_SHUFFLE(1,2,3,0))); + _mm_storeu_si128(M128_CAST(cv_r+4), _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(cv_r+4)), _MM_SHUFFLE(1,2,3,0))); + + __m128i temp = _mm_loadu_si128(CONST_M128_CAST(cv_l+0)); + _mm_storeu_si128(M128_CAST(cv_l+0), + _mm_loadu_si128(CONST_M128_CAST(cv_l+4))); + _mm_storeu_si128(M128_CAST(cv_l+4), + _mm_loadu_si128(CONST_M128_CAST(cv_r+4))); + _mm_storeu_si128(M128_CAST(cv_r+4), + _mm_loadu_si128(CONST_M128_CAST(cv_r+0))); + _mm_storeu_si128(M128_CAST(cv_r+0), temp); +}; + +/* -------------------------------------------------------- * +* step function +* -------------------------------------------------------- */ + +template +inline void mix(lsh_u32 cv_l[8], lsh_u32 cv_r[8], const lsh_u32 const_v[8]) +{ + add_blk(cv_l, cv_r); + rotate_blk(cv_l); + xor_with_const(cv_l, const_v); + add_blk(cv_r, cv_l); + rotate_blk(cv_r); + add_blk(cv_l, cv_r); + rotate_msg_gamma(cv_r); +} + +/* -------------------------------------------------------- * +* compression function +* -------------------------------------------------------- */ + +inline void compress(LSH256_SSSE3_Context* ctx, const lsh_u8 pdMsgBlk[LSH256_MSG_BLK_BYTE_LEN]) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + LSH256_SSSE3_Internal s_state(ctx->cv_l); + LSH256_SSSE3_Internal* i_state = &s_state; + + const lsh_u32* const_v = NULL; + lsh_u32* cv_l = ctx->cv_l; + lsh_u32* cv_r = ctx->cv_r; + + load_msg_blk(i_state, pdMsgBlk); + + msg_add_even(cv_l, cv_r, i_state); + load_sc(&const_v, 0); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + + msg_add_odd(cv_l, cv_r, i_state); + load_sc(&const_v, 8); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + + for (size_t i = 1; i < NUM_STEPS / 2; i++) + { + msg_exp_even(i_state); + msg_add_even(cv_l, cv_r, i_state); + load_sc(&const_v, 16 * i); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + + msg_exp_odd(i_state); + msg_add_odd(cv_l, cv_r, i_state); + load_sc(&const_v, 16 * i + 8); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + } + + msg_exp_even(i_state); + msg_add_even(cv_l, cv_r, i_state); +} + +/* -------------------------------------------------------- */ + +inline void load_iv(lsh_u32 cv_l[8], lsh_u32 cv_r[8], const lsh_u32 iv[16]) +{ + _mm_storeu_si128(M128_CAST(cv_l+ 0), + _mm_load_si128(CONST_M128_CAST(iv+ 0))); + _mm_storeu_si128(M128_CAST(cv_l+ 4), + _mm_load_si128(CONST_M128_CAST(iv+ 4))); + _mm_storeu_si128(M128_CAST(cv_r+ 0), + _mm_load_si128(CONST_M128_CAST(iv+ 8))); + _mm_storeu_si128(M128_CAST(cv_r+ 4), + _mm_load_si128(CONST_M128_CAST(iv+12))); +} + +inline void zero_iv(lsh_u32 cv_l[8], lsh_u32 cv_r[8]) +{ + _mm_storeu_si128(M128_CAST(cv_l+0), _mm_setzero_si128()); + _mm_storeu_si128(M128_CAST(cv_l+4), _mm_setzero_si128()); + _mm_storeu_si128(M128_CAST(cv_r+0), _mm_setzero_si128()); + _mm_storeu_si128(M128_CAST(cv_r+4), _mm_setzero_si128()); +} + +inline void zero_submsgs(LSH256_SSSE3_Context* ctx) +{ + lsh_u32* sub_msgs = ctx->sub_msgs; + + _mm_storeu_si128(M128_CAST(sub_msgs+ 0), _mm_setzero_si128()); + _mm_storeu_si128(M128_CAST(sub_msgs+ 4), _mm_setzero_si128()); + _mm_storeu_si128(M128_CAST(sub_msgs+ 8), _mm_setzero_si128()); + _mm_storeu_si128(M128_CAST(sub_msgs+12), _mm_setzero_si128()); + _mm_storeu_si128(M128_CAST(sub_msgs+16), _mm_setzero_si128()); + _mm_storeu_si128(M128_CAST(sub_msgs+20), _mm_setzero_si128()); + _mm_storeu_si128(M128_CAST(sub_msgs+24), _mm_setzero_si128()); + _mm_storeu_si128(M128_CAST(sub_msgs+28), _mm_setzero_si128()); +} + +inline void init224(LSH256_SSSE3_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + zero_submsgs(ctx); + load_iv(ctx->cv_l, ctx->cv_r, LSH256_IV224); +} + +inline void init256(LSH256_SSSE3_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + zero_submsgs(ctx); + load_iv(ctx->cv_l, ctx->cv_r, LSH256_IV256); +} + +/* -------------------------------------------------------- */ + +inline void fin(LSH256_SSSE3_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + _mm_storeu_si128(M128_CAST(ctx->cv_l+0), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(ctx->cv_l+0)), + _mm_loadu_si128(CONST_M128_CAST(ctx->cv_r+0)))); + _mm_storeu_si128(M128_CAST(ctx->cv_l+4), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(ctx->cv_l+4)), + _mm_loadu_si128(CONST_M128_CAST(ctx->cv_r+4)))); +} + +/* -------------------------------------------------------- */ + +inline void get_hash(LSH256_SSSE3_Context* ctx, lsh_u8* pbHashVal) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + CRYPTOPP_ASSERT(ctx->alg_type != 0); + CRYPTOPP_ASSERT(pbHashVal != NULLPTR); + + lsh_uint alg_type = ctx->alg_type; + lsh_uint hash_val_byte_len = LSH_GET_HASHBYTE(alg_type); + lsh_uint hash_val_bit_len = LSH_GET_SMALL_HASHBIT(alg_type); + + // Multiplying by sizeof(lsh_u8) looks odd... + memcpy(pbHashVal, ctx->cv_l, hash_val_byte_len); + if (hash_val_bit_len){ + pbHashVal[hash_val_byte_len-1] &= (((lsh_u8)0xff) << hash_val_bit_len); + } +} + +/* -------------------------------------------------------- */ + +lsh_err lsh256_ssse3_init(LSH256_SSSE3_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + CRYPTOPP_ASSERT(ctx->alg_type != 0); + + lsh_u32 alg_type = ctx->alg_type; + const lsh_u32* const_v = NULL; + ctx->remain_databitlen = 0; + + switch (alg_type) + { + case LSH_TYPE_256_256: + init256(ctx); + return LSH_SUCCESS; + case LSH_TYPE_256_224: + init224(ctx); + return LSH_SUCCESS; + default: + break; + } + + lsh_u32* cv_l = ctx->cv_l; + lsh_u32* cv_r = ctx->cv_r; + + zero_iv(cv_l, cv_r); + cv_l[0] = LSH256_HASH_VAL_MAX_BYTE_LEN; + cv_l[1] = LSH_GET_HASHBIT(alg_type); + + for (size_t i = 0; i < NUM_STEPS / 2; i++) + { + //Mix + load_sc(&const_v, i * 16); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + + load_sc(&const_v, i * 16 + 8); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + } + + return LSH_SUCCESS; +} + +lsh_err lsh256_ssse3_update(LSH256_SSSE3_Context* ctx, const lsh_u8* data, size_t databitlen) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + CRYPTOPP_ASSERT(data != NULLPTR); + CRYPTOPP_ASSERT(databitlen % 8 == 0); + CRYPTOPP_ASSERT(ctx->alg_type != 0); + + if (databitlen == 0){ + return LSH_SUCCESS; + } + + // We are byte oriented. tail bits will always be 0. + size_t databytelen = databitlen >> 3; + // lsh_uint pos2 = databitlen & 0x7; + const size_t pos2 = 0; + + size_t remain_msg_byte = ctx->remain_databitlen >> 3; + // lsh_uint remain_msg_bit = ctx->remain_databitlen & 7; + const size_t remain_msg_bit = 0; + + if (remain_msg_byte >= LSH256_MSG_BLK_BYTE_LEN){ + return LSH_ERR_INVALID_STATE; + } + if (remain_msg_bit > 0){ + return LSH_ERR_INVALID_DATABITLEN; + } + + if (databytelen + remain_msg_byte < LSH256_MSG_BLK_BYTE_LEN) + { + memcpy(ctx->last_block + remain_msg_byte, data, databytelen); + ctx->remain_databitlen += (lsh_uint)databitlen; + remain_msg_byte += (lsh_uint)databytelen; + if (pos2){ + ctx->last_block[remain_msg_byte] = data[databytelen] & ((0xff >> pos2) ^ 0xff); + } + return LSH_SUCCESS; + } + + if (remain_msg_byte > 0){ + size_t more_byte = LSH256_MSG_BLK_BYTE_LEN - remain_msg_byte; + memcpy(ctx->last_block + remain_msg_byte, data, more_byte); + compress(ctx, ctx->last_block); + data += more_byte; + databytelen -= more_byte; + remain_msg_byte = 0; + ctx->remain_databitlen = 0; + } + + while (databytelen >= LSH256_MSG_BLK_BYTE_LEN) + { + // This call to compress caused some trouble. + // The data pointer can become unaligned in the + // previous block. + compress(ctx, data); + data += LSH256_MSG_BLK_BYTE_LEN; + databytelen -= LSH256_MSG_BLK_BYTE_LEN; + } + + if (databytelen > 0){ + memcpy(ctx->last_block, data, databytelen); + ctx->remain_databitlen = (lsh_uint)(databytelen << 3); + } + + if (pos2){ + ctx->last_block[databytelen] = data[databytelen] & ((0xff >> pos2) ^ 0xff); + ctx->remain_databitlen += pos2; + } + + return LSH_SUCCESS; +} + +lsh_err lsh256_ssse3_final(LSH256_SSSE3_Context* ctx, lsh_u8* hashval) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + CRYPTOPP_ASSERT(hashval != NULLPTR); + + // We are byte oriented. tail bits will always be 0. + size_t remain_msg_byte = ctx->remain_databitlen >> 3; + // lsh_uint remain_msg_bit = ctx->remain_databitlen & 7; + const size_t remain_msg_bit = 0; + + if (remain_msg_byte >= LSH256_MSG_BLK_BYTE_LEN){ + return LSH_ERR_INVALID_STATE; + } + + if (remain_msg_bit){ + ctx->last_block[remain_msg_byte] |= (0x1 << (7 - remain_msg_bit)); + } + else{ + ctx->last_block[remain_msg_byte] = 0x80; + } + memset(ctx->last_block + remain_msg_byte + 1, 0, LSH256_MSG_BLK_BYTE_LEN - remain_msg_byte - 1); + + compress(ctx, ctx->last_block); + + fin(ctx); + get_hash(ctx, hashval); + + return LSH_SUCCESS; +} + +ANONYMOUS_NAMESPACE_END // Anonymous + +NAMESPACE_BEGIN(CryptoPP) + +extern +void LSH256_Base_Restart_SSSE3(word32* state) +{ + state[RemainingBits] = 0; + LSH256_SSSE3_Context ctx(state, state[AlgorithmType], state[RemainingBits]); + lsh_err err = lsh256_ssse3_init(&ctx); + + if (err != LSH_SUCCESS) + throw Exception(Exception::OTHER_ERROR, "LSH256_Base: lsh256_ssse3_init failed"); +} + +extern +void LSH256_Base_Update_SSSE3(word32* state, const byte *input, size_t size) +{ + LSH256_SSSE3_Context ctx(state, state[AlgorithmType], state[RemainingBits]); + lsh_err err = lsh256_ssse3_update(&ctx, input, 8*size); + + if (err != LSH_SUCCESS) + throw Exception(Exception::OTHER_ERROR, "LSH256_Base: lsh256_ssse3_update failed"); +} + +extern +void LSH256_Base_TruncatedFinal_SSSE3(word32* state, byte *hash, size_t) +{ + LSH256_SSSE3_Context ctx(state, state[AlgorithmType], state[RemainingBits]); + lsh_err err = lsh256_ssse3_final(&ctx, hash); + + if (err != LSH_SUCCESS) + throw Exception(Exception::OTHER_ERROR, "LSH256_Base: lsh256_ssse3_final failed"); +} + +NAMESPACE_END + +#endif // CRYPTOPP_SSSE3_AVAILABLE diff -Nru libcrypto++-8.4.0/lsh512_avx.cpp libcrypto++-8.6.0/lsh512_avx.cpp --- libcrypto++-8.4.0/lsh512_avx.cpp 1970-01-01 00:00:00.000000000 +0000 +++ libcrypto++-8.6.0/lsh512_avx.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -0,0 +1,760 @@ +// lsh.cpp - written and placed in the public domain by Jeffrey Walton +// Based on the specification and source code provided by +// Korea Internet & Security Agency (KISA) website. Also +// see https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do +// and https://seed.kisa.or.kr/kisa/Board/22/detailView.do. + +// We are hitting some sort of GCC bug in the LSH AVX2 code path. +// Clang is OK on the AVX2 code path. We believe it is GCC Issue +// 82735, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82735. It +// makes using zeroupper a little tricky. + +#include "pch.h" +#include "config.h" + +#include "lsh.h" +#include "misc.h" + +#if defined(CRYPTOPP_AVX2_AVAILABLE) && defined(CRYPTOPP_ENABLE_64BIT_SSE) + +#if defined(CRYPTOPP_AVX2_AVAILABLE) +# include +# include +#endif + +// GCC at 4.5. Clang is unknown. Also see https://stackoverflow.com/a/42493893. +#if (CRYPTOPP_GCC_VERSION >= 40500) +# include +#endif + +ANONYMOUS_NAMESPACE_BEGIN + +/* LSH Constants */ + +const unsigned int LSH512_MSG_BLK_BYTE_LEN = 256; +// const unsigned int LSH512_MSG_BLK_BIT_LEN = 2048; +// const unsigned int LSH512_CV_BYTE_LEN = 128; +const unsigned int LSH512_HASH_VAL_MAX_BYTE_LEN = 64; + +// const unsigned int MSG_BLK_WORD_LEN = 32; +const unsigned int CV_WORD_LEN = 16; +const unsigned int CONST_WORD_LEN = 8; +// const unsigned int HASH_VAL_MAX_WORD_LEN = 8; +const unsigned int NUM_STEPS = 28; + +const unsigned int ROT_EVEN_ALPHA = 23; +const unsigned int ROT_EVEN_BETA = 59; +const unsigned int ROT_ODD_ALPHA = 7; +const unsigned int ROT_ODD_BETA = 3; + +const unsigned int LSH_TYPE_512_512 = 0x0010040; +const unsigned int LSH_TYPE_512_384 = 0x0010030; +const unsigned int LSH_TYPE_512_256 = 0x0010020; +const unsigned int LSH_TYPE_512_224 = 0x001001C; + +// const unsigned int LSH_TYPE_384 = LSH_TYPE_512_384; +// const unsigned int LSH_TYPE_512 = LSH_TYPE_512_512; + +/* Error Code */ + +const unsigned int LSH_SUCCESS = 0x0; +// const unsigned int LSH_ERR_NULL_PTR = 0x2401; +// const unsigned int LSH_ERR_INVALID_ALGTYPE = 0x2402; +const unsigned int LSH_ERR_INVALID_DATABITLEN = 0x2403; +const unsigned int LSH_ERR_INVALID_STATE = 0x2404; + +/* Index into our state array */ + +const unsigned int AlgorithmType = 80; +const unsigned int RemainingBits = 81; + +NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(LSH) + +// lsh512.cpp +extern const word64 LSH512_IV224[CV_WORD_LEN]; +extern const word64 LSH512_IV256[CV_WORD_LEN]; +extern const word64 LSH512_IV384[CV_WORD_LEN]; +extern const word64 LSH512_IV512[CV_WORD_LEN]; +extern const word64 LSH512_StepConstants[CONST_WORD_LEN * NUM_STEPS]; + +NAMESPACE_END // LSH +NAMESPACE_END // Crypto++ + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::byte; +using CryptoPP::word32; +using CryptoPP::word64; +using CryptoPP::rotlFixed; +using CryptoPP::rotlConstant; + +using CryptoPP::GetBlock; +using CryptoPP::LittleEndian; +using CryptoPP::ConditionalByteReverse; +using CryptoPP::LITTLE_ENDIAN_ORDER; + +using CryptoPP::LSH::LSH512_IV224; +using CryptoPP::LSH::LSH512_IV256; +using CryptoPP::LSH::LSH512_IV384; +using CryptoPP::LSH::LSH512_IV512; +using CryptoPP::LSH::LSH512_StepConstants; + +typedef byte lsh_u8; +typedef word32 lsh_u32; +typedef word64 lsh_u64; +typedef word32 lsh_uint; +typedef word32 lsh_err; +typedef word32 lsh_type; + +struct LSH512_AVX2_Context +{ + LSH512_AVX2_Context(word64* state, word64 algType, word64& remainingBitLength) : + cv_l(state+0), cv_r(state+8), sub_msgs(state+16), + last_block(reinterpret_cast(state+48)), + remain_databitlen(remainingBitLength), + alg_type(static_cast(algType)) {} + + lsh_u64* cv_l; // start of our state block + lsh_u64* cv_r; + lsh_u64* sub_msgs; + lsh_u8* last_block; + lsh_u64& remain_databitlen; + lsh_type alg_type; +}; + +struct LSH512_AVX2_Internal +{ + LSH512_AVX2_Internal(word64* state) : + submsg_e_l(state+16), submsg_e_r(state+24), + submsg_o_l(state+32), submsg_o_r(state+40) { } + + lsh_u64* submsg_e_l; /* even left sub-message */ + lsh_u64* submsg_e_r; /* even right sub-message */ + lsh_u64* submsg_o_l; /* odd left sub-message */ + lsh_u64* submsg_o_r; /* odd right sub-message */ +}; + +// Zero the upper 128 bits of all YMM registers on exit. +// It avoids AVX state transition penalties when saving state. +// https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82735 +// makes using zeroupper a little tricky. + +struct AVX_Cleanup +{ + ~AVX_Cleanup() { + _mm256_zeroupper(); + } +}; + +// const lsh_u32 g_gamma512[8] = { 0, 16, 32, 48, 8, 24, 40, 56 }; + +/* LSH AlgType Macro */ + +inline bool LSH_IS_LSH512(lsh_uint val) { + return (val & 0xf0000) == 0x10000; +} + +inline lsh_uint LSH_GET_SMALL_HASHBIT(lsh_uint val) { + return val >> 24; +} + +inline lsh_uint LSH_GET_HASHBYTE(lsh_uint val) { + return val & 0xffff; +} + +inline lsh_uint LSH_GET_HASHBIT(lsh_uint val) { + return (LSH_GET_HASHBYTE(val) << 3) - LSH_GET_SMALL_HASHBIT(val); +} + +inline lsh_u64 loadLE64(lsh_u64 v) { + return ConditionalByteReverse(LITTLE_ENDIAN_ORDER, v); +} + +lsh_u64 ROTL64(lsh_u64 x, lsh_u32 r) { + return rotlFixed(x, r); +} + +// Original code relied upon unaligned lsh_u64 buffer +inline void load_msg_blk(LSH512_AVX2_Internal* i_state, const lsh_u8 msgblk[LSH512_MSG_BLK_BYTE_LEN]) +{ + lsh_u64* submsg_e_l = i_state->submsg_e_l; + lsh_u64* submsg_e_r = i_state->submsg_e_r; + lsh_u64* submsg_o_l = i_state->submsg_o_l; + lsh_u64* submsg_o_r = i_state->submsg_o_r; + + _mm256_storeu_si256(M256_CAST(submsg_e_l+0), + _mm256_loadu_si256(CONST_M256_CAST(msgblk+0))); + _mm256_storeu_si256(M256_CAST(submsg_e_l+4), + _mm256_loadu_si256(CONST_M256_CAST(msgblk+32))); + + _mm256_storeu_si256(M256_CAST(submsg_e_r+0), + _mm256_loadu_si256(CONST_M256_CAST(msgblk+64))); + _mm256_storeu_si256(M256_CAST(submsg_e_r+4), + _mm256_loadu_si256(CONST_M256_CAST(msgblk+96))); + + _mm256_storeu_si256(M256_CAST(submsg_o_l+0), + _mm256_loadu_si256(CONST_M256_CAST(msgblk+128))); + _mm256_storeu_si256(M256_CAST(submsg_o_l+4), + _mm256_loadu_si256(CONST_M256_CAST(msgblk+160))); + + _mm256_storeu_si256(M256_CAST(submsg_o_r+0), + _mm256_loadu_si256(CONST_M256_CAST(msgblk+192))); + _mm256_storeu_si256(M256_CAST(submsg_o_r+4), + _mm256_loadu_si256(CONST_M256_CAST(msgblk+224))); +} + +inline void msg_exp_even(LSH512_AVX2_Internal* i_state) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u64* submsg_e_l = i_state->submsg_e_l; + lsh_u64* submsg_e_r = i_state->submsg_e_r; + lsh_u64* submsg_o_l = i_state->submsg_o_l; + lsh_u64* submsg_o_r = i_state->submsg_o_r; + + _mm256_storeu_si256(M256_CAST(submsg_e_l+0), _mm256_add_epi64( + _mm256_loadu_si256(CONST_M256_CAST(submsg_o_l+0)), + _mm256_permute4x64_epi64( + _mm256_loadu_si256(CONST_M256_CAST(submsg_e_l+0)), + _MM_SHUFFLE(1,0,2,3)))); + _mm256_storeu_si256(M256_CAST(submsg_e_l+4), _mm256_add_epi64( + _mm256_loadu_si256(CONST_M256_CAST(submsg_o_l+4)), + _mm256_permute4x64_epi64( + _mm256_loadu_si256(CONST_M256_CAST(submsg_e_l+4)), + _MM_SHUFFLE(2,1,0,3)))); + + _mm256_storeu_si256(M256_CAST(submsg_e_r+0), _mm256_add_epi64( + _mm256_loadu_si256(CONST_M256_CAST(submsg_o_r+0)), + _mm256_permute4x64_epi64( + _mm256_loadu_si256(CONST_M256_CAST(submsg_e_r+0)), + _MM_SHUFFLE(1,0,2,3)))); + _mm256_storeu_si256(M256_CAST(submsg_e_r+4), _mm256_add_epi64( + _mm256_loadu_si256(CONST_M256_CAST(submsg_o_r+4)), + _mm256_permute4x64_epi64( + _mm256_loadu_si256(CONST_M256_CAST(submsg_e_r+4)), + _MM_SHUFFLE(2,1,0,3)))); +} + +inline void msg_exp_odd(LSH512_AVX2_Internal* i_state) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u64* submsg_e_l = i_state->submsg_e_l; + lsh_u64* submsg_e_r = i_state->submsg_e_r; + lsh_u64* submsg_o_l = i_state->submsg_o_l; + lsh_u64* submsg_o_r = i_state->submsg_o_r; + + _mm256_storeu_si256(M256_CAST(submsg_o_l+0), + _mm256_add_epi64( + _mm256_loadu_si256(CONST_M256_CAST(submsg_e_l+0)), + _mm256_permute4x64_epi64( + _mm256_loadu_si256(CONST_M256_CAST(submsg_o_l+0)), + _MM_SHUFFLE(1,0,2,3)))); + _mm256_storeu_si256(M256_CAST(submsg_o_l+4), + _mm256_add_epi64( + _mm256_loadu_si256(CONST_M256_CAST(submsg_e_l+4)), + _mm256_permute4x64_epi64( + _mm256_loadu_si256(CONST_M256_CAST(submsg_o_l+4)), + _MM_SHUFFLE(2,1,0,3)))); + + _mm256_storeu_si256(M256_CAST(submsg_o_r+0), + _mm256_add_epi64( + _mm256_loadu_si256(CONST_M256_CAST(submsg_e_r+0)), + _mm256_permute4x64_epi64( + _mm256_loadu_si256(CONST_M256_CAST(submsg_o_r+0)), + _MM_SHUFFLE(1,0,2,3)))); + _mm256_storeu_si256(M256_CAST(submsg_o_r+4), + _mm256_add_epi64( + _mm256_loadu_si256(CONST_M256_CAST(submsg_e_r+4)), + _mm256_permute4x64_epi64( + _mm256_loadu_si256(CONST_M256_CAST(submsg_o_r+4)), + _MM_SHUFFLE(2,1,0,3)))); +} + +inline void load_sc(const lsh_u64** p_const_v, size_t i) +{ + *p_const_v = &LSH512_StepConstants[i]; +} + +inline void msg_add_even(lsh_u64 cv_l[8], lsh_u64 cv_r[8], LSH512_AVX2_Internal* i_state) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u64* submsg_e_l = i_state->submsg_e_l; + lsh_u64* submsg_e_r = i_state->submsg_e_r; + + _mm256_storeu_si256(M256_CAST(cv_l), _mm256_xor_si256( + _mm256_loadu_si256(CONST_M256_CAST(cv_l)), + _mm256_loadu_si256(CONST_M256_CAST(submsg_e_l)))); + _mm256_storeu_si256(M256_CAST(cv_r), _mm256_xor_si256( + _mm256_loadu_si256(CONST_M256_CAST(cv_r)), + _mm256_loadu_si256(CONST_M256_CAST(submsg_e_r)))); + + _mm256_storeu_si256(M256_CAST(cv_l+4), _mm256_xor_si256( + _mm256_loadu_si256(CONST_M256_CAST(cv_l+4)), + _mm256_loadu_si256(CONST_M256_CAST(submsg_e_l+4)))); + _mm256_storeu_si256(M256_CAST(cv_r+4), _mm256_xor_si256( + _mm256_loadu_si256(CONST_M256_CAST(cv_r+4)), + _mm256_loadu_si256(CONST_M256_CAST(submsg_e_r+4)))); +} + +inline void msg_add_odd(lsh_u64 cv_l[8], lsh_u64 cv_r[8], LSH512_AVX2_Internal* i_state) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u64* submsg_o_l = i_state->submsg_o_l; + lsh_u64* submsg_o_r = i_state->submsg_o_r; + + _mm256_storeu_si256(M256_CAST(cv_l), _mm256_xor_si256( + _mm256_loadu_si256(CONST_M256_CAST(cv_l)), + _mm256_loadu_si256(CONST_M256_CAST(submsg_o_l)))); + _mm256_storeu_si256(M256_CAST(cv_r), _mm256_xor_si256( + _mm256_loadu_si256(CONST_M256_CAST(cv_r)), + _mm256_loadu_si256(CONST_M256_CAST(submsg_o_r)))); + + _mm256_storeu_si256(M256_CAST(cv_l+4), _mm256_xor_si256( + _mm256_loadu_si256(CONST_M256_CAST(cv_l+4)), + _mm256_loadu_si256(CONST_M256_CAST(submsg_o_l+4)))); + _mm256_storeu_si256(M256_CAST(cv_r+4), _mm256_xor_si256( + _mm256_loadu_si256(CONST_M256_CAST(cv_r+4)), + _mm256_loadu_si256(CONST_M256_CAST(submsg_o_r+4)))); +} + +inline void add_blk(lsh_u64 cv_l[8], lsh_u64 cv_r[8]) +{ + _mm256_storeu_si256(M256_CAST(cv_l), _mm256_add_epi64( + _mm256_loadu_si256(CONST_M256_CAST(cv_l)), + _mm256_loadu_si256(CONST_M256_CAST(cv_r)))); + _mm256_storeu_si256(M256_CAST(cv_l+4), _mm256_add_epi64( + _mm256_loadu_si256(CONST_M256_CAST(cv_l+4)), + _mm256_loadu_si256(CONST_M256_CAST(cv_r+4)))); +} + +template +inline void rotate_blk(lsh_u64 cv[8]) +{ + _mm256_storeu_si256(M256_CAST(cv), _mm256_or_si256( + _mm256_slli_epi64(_mm256_loadu_si256(CONST_M256_CAST(cv)), R), + _mm256_srli_epi64(_mm256_loadu_si256(CONST_M256_CAST(cv)), 64-R))); + _mm256_storeu_si256(M256_CAST(cv+4), _mm256_or_si256( + _mm256_slli_epi64(_mm256_loadu_si256(CONST_M256_CAST(cv+4)), R), + _mm256_srli_epi64(_mm256_loadu_si256(CONST_M256_CAST(cv+4)), 64-R))); +} + +inline void xor_with_const(lsh_u64 cv_l[8], const lsh_u64 const_v[8]) +{ + _mm256_storeu_si256(M256_CAST(cv_l), _mm256_xor_si256( + _mm256_loadu_si256(CONST_M256_CAST(cv_l)), + _mm256_loadu_si256(CONST_M256_CAST(const_v)))); + _mm256_storeu_si256(M256_CAST(cv_l+4), _mm256_xor_si256( + _mm256_loadu_si256(CONST_M256_CAST(cv_l+4)), + _mm256_loadu_si256(CONST_M256_CAST(const_v+4)))); +} + +inline void rotate_msg_gamma(lsh_u64 cv_r[8]) +{ + // g_gamma512[8] = { 0, 16, 32, 48, 8, 24, 40, 56 }; + _mm256_storeu_si256(M256_CAST(cv_r+0), + _mm256_shuffle_epi8( + _mm256_loadu_si256(CONST_M256_CAST(cv_r+0)), + _mm256_set_epi8( + /* hi lane */ 9,8,15,14, 13,12,11,10, 3,2,1,0, 7,6,5,4, + /* lo lane */ 13,12,11,10, 9,8,15,14, 7,6,5,4, 3,2,1,0))); + _mm256_storeu_si256(M256_CAST(cv_r+4), + _mm256_shuffle_epi8( + _mm256_loadu_si256(CONST_M256_CAST(cv_r+4)), + _mm256_set_epi8( + /* hi lane */ 8,15,14,13, 12,11,10,9, 2,1,0,7, 6,5,4,3, + /* lo lane */ 12,11,10,9, 8,15,14,13, 6,5,4,3, 2,1,0,7))); +} + +inline void word_perm(lsh_u64 cv_l[8], lsh_u64 cv_r[8]) +{ + __m256i temp[2]; + _mm256_storeu_si256(M256_CAST(cv_l+0), _mm256_permute4x64_epi64( + _mm256_loadu_si256(CONST_M256_CAST(cv_l+0)), _MM_SHUFFLE(3,1,0,2))); + _mm256_storeu_si256(M256_CAST(cv_l+4), _mm256_permute4x64_epi64( + _mm256_loadu_si256(CONST_M256_CAST(cv_l+4)), _MM_SHUFFLE(3,1,0,2))); + _mm256_storeu_si256(M256_CAST(cv_r+0), _mm256_permute4x64_epi64( + _mm256_loadu_si256(CONST_M256_CAST(cv_r+0)), _MM_SHUFFLE(1,2,3,0))); + _mm256_storeu_si256(M256_CAST(cv_r+4), _mm256_permute4x64_epi64( + _mm256_loadu_si256(CONST_M256_CAST(cv_r+4)), _MM_SHUFFLE(1,2,3,0))); + + temp[0] = _mm256_loadu_si256(CONST_M256_CAST(cv_l+0)); + temp[1] = _mm256_loadu_si256(CONST_M256_CAST(cv_r+0)); + + _mm256_storeu_si256(M256_CAST(cv_l+0), + _mm256_loadu_si256(CONST_M256_CAST(cv_l+4))); + _mm256_storeu_si256(M256_CAST(cv_l+4), + _mm256_loadu_si256(CONST_M256_CAST(cv_r+4))); + + _mm256_storeu_si256(M256_CAST(cv_r+0), temp[0]); + _mm256_storeu_si256(M256_CAST(cv_r+4), temp[1]); +}; + +/* -------------------------------------------------------- * +* step function +* -------------------------------------------------------- */ + +template +inline void mix(lsh_u64 cv_l[8], lsh_u64 cv_r[8], const lsh_u64 const_v[8]) +{ + add_blk(cv_l, cv_r); + rotate_blk(cv_l); + xor_with_const(cv_l, const_v); + add_blk(cv_r, cv_l); + rotate_blk(cv_r); + add_blk(cv_l, cv_r); + rotate_msg_gamma(cv_r); +} + +/* -------------------------------------------------------- * +* compression function +* -------------------------------------------------------- */ + +inline void compress(LSH512_AVX2_Context* ctx, const lsh_u8 pdMsgBlk[LSH512_MSG_BLK_BYTE_LEN]) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + LSH512_AVX2_Internal s_state(ctx->cv_l); + LSH512_AVX2_Internal* i_state = &s_state; + + const lsh_u64* const_v = NULL; + lsh_u64 *cv_l = ctx->cv_l; + lsh_u64 *cv_r = ctx->cv_r; + + load_msg_blk(i_state, pdMsgBlk); + + msg_add_even(cv_l, cv_r, i_state); + load_sc(&const_v, 0); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + + msg_add_odd(cv_l, cv_r, i_state); + load_sc(&const_v, 8); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + + for (size_t i = 1; i < NUM_STEPS / 2; i++) + { + msg_exp_even(i_state); + msg_add_even(cv_l, cv_r, i_state); + load_sc(&const_v, 16 * i); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + + msg_exp_odd(i_state); + msg_add_odd(cv_l, cv_r, i_state); + load_sc(&const_v, 16 * i + 8); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + } + + msg_exp_even(i_state); + msg_add_even(cv_l, cv_r, i_state); +} + +/* -------------------------------------------------------- */ + +inline void load_iv(word64 cv_l[8], word64 cv_r[8], const word64 iv[16]) +{ + // The IV's are 32-byte aligned so we can use aligned loads. + _mm256_storeu_si256(M256_CAST(cv_l+0), + _mm256_load_si256(CONST_M256_CAST(iv+0))); + _mm256_storeu_si256(M256_CAST(cv_l+4), + _mm256_load_si256(CONST_M256_CAST(iv+4))); + + _mm256_storeu_si256(M256_CAST(cv_r+0), + _mm256_load_si256(CONST_M256_CAST(iv+8))); + _mm256_storeu_si256(M256_CAST(cv_r+4), + _mm256_load_si256(CONST_M256_CAST(iv+12))); +} + +inline void zero_iv(lsh_u64 cv_l[8], lsh_u64 cv_r[8]) +{ + _mm256_storeu_si256(M256_CAST(cv_l+0), _mm256_setzero_si256()); + _mm256_storeu_si256(M256_CAST(cv_l+4), _mm256_setzero_si256()); + _mm256_storeu_si256(M256_CAST(cv_r+0), _mm256_setzero_si256()); + _mm256_storeu_si256(M256_CAST(cv_r+4), _mm256_setzero_si256()); +} + +inline void zero_submsgs(LSH512_AVX2_Context* ctx) +{ + lsh_u64* sub_msgs = ctx->sub_msgs; + + _mm256_storeu_si256(M256_CAST(sub_msgs+ 0), + _mm256_setzero_si256()); + _mm256_storeu_si256(M256_CAST(sub_msgs+ 4), + _mm256_setzero_si256()); + + _mm256_storeu_si256(M256_CAST(sub_msgs+ 8), + _mm256_setzero_si256()); + _mm256_storeu_si256(M256_CAST(sub_msgs+12), + _mm256_setzero_si256()); +} + +inline void init224(LSH512_AVX2_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + zero_submsgs(ctx); + load_iv(ctx->cv_l, ctx->cv_r, LSH512_IV224); +} + +inline void init256(LSH512_AVX2_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + zero_submsgs(ctx); + load_iv(ctx->cv_l, ctx->cv_r, LSH512_IV256); +} + +inline void init384(LSH512_AVX2_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + zero_submsgs(ctx); + load_iv(ctx->cv_l, ctx->cv_r, LSH512_IV384); +} + +inline void init512(LSH512_AVX2_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + zero_submsgs(ctx); + load_iv(ctx->cv_l, ctx->cv_r, LSH512_IV512); +} + +/* -------------------------------------------------------- */ + +inline void fin(LSH512_AVX2_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + _mm256_storeu_si256(M256_CAST(ctx->cv_l+0), _mm256_xor_si256( + _mm256_loadu_si256(CONST_M256_CAST(ctx->cv_l+0)), + _mm256_loadu_si256(CONST_M256_CAST(ctx->cv_r+0)))); + + _mm256_storeu_si256(M256_CAST(ctx->cv_l+4), _mm256_xor_si256( + _mm256_loadu_si256(CONST_M256_CAST(ctx->cv_l+4)), + _mm256_loadu_si256(CONST_M256_CAST(ctx->cv_r+4)))); +} + +/* -------------------------------------------------------- */ + +inline void get_hash(LSH512_AVX2_Context* ctx, lsh_u8* pbHashVal) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + CRYPTOPP_ASSERT(ctx->alg_type != 0); + CRYPTOPP_ASSERT(pbHashVal != NULLPTR); + + lsh_uint alg_type = ctx->alg_type; + lsh_uint hash_val_byte_len = LSH_GET_HASHBYTE(alg_type); + lsh_uint hash_val_bit_len = LSH_GET_SMALL_HASHBIT(alg_type); + + // Multiplying by sizeof(lsh_u8) looks odd... + memcpy(pbHashVal, ctx->cv_l, hash_val_byte_len); + if (hash_val_bit_len){ + pbHashVal[hash_val_byte_len-1] &= (((lsh_u8)0xff) << hash_val_bit_len); + } +} + +/* -------------------------------------------------------- */ + +lsh_err lsh512_init_avx2(LSH512_AVX2_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + CRYPTOPP_ASSERT(ctx->alg_type != 0); + + lsh_u32 alg_type = ctx->alg_type; + const lsh_u64* const_v = NULL; + ctx->remain_databitlen = 0; + + // https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82735. + AVX_Cleanup cleanup; + + switch (alg_type){ + case LSH_TYPE_512_512: + init512(ctx); + return LSH_SUCCESS; + case LSH_TYPE_512_384: + init384(ctx); + return LSH_SUCCESS; + case LSH_TYPE_512_256: + init256(ctx); + return LSH_SUCCESS; + case LSH_TYPE_512_224: + init224(ctx); + return LSH_SUCCESS; + default: + break; + } + + lsh_u64* cv_l = ctx->cv_l; + lsh_u64* cv_r = ctx->cv_r; + + zero_iv(cv_l, cv_r); + cv_l[0] = LSH512_HASH_VAL_MAX_BYTE_LEN; + cv_l[1] = LSH_GET_HASHBIT(alg_type); + + for (size_t i = 0; i < NUM_STEPS / 2; i++) + { + //Mix + load_sc(&const_v, i * 16); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + + load_sc(&const_v, i * 16 + 8); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + } + + return LSH_SUCCESS; +} + +lsh_err lsh512_update_avx2(LSH512_AVX2_Context* ctx, const lsh_u8* data, size_t databitlen) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + CRYPTOPP_ASSERT(data != NULLPTR); + CRYPTOPP_ASSERT(databitlen % 8 == 0); + CRYPTOPP_ASSERT(ctx->alg_type != 0); + + // https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82735. + AVX_Cleanup cleanup; + + if (databitlen == 0){ + return LSH_SUCCESS; + } + + // We are byte oriented. tail bits will always be 0. + size_t databytelen = databitlen >> 3; + // lsh_uint pos2 = databitlen & 0x7; + const size_t pos2 = 0; + + size_t remain_msg_byte = static_cast(ctx->remain_databitlen >> 3); + // lsh_uint remain_msg_bit = ctx->remain_databitlen & 7; + const size_t remain_msg_bit = 0; + + if (remain_msg_byte >= LSH512_MSG_BLK_BYTE_LEN){ + return LSH_ERR_INVALID_STATE; + } + if (remain_msg_bit > 0){ + return LSH_ERR_INVALID_DATABITLEN; + } + + if (databytelen + remain_msg_byte < LSH512_MSG_BLK_BYTE_LEN){ + memcpy(ctx->last_block + remain_msg_byte, data, databytelen); + ctx->remain_databitlen += (lsh_uint)databitlen; + remain_msg_byte += (lsh_uint)databytelen; + if (pos2){ + ctx->last_block[remain_msg_byte] = data[databytelen] & ((0xff >> pos2) ^ 0xff); + } + return LSH_SUCCESS; + } + + if (remain_msg_byte > 0){ + size_t more_byte = LSH512_MSG_BLK_BYTE_LEN - remain_msg_byte; + memcpy(ctx->last_block + remain_msg_byte, data, more_byte); + compress(ctx, ctx->last_block); + data += more_byte; + databytelen -= more_byte; + remain_msg_byte = 0; + ctx->remain_databitlen = 0; + } + + while (databytelen >= LSH512_MSG_BLK_BYTE_LEN) + { + // This call to compress caused some trouble. + // The data pointer can become unaligned in the + // previous block. + compress(ctx, data); + data += LSH512_MSG_BLK_BYTE_LEN; + databytelen -= LSH512_MSG_BLK_BYTE_LEN; + } + + if (databytelen > 0){ + memcpy(ctx->last_block, data, databytelen); + ctx->remain_databitlen = (lsh_uint)(databytelen << 3); + } + + if (pos2){ + ctx->last_block[databytelen] = data[databytelen] & ((0xff >> pos2) ^ 0xff); + ctx->remain_databitlen += pos2; + } + return LSH_SUCCESS; +} + +lsh_err lsh512_final_avx2(LSH512_AVX2_Context* ctx, lsh_u8* hashval) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + CRYPTOPP_ASSERT(hashval != NULLPTR); + + // https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82735. + AVX_Cleanup cleanup; + + // We are byte oriented. tail bits will always be 0. + size_t remain_msg_byte = static_cast(ctx->remain_databitlen >> 3); + // lsh_uint remain_msg_bit = ctx->remain_databitlen & 7; + const size_t remain_msg_bit = 0; + + if (remain_msg_byte >= LSH512_MSG_BLK_BYTE_LEN){ + return LSH_ERR_INVALID_STATE; + } + + if (remain_msg_bit){ + ctx->last_block[remain_msg_byte] |= (0x1 << (7 - remain_msg_bit)); + } + else{ + ctx->last_block[remain_msg_byte] = 0x80; + } + memset(ctx->last_block + remain_msg_byte + 1, 0, LSH512_MSG_BLK_BYTE_LEN - remain_msg_byte - 1); + + compress(ctx, ctx->last_block); + + fin(ctx); + get_hash(ctx, hashval); + + return LSH_SUCCESS; +} + +ANONYMOUS_NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) + +extern +void LSH512_Base_Restart_AVX2(word64* state) +{ + state[RemainingBits] = 0; + LSH512_AVX2_Context ctx(state, state[AlgorithmType], state[RemainingBits]); + lsh_err err = lsh512_init_avx2(&ctx); + + if (err != LSH_SUCCESS) + throw Exception(Exception::OTHER_ERROR, "LSH512_Base: lsh512_init_avx2 failed"); +} + +extern +void LSH512_Base_Update_AVX2(word64* state, const byte *input, size_t size) +{ + LSH512_AVX2_Context ctx(state, state[AlgorithmType], state[RemainingBits]); + lsh_err err = lsh512_update_avx2(&ctx, input, 8*size); + + if (err != LSH_SUCCESS) + throw Exception(Exception::OTHER_ERROR, "LSH512_Base: lsh512_update_avx2 failed"); +} + +extern +void LSH512_Base_TruncatedFinal_AVX2(word64* state, byte *hash, size_t) +{ + LSH512_AVX2_Context ctx(state, state[AlgorithmType], state[RemainingBits]); + lsh_err err = lsh512_final_avx2(&ctx, hash); + + if (err != LSH_SUCCESS) + throw Exception(Exception::OTHER_ERROR, "LSH512_Base: lsh512_final_avx2 failed"); +} + +NAMESPACE_END + +#endif // CRYPTOPP_AVX2_AVAILABLE diff -Nru libcrypto++-8.4.0/lsh512.cpp libcrypto++-8.6.0/lsh512.cpp --- libcrypto++-8.4.0/lsh512.cpp 1970-01-01 00:00:00.000000000 +0000 +++ libcrypto++-8.6.0/lsh512.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -0,0 +1,893 @@ +// lsh.cpp - written and placed in the public domain by Jeffrey Walton +// Based on the specification and source code provided by +// Korea Internet & Security Agency (KISA) website. Also +// see https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do +// and https://seed.kisa.or.kr/kisa/Board/22/detailView.do. + +// We are hitting some sort of GCC bug in the LSH AVX2 code path. +// Clang is OK on the AVX2 code path. We believe it is GCC Issue +// 82735, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82735. It +// makes using zeroupper a little tricky. + + +#include "pch.h" +#include "config.h" + +#include "lsh.h" +#include "cpu.h" +#include "misc.h" + +ANONYMOUS_NAMESPACE_BEGIN + +/* LSH Constants */ + +const unsigned int LSH512_MSG_BLK_BYTE_LEN = 256; +// const unsigned int LSH512_MSG_BLK_BIT_LEN = 2048; +// const unsigned int LSH512_CV_BYTE_LEN = 128; +const unsigned int LSH512_HASH_VAL_MAX_BYTE_LEN = 64; + +// const unsigned int MSG_BLK_WORD_LEN = 32; +const unsigned int CV_WORD_LEN = 16; +const unsigned int CONST_WORD_LEN = 8; +const unsigned int HASH_VAL_MAX_WORD_LEN = 8; +const unsigned int NUM_STEPS = 28; + +const unsigned int ROT_EVEN_ALPHA = 23; +const unsigned int ROT_EVEN_BETA = 59; +const unsigned int ROT_ODD_ALPHA = 7; +const unsigned int ROT_ODD_BETA = 3; + +const unsigned int LSH_TYPE_512_512 = 0x0010040; +const unsigned int LSH_TYPE_512_384 = 0x0010030; +const unsigned int LSH_TYPE_512_256 = 0x0010020; +const unsigned int LSH_TYPE_512_224 = 0x001001C; + +// const unsigned int LSH_TYPE_384 = LSH_TYPE_512_384; +// const unsigned int LSH_TYPE_512 = LSH_TYPE_512_512; + +/* Error Code */ + +const unsigned int LSH_SUCCESS = 0x0; +// const unsigned int LSH_ERR_NULL_PTR = 0x2401; +// const unsigned int LSH_ERR_INVALID_ALGTYPE = 0x2402; +const unsigned int LSH_ERR_INVALID_DATABITLEN = 0x2403; +const unsigned int LSH_ERR_INVALID_STATE = 0x2404; + +/* Index into our state array */ + +const unsigned int AlgorithmType = 80; +const unsigned int RemainingBits = 81; + +NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(LSH) + +/* -------------------------------------------------------- * +* LSH: iv +* -------------------------------------------------------- */ + +//extern const word64 LSH512_IV224[CV_WORD_LEN]; +//extern const word64 LSH512_IV256[CV_WORD_LEN]; +//extern const word64 LSH512_IV384[CV_WORD_LEN]; +//extern const word64 LSH512_IV512[CV_WORD_LEN]; +//extern const word64 LSH512_StepConstants[CONST_WORD_LEN * NUM_STEPS]; + +CRYPTOPP_ALIGN_DATA(32) +extern +const word64 LSH512_IV224[CV_WORD_LEN] = { + W64LIT(0x0C401E9FE8813A55), W64LIT(0x4A5F446268FD3D35), W64LIT(0xFF13E452334F612A), W64LIT(0xF8227661037E354A), + W64LIT(0xA5F223723C9CA29D), W64LIT(0x95D965A11AED3979), W64LIT(0x01E23835B9AB02CC), W64LIT(0x52D49CBAD5B30616), + W64LIT(0x9E5C2027773F4ED3), W64LIT(0x66A5C8801925B701), W64LIT(0x22BBC85B4C6779D9), W64LIT(0xC13171A42C559C23), + W64LIT(0x31E2B67D25BE3813), W64LIT(0xD522C4DEED8E4D83), W64LIT(0xA79F5509B43FBAFE), W64LIT(0xE00D2CD88B4B6C6A), +}; + +CRYPTOPP_ALIGN_DATA(32) +extern +const word64 LSH512_IV256[CV_WORD_LEN] = { + W64LIT(0x6DC57C33DF989423), W64LIT(0xD8EA7F6E8342C199), W64LIT(0x76DF8356F8603AC4), W64LIT(0x40F1B44DE838223A), + W64LIT(0x39FFE7CFC31484CD), W64LIT(0x39C4326CC5281548), W64LIT(0x8A2FF85A346045D8), W64LIT(0xFF202AA46DBDD61E), + W64LIT(0xCF785B3CD5FCDB8B), W64LIT(0x1F0323B64A8150BF), W64LIT(0xFF75D972F29EA355), W64LIT(0x2E567F30BF1CA9E1), + W64LIT(0xB596875BF8FF6DBA), W64LIT(0xFCCA39B089EF4615), W64LIT(0xECFF4017D020B4B6), W64LIT(0x7E77384C772ED802), +}; + +CRYPTOPP_ALIGN_DATA(32) +extern +const word64 LSH512_IV384[CV_WORD_LEN] = { + W64LIT(0x53156A66292808F6), W64LIT(0xB2C4F362B204C2BC), W64LIT(0xB84B7213BFA05C4E), W64LIT(0x976CEB7C1B299F73), + W64LIT(0xDF0CC63C0570AE97), W64LIT(0xDA4441BAA486CE3F), W64LIT(0x6559F5D9B5F2ACC2), W64LIT(0x22DACF19B4B52A16), + W64LIT(0xBBCDACEFDE80953A), W64LIT(0xC9891A2879725B3E), W64LIT(0x7C9FE6330237E440), W64LIT(0xA30BA550553F7431), + W64LIT(0xBB08043FB34E3E30), W64LIT(0xA0DEC48D54618EAD), W64LIT(0x150317267464BC57), W64LIT(0x32D1501FDE63DC93) +}; + +CRYPTOPP_ALIGN_DATA(32) +extern +const word64 LSH512_IV512[CV_WORD_LEN] = { + W64LIT(0xadd50f3c7f07094e), W64LIT(0xe3f3cee8f9418a4f), W64LIT(0xb527ecde5b3d0ae9), W64LIT(0x2ef6dec68076f501), + W64LIT(0x8cb994cae5aca216), W64LIT(0xfbb9eae4bba48cc7), W64LIT(0x650a526174725fea), W64LIT(0x1f9a61a73f8d8085), + W64LIT(0xb6607378173b539b), W64LIT(0x1bc99853b0c0b9ed), W64LIT(0xdf727fc19b182d47), W64LIT(0xdbef360cf893a457), + W64LIT(0x4981f5e570147e80), W64LIT(0xd00c4490ca7d3e30), W64LIT(0x5d73940c0e4ae1ec), W64LIT(0x894085e2edb2d819) +}; + +/* -------------------------------------------------------- * +* LSH: step constants +* -------------------------------------------------------- */ + +extern +const word64 LSH512_StepConstants[CONST_WORD_LEN * NUM_STEPS] = { + W64LIT(0x97884283c938982a), W64LIT(0xba1fca93533e2355), W64LIT(0xc519a2e87aeb1c03), W64LIT(0x9a0fc95462af17b1), + W64LIT(0xfc3dda8ab019a82b), W64LIT(0x02825d079a895407), W64LIT(0x79f2d0a7ee06a6f7), W64LIT(0xd76d15eed9fdf5fe), + W64LIT(0x1fcac64d01d0c2c1), W64LIT(0xd9ea5de69161790f), W64LIT(0xdebc8b6366071fc8), W64LIT(0xa9d91db711c6c94b), + W64LIT(0x3a18653ac9c1d427), W64LIT(0x84df64a223dd5b09), W64LIT(0x6cc37895f4ad9e70), W64LIT(0x448304c8d7f3f4d5), + W64LIT(0xea91134ed29383e0), W64LIT(0xc4484477f2da88e8), W64LIT(0x9b47eec96d26e8a6), W64LIT(0x82f6d4c8d89014f4), + W64LIT(0x527da0048b95fb61), W64LIT(0x644406c60138648d), W64LIT(0x303c0e8aa24c0edc), W64LIT(0xc787cda0cbe8ca19), + W64LIT(0x7ba46221661764ca), W64LIT(0x0c8cbc6acd6371ac), W64LIT(0xe336b836940f8f41), W64LIT(0x79cb9da168a50976), + W64LIT(0xd01da49021915cb3), W64LIT(0xa84accc7399cf1f1), W64LIT(0x6c4a992cee5aeb0c), W64LIT(0x4f556e6cb4b2e3e0), + W64LIT(0x200683877d7c2f45), W64LIT(0x9949273830d51db8), W64LIT(0x19eeeecaa39ed124), W64LIT(0x45693f0a0dae7fef), + W64LIT(0xedc234b1b2ee1083), W64LIT(0xf3179400d68ee399), W64LIT(0xb6e3c61b4945f778), W64LIT(0xa4c3db216796c42f), + W64LIT(0x268a0b04f9ab7465), W64LIT(0xe2705f6905f2d651), W64LIT(0x08ddb96e426ff53d), W64LIT(0xaea84917bc2e6f34), + W64LIT(0xaff6e664a0fe9470), W64LIT(0x0aab94d765727d8c), W64LIT(0x9aa9e1648f3d702e), W64LIT(0x689efc88fe5af3d3), + W64LIT(0xb0950ffea51fd98b), W64LIT(0x52cfc86ef8c92833), W64LIT(0xe69727b0b2653245), W64LIT(0x56f160d3ea9da3e2), + W64LIT(0xa6dd4b059f93051f), W64LIT(0xb6406c3cd7f00996), W64LIT(0x448b45f3ccad9ec8), W64LIT(0x079b8587594ec73b), + W64LIT(0x45a50ea3c4f9653b), W64LIT(0x22983767c1f15b85), W64LIT(0x7dbed8631797782b), W64LIT(0x485234be88418638), + W64LIT(0x842850a5329824c5), W64LIT(0xf6aca914c7f9a04c), W64LIT(0xcfd139c07a4c670c), W64LIT(0xa3210ce0a8160242), + W64LIT(0xeab3b268be5ea080), W64LIT(0xbacf9f29b34ce0a7), W64LIT(0x3c973b7aaf0fa3a8), W64LIT(0x9a86f346c9c7be80), + W64LIT(0xac78f5d7cabcea49), W64LIT(0xa355bddcc199ed42), W64LIT(0xa10afa3ac6b373db), W64LIT(0xc42ded88be1844e5), + W64LIT(0x9e661b271cff216a), W64LIT(0x8a6ec8dd002d8861), W64LIT(0xd3d2b629beb34be4), W64LIT(0x217a3a1091863f1a), + W64LIT(0x256ecda287a733f5), W64LIT(0xf9139a9e5b872fe5), W64LIT(0xac0535017a274f7c), W64LIT(0xf21b7646d65d2aa9), + W64LIT(0x048142441c208c08), W64LIT(0xf937a5dd2db5e9eb), W64LIT(0xa688dfe871ff30b7), W64LIT(0x9bb44aa217c5593b), + W64LIT(0x943c702a2edb291a), W64LIT(0x0cae38f9e2b715de), W64LIT(0xb13a367ba176cc28), W64LIT(0x0d91bd1d3387d49b), + W64LIT(0x85c386603cac940c), W64LIT(0x30dd830ae39fd5e4), W64LIT(0x2f68c85a712fe85d), W64LIT(0x4ffeecb9dd1e94d6), + W64LIT(0xd0ac9a590a0443ae), W64LIT(0xbae732dc99ccf3ea), W64LIT(0xeb70b21d1842f4d9), W64LIT(0x9f4eda50bb5c6fa8), + W64LIT(0x4949e69ce940a091), W64LIT(0x0e608dee8375ba14), W64LIT(0x983122cba118458c), W64LIT(0x4eeba696fbb36b25), + W64LIT(0x7d46f3630e47f27e), W64LIT(0xa21a0f7666c0dea4), W64LIT(0x5c22cf355b37cec4), W64LIT(0xee292b0c17cc1847), + W64LIT(0x9330838629e131da), W64LIT(0x6eee7c71f92fce22), W64LIT(0xc953ee6cb95dd224), W64LIT(0x3a923d92af1e9073), + W64LIT(0xc43a5671563a70fb), W64LIT(0xbc2985dd279f8346), W64LIT(0x7ef2049093069320), W64LIT(0x17543723e3e46035), + W64LIT(0xc3b409b00b130c6d), W64LIT(0x5d6aee6b28fdf090), W64LIT(0x1d425b26172ff6ed), W64LIT(0xcccfd041cdaf03ad), + W64LIT(0xfe90c7c790ab6cbf), W64LIT(0xe5af6304c722ca02), W64LIT(0x70f695239999b39e), W64LIT(0x6b8b5b07c844954c), + W64LIT(0x77bdb9bb1e1f7a30), W64LIT(0xc859599426ee80ed), W64LIT(0x5f9d813d4726e40a), W64LIT(0x9ca0120f7cb2b179), + W64LIT(0x8f588f583c182cbd), W64LIT(0x951267cbe9eccce7), W64LIT(0x678bb8bd334d520e), W64LIT(0xf6e662d00cd9e1b7), + W64LIT(0x357774d93d99aaa7), W64LIT(0x21b2edbb156f6eb5), W64LIT(0xfd1ebe846e0aee69), W64LIT(0x3cb2218c2f642b15), + W64LIT(0xe7e7e7945444ea4c), W64LIT(0xa77a33b5d6b9b47c), W64LIT(0xf34475f0809f6075), W64LIT(0xdd4932dce6bb99ad), + W64LIT(0xacec4e16d74451dc), W64LIT(0xd4a0a8d084de23d6), W64LIT(0x1bdd42f278f95866), W64LIT(0xeed3adbb938f4051), + W64LIT(0xcfcf7be8992f3733), W64LIT(0x21ade98c906e3123), W64LIT(0x37ba66711fffd668), W64LIT(0x267c0fc3a255478a), + W64LIT(0x993a64ee1b962e88), W64LIT(0x754979556301faaa), W64LIT(0xf920356b7251be81), W64LIT(0xc281694f22cf923f), + W64LIT(0x9f4b6481c8666b02), W64LIT(0xcf97761cfe9f5444), W64LIT(0xf220d7911fd63e9f), W64LIT(0xa28bd365f79cd1b0), + W64LIT(0xd39f5309b1c4b721), W64LIT(0xbec2ceb864fca51f), W64LIT(0x1955a0ddc410407a), W64LIT(0x43eab871f261d201), + W64LIT(0xeaafe64a2ed16da1), W64LIT(0x670d931b9df39913), W64LIT(0x12f868b0f614de91), W64LIT(0x2e5f395d946e8252), + W64LIT(0x72f25cbb767bd8f4), W64LIT(0x8191871d61a1c4dd), W64LIT(0x6ef67ea1d450ba93), W64LIT(0x2ea32a645433d344), + W64LIT(0x9a963079003f0f8b), W64LIT(0x74a0aeb9918cac7a), W64LIT(0x0b6119a70af36fa3), W64LIT(0x8d9896f202f0d480), + W64LIT(0x654f1831f254cd66), W64LIT(0x1318a47f0366a25e), W64LIT(0x65752076250b4e01), W64LIT(0xd1cd8eb888071772), + W64LIT(0x30c6a9793f4e9b25), W64LIT(0x154f684b1e3926ee), W64LIT(0x6c7ac0b1fe6312ae), W64LIT(0x262f88f4f3c5550d), + W64LIT(0xb4674a24472233cb), W64LIT(0x2bbd23826a090071), W64LIT(0xda95969b30594f66), W64LIT(0x9f5c47408f1e8a43), + W64LIT(0xf77022b88de9c055), W64LIT(0x64b7b36957601503), W64LIT(0xe73b72b06175c11a), W64LIT(0x55b87de8b91a6233), + W64LIT(0x1bb16e6b6955ff7f), W64LIT(0xe8e0a5ec7309719c), W64LIT(0x702c31cb89a8b640), W64LIT(0xfba387cfada8cde2), + W64LIT(0x6792db4677aa164c), W64LIT(0x1c6b1cc0b7751867), W64LIT(0x22ae2311d736dc01), W64LIT(0x0e3666a1d37c9588), + W64LIT(0xcd1fd9d4bf557e9a), W64LIT(0xc986925f7c7b0e84), W64LIT(0x9c5dfd55325ef6b0), W64LIT(0x9f2b577d5676b0dd), + W64LIT(0xfa6e21be21c062b3), W64LIT(0x8787dd782c8d7f83), W64LIT(0xd0d134e90e12dd23), W64LIT(0x449d087550121d96), + W64LIT(0xecf9ae9414d41967), W64LIT(0x5018f1dbf789934d), W64LIT(0xfa5b52879155a74c), W64LIT(0xca82d4d3cd278e7c), + W64LIT(0x688fdfdfe22316ad), W64LIT(0x0f6555a4ba0d030a), W64LIT(0xa2061df720f000f3), W64LIT(0xe1a57dc5622fb3da), + W64LIT(0xe6a842a8e8ed8153), W64LIT(0x690acdd3811ce09d), W64LIT(0x55adda18e6fcf446), W64LIT(0x4d57a8a0f4b60b46), + W64LIT(0xf86fbfc20539c415), W64LIT(0x74bafa5ec7100d19), W64LIT(0xa824151810f0f495), W64LIT(0x8723432791e38ebb), + W64LIT(0x8eeaeb91d66ed539), W64LIT(0x73d8a1549dfd7e06), W64LIT(0x0387f2ffe3f13a9b), W64LIT(0xa5004995aac15193), + W64LIT(0x682f81c73efdda0d), W64LIT(0x2fb55925d71d268d), W64LIT(0xcc392d2901e58a3d), W64LIT(0xaa666ab975724a42) +}; + +NAMESPACE_END // LSH +NAMESPACE_END // Crypto++ + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::byte; +using CryptoPP::word32; +using CryptoPP::word64; +using CryptoPP::rotlFixed; +using CryptoPP::rotlConstant; + +using CryptoPP::GetBlock; +using CryptoPP::LittleEndian; +using CryptoPP::ConditionalByteReverse; +using CryptoPP::LITTLE_ENDIAN_ORDER; + +using CryptoPP::LSH::LSH512_IV224; +using CryptoPP::LSH::LSH512_IV256; +using CryptoPP::LSH::LSH512_IV384; +using CryptoPP::LSH::LSH512_IV512; +using CryptoPP::LSH::LSH512_StepConstants; + +typedef byte lsh_u8; +typedef word32 lsh_u32; +typedef word64 lsh_u64; +typedef word32 lsh_uint; +typedef word32 lsh_err; +typedef word32 lsh_type; + +struct LSH512_Context +{ + LSH512_Context(word64* state, word64 algType, word64& remainingBitLength) : + cv_l(state+0), cv_r(state+8), sub_msgs(state+16), + last_block(reinterpret_cast(state+48)), + remain_databitlen(remainingBitLength), + alg_type(static_cast(algType)) {} + + lsh_u64* cv_l; // start of our state block + lsh_u64* cv_r; + lsh_u64* sub_msgs; + lsh_u8* last_block; + lsh_u64& remain_databitlen; + lsh_type alg_type; +}; + +struct LSH512_Internal +{ + LSH512_Internal(word64* state) : + submsg_e_l(state+16), submsg_e_r(state+24), + submsg_o_l(state+32), submsg_o_r(state+40) { } + + lsh_u64* submsg_e_l; /* even left sub-message */ + lsh_u64* submsg_e_r; /* even right sub-message */ + lsh_u64* submsg_o_l; /* odd left sub-message */ + lsh_u64* submsg_o_r; /* odd right sub-message */ +}; + +const lsh_u32 g_gamma512[8] = { 0, 16, 32, 48, 8, 24, 40, 56 }; + +/* LSH AlgType Macro */ + +inline bool LSH_IS_LSH512(lsh_uint val) { + return (val & 0xf0000) == 0x10000; +} + +inline lsh_uint LSH_GET_SMALL_HASHBIT(lsh_uint val) { + return val >> 24; +} + +inline lsh_uint LSH_GET_HASHBYTE(lsh_uint val) { + return val & 0xffff; +} + +inline lsh_uint LSH_GET_HASHBIT(lsh_uint val) { + return (LSH_GET_HASHBYTE(val) << 3) - LSH_GET_SMALL_HASHBIT(val); +} + +inline lsh_u64 loadLE64(lsh_u64 v) { + return ConditionalByteReverse(LITTLE_ENDIAN_ORDER, v); +} + +lsh_u64 ROTL64(lsh_u64 x, lsh_u32 r) { + return rotlFixed(x, r); +} + +// Original code relied upon unaligned lsh_u64 buffer +inline void load_msg_blk(LSH512_Internal* i_state, const lsh_u8* msgblk) +{ + lsh_u64* submsg_e_l = i_state->submsg_e_l; + lsh_u64* submsg_e_r = i_state->submsg_e_r; + lsh_u64* submsg_o_l = i_state->submsg_o_l; + lsh_u64* submsg_o_r = i_state->submsg_o_r; + + typedef GetBlock InBlock; + + InBlock input(msgblk); + input(submsg_e_l[0])(submsg_e_l[1])(submsg_e_l[2])(submsg_e_l[3]) + (submsg_e_l[4])(submsg_e_l[5])(submsg_e_l[6])(submsg_e_l[7]) + (submsg_e_r[0])(submsg_e_r[1])(submsg_e_r[2])(submsg_e_r[3]) + (submsg_e_r[4])(submsg_e_r[5])(submsg_e_r[6])(submsg_e_r[7]) + (submsg_o_l[0])(submsg_o_l[1])(submsg_o_l[2])(submsg_o_l[3]) + (submsg_o_l[4])(submsg_o_l[5])(submsg_o_l[6])(submsg_o_l[7]) + (submsg_o_r[0])(submsg_o_r[1])(submsg_o_r[2])(submsg_o_r[3]) + (submsg_o_r[4])(submsg_o_r[5])(submsg_o_r[6])(submsg_o_r[7]); +} + +inline void msg_exp_even(LSH512_Internal* i_state) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u64* submsg_e_l = i_state->submsg_e_l; + lsh_u64* submsg_e_r = i_state->submsg_e_r; + lsh_u64* submsg_o_l = i_state->submsg_o_l; + lsh_u64* submsg_o_r = i_state->submsg_o_r; + + lsh_u64 temp; + temp = submsg_e_l[0]; + submsg_e_l[0] = submsg_o_l[0] + submsg_e_l[3]; + submsg_e_l[3] = submsg_o_l[3] + submsg_e_l[1]; + submsg_e_l[1] = submsg_o_l[1] + submsg_e_l[2]; + submsg_e_l[2] = submsg_o_l[2] + temp; + temp = submsg_e_l[4]; + submsg_e_l[4] = submsg_o_l[4] + submsg_e_l[7]; + submsg_e_l[7] = submsg_o_l[7] + submsg_e_l[6]; + submsg_e_l[6] = submsg_o_l[6] + submsg_e_l[5]; + submsg_e_l[5] = submsg_o_l[5] + temp; + temp = submsg_e_r[0]; + submsg_e_r[0] = submsg_o_r[0] + submsg_e_r[3]; + submsg_e_r[3] = submsg_o_r[3] + submsg_e_r[1]; + submsg_e_r[1] = submsg_o_r[1] + submsg_e_r[2]; + submsg_e_r[2] = submsg_o_r[2] + temp; + temp = submsg_e_r[4]; + submsg_e_r[4] = submsg_o_r[4] + submsg_e_r[7]; + submsg_e_r[7] = submsg_o_r[7] + submsg_e_r[6]; + submsg_e_r[6] = submsg_o_r[6] + submsg_e_r[5]; + submsg_e_r[5] = submsg_o_r[5] + temp; +} + +inline void msg_exp_odd(LSH512_Internal* i_state) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u64* submsg_e_l = i_state->submsg_e_l; + lsh_u64* submsg_e_r = i_state->submsg_e_r; + lsh_u64* submsg_o_l = i_state->submsg_o_l; + lsh_u64* submsg_o_r = i_state->submsg_o_r; + + lsh_u64 temp; + temp = submsg_o_l[0]; + submsg_o_l[0] = submsg_e_l[0] + submsg_o_l[3]; + submsg_o_l[3] = submsg_e_l[3] + submsg_o_l[1]; + submsg_o_l[1] = submsg_e_l[1] + submsg_o_l[2]; + submsg_o_l[2] = submsg_e_l[2] + temp; + temp = submsg_o_l[4]; + submsg_o_l[4] = submsg_e_l[4] + submsg_o_l[7]; + submsg_o_l[7] = submsg_e_l[7] + submsg_o_l[6]; + submsg_o_l[6] = submsg_e_l[6] + submsg_o_l[5]; + submsg_o_l[5] = submsg_e_l[5] + temp; + temp = submsg_o_r[0]; + submsg_o_r[0] = submsg_e_r[0] + submsg_o_r[3]; + submsg_o_r[3] = submsg_e_r[3] + submsg_o_r[1]; + submsg_o_r[1] = submsg_e_r[1] + submsg_o_r[2]; + submsg_o_r[2] = submsg_e_r[2] + temp; + temp = submsg_o_r[4]; + submsg_o_r[4] = submsg_e_r[4] + submsg_o_r[7]; + submsg_o_r[7] = submsg_e_r[7] + submsg_o_r[6]; + submsg_o_r[6] = submsg_e_r[6] + submsg_o_r[5]; + submsg_o_r[5] = submsg_e_r[5] + temp; +} + +inline void load_sc(const lsh_u64** p_const_v, size_t i) +{ + *p_const_v = &LSH512_StepConstants[i]; +} + +inline void msg_add_even(lsh_u64 cv_l[8], lsh_u64 cv_r[8], LSH512_Internal* i_state) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u64* submsg_e_l = i_state->submsg_e_l; + lsh_u64* submsg_e_r = i_state->submsg_e_r; + + cv_l[0] ^= submsg_e_l[0]; cv_l[1] ^= submsg_e_l[1]; + cv_l[2] ^= submsg_e_l[2]; cv_l[3] ^= submsg_e_l[3]; + cv_l[4] ^= submsg_e_l[4]; cv_l[5] ^= submsg_e_l[5]; + cv_l[6] ^= submsg_e_l[6]; cv_l[7] ^= submsg_e_l[7]; + cv_r[0] ^= submsg_e_r[0]; cv_r[1] ^= submsg_e_r[1]; + cv_r[2] ^= submsg_e_r[2]; cv_r[3] ^= submsg_e_r[3]; + cv_r[4] ^= submsg_e_r[4]; cv_r[5] ^= submsg_e_r[5]; + cv_r[6] ^= submsg_e_r[6]; cv_r[7] ^= submsg_e_r[7]; +} + +inline void msg_add_odd(lsh_u64 cv_l[8], lsh_u64 cv_r[8], LSH512_Internal* i_state) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u64* submsg_o_l = i_state->submsg_o_l; + lsh_u64* submsg_o_r = i_state->submsg_o_r; + + cv_l[0] ^= submsg_o_l[0]; cv_l[1] ^= submsg_o_l[1]; + cv_l[2] ^= submsg_o_l[2]; cv_l[3] ^= submsg_o_l[3]; + cv_l[4] ^= submsg_o_l[4]; cv_l[5] ^= submsg_o_l[5]; + cv_l[6] ^= submsg_o_l[6]; cv_l[7] ^= submsg_o_l[7]; + cv_r[0] ^= submsg_o_r[0]; cv_r[1] ^= submsg_o_r[1]; + cv_r[2] ^= submsg_o_r[2]; cv_r[3] ^= submsg_o_r[3]; + cv_r[4] ^= submsg_o_r[4]; cv_r[5] ^= submsg_o_r[5]; + cv_r[6] ^= submsg_o_r[6]; cv_r[7] ^= submsg_o_r[7]; +} + +inline void add_blk(lsh_u64 cv_l[8], lsh_u64 cv_r[8]) +{ + cv_l[0] += cv_r[0]; + cv_l[1] += cv_r[1]; + cv_l[2] += cv_r[2]; + cv_l[3] += cv_r[3]; + cv_l[4] += cv_r[4]; + cv_l[5] += cv_r[5]; + cv_l[6] += cv_r[6]; + cv_l[7] += cv_r[7]; +} + +template +inline void rotate_blk(lsh_u64 cv[8]) +{ + cv[0] = rotlConstant(cv[0]); + cv[1] = rotlConstant(cv[1]); + cv[2] = rotlConstant(cv[2]); + cv[3] = rotlConstant(cv[3]); + cv[4] = rotlConstant(cv[4]); + cv[5] = rotlConstant(cv[5]); + cv[6] = rotlConstant(cv[6]); + cv[7] = rotlConstant(cv[7]); +} + +inline void xor_with_const(lsh_u64 cv_l[8], const lsh_u64* const_v) +{ + cv_l[0] ^= const_v[0]; + cv_l[1] ^= const_v[1]; + cv_l[2] ^= const_v[2]; + cv_l[3] ^= const_v[3]; + cv_l[4] ^= const_v[4]; + cv_l[5] ^= const_v[5]; + cv_l[6] ^= const_v[6]; + cv_l[7] ^= const_v[7]; +} + +inline void rotate_msg_gamma(lsh_u64 cv_r[8]) +{ + cv_r[1] = ROTL64(cv_r[1], g_gamma512[1]); + cv_r[2] = ROTL64(cv_r[2], g_gamma512[2]); + cv_r[3] = ROTL64(cv_r[3], g_gamma512[3]); + cv_r[4] = ROTL64(cv_r[4], g_gamma512[4]); + cv_r[5] = ROTL64(cv_r[5], g_gamma512[5]); + cv_r[6] = ROTL64(cv_r[6], g_gamma512[6]); + cv_r[7] = ROTL64(cv_r[7], g_gamma512[7]); +} + +inline void word_perm(lsh_u64 cv_l[8], lsh_u64 cv_r[8]) +{ + lsh_u64 temp; + temp = cv_l[0]; + cv_l[0] = cv_l[6]; + cv_l[6] = cv_r[6]; + cv_r[6] = cv_r[2]; + cv_r[2] = cv_l[1]; + cv_l[1] = cv_l[4]; + cv_l[4] = cv_r[4]; + cv_r[4] = cv_r[0]; + cv_r[0] = cv_l[2]; + cv_l[2] = cv_l[5]; + cv_l[5] = cv_r[7]; + cv_r[7] = cv_r[1]; + cv_r[1] = temp; + temp = cv_l[3]; + cv_l[3] = cv_l[7]; + cv_l[7] = cv_r[5]; + cv_r[5] = cv_r[3]; + cv_r[3] = temp; +}; + +/* -------------------------------------------------------- * +* step function +* -------------------------------------------------------- */ + +template +inline void mix(lsh_u64 cv_l[8], lsh_u64 cv_r[8], const lsh_u64 const_v[8]) +{ + add_blk(cv_l, cv_r); + rotate_blk(cv_l); + xor_with_const(cv_l, const_v); + add_blk(cv_r, cv_l); + rotate_blk(cv_r); + add_blk(cv_l, cv_r); + rotate_msg_gamma(cv_r); +} + +/* -------------------------------------------------------- * +* compression function +* -------------------------------------------------------- */ + +inline void compress(LSH512_Context* ctx, const lsh_u8 pdMsgBlk[LSH512_MSG_BLK_BYTE_LEN]) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + LSH512_Internal s_state(ctx->cv_l); + LSH512_Internal* i_state = &s_state; + + const lsh_u64* const_v = NULL; + lsh_u64 *cv_l = ctx->cv_l; + lsh_u64 *cv_r = ctx->cv_r; + + load_msg_blk(i_state, pdMsgBlk); + + msg_add_even(cv_l, cv_r, i_state); + load_sc(&const_v, 0); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + + msg_add_odd(cv_l, cv_r, i_state); + load_sc(&const_v, 8); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + + for (size_t i = 1; i < NUM_STEPS / 2; i++) + { + msg_exp_even(i_state); + msg_add_even(cv_l, cv_r, i_state); + load_sc(&const_v, 16 * i); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + + msg_exp_odd(i_state); + msg_add_odd(cv_l, cv_r, i_state); + load_sc(&const_v, 16 * i + 8); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + } + + msg_exp_even(i_state); + msg_add_even(cv_l, cv_r, i_state); +} + +/* -------------------------------------------------------- */ + +inline void load_iv(lsh_u64 cv_l[8], lsh_u64 cv_r[8], const lsh_u64 iv[16]) +{ + cv_l[0] = iv[0]; + cv_l[1] = iv[1]; + cv_l[2] = iv[2]; + cv_l[3] = iv[3]; + cv_l[4] = iv[4]; + cv_l[5] = iv[5]; + cv_l[6] = iv[6]; + cv_l[7] = iv[7]; + cv_r[0] = iv[8]; + cv_r[1] = iv[9]; + cv_r[2] = iv[10]; + cv_r[3] = iv[11]; + cv_r[4] = iv[12]; + cv_r[5] = iv[13]; + cv_r[6] = iv[14]; + cv_r[7] = iv[15]; +} + +inline void zero_iv(lsh_u64 cv_l[8], lsh_u64 cv_r[8]) +{ + memset(cv_l, 0, 8*sizeof(lsh_u64)); + memset(cv_r, 0, 8*sizeof(lsh_u64)); +} + +inline void zero_submsgs(LSH512_Context* ctx) +{ + lsh_u64* sub_msgs = ctx->sub_msgs; + + memset(sub_msgs, 0x00, 32*sizeof(lsh_u64)); +} + +inline void init224(LSH512_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + zero_submsgs(ctx); + load_iv(ctx->cv_l, ctx->cv_r, LSH512_IV224); +} + +inline void init256(LSH512_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + zero_submsgs(ctx); + load_iv(ctx->cv_l, ctx->cv_r, LSH512_IV256); +} + +inline void init384(LSH512_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + zero_submsgs(ctx); + load_iv(ctx->cv_l, ctx->cv_r, LSH512_IV384); +} + +inline void init512(LSH512_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + zero_submsgs(ctx); + load_iv(ctx->cv_l, ctx->cv_r, LSH512_IV512); +} + +/* -------------------------------------------------------- */ + +inline void fin(LSH512_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + for (size_t i = 0; i < HASH_VAL_MAX_WORD_LEN; i++){ + ctx->cv_l[i] = loadLE64(ctx->cv_l[i] ^ ctx->cv_r[i]); + } +} + +/* -------------------------------------------------------- */ + +inline void get_hash(LSH512_Context* ctx, lsh_u8* pbHashVal) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + CRYPTOPP_ASSERT(ctx->alg_type != 0); + CRYPTOPP_ASSERT(pbHashVal != NULLPTR); + + lsh_uint alg_type = ctx->alg_type; + lsh_uint hash_val_byte_len = LSH_GET_HASHBYTE(alg_type); + lsh_uint hash_val_bit_len = LSH_GET_SMALL_HASHBIT(alg_type); + + // Multiplying by looks odd... + memcpy(pbHashVal, ctx->cv_l, hash_val_byte_len); + if (hash_val_bit_len){ + pbHashVal[hash_val_byte_len-1] &= (((lsh_u8)0xff) << hash_val_bit_len); + } +} + +/* -------------------------------------------------------- */ + +lsh_err lsh512_init(LSH512_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + CRYPTOPP_ASSERT(ctx->alg_type != 0); + + lsh_u32 alg_type = ctx->alg_type; + const lsh_u64* const_v = NULL; + ctx->remain_databitlen = 0; + + switch (alg_type){ + case LSH_TYPE_512_512: + init512(ctx); + return LSH_SUCCESS; + case LSH_TYPE_512_384: + init384(ctx); + return LSH_SUCCESS; + case LSH_TYPE_512_256: + init256(ctx); + return LSH_SUCCESS; + case LSH_TYPE_512_224: + init224(ctx); + return LSH_SUCCESS; + default: + break; + } + + lsh_u64* cv_l = ctx->cv_l; + lsh_u64* cv_r = ctx->cv_r; + + zero_iv(cv_l, cv_r); + cv_l[0] = LSH512_HASH_VAL_MAX_BYTE_LEN; + cv_l[1] = LSH_GET_HASHBIT(alg_type); + + for (size_t i = 0; i < NUM_STEPS / 2; i++) + { + //Mix + load_sc(&const_v, i * 16); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + + load_sc(&const_v, i * 16 + 8); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + } + + return LSH_SUCCESS; +} + +lsh_err lsh512_update(LSH512_Context* ctx, const lsh_u8* data, size_t databitlen) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + CRYPTOPP_ASSERT(data != NULLPTR); + CRYPTOPP_ASSERT(databitlen % 8 == 0); + CRYPTOPP_ASSERT(ctx->alg_type != 0); + + if (databitlen == 0){ + return LSH_SUCCESS; + } + + // We are byte oriented. tail bits will always be 0. + size_t databytelen = databitlen >> 3; + // lsh_uint pos2 = databitlen & 0x7; + const size_t pos2 = 0; + + size_t remain_msg_byte = static_cast(ctx->remain_databitlen >> 3); + // lsh_uint remain_msg_bit = ctx->remain_databitlen & 7; + const size_t remain_msg_bit = 0; + + if (remain_msg_byte >= LSH512_MSG_BLK_BYTE_LEN){ + return LSH_ERR_INVALID_STATE; + } + if (remain_msg_bit > 0){ + return LSH_ERR_INVALID_DATABITLEN; + } + + if (databytelen + remain_msg_byte < LSH512_MSG_BLK_BYTE_LEN){ + memcpy(ctx->last_block + remain_msg_byte, data, databytelen); + ctx->remain_databitlen += (lsh_uint)databitlen; + remain_msg_byte += (lsh_uint)databytelen; + if (pos2){ + ctx->last_block[remain_msg_byte] = data[databytelen] & ((0xff >> pos2) ^ 0xff); + } + return LSH_SUCCESS; + } + + if (remain_msg_byte > 0){ + size_t more_byte = LSH512_MSG_BLK_BYTE_LEN - remain_msg_byte; + memcpy(ctx->last_block + remain_msg_byte, data, more_byte); + compress(ctx, ctx->last_block); + data += more_byte; + databytelen -= more_byte; + remain_msg_byte = 0; + ctx->remain_databitlen = 0; + } + + while (databytelen >= LSH512_MSG_BLK_BYTE_LEN) + { + // This call to compress caused some trouble. + // The data pointer can become unaligned in the + // previous block. + compress(ctx, data); + data += LSH512_MSG_BLK_BYTE_LEN; + databytelen -= LSH512_MSG_BLK_BYTE_LEN; + } + + if (databytelen > 0){ + memcpy(ctx->last_block, data, databytelen); + ctx->remain_databitlen = (lsh_uint)(databytelen << 3); + } + + if (pos2){ + ctx->last_block[databytelen] = data[databytelen] & ((0xff >> pos2) ^ 0xff); + ctx->remain_databitlen += pos2; + } + return LSH_SUCCESS; +} + +lsh_err lsh512_final(LSH512_Context* ctx, lsh_u8* hashval) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + CRYPTOPP_ASSERT(hashval != NULLPTR); + + // We are byte oriented. tail bits will always be 0. + size_t remain_msg_byte = static_cast(ctx->remain_databitlen >> 3); + // lsh_uint remain_msg_bit = ctx->remain_databitlen & 7; + const size_t remain_msg_bit = 0; + + if (remain_msg_byte >= LSH512_MSG_BLK_BYTE_LEN){ + return LSH_ERR_INVALID_STATE; + } + + if (remain_msg_bit){ + ctx->last_block[remain_msg_byte] |= (0x1 << (7 - remain_msg_bit)); + } + else{ + ctx->last_block[remain_msg_byte] = 0x80; + } + memset(ctx->last_block + remain_msg_byte + 1, 0, LSH512_MSG_BLK_BYTE_LEN - remain_msg_byte - 1); + + compress(ctx, ctx->last_block); + + fin(ctx); + get_hash(ctx, hashval); + + return LSH_SUCCESS; +} + +ANONYMOUS_NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) + +#if defined(CRYPTOPP_ENABLE_64BIT_SSE) +# if defined(CRYPTOPP_AVX2_AVAILABLE) + extern void LSH512_Base_Restart_AVX2(word64* state); + extern void LSH512_Base_Update_AVX2(word64* state, const byte *input, size_t size); + extern void LSH512_Base_TruncatedFinal_AVX2(word64* state, byte *hash, size_t size); +# endif +# if defined(CRYPTOPP_SSSE3_AVAILABLE) + extern void LSH512_Base_Restart_SSSE3(word64* state); + extern void LSH512_Base_Update_SSSE3(word64* state, const byte *input, size_t size); + extern void LSH512_Base_TruncatedFinal_SSSE3(word64* state, byte *hash, size_t size); +# endif +#endif + +std::string LSH512_Base::AlgorithmProvider() const +{ +#if defined(CRYPTOPP_ENABLE_64BIT_SSE) +#if defined(CRYPTOPP_AVX2_AVAILABLE) + if (HasAVX2()) + return "AVX2"; + else +#endif +#if defined(CRYPTOPP_SSSE3_AVAILABLE) + if (HasSSSE3()) + return "SSSE3"; + else +#endif +#endif // CRYPTOPP_ENABLE_64BIT_SSE + + return "C++"; +} + +void LSH512_Base_Restart_CXX(word64* state) +{ + state[RemainingBits] = 0; + LSH512_Context ctx(state, state[AlgorithmType], state[RemainingBits]); + lsh_err err = lsh512_init(&ctx); + + if (err != LSH_SUCCESS) + throw Exception(Exception::OTHER_ERROR, "LSH512_Base: lsh512_init failed"); +} + +void LSH512_Base_Update_CXX(word64* state, const byte *input, size_t size) +{ + LSH512_Context ctx(state, state[AlgorithmType], state[RemainingBits]); + lsh_err err = lsh512_update(&ctx, input, 8*size); + + if (err != LSH_SUCCESS) + throw Exception(Exception::OTHER_ERROR, "LSH512_Base: lsh512_update failed"); +} + +void LSH512_Base_TruncatedFinal_CXX(word64* state, byte *hash, size_t) +{ + LSH512_Context ctx(state, state[AlgorithmType], state[RemainingBits]); + lsh_err err = lsh512_final(&ctx, hash); + + if (err != LSH_SUCCESS) + throw Exception(Exception::OTHER_ERROR, "LSH512_Base: lsh512_final failed"); +} + + +void LSH512_Base::Restart() +{ +#if defined(CRYPTOPP_AVX2_AVAILABLE) && defined(CRYPTOPP_ENABLE_64BIT_SSE) + if (HasAVX2()) + LSH512_Base_Restart_AVX2(m_state); + else +#endif +#if defined(CRYPTOPP_SSSE3_AVAILABLE) && defined(CRYPTOPP_ENABLE_64BIT_SSE) + if (HasSSSE3()) + LSH512_Base_Restart_SSSE3(m_state); + else +#endif + + LSH512_Base_Restart_CXX(m_state); +} + +void LSH512_Base::Update(const byte *input, size_t size) +{ + CRYPTOPP_ASSERT(input != NULLPTR); + CRYPTOPP_ASSERT(size); + +#if defined(CRYPTOPP_AVX2_AVAILABLE) && defined(CRYPTOPP_ENABLE_64BIT_SSE) + if (HasAVX2()) + LSH512_Base_Update_AVX2(m_state, input, size); + else +#endif +#if defined(CRYPTOPP_SSSE3_AVAILABLE) && defined(CRYPTOPP_ENABLE_64BIT_SSE) + if (HasSSSE3()) + LSH512_Base_Update_SSSE3(m_state, input, size); + else +#endif + + LSH512_Base_Update_CXX(m_state, input, size); +} + +void LSH512_Base::TruncatedFinal(byte *hash, size_t size) +{ + CRYPTOPP_ASSERT(hash != NULLPTR); + ThrowIfInvalidTruncatedSize(size); + + // TODO: determine if LSH512 supports truncated hashes. See the code + // in get_hash(), where a bit-length is added to the last output + // byte of the hash function. + byte fullHash[LSH512_HASH_VAL_MAX_BYTE_LEN]; + bool copyOut = (size < DigestSize()); + +#if defined(CRYPTOPP_AVX2_AVAILABLE) && defined(CRYPTOPP_ENABLE_64BIT_SSE) + if (HasAVX2()) + LSH512_Base_TruncatedFinal_AVX2(m_state, copyOut ? fullHash : hash, size); + else +#endif +#if defined(CRYPTOPP_SSSE3_AVAILABLE) && defined(CRYPTOPP_ENABLE_64BIT_SSE) + if (HasSSSE3()) + LSH512_Base_TruncatedFinal_SSSE3(m_state, copyOut ? fullHash : hash, size); + else +#endif + + LSH512_Base_TruncatedFinal_CXX(m_state, copyOut ? fullHash : hash, size); + + if (copyOut) + memcpy(hash, fullHash, size); + + Restart(); +} + +NAMESPACE_END diff -Nru libcrypto++-8.4.0/lsh512_sse.cpp libcrypto++-8.6.0/lsh512_sse.cpp --- libcrypto++-8.4.0/lsh512_sse.cpp 1970-01-01 00:00:00.000000000 +0000 +++ libcrypto++-8.6.0/lsh512_sse.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -0,0 +1,938 @@ +// lsh.cpp - written and placed in the public domain by Jeffrey Walton +// Based on the specification and source code provided by +// Korea Internet & Security Agency (KISA) website. Also +// see https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do +// and https://seed.kisa.or.kr/kisa/Board/22/detailView.do. + +// We are hitting some sort of GCC bug in the LSH AVX2 code path. +// Clang is OK on the AVX2 code path. We believe it is GCC Issue +// 82735, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82735. It +// makes using zeroupper a little tricky. + +#include "pch.h" +#include "config.h" + +#include "lsh.h" +#include "misc.h" + +#if defined(CRYPTOPP_SSSE3_AVAILABLE) && defined(CRYPTOPP_ENABLE_64BIT_SSE) + +#if defined(CRYPTOPP_SSSE3_AVAILABLE) +# include +# include +#endif + +#if defined(CRYPTOPP_XOP_AVAILABLE) +# include +#endif + +// GCC at 4.5. Clang is unknown. Also see https://stackoverflow.com/a/42493893. +#if (CRYPTOPP_GCC_VERSION >= 40500) +# include +#endif + +ANONYMOUS_NAMESPACE_BEGIN + +/* LSH Constants */ + +const unsigned int LSH512_MSG_BLK_BYTE_LEN = 256; +// const unsigned int LSH512_MSG_BLK_BIT_LEN = 2048; +// const unsigned int LSH512_CV_BYTE_LEN = 128; +const unsigned int LSH512_HASH_VAL_MAX_BYTE_LEN = 64; + +// const unsigned int MSG_BLK_WORD_LEN = 32; +const unsigned int CV_WORD_LEN = 16; +const unsigned int CONST_WORD_LEN = 8; +// const unsigned int HASH_VAL_MAX_WORD_LEN = 8; +const unsigned int NUM_STEPS = 28; + +const unsigned int ROT_EVEN_ALPHA = 23; +const unsigned int ROT_EVEN_BETA = 59; +const unsigned int ROT_ODD_ALPHA = 7; +const unsigned int ROT_ODD_BETA = 3; + +const unsigned int LSH_TYPE_512_512 = 0x0010040; +const unsigned int LSH_TYPE_512_384 = 0x0010030; +const unsigned int LSH_TYPE_512_256 = 0x0010020; +const unsigned int LSH_TYPE_512_224 = 0x001001C; + +// const unsigned int LSH_TYPE_384 = LSH_TYPE_512_384; +// const unsigned int LSH_TYPE_512 = LSH_TYPE_512_512; + +/* Error Code */ + +const unsigned int LSH_SUCCESS = 0x0; +// const unsigned int LSH_ERR_NULL_PTR = 0x2401; +// const unsigned int LSH_ERR_INVALID_ALGTYPE = 0x2402; +const unsigned int LSH_ERR_INVALID_DATABITLEN = 0x2403; +const unsigned int LSH_ERR_INVALID_STATE = 0x2404; + +/* Index into our state array */ + +const unsigned int AlgorithmType = 80; +const unsigned int RemainingBits = 81; + +NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(LSH) + +// lsh512.cpp +extern const word64 LSH512_IV224[CV_WORD_LEN]; +extern const word64 LSH512_IV256[CV_WORD_LEN]; +extern const word64 LSH512_IV384[CV_WORD_LEN]; +extern const word64 LSH512_IV512[CV_WORD_LEN]; +extern const word64 LSH512_StepConstants[CONST_WORD_LEN * NUM_STEPS]; + +NAMESPACE_END // LSH +NAMESPACE_END // Crypto++ + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::byte; +using CryptoPP::word32; +using CryptoPP::word64; +using CryptoPP::rotlFixed; +using CryptoPP::rotlConstant; + +using CryptoPP::GetBlock; +using CryptoPP::LittleEndian; +using CryptoPP::ConditionalByteReverse; +using CryptoPP::LITTLE_ENDIAN_ORDER; + +using CryptoPP::LSH::LSH512_IV224; +using CryptoPP::LSH::LSH512_IV256; +using CryptoPP::LSH::LSH512_IV384; +using CryptoPP::LSH::LSH512_IV512; +using CryptoPP::LSH::LSH512_StepConstants; + +typedef byte lsh_u8; +typedef word32 lsh_u32; +typedef word64 lsh_u64; +typedef word32 lsh_uint; +typedef word32 lsh_err; +typedef word32 lsh_type; + +struct LSH512_SSSE3_Context +{ + LSH512_SSSE3_Context(word64* state, word64 algType, word64& remainingBitLength) : + cv_l(state+0), cv_r(state+8), sub_msgs(state+16), + last_block(reinterpret_cast(state+48)), + remain_databitlen(remainingBitLength), + alg_type(static_cast(algType)) {} + + lsh_u64* cv_l; // start of our state block + lsh_u64* cv_r; + lsh_u64* sub_msgs; + lsh_u8* last_block; + lsh_u64& remain_databitlen; + lsh_type alg_type; +}; + +struct LSH512_SSSE3_Internal +{ + LSH512_SSSE3_Internal(word64* state) : + submsg_e_l(state+16), submsg_e_r(state+24), + submsg_o_l(state+32), submsg_o_r(state+40) { } + + lsh_u64* submsg_e_l; /* even left sub-message */ + lsh_u64* submsg_e_r; /* even right sub-message */ + lsh_u64* submsg_o_l; /* odd left sub-message */ + lsh_u64* submsg_o_r; /* odd right sub-message */ +}; + +// const lsh_u32 g_gamma512[8] = { 0, 16, 32, 48, 8, 24, 40, 56 }; + +/* LSH AlgType Macro */ + +inline bool LSH_IS_LSH512(lsh_uint val) { + return (val & 0xf0000) == 0x10000; +} + +inline lsh_uint LSH_GET_SMALL_HASHBIT(lsh_uint val) { + return val >> 24; +} + +inline lsh_uint LSH_GET_HASHBYTE(lsh_uint val) { + return val & 0xffff; +} + +inline lsh_uint LSH_GET_HASHBIT(lsh_uint val) { + return (LSH_GET_HASHBYTE(val) << 3) - LSH_GET_SMALL_HASHBIT(val); +} + +inline lsh_u64 loadLE64(lsh_u64 v) { + return ConditionalByteReverse(LITTLE_ENDIAN_ORDER, v); +} + +lsh_u64 ROTL64(lsh_u64 x, lsh_u32 r) { + return rotlFixed(x, r); +} + +// Original code relied upon unaligned lsh_u64 buffer +inline void load_msg_blk(LSH512_SSSE3_Internal* i_state, const lsh_u8 msgblk[LSH512_MSG_BLK_BYTE_LEN]) +{ + lsh_u64* submsg_e_l = i_state->submsg_e_l; + lsh_u64* submsg_e_r = i_state->submsg_e_r; + lsh_u64* submsg_o_l = i_state->submsg_o_l; + lsh_u64* submsg_o_r = i_state->submsg_o_r; + + _mm_storeu_si128(M128_CAST(submsg_e_l+0), + _mm_loadu_si128(CONST_M128_CAST(msgblk+0))); + _mm_storeu_si128(M128_CAST(submsg_e_l+2), + _mm_loadu_si128(CONST_M128_CAST(msgblk+16))); + _mm_storeu_si128(M128_CAST(submsg_e_l+4), + _mm_loadu_si128(CONST_M128_CAST(msgblk+32))); + _mm_storeu_si128(M128_CAST(submsg_e_l+6), + _mm_loadu_si128(CONST_M128_CAST(msgblk+48))); + + _mm_storeu_si128(M128_CAST(submsg_e_r+0), + _mm_loadu_si128(CONST_M128_CAST(msgblk+64))); + _mm_storeu_si128(M128_CAST(submsg_e_r+2), + _mm_loadu_si128(CONST_M128_CAST(msgblk+80))); + _mm_storeu_si128(M128_CAST(submsg_e_r+4), + _mm_loadu_si128(CONST_M128_CAST(msgblk+96))); + _mm_storeu_si128(M128_CAST(submsg_e_r+6), + _mm_loadu_si128(CONST_M128_CAST(msgblk+112))); + + _mm_storeu_si128(M128_CAST(submsg_o_l+0), + _mm_loadu_si128(CONST_M128_CAST(msgblk+128))); + _mm_storeu_si128(M128_CAST(submsg_o_l+2), + _mm_loadu_si128(CONST_M128_CAST(msgblk+144))); + _mm_storeu_si128(M128_CAST(submsg_o_l+4), + _mm_loadu_si128(CONST_M128_CAST(msgblk+160))); + _mm_storeu_si128(M128_CAST(submsg_o_l+6), + _mm_loadu_si128(CONST_M128_CAST(msgblk+176))); + + _mm_storeu_si128(M128_CAST(submsg_o_r+0), + _mm_loadu_si128(CONST_M128_CAST(msgblk+192))); + _mm_storeu_si128(M128_CAST(submsg_o_r+2), + _mm_loadu_si128(CONST_M128_CAST(msgblk+208))); + _mm_storeu_si128(M128_CAST(submsg_o_r+4), + _mm_loadu_si128(CONST_M128_CAST(msgblk+224))); + _mm_storeu_si128(M128_CAST(submsg_o_r+6), + _mm_loadu_si128(CONST_M128_CAST(msgblk+240))); +} + +inline void msg_exp_even(LSH512_SSSE3_Internal* i_state) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u64* submsg_e_l = i_state->submsg_e_l; + lsh_u64* submsg_e_r = i_state->submsg_e_r; + lsh_u64* submsg_o_l = i_state->submsg_o_l; + lsh_u64* submsg_o_r = i_state->submsg_o_r; + + __m128i temp; + _mm_storeu_si128(M128_CAST(submsg_e_l+2), _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+2)), _MM_SHUFFLE(1,0,3,2))); + + temp = _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+0)); + _mm_storeu_si128(M128_CAST(submsg_e_l+0), + _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+2))); + _mm_storeu_si128(M128_CAST(submsg_e_l+2), temp); + _mm_storeu_si128(M128_CAST(submsg_e_l+6), _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+6)), _MM_SHUFFLE(1,0,3,2))); + + temp = _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+4)); + _mm_storeu_si128(M128_CAST(submsg_e_l+4), _mm_unpacklo_epi64( + _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+6)), + _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+4)))); + _mm_storeu_si128(M128_CAST(submsg_e_l+6), _mm_unpackhi_epi64( + temp, _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+6)))); + _mm_storeu_si128(M128_CAST(submsg_e_r+2), _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+2)), _MM_SHUFFLE(1,0,3,2))); + + temp = _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+0)); + _mm_storeu_si128(M128_CAST(submsg_e_r+0), + _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+2))); + _mm_storeu_si128(M128_CAST(submsg_e_r+2), temp); + _mm_storeu_si128(M128_CAST(submsg_e_r+6), _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+6)), _MM_SHUFFLE(1,0,3,2))); + + temp = _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+4)); + _mm_storeu_si128(M128_CAST(submsg_e_r+4), _mm_unpacklo_epi64( + _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+6)), + _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+4)))); + _mm_storeu_si128(M128_CAST(submsg_e_r+6), _mm_unpackhi_epi64( + temp, _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+6)))); + + _mm_storeu_si128(M128_CAST(submsg_e_l+0), _mm_add_epi64( + _mm_loadu_si128(CONST_M128_CAST(submsg_o_l+0)), + _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+0)))); + _mm_storeu_si128(M128_CAST(submsg_e_l+2), _mm_add_epi64( + _mm_loadu_si128(CONST_M128_CAST(submsg_o_l+2)), + _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+2)))); + _mm_storeu_si128(M128_CAST(submsg_e_l+4), _mm_add_epi64( + _mm_loadu_si128(CONST_M128_CAST(submsg_o_l+4)), + _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+4)))); + _mm_storeu_si128(M128_CAST(submsg_e_l+6), _mm_add_epi64( + _mm_loadu_si128(CONST_M128_CAST(submsg_o_l+6)), + _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+6)))); + + _mm_storeu_si128(M128_CAST(submsg_e_r+0), _mm_add_epi64( + _mm_loadu_si128(CONST_M128_CAST(submsg_o_r+0)), + _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+0)))); + _mm_storeu_si128(M128_CAST(submsg_e_r+2), _mm_add_epi64( + _mm_loadu_si128(CONST_M128_CAST(submsg_o_r+2)), + _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+2)))); + _mm_storeu_si128(M128_CAST(submsg_e_r+4), _mm_add_epi64( + _mm_loadu_si128(CONST_M128_CAST(submsg_o_r+4)), + _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+4)))); + _mm_storeu_si128(M128_CAST(submsg_e_r+6), _mm_add_epi64( + _mm_loadu_si128(CONST_M128_CAST(submsg_o_r+6)), + _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+6)))); +} + +inline void msg_exp_odd(LSH512_SSSE3_Internal* i_state) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u64* submsg_e_l = i_state->submsg_e_l; + lsh_u64* submsg_e_r = i_state->submsg_e_r; + lsh_u64* submsg_o_l = i_state->submsg_o_l; + lsh_u64* submsg_o_r = i_state->submsg_o_r; + + __m128i temp; + _mm_storeu_si128(M128_CAST(submsg_o_l+2), _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(submsg_o_l+2)), _MM_SHUFFLE(1,0,3,2))); + + temp = _mm_loadu_si128(CONST_M128_CAST(submsg_o_l+0)); + _mm_storeu_si128(M128_CAST(submsg_o_l+0), + _mm_loadu_si128(CONST_M128_CAST(submsg_o_l+2))); + _mm_storeu_si128(M128_CAST(submsg_o_l+2), temp); + _mm_storeu_si128(M128_CAST(submsg_o_l+6), _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(submsg_o_l+6)), _MM_SHUFFLE(1,0,3,2))); + + temp = _mm_loadu_si128(CONST_M128_CAST(submsg_o_l+4)); + _mm_storeu_si128(M128_CAST(submsg_o_l+4), _mm_unpacklo_epi64( + _mm_loadu_si128(CONST_M128_CAST(submsg_o_l+6)), + _mm_loadu_si128(CONST_M128_CAST(submsg_o_l+4)))); + _mm_storeu_si128(M128_CAST(submsg_o_l+6), _mm_unpackhi_epi64( + temp, _mm_loadu_si128(CONST_M128_CAST(submsg_o_l+6)))); + _mm_storeu_si128(M128_CAST(submsg_o_r+2), _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(submsg_o_r+2)), _MM_SHUFFLE(1,0,3,2))); + + temp = _mm_loadu_si128(CONST_M128_CAST(submsg_o_r+0)); + _mm_storeu_si128(M128_CAST(submsg_o_r+0), + _mm_loadu_si128(CONST_M128_CAST(submsg_o_r+2))); + _mm_storeu_si128(M128_CAST(submsg_o_r+2), temp); + _mm_storeu_si128(M128_CAST(submsg_o_r+6), _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(submsg_o_r+6)), _MM_SHUFFLE(1,0,3,2))); + + temp = _mm_loadu_si128(CONST_M128_CAST(submsg_o_r+4)); + _mm_storeu_si128(M128_CAST(submsg_o_r+4), _mm_unpacklo_epi64( + _mm_loadu_si128(CONST_M128_CAST(submsg_o_r+6)), + _mm_loadu_si128(CONST_M128_CAST(submsg_o_r+4)))); + _mm_storeu_si128(M128_CAST(submsg_o_r+6), _mm_unpackhi_epi64( + temp, _mm_loadu_si128(CONST_M128_CAST(submsg_o_r+6)))); + + _mm_storeu_si128(M128_CAST(submsg_o_l+0), _mm_add_epi64( + _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+0)), + _mm_loadu_si128(CONST_M128_CAST(submsg_o_l+0)))); + _mm_storeu_si128(M128_CAST(submsg_o_l+2), _mm_add_epi64( + _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+2)), + _mm_loadu_si128(CONST_M128_CAST(submsg_o_l+2)))); + _mm_storeu_si128(M128_CAST(submsg_o_l+4), _mm_add_epi64( + _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+4)), + _mm_loadu_si128(CONST_M128_CAST(submsg_o_l+4)))); + _mm_storeu_si128(M128_CAST(submsg_o_l+6), _mm_add_epi64( + _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+6)), + _mm_loadu_si128(CONST_M128_CAST(submsg_o_l+6)))); + + _mm_storeu_si128(M128_CAST(submsg_o_r+0), _mm_add_epi64( + _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+0)), + _mm_loadu_si128(CONST_M128_CAST(submsg_o_r+0)))); + _mm_storeu_si128(M128_CAST(submsg_o_r+2), _mm_add_epi64( + _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+2)), + _mm_loadu_si128(CONST_M128_CAST(submsg_o_r+2)))); + _mm_storeu_si128(M128_CAST(submsg_o_r+4), _mm_add_epi64( + _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+4)), + _mm_loadu_si128(CONST_M128_CAST(submsg_o_r+4)))); + _mm_storeu_si128(M128_CAST(submsg_o_r+6), _mm_add_epi64( + _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+6)), + _mm_loadu_si128(CONST_M128_CAST(submsg_o_r+6)))); +} + +inline void load_sc(const lsh_u64** p_const_v, size_t i) +{ + *p_const_v = &LSH512_StepConstants[i]; +} + +inline void msg_add_even(lsh_u64 cv_l[8], lsh_u64 cv_r[8], LSH512_SSSE3_Internal* i_state) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u64* submsg_e_l = i_state->submsg_e_l; + lsh_u64* submsg_e_r = i_state->submsg_e_r; + + _mm_storeu_si128(M128_CAST(cv_l), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_l)), + _mm_loadu_si128(CONST_M128_CAST(submsg_e_l)))); + _mm_storeu_si128(M128_CAST(cv_r), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_r)), + _mm_loadu_si128(CONST_M128_CAST(submsg_e_r)))); + _mm_storeu_si128(M128_CAST(cv_l+2), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_l+2)), + _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+2)))); + _mm_storeu_si128(M128_CAST(cv_r+2), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_r+2)), + _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+2)))); + _mm_storeu_si128(M128_CAST(cv_l+4), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_l+4)), + _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+4)))); + _mm_storeu_si128(M128_CAST(cv_r+4), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_r+4)), + _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+4)))); + _mm_storeu_si128(M128_CAST(cv_l+6), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_l+6)), + _mm_loadu_si128(CONST_M128_CAST(submsg_e_l+6)))); + _mm_storeu_si128(M128_CAST(cv_r+6), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_r+6)), + _mm_loadu_si128(CONST_M128_CAST(submsg_e_r+6)))); +} + +inline void msg_add_odd(lsh_u64 cv_l[8], lsh_u64 cv_r[8], LSH512_SSSE3_Internal* i_state) +{ + CRYPTOPP_ASSERT(i_state != NULLPTR); + + lsh_u64* submsg_o_l = i_state->submsg_o_l; + lsh_u64* submsg_o_r = i_state->submsg_o_r; + + _mm_storeu_si128(M128_CAST(cv_l), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_l)), + _mm_loadu_si128(CONST_M128_CAST(submsg_o_l)))); + _mm_storeu_si128(M128_CAST(cv_r), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_r)), + _mm_loadu_si128(CONST_M128_CAST(submsg_o_r)))); + _mm_storeu_si128(M128_CAST(cv_l+2), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_l+2)), + _mm_loadu_si128(CONST_M128_CAST(submsg_o_l+2)))); + _mm_storeu_si128(M128_CAST(cv_r+2), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_r+2)), + _mm_loadu_si128(CONST_M128_CAST(submsg_o_r+2)))); + _mm_storeu_si128(M128_CAST(cv_l+4), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_l+4)), + _mm_loadu_si128(CONST_M128_CAST(submsg_o_l+4)))); + _mm_storeu_si128(M128_CAST(cv_r+4), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_r+4)), + _mm_loadu_si128(CONST_M128_CAST(submsg_o_r+4)))); + _mm_storeu_si128(M128_CAST(cv_l+6), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_l+6)), + _mm_loadu_si128(CONST_M128_CAST(submsg_o_l+6)))); + _mm_storeu_si128(M128_CAST(cv_r+6), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_r+6)), + _mm_loadu_si128(CONST_M128_CAST(submsg_o_r+6)))); +} + +inline void add_blk(lsh_u64 cv_l[8], lsh_u64 cv_r[8]) +{ + _mm_storeu_si128(M128_CAST(cv_l), _mm_add_epi64( + _mm_loadu_si128(CONST_M128_CAST(cv_l)), + _mm_loadu_si128(CONST_M128_CAST(cv_r)))); + _mm_storeu_si128(M128_CAST(cv_l+2), _mm_add_epi64( + _mm_loadu_si128(CONST_M128_CAST(cv_l+2)), + _mm_loadu_si128(CONST_M128_CAST(cv_r+2)))); + _mm_storeu_si128(M128_CAST(cv_l+4), _mm_add_epi64( + _mm_loadu_si128(CONST_M128_CAST(cv_l+4)), + _mm_loadu_si128(CONST_M128_CAST(cv_r+4)))); + _mm_storeu_si128(M128_CAST(cv_l+6), _mm_add_epi64( + _mm_loadu_si128(CONST_M128_CAST(cv_l+6)), + _mm_loadu_si128(CONST_M128_CAST(cv_r+6)))); +} + +template +inline void rotate_blk(lsh_u64 cv[8]) +{ +#if defined(CRYPTOPP_XOP_AVAILABLE) + _mm_storeu_si128(M128_CAST(cv), + _mm_roti_epi64(_mm_loadu_si128(CONST_M128_CAST(cv)), R)); + _mm_storeu_si128(M128_CAST(cv+2), + _mm_roti_epi64(_mm_loadu_si128(CONST_M128_CAST(cv+2)), R)); + _mm_storeu_si128(M128_CAST(cv+4), + _mm_roti_epi64(_mm_loadu_si128(CONST_M128_CAST(cv+4)), R)); + _mm_storeu_si128(M128_CAST(cv+6), + _mm_roti_epi64(_mm_loadu_si128(CONST_M128_CAST(cv+6)), R)); + +#else + _mm_storeu_si128(M128_CAST(cv), _mm_or_si128( + _mm_slli_epi64(_mm_loadu_si128(CONST_M128_CAST(cv)), R), + _mm_srli_epi64(_mm_loadu_si128(CONST_M128_CAST(cv)), 64-R))); + _mm_storeu_si128(M128_CAST(cv+2), _mm_or_si128( + _mm_slli_epi64(_mm_loadu_si128(CONST_M128_CAST(cv+2)), R), + _mm_srli_epi64(_mm_loadu_si128(CONST_M128_CAST(cv+2)), 64-R))); + _mm_storeu_si128(M128_CAST(cv+4), _mm_or_si128( + _mm_slli_epi64(_mm_loadu_si128(CONST_M128_CAST(cv+4)), R), + _mm_srli_epi64(_mm_loadu_si128(CONST_M128_CAST(cv+4)), 64-R))); + _mm_storeu_si128(M128_CAST(cv+6), _mm_or_si128( + _mm_slli_epi64(_mm_loadu_si128(CONST_M128_CAST(cv+6)), R), + _mm_srli_epi64(_mm_loadu_si128(CONST_M128_CAST(cv+6)), 64-R))); +#endif +} + +inline void xor_with_const(lsh_u64 cv_l[8], const lsh_u64 const_v[8]) +{ + _mm_storeu_si128(M128_CAST(cv_l), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_l)), + _mm_loadu_si128(CONST_M128_CAST(const_v)))); + _mm_storeu_si128(M128_CAST(cv_l+2), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_l+2)), + _mm_loadu_si128(CONST_M128_CAST(const_v+2)))); + _mm_storeu_si128(M128_CAST(cv_l+4), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_l+4)), + _mm_loadu_si128(CONST_M128_CAST(const_v+4)))); + _mm_storeu_si128(M128_CAST(cv_l+6), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(cv_l+6)), + _mm_loadu_si128(CONST_M128_CAST(const_v+6)))); +} + +inline void rotate_msg_gamma(lsh_u64 cv_r[8]) +{ + // g_gamma512[8] = { 0, 16, 32, 48, 8, 24, 40, 56 }; + _mm_storeu_si128(M128_CAST(cv_r+0), + _mm_shuffle_epi8(_mm_loadu_si128(CONST_M128_CAST(cv_r+0)), + _mm_set_epi8(13,12,11,10, 9,8,15,14, 7,6,5,4, 3,2,1,0))); + _mm_storeu_si128(M128_CAST(cv_r+2), + _mm_shuffle_epi8(_mm_loadu_si128(CONST_M128_CAST(cv_r+2)), + _mm_set_epi8(9,8,15,14, 13,12,11,10, 3,2,1,0, 7,6,5,4))); + + _mm_storeu_si128(M128_CAST(cv_r+4), + _mm_shuffle_epi8(_mm_loadu_si128(CONST_M128_CAST(cv_r+4)), + _mm_set_epi8(12,11,10,9, 8,15,14,13, 6,5,4,3, 2,1,0,7))); + _mm_storeu_si128(M128_CAST(cv_r+6), + _mm_shuffle_epi8(_mm_loadu_si128(CONST_M128_CAST(cv_r+6)), + _mm_set_epi8(8,15,14,13, 12,11,10,9, 2,1,0,7, 6,5,4,3))); +} + +inline void word_perm(lsh_u64 cv_l[8], lsh_u64 cv_r[8]) +{ + __m128i temp[2]; + temp[0] = _mm_loadu_si128(CONST_M128_CAST(cv_l+0)); + _mm_storeu_si128(M128_CAST(cv_l+0), _mm_unpacklo_epi64( + _mm_loadu_si128(CONST_M128_CAST(cv_l+2)), + _mm_loadu_si128(CONST_M128_CAST(cv_l+0)))); + _mm_storeu_si128(M128_CAST(cv_l+2), _mm_unpackhi_epi64( + temp[0], _mm_loadu_si128(CONST_M128_CAST(cv_l+2)))); + + temp[0] = _mm_loadu_si128(CONST_M128_CAST(cv_l+4)); + _mm_storeu_si128(M128_CAST(cv_l+4), _mm_unpacklo_epi64( + _mm_loadu_si128(CONST_M128_CAST(cv_l+6)), + _mm_loadu_si128(CONST_M128_CAST(cv_l+4)))); + _mm_storeu_si128(M128_CAST(cv_l+6), _mm_unpackhi_epi64( + temp[0], _mm_loadu_si128(CONST_M128_CAST(cv_l+6)))); + _mm_storeu_si128(M128_CAST(cv_r+2), _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(cv_r+2)), _MM_SHUFFLE(1,0,3,2))); + + temp[0] = _mm_loadu_si128(CONST_M128_CAST(cv_r+0)); + _mm_storeu_si128(M128_CAST(cv_r+0), _mm_unpacklo_epi64( + _mm_loadu_si128(CONST_M128_CAST(cv_r+0)), + _mm_loadu_si128(CONST_M128_CAST(cv_r+2)))); + _mm_storeu_si128(M128_CAST(cv_r+2), _mm_unpackhi_epi64( + _mm_loadu_si128(CONST_M128_CAST(cv_r+2)), temp[0])); + _mm_storeu_si128(M128_CAST(cv_r+6), _mm_shuffle_epi32( + _mm_loadu_si128(CONST_M128_CAST(cv_r+6)), _MM_SHUFFLE(1,0,3,2))); + + temp[0] = _mm_loadu_si128(CONST_M128_CAST(cv_r+4)); + _mm_storeu_si128(M128_CAST(cv_r+4), _mm_unpacklo_epi64( + _mm_loadu_si128(CONST_M128_CAST(cv_r+4)), + _mm_loadu_si128(CONST_M128_CAST(cv_r+6)))); + _mm_storeu_si128(M128_CAST(cv_r+6), _mm_unpackhi_epi64( + _mm_loadu_si128(CONST_M128_CAST(cv_r+6)), temp[0])); + + temp[0] = _mm_loadu_si128(CONST_M128_CAST(cv_l+0)); + temp[1] = _mm_loadu_si128(CONST_M128_CAST(cv_l+2)); + + _mm_storeu_si128(M128_CAST(cv_l+0), + _mm_loadu_si128(CONST_M128_CAST(cv_l+4))); + _mm_storeu_si128(M128_CAST(cv_l+2), + _mm_loadu_si128(CONST_M128_CAST(cv_l+6))); + _mm_storeu_si128(M128_CAST(cv_l+4), + _mm_loadu_si128(CONST_M128_CAST(cv_r+4))); + _mm_storeu_si128(M128_CAST(cv_l+6), + _mm_loadu_si128(CONST_M128_CAST(cv_r+6))); + _mm_storeu_si128(M128_CAST(cv_r+4), + _mm_loadu_si128(CONST_M128_CAST(cv_r+0))); + _mm_storeu_si128(M128_CAST(cv_r+6), + _mm_loadu_si128(CONST_M128_CAST(cv_r+2))); + + _mm_storeu_si128(M128_CAST(cv_r+0), temp[0]); + _mm_storeu_si128(M128_CAST(cv_r+2), temp[1]); +}; + +/* -------------------------------------------------------- * +* step function +* -------------------------------------------------------- */ + +template +inline void mix(lsh_u64 cv_l[8], lsh_u64 cv_r[8], const lsh_u64 const_v[8]) +{ + add_blk(cv_l, cv_r); + rotate_blk(cv_l); + xor_with_const(cv_l, const_v); + add_blk(cv_r, cv_l); + rotate_blk(cv_r); + add_blk(cv_l, cv_r); + rotate_msg_gamma(cv_r); +} + +/* -------------------------------------------------------- * +* compression function +* -------------------------------------------------------- */ + +inline void compress(LSH512_SSSE3_Context* ctx, const lsh_u8 pdMsgBlk[LSH512_MSG_BLK_BYTE_LEN]) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + LSH512_SSSE3_Internal s_state(ctx->cv_l); + LSH512_SSSE3_Internal* i_state = &s_state; + + const lsh_u64* const_v = NULL; + lsh_u64 *cv_l = ctx->cv_l; + lsh_u64 *cv_r = ctx->cv_r; + + load_msg_blk(i_state, pdMsgBlk); + + msg_add_even(cv_l, cv_r, i_state); + load_sc(&const_v, 0); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + + msg_add_odd(cv_l, cv_r, i_state); + load_sc(&const_v, 8); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + + for (size_t i = 1; i < NUM_STEPS / 2; i++) + { + msg_exp_even(i_state); + msg_add_even(cv_l, cv_r, i_state); + load_sc(&const_v, 16 * i); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + + msg_exp_odd(i_state); + msg_add_odd(cv_l, cv_r, i_state); + load_sc(&const_v, 16 * i + 8); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + } + + msg_exp_even(i_state); + msg_add_even(cv_l, cv_r, i_state); +} + +/* -------------------------------------------------------- */ + +inline void load_iv(word64 cv_l[8], word64 cv_r[8], const word64 iv[16]) +{ + // The IV's are 32-byte aligned so we can use aligned loads. + _mm_storeu_si128(M128_CAST(cv_l+0), + _mm_load_si128(CONST_M128_CAST(iv+0))); + _mm_storeu_si128(M128_CAST(cv_l+2), + _mm_load_si128(CONST_M128_CAST(iv+2))); + _mm_storeu_si128(M128_CAST(cv_l+4), + _mm_load_si128(CONST_M128_CAST(iv+4))); + _mm_storeu_si128(M128_CAST(cv_l+6), + _mm_load_si128(CONST_M128_CAST(iv+6))); + _mm_storeu_si128(M128_CAST(cv_r+0), + _mm_load_si128(CONST_M128_CAST(iv+8))); + _mm_storeu_si128(M128_CAST(cv_r+2), + _mm_load_si128(CONST_M128_CAST(iv+10))); + _mm_storeu_si128(M128_CAST(cv_r+4), + _mm_load_si128(CONST_M128_CAST(iv+12))); + _mm_storeu_si128(M128_CAST(cv_r+6), + _mm_load_si128(CONST_M128_CAST(iv+14))); +} + +inline void zero_iv(lsh_u64 cv_l[8], lsh_u64 cv_r[8]) +{ + _mm_storeu_si128(M128_CAST(cv_l+0), _mm_setzero_si128()); + _mm_storeu_si128(M128_CAST(cv_l+2), _mm_setzero_si128()); + _mm_storeu_si128(M128_CAST(cv_l+4), _mm_setzero_si128()); + _mm_storeu_si128(M128_CAST(cv_l+6), _mm_setzero_si128()); + _mm_storeu_si128(M128_CAST(cv_r+0), _mm_setzero_si128()); + _mm_storeu_si128(M128_CAST(cv_r+2), _mm_setzero_si128()); + _mm_storeu_si128(M128_CAST(cv_r+4), _mm_setzero_si128()); + _mm_storeu_si128(M128_CAST(cv_r+6), _mm_setzero_si128()); +} + +inline void zero_submsgs(LSH512_SSSE3_Context* ctx) +{ + lsh_u64* sub_msgs = ctx->sub_msgs; + + _mm_storeu_si128(M128_CAST(sub_msgs+ 0), + _mm_setzero_si128()); + _mm_storeu_si128(M128_CAST(sub_msgs+ 2), + _mm_setzero_si128()); + _mm_storeu_si128(M128_CAST(sub_msgs+ 4), + _mm_setzero_si128()); + _mm_storeu_si128(M128_CAST(sub_msgs+ 6), + _mm_setzero_si128()); + _mm_storeu_si128(M128_CAST(sub_msgs+ 8), + _mm_setzero_si128()); + _mm_storeu_si128(M128_CAST(sub_msgs+10), + _mm_setzero_si128()); + _mm_storeu_si128(M128_CAST(sub_msgs+12), + _mm_setzero_si128()); + _mm_storeu_si128(M128_CAST(sub_msgs+14), + _mm_setzero_si128()); +} + +inline void init224(LSH512_SSSE3_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + zero_submsgs(ctx); + load_iv(ctx->cv_l, ctx->cv_r, LSH512_IV224); +} + +inline void init256(LSH512_SSSE3_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + zero_submsgs(ctx); + load_iv(ctx->cv_l, ctx->cv_r, LSH512_IV256); +} + +inline void init384(LSH512_SSSE3_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + zero_submsgs(ctx); + load_iv(ctx->cv_l, ctx->cv_r, LSH512_IV384); +} + +inline void init512(LSH512_SSSE3_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + zero_submsgs(ctx); + load_iv(ctx->cv_l, ctx->cv_r, LSH512_IV512); +} + +/* -------------------------------------------------------- */ + +inline void fin(LSH512_SSSE3_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + + _mm_storeu_si128(M128_CAST(ctx->cv_l+0), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(ctx->cv_l+0)), + _mm_loadu_si128(CONST_M128_CAST(ctx->cv_r+0)))); + _mm_storeu_si128(M128_CAST(ctx->cv_l+2), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(ctx->cv_l+2)), + _mm_loadu_si128(CONST_M128_CAST(ctx->cv_r+2)))); + _mm_storeu_si128(M128_CAST(ctx->cv_l+4), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(ctx->cv_l+4)), + _mm_loadu_si128(CONST_M128_CAST(ctx->cv_r+4)))); + _mm_storeu_si128(M128_CAST(ctx->cv_l+6), _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(ctx->cv_l+6)), + _mm_loadu_si128(CONST_M128_CAST(ctx->cv_r+6)))); +} + +/* -------------------------------------------------------- */ + +inline void get_hash(LSH512_SSSE3_Context* ctx, lsh_u8* pbHashVal) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + CRYPTOPP_ASSERT(ctx->alg_type != 0); + CRYPTOPP_ASSERT(pbHashVal != NULLPTR); + + lsh_uint alg_type = ctx->alg_type; + lsh_uint hash_val_byte_len = LSH_GET_HASHBYTE(alg_type); + lsh_uint hash_val_bit_len = LSH_GET_SMALL_HASHBIT(alg_type); + + // Multiplying by sizeof(lsh_u8) looks odd... + memcpy(pbHashVal, ctx->cv_l, hash_val_byte_len); + if (hash_val_bit_len){ + pbHashVal[hash_val_byte_len-1] &= (((lsh_u8)0xff) << hash_val_bit_len); + } +} + +/* -------------------------------------------------------- */ + +lsh_err lsh512_init_ssse3(LSH512_SSSE3_Context* ctx) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + CRYPTOPP_ASSERT(ctx->alg_type != 0); + + lsh_u32 alg_type = ctx->alg_type; + const lsh_u64* const_v = NULL; + ctx->remain_databitlen = 0; + + switch (alg_type){ + case LSH_TYPE_512_512: + init512(ctx); + return LSH_SUCCESS; + case LSH_TYPE_512_384: + init384(ctx); + return LSH_SUCCESS; + case LSH_TYPE_512_256: + init256(ctx); + return LSH_SUCCESS; + case LSH_TYPE_512_224: + init224(ctx); + return LSH_SUCCESS; + default: + break; + } + + lsh_u64* cv_l = ctx->cv_l; + lsh_u64* cv_r = ctx->cv_r; + + zero_iv(cv_l, cv_r); + cv_l[0] = LSH512_HASH_VAL_MAX_BYTE_LEN; + cv_l[1] = LSH_GET_HASHBIT(alg_type); + + for (size_t i = 0; i < NUM_STEPS / 2; i++) + { + //Mix + load_sc(&const_v, i * 16); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + + load_sc(&const_v, i * 16 + 8); + mix(cv_l, cv_r, const_v); + word_perm(cv_l, cv_r); + } + + return LSH_SUCCESS; +} + +lsh_err lsh512_update_ssse3(LSH512_SSSE3_Context* ctx, const lsh_u8* data, size_t databitlen) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + CRYPTOPP_ASSERT(data != NULLPTR); + CRYPTOPP_ASSERT(databitlen % 8 == 0); + CRYPTOPP_ASSERT(ctx->alg_type != 0); + + if (databitlen == 0){ + return LSH_SUCCESS; + } + + // We are byte oriented. tail bits will always be 0. + size_t databytelen = databitlen >> 3; + // lsh_uint pos2 = databitlen & 0x7; + const size_t pos2 = 0; + + size_t remain_msg_byte = static_cast(ctx->remain_databitlen >> 3); + // lsh_uint remain_msg_bit = ctx->remain_databitlen & 7; + const size_t remain_msg_bit = 0; + + if (remain_msg_byte >= LSH512_MSG_BLK_BYTE_LEN){ + return LSH_ERR_INVALID_STATE; + } + if (remain_msg_bit > 0){ + return LSH_ERR_INVALID_DATABITLEN; + } + + if (databytelen + remain_msg_byte < LSH512_MSG_BLK_BYTE_LEN){ + memcpy(ctx->last_block + remain_msg_byte, data, databytelen); + ctx->remain_databitlen += (lsh_uint)databitlen; + remain_msg_byte += (lsh_uint)databytelen; + if (pos2){ + ctx->last_block[remain_msg_byte] = data[databytelen] & ((0xff >> pos2) ^ 0xff); + } + return LSH_SUCCESS; + } + + if (remain_msg_byte > 0){ + size_t more_byte = LSH512_MSG_BLK_BYTE_LEN - remain_msg_byte; + memcpy(ctx->last_block + remain_msg_byte, data, more_byte); + compress(ctx, ctx->last_block); + data += more_byte; + databytelen -= more_byte; + remain_msg_byte = 0; + ctx->remain_databitlen = 0; + } + + while (databytelen >= LSH512_MSG_BLK_BYTE_LEN) + { + // This call to compress caused some trouble. + // The data pointer can become unaligned in the + // previous block. + compress(ctx, data); + data += LSH512_MSG_BLK_BYTE_LEN; + databytelen -= LSH512_MSG_BLK_BYTE_LEN; + } + + if (databytelen > 0){ + memcpy(ctx->last_block, data, databytelen); + ctx->remain_databitlen = (lsh_uint)(databytelen << 3); + } + + if (pos2){ + ctx->last_block[databytelen] = data[databytelen] & ((0xff >> pos2) ^ 0xff); + ctx->remain_databitlen += pos2; + } + return LSH_SUCCESS; +} + +lsh_err lsh512_final_ssse3(LSH512_SSSE3_Context* ctx, lsh_u8* hashval) +{ + CRYPTOPP_ASSERT(ctx != NULLPTR); + CRYPTOPP_ASSERT(hashval != NULLPTR); + + // We are byte oriented. tail bits will always be 0. + size_t remain_msg_byte = static_cast(ctx->remain_databitlen >> 3); + // lsh_uint remain_msg_bit = ctx->remain_databitlen & 7; + const size_t remain_msg_bit = 0; + + if (remain_msg_byte >= LSH512_MSG_BLK_BYTE_LEN){ + return LSH_ERR_INVALID_STATE; + } + + if (remain_msg_bit){ + ctx->last_block[remain_msg_byte] |= (0x1 << (7 - remain_msg_bit)); + } + else{ + ctx->last_block[remain_msg_byte] = 0x80; + } + memset(ctx->last_block + remain_msg_byte + 1, 0, LSH512_MSG_BLK_BYTE_LEN - remain_msg_byte - 1); + + compress(ctx, ctx->last_block); + + fin(ctx); + get_hash(ctx, hashval); + + return LSH_SUCCESS; +} + +ANONYMOUS_NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) + +extern +void LSH512_Base_Restart_SSSE3(word64* state) +{ + state[RemainingBits] = 0; + LSH512_SSSE3_Context ctx(state, state[AlgorithmType], state[RemainingBits]); + lsh_err err = lsh512_init_ssse3(&ctx); + + if (err != LSH_SUCCESS) + throw Exception(Exception::OTHER_ERROR, "LSH512_Base: lsh512_init_ssse3 failed"); +} + +extern +void LSH512_Base_Update_SSSE3(word64* state, const byte *input, size_t size) +{ + LSH512_SSSE3_Context ctx(state, state[AlgorithmType], state[RemainingBits]); + lsh_err err = lsh512_update_ssse3(&ctx, input, 8*size); + + if (err != LSH_SUCCESS) + throw Exception(Exception::OTHER_ERROR, "LSH512_Base: lsh512_update_ssse3 failed"); +} + +extern +void LSH512_Base_TruncatedFinal_SSSE3(word64* state, byte *hash, size_t) +{ + LSH512_SSSE3_Context ctx(state, state[AlgorithmType], state[RemainingBits]); + lsh_err err = lsh512_final_ssse3(&ctx, hash); + + if (err != LSH_SUCCESS) + throw Exception(Exception::OTHER_ERROR, "LSH512_Base: lsh512_final_ssse3 failed"); +} + +NAMESPACE_END + +#endif // CRYPTOPP_SSSE3_AVAILABLE diff -Nru libcrypto++-8.4.0/lsh.h libcrypto++-8.6.0/lsh.h --- libcrypto++-8.4.0/lsh.h 1970-01-01 00:00:00.000000000 +0000 +++ libcrypto++-8.6.0/lsh.h 2021-09-24 11:48:47.000000000 +0000 @@ -0,0 +1,262 @@ +// lsh.h - written and placed in the public domain by Jeffrey Walton +// Based on the specification and source code provided by +// Korea Internet & Security Agency (KISA) website. Also +// see https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do +// and https://seed.kisa.or.kr/kisa/Board/22/detailView.do. + +// We are hitting some sort of GCC bug in the LSH AVX2 code path. +// Clang is OK on the AVX2 code path. We believe it is GCC Issue +// 82735, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82735. It +// makes using zeroupper a little tricky. + +/// \file lsh.h +/// \brief Classes for the LSH hash functions +/// \since Crypto++ 8.6 +/// \sa LSH +/// on the Korea Internet & Security Agency (KISA) website. +#ifndef CRYPTOPP_LSH_H +#define CRYPTOPP_LSH_H + +#include "cryptlib.h" +#include "secblock.h" + +// Enable SSE2 and AVX2 for 64-bit machines. +// 32-bit machines slow down with SSE2. +#if (CRYPTOPP_BOOL_X32) || (CRYPTOPP_BOOL_X64) +# define CRYPTOPP_ENABLE_64BIT_SSE 1 +#endif + +NAMESPACE_BEGIN(CryptoPP) + +/// \brief LSH-224 and LSH-256 hash base class +/// \details LSH256_Base is the base class for both LSH-224 and LSH-256 +/// \since Crypto++ 8.6 +class LSH256_Base : public HashTransformation +{ +public: + /// \brief Block size, in bytes + /// \details LSH_256 uses LSH256_MSG_BLK_BYTE_LEN for block size, which is 128 + CRYPTOPP_CONSTANT(BLOCKSIZE = 128); + + virtual ~LSH256_Base() {} + + unsigned int BlockSize() const { return BLOCKSIZE; } + unsigned int DigestSize() const { return m_digestSize; } + unsigned int OptimalDataAlignment() const { return GetAlignmentOf(); } + + void Restart(); + void Update(const byte *input, size_t size); + void TruncatedFinal(byte *hash, size_t size); + + std::string AlgorithmProvider() const; + +protected: + LSH256_Base(unsigned int algType, unsigned int digestSize) + : m_digestSize(digestSize) { m_state[80] = algType; } + +protected: + // Working state is: + // * cv_l = 8 32-bit words + // * cv_r = 8 32-bit words + // * submsg_e_l = 8 32-bit words + // * submsg_e_r = 8 32-bit words + // * submsg_o_l = 8 32-bit words + // * submsg_o_r = 8 32-bit words + // * last_block = 32 32-bit words (128 bytes) + // * algType + // * remainingBitLength + FixedSizeSecBlock m_state; + // word32 m_algType, m_remainingBitLength; + word32 m_digestSize; +}; + +/// \brief LSH-224 hash function +/// \sa LSH +/// on the Korea Internet & Security Agency (KISA) website. +/// \since Crypto++ 8.6 +class LSH224 : public LSH256_Base +{ +public: + /// \brief Digest size, in bytes + /// \details LSH_256 uses LSH_GET_HASHBYTE(algType) for digest size, which is 28 + CRYPTOPP_CONSTANT(DIGESTSIZE = 28); + /// \brief Block size, in bytes + /// \details LSH_256 uses LSH256_MSG_BLK_BYTE_LEN for block size, which is 128 + CRYPTOPP_CONSTANT(BLOCKSIZE = LSH256_Base::BLOCKSIZE); + + /// \brief The algorithm's name + /// \return the standard algorithm name + /// \details The standard algorithm name can be a name like AES or AES/GCM. + /// Some algorithms do not have standard names yet. For example, there is no standard + /// algorithm name for Shoup's ECIES. + /// \note StaticAlgorithmName is not universally implemented yet. + static std::string StaticAlgorithmName() { return "LSH-224"; } + + /// \brief Construct a LSH-224 + /// \details LSH_TYPE_224 is the magic value 0x000001C defined in lsh.cpp. + LSH224() : LSH256_Base(0x000001C, DIGESTSIZE) { Restart(); } + + std::string AlgorithmName() const { return StaticAlgorithmName(); } +}; + +/// \brief LSH-256 hash function +/// \sa LSH +/// on the Korea Internet & Security Agency (KISA) website. +/// \since Crypto++ 8.6 +class LSH256 : public LSH256_Base +{ +public: + /// \brief Digest size, in bytes + /// \details LSH_256 uses LSH_GET_HASHBYTE(algType) for digest size, which is 32 + CRYPTOPP_CONSTANT(DIGESTSIZE = 32); + /// \brief Block size, in bytes + /// \details LSH_256 uses LSH256_MSG_BLK_BYTE_LEN for block size, which is 128 + CRYPTOPP_CONSTANT(BLOCKSIZE = LSH256_Base::BLOCKSIZE); + + /// \brief The algorithm's name + /// \return the standard algorithm name + /// \details The standard algorithm name can be a name like AES or AES/GCM. + /// Some algorithms do not have standard names yet. For example, there is no standard + /// algorithm name for Shoup's ECIES. + /// \note StaticAlgorithmName is not universally implemented yet. + static std::string StaticAlgorithmName() { return "LSH-256"; } + + /// \brief Construct a LSH-256 + /// \details LSH_TYPE_256 is the magic value 0x0000020 defined in lsh.cpp. + LSH256() : LSH256_Base(0x0000020, DIGESTSIZE) { Restart(); } + + std::string AlgorithmName() const { return StaticAlgorithmName(); } +}; + +/// \brief LSH-384 and LSH-512 hash base class +/// \details LSH512_Base is the base class for both LSH-384 and LSH-512 +/// \since Crypto++ 8.6 +class LSH512_Base : public HashTransformation +{ +public: + /// \brief Block size, in bytes + /// \details LSH_512 uses LSH512_MSG_BLK_BYTE_LEN for block size, which is 256 + CRYPTOPP_CONSTANT(BLOCKSIZE = 256); + + virtual ~LSH512_Base() {} + + unsigned int BlockSize() const { return BLOCKSIZE; } + unsigned int DigestSize() const { return m_digestSize; } + unsigned int OptimalDataAlignment() const { return GetAlignmentOf(); } + + void Restart(); + void Update(const byte *input, size_t size); + void TruncatedFinal(byte *hash, size_t size); + + std::string AlgorithmProvider() const; + +protected: + LSH512_Base(unsigned int algType, unsigned int digestSize) + : m_digestSize(digestSize) { m_state[80] = algType; } + +protected: + // Working state is: + // * cv_l = 8 64-bit words + // * cv_r = 8 64-bit words + // * submsg_e_l = 8 64-bit words + // * submsg_e_r = 8 64-bit words + // * submsg_o_l = 8 64-bit words + // * submsg_o_r = 8 64-bit words + // * last_block = 32 64-bit words (256 bytes) + // * algType + // * remainingBitLength + FixedSizeSecBlock m_state; + // word32 m_algType, m_remainingBitLength; + word32 m_digestSize; +}; + +/// \brief LSH-384 hash function +/// \sa LSH +/// on the Korea Internet & Security Agency (KISA) website. +/// \since Crypto++ 8.6 +class LSH384 : public LSH512_Base +{ +public: + /// \brief Digest size, in bytes + /// \details LSH_512 uses LSH_GET_HASHBYTE(algType) for digest size, which is 48 + CRYPTOPP_CONSTANT(DIGESTSIZE = 48); + /// \brief Block size, in bytes + /// \details LSH_512 uses LSH512_MSG_BLK_BYTE_LEN for block size, which is 256 + CRYPTOPP_CONSTANT(BLOCKSIZE = LSH512_Base::BLOCKSIZE); + + /// \brief The algorithm's name + /// \return the standard algorithm name + /// \details The standard algorithm name can be a name like AES or AES/GCM. + /// Some algorithms do not have standard names yet. For example, there is no standard + /// algorithm name for Shoup's ECIES. + /// \note StaticAlgorithmName is not universally implemented yet. + static std::string StaticAlgorithmName() { return "LSH-384"; } + + /// \brief Construct a LSH-384 + /// \details LSH_TYPE_384 is the magic value 0x0010030 defined in lsh.cpp. + LSH384() : LSH512_Base(0x0010030, DIGESTSIZE) { Restart(); } + + std::string AlgorithmName() const { return StaticAlgorithmName(); } +}; + +/// \brief LSH-512 hash function +/// \sa LSH +/// on the Korea Internet & Security Agency (KISA) website. +/// \since Crypto++ 8.6 +class LSH512 : public LSH512_Base +{ +public: + /// \brief Digest size, in bytes + /// \details LSH_512 uses LSH_GET_HASHBYTE(algType) for digest size, which is 64 + CRYPTOPP_CONSTANT(DIGESTSIZE = 64); + /// \brief Block size, in bytes + /// \details LSH_512 uses LSH512_MSG_BLK_BYTE_LEN for block size, which is 256 + CRYPTOPP_CONSTANT(BLOCKSIZE = LSH512_Base::BLOCKSIZE); + + /// \brief The algorithm's name + /// \return the standard algorithm name + /// \details The standard algorithm name can be a name like AES or AES/GCM. + /// Some algorithms do not have standard names yet. For example, there is no standard + /// algorithm name for Shoup's ECIES. + /// \note StaticAlgorithmName is not universally implemented yet. + static std::string StaticAlgorithmName() { return "LSH-512"; } + + /// \brief Construct a LSH-512 + /// \details LSH_TYPE_512 is the magic value 0x0010040 defined in lsh.cpp. + LSH512() : LSH512_Base(0x0010040, DIGESTSIZE) { Restart(); } + + std::string AlgorithmName() const { return StaticAlgorithmName(); } +}; + +/// \brief LSH-512-256 hash function +/// \sa LSH +/// on the Korea Internet & Security Agency (KISA) website. +/// \since Crypto++ 8.6 +class LSH512_256 : public LSH512_Base +{ +public: + /// \brief Digest size, in bytes + /// \details LSH_512 uses LSH_GET_HASHBYTE(algType) for digest size, which is 32 + CRYPTOPP_CONSTANT(DIGESTSIZE = 32); + /// \brief Block size, in bytes + /// \details LSH_512 uses LSH512_MSG_BLK_BYTE_LEN for block size, which is 256 + CRYPTOPP_CONSTANT(BLOCKSIZE = LSH512_Base::BLOCKSIZE); + + /// \brief The algorithm's name + /// \return the standard algorithm name + /// \details The standard algorithm name can be a name like AES or AES/GCM. + /// Some algorithms do not have standard names yet. For example, there is no standard + /// algorithm name for Shoup's ECIES. + /// \note StaticAlgorithmName is not universally implemented yet. + static std::string StaticAlgorithmName() { return "LSH-512-256"; } + + /// \brief Construct a LSH-512-256 + /// \details LSH_TYPE_512_256 is the magic value 0x0010020 defined in lsh.cpp. + LSH512_256() : LSH512_Base(0x0010020, DIGESTSIZE) { Restart(); } + + std::string AlgorithmName() const { return StaticAlgorithmName(); } +}; + +NAMESPACE_END + +#endif // CRYPTOPP_LSH_H diff -Nru libcrypto++-8.4.0/md2.h libcrypto++-8.6.0/md2.h --- libcrypto++-8.4.0/md2.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/md2.h 2021-09-24 11:48:47.000000000 +0000 @@ -20,12 +20,14 @@ class MD2 : public HashTransformation { public: + CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "MD2";} + MD2(); void Update(const byte *input, size_t length); void TruncatedFinal(byte *hash, size_t size); unsigned int DigestSize() const {return DIGESTSIZE;} unsigned int BlockSize() const {return BLOCKSIZE;} - CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "MD2";} + std::string AlgorithmName() const {return StaticAlgorithmName();} CRYPTOPP_CONSTANT(DIGESTSIZE = 16); CRYPTOPP_CONSTANT(BLOCKSIZE = 16); diff -Nru libcrypto++-8.4.0/mersenne.h libcrypto++-8.6.0/mersenne.h --- libcrypto++-8.4.0/mersenne.h 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/mersenne.h 2021-09-24 11:48:47.000000000 +0000 @@ -39,7 +39,7 @@ /// \param seed 32-bit seed /// \details Defaults to template parameter S due to changing algorithm /// parameters over time - MersenneTwister(word32 seed = S) : m_seed(seed), m_idx(N) + MersenneTwister(word32 seed = S) : m_idx(N) { Reset(seed); } @@ -53,12 +53,20 @@ /// generator. If fewer bytes are provided, then the seed is padded with 0's. void IncorporateEntropy(const byte *input, size_t length) { - word32 temp = 0; - ::memcpy(&temp, input, STDMIN(sizeof(temp), length)); - Reset(temp); + // Handle word32 size blocks + FixedSizeSecBlock temp; + temp[0] = 0; - // Wipe temp - SecureWipeArray(&temp, 1); + if (length > 4) + length = 4; + + for (size_t i=0; i temp; for (size_t i=0; i < size/4; i++, output += 4) { - temp = NextMersenneWord(); - memcpy(output, &temp, 4); + temp[0] = NextMersenneWord(); + memcpy(output, temp+0, 4); } // No tail bytes if (size%4 == 0) - { - // Wipe temp - SecureWipeArray(&temp, 1); return; - } // Handle tail bytes - temp = NextMersenneWord(); + temp[0] = NextMersenneWord(); switch (size%4) { - case 3: output[2] = CRYPTOPP_GET_BYTE_AS_BYTE(temp, 1); /* fall through */ - case 2: output[1] = CRYPTOPP_GET_BYTE_AS_BYTE(temp, 2); /* fall through */ - case 1: output[0] = CRYPTOPP_GET_BYTE_AS_BYTE(temp, 3); break; + case 3: output[2] = CRYPTOPP_GET_BYTE_AS_BYTE(temp[0], 1); /* fall through */ + case 2: output[1] = CRYPTOPP_GET_BYTE_AS_BYTE(temp[0], 2); /* fall through */ + case 1: output[0] = CRYPTOPP_GET_BYTE_AS_BYTE(temp[0], 3); break; - default: CRYPTOPP_ASSERT(0); ; + default: CRYPTOPP_ASSERT(0);; } - - // Wipe temp - SecureWipeArray(&temp, 1); } /// \brief Generate a random 32-bit word in the range min to max, inclusive @@ -137,7 +138,6 @@ void Reset(word32 seed) { - m_seed = seed; m_idx = N; m_state[0] = seed; @@ -195,8 +195,6 @@ /// \brief 32-bit word state array of size N FixedSizeSecBlock m_state; - /// \brief the value used to seed the generator - word32 m_seed; /// \brief the current index into the state array word32 m_idx; }; diff -Nru libcrypto++-8.4.0/misc.cpp libcrypto++-8.6.0/misc.cpp --- libcrypto++-8.4.0/misc.cpp 2021-01-02 06:54:31.000000000 +0000 +++ libcrypto++-8.6.0/misc.cpp 2021-09-24 11:48:47.000000000 +0000 @@ -19,6 +19,29 @@ #include "integer.h" #include "secblock.h" +// Hack for OpenBSD and GCC 4.2.1. I believe they are stuck at 4.2.1 due to GPLv3. +#if defined(__OpenBSD__) +# if defined (CRYPTOPP_GCC_VERSION) && (CRYPTOPP_GCC_VERSION < 43000) +# undef CRYPTOPP_DISABLE_ASM +# define CRYPTOPP_DISABLE_ASM 1 +# endif +#endif + +#ifndef CRYPTOPP_DISABLE_ASM +# if defined(__SSE2__) +# include +# endif +# if defined(__AVX__) +# include +# endif + +# if defined(__aarch64__) || defined(__aarch32__) || defined(_M_ARM64) +# if defined(CRYPTOPP_ARM_NEON_HEADER) +# include +# endif +# endif +#endif // CRYPTOPP_DISABLE_ASM + NAMESPACE_BEGIN(CryptoPP) byte* BytePtr(SecByteBlock& str) @@ -43,111 +66,198 @@ return str.size(); } +// xorbuf simplified at https://github.com/weidai11/cryptopp/issues/1020 void xorbuf(byte *buf, const byte *mask, size_t count) { CRYPTOPP_ASSERT(buf != NULLPTR); CRYPTOPP_ASSERT(mask != NULLPTR); CRYPTOPP_ASSERT(count > 0); - size_t i=0; - if (IsAligned(buf) && IsAligned(mask)) +#ifndef CRYPTOPP_DISABLE_ASM +# if defined(__AVX__) + while (count >= 32) + { + __m256i b = _mm256_loadu_si256(reinterpret_cast(buf)); + __m256i m = _mm256_loadu_si256(reinterpret_cast(mask)); + _mm256_storeu_si256(reinterpret_cast<__m256i*>(buf), _mm256_castps_si256( + _mm256_xor_ps(_mm256_castsi256_ps(b), _mm256_castsi256_ps(m)))); + buf += 32; mask += 32; count -= 32; + } + // https://software.intel.com/en-us/articles/avoiding-avx-sse-transition-penalties + _mm256_zeroupper(); +# endif +# if defined(__SSE2__) + while (count >= 16) + { + __m128i b = _mm_loadu_si128(reinterpret_cast(buf)); + __m128i m = _mm_loadu_si128(reinterpret_cast(mask)); + _mm_storeu_si128(reinterpret_cast<__m128i*>(buf), _mm_castps_si128( + _mm_xor_ps(_mm_castsi128_ps(b), _mm_castsi128_ps(m)))); + buf += 16; mask += 16; count -= 16; + } +# endif +# if defined(__aarch64__) || defined(__aarch32__) || defined(_M_ARM64) + while (count >= 16) + { + vst1q_u8(buf, veorq_u8(vld1q_u8(buf), vld1q_u8(mask))); + buf += 16; mask += 16; count -= 16; + } +# endif +#endif // CRYPTOPP_DISABLE_ASM + +#if CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64 + // word64 and stride of 8 slows things down on x86_64. + // word64 and stride of 8 makes no difference on ARM. + // word64 and stride of 16 benefits PowerPC. + while (count >= 16) + { + word64 r[2], b[2], m[2]; + memcpy(&b, buf, 16); memcpy(&m, mask, 16); + + r[0] = b[0] ^ m[0]; + r[1] = b[1] ^ m[1]; + memcpy(buf, &r, 16); + + buf += 16; mask += 16; count -= 16; + } +#endif + + // One of the arch specific xor's may have cleared the request + if (count == 0) return; + + while (count >= 4) { - if (!CRYPTOPP_BOOL_SLOW_WORD64 && IsAligned(buf) && IsAligned(mask)) - { - for (i=0; i 0); - size_t i=0; - if (IsAligned(output) && IsAligned(input) && IsAligned(mask)) +#ifndef CRYPTOPP_DISABLE_ASM +# if defined(__AVX__) + while (count >= 32) + { + __m256i b = _mm256_loadu_si256(reinterpret_cast(input)); + __m256i m = _mm256_loadu_si256(reinterpret_cast(mask)); + _mm256_storeu_si256(reinterpret_cast<__m256i*>(output), _mm256_castps_si256( + _mm256_xor_ps(_mm256_castsi256_ps(b), _mm256_castsi256_ps(m)))); + output += 32; input += 32; mask += 32; count -= 32; + } + // https://software.intel.com/en-us/articles/avoiding-avx-sse-transition-penalties + _mm256_zeroupper(); +# endif +# if defined(__SSE2__) + while (count >= 16) + { + __m128i b = _mm_loadu_si128(reinterpret_cast(input)); + __m128i m = _mm_loadu_si128(reinterpret_cast(mask)); + _mm_storeu_si128(reinterpret_cast<__m128i*>(output), _mm_castps_si128( + _mm_xor_ps(_mm_castsi128_ps(b), _mm_castsi128_ps(m)))); + output += 16; input += 16; mask += 16; count -= 16; + } +# endif +# if defined(__aarch64__) || defined(__aarch32__) || defined(_M_ARM64) + while (count >= 16) + { + vst1q_u8(output, veorq_u8(vld1q_u8(input), vld1q_u8(mask))); + output += 16; input += 16; mask += 16; count -= 16; + } +# endif +#endif // CRYPTOPP_DISABLE_ASM + +#if CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64 + // word64 and stride of 8 slows things down on x86_64. + // word64 and stride of 8 makes no difference on ARM. + // word64 and stride of 16 benefits PowerPC. + while (count >= 16) + { + word64 b[2], m[2], r[2]; + memcpy(&b, input, 16); memcpy(&m, mask, 16); + + r[0] = b[0] ^ m[0]; + r[1] = b[1] ^ m[1]; + memcpy(output, &r, 16); + + output += 16; input += 16; mask += 16; count -= 16; + } +#endif + + // One of the arch specific xor's may have cleared the request + if (count == 0) return; + + while (count >= 4) { - if (!CRYPTOPP_BOOL_SLOW_WORD64 && IsAligned(output) && IsAligned(input) && IsAligned(mask)) - { - for (i=0; i 0); - size_t i=0; - byte acc8 = 0; +#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_ARM64 || CRYPTOPP_BOOL_PPC64 || CRYPTOPP_BOOL_MIPS64 || CRYPTOPP_BOOL_SPARC64 + word64 acc64 = 0; + while (count >= 8) + { + word64 b, m; + memcpy(&b, buf, 8); memcpy(&m, mask, 8); + acc64 |= b ^ m; + + buf += 8; mask += 8; count -= 8; + } - if (IsAligned(buf) && IsAligned(mask) && count) + word32 acc8 = (acc64 >> 32) | (acc64 & 0xffffffff); + acc8 = static_cast(acc8) | static_cast(acc8 >> 8) | + static_cast(acc8 >> 16) | static_cast(acc8 >> 24); +#else + word32 acc32 = 0; + while (count >= 4) { - word32 acc32 = 0; - if (!CRYPTOPP_BOOL_SLOW_WORD64 && IsAligned(buf) && IsAligned(mask)) - { - word64 acc64 = 0; - for (i=0; i>32); - } - - for (i=0; i>8) | byte(acc32>>16) | byte(acc32>>24); + word32 b, m; + memcpy(&b, buf, 4); memcpy(&m, mask, 4); + acc32 |= b ^ m; + + buf += 4; mask += 4; count -= 4; } - for (i=0; i(acc8) | static_cast(acc8 >> 8) | + static_cast(acc8 >> 16) | static_cast(acc8 >> 24); +#endif + + for (size_t i=0; i +constexpr int EnumToInt(T v) { + return static_cast(v); +} +#else +# define EnumToInt(v) static_cast(v) +#endif + #if (!__STDC_WANT_SECURE_LIB__ && !defined(_MEMORY_S_DEFINED)) || defined(CRYPTOPP_WANT_SECURE_LIB) /// \brief Bounds checking replacement for memcpy() -/// \param dest pointer to the desination memory block -/// \param sizeInBytes size of the desination memory block, in bytes +/// \param dest pointer to the destination memory block +/// \param sizeInBytes size of the destination memory block, in bytes /// \param src pointer to the source memory block /// \param count the number of bytes to copy /// \throw InvalidArgument @@ -511,7 +530,7 @@ CRYPTOPP_ASSERT(dest != NULLPTR); CRYPTOPP_ASSERT(src != NULLPTR); // Restricted pointers. We want to check ranges, but it is not clear how to do it. CRYPTOPP_ASSERT(src != dest); - // Destination buffer must be large enough to satsify request + // Destination buffer must be large enough to satisfy request CRYPTOPP_ASSERT(sizeInBytes >= count); if (count > sizeInBytes) @@ -532,8 +551,8 @@ } /// \brief Bounds checking replacement for memmove() -/// \param dest pointer to the desination memory block -/// \param sizeInBytes size of the desination memory block, in bytes +/// \param dest pointer to the destination memory block +/// \param sizeInBytes size of the destination memory block, in bytes /// \param src pointer to the source memory block /// \param count the number of bytes to copy /// \throw InvalidArgument @@ -555,7 +574,7 @@ // Pointers must be valid; otherwise undefined behavior CRYPTOPP_ASSERT(dest != NULLPTR); CRYPTOPP_ASSERT(src != NULLPTR); - // Destination buffer must be large enough to satsify request + // Destination buffer must be large enough to satisfy request CRYPTOPP_ASSERT(sizeInBytes >= count); if (count > sizeInBytes) @@ -576,7 +595,8 @@ } #if __BORLANDC__ >= 0x620 -// C++Builder 2010 workaround: can't use std::memcpy_s because it doesn't allow 0 lengths +// C++Builder 2010 workaround: can't use std::memcpy_s +// because it doesn't allow 0 lengths # define memcpy_s CryptoPP::memcpy_s # define memmove_s CryptoPP::memmove_s #endif @@ -617,7 +637,7 @@ /// \sa SecureWipeBuffer inline void * memset_z(void *ptr, int val, size_t num) { -// avoid extranous warning on GCC 4.3.2 Ubuntu 8.10 +// avoid extraneous warning on GCC 4.3.2 Ubuntu 8.10 #if CRYPTOPP_GCC_VERSION >= 30001 || CRYPTOPP_LLVM_CLANG_VERSION >= 20800 || \ CRYPTOPP_APPLE_CLANG_VERSION >= 30000 if (__builtin_constant_p(num) && num==0) @@ -664,7 +684,7 @@ # endif #endif -/// \brief Safe comparison of values that could be neagtive and incorrectly promoted +/// \brief Safe comparison of values that could be negative and incorrectly promoted /// \tparam T1 class or type /// \tparam T2 class or type /// \param a the first value @@ -735,7 +755,7 @@ /// \param base the base to use during the conversion /// \return the string representation of value in base. /// \details this template function specialization was added to suppress -/// Coverity findings on IntToString() with unsigned types. +/// Coverity findings on IntToString() with unsigned types. template <> CRYPTOPP_DLL std::string IntToString(word64 value, unsigned int base); @@ -972,7 +992,7 @@ /// \param buf2 the second buffer /// \param count the size of the buffers, in bytes /// \details VerifyBufsEqual performs an XOR of the elements in two equally sized -/// buffers and retruns a result based on the XOR operation. A count of 0 returns +/// buffers and returns a result based on the XOR operation. A count of 0 returns /// true because two empty buffers are considered equal. /// \details The function is near constant-time because CPU micro-code timings could /// affect the "constant-ness". Calling code is responsible for mitigating timing @@ -1117,7 +1137,7 @@ /// \return the possibly unmodified value \n /// \details RoundDownToMultipleOf is effectively a floor function based on m. The function returns /// the value n - n\%m. If n is a multiple of m, then the original value is returned. -/// \note T1 and T2 should be usigned arithmetic types. If T1 or +/// \note T1 and T2 should be unsigned arithmetic types. If T1 or /// T2 is signed, then the value should be non-negative. The library asserts in /// debug builds when practical, but allows you to perform the operation in release builds. template @@ -1147,7 +1167,7 @@ /// \details RoundUpToMultipleOf is effectively a ceiling function based on m. The function /// returns the value n + n\%m. If n is a multiple of m, then the original value is /// returned. If the value n would overflow, then an InvalidArgument exception is thrown. -/// \note T1 and T2 should be usigned arithmetic types. If T1 or +/// \note T1 and T2 should be unsigned arithmetic types. If T1 or /// T2 is signed, then the value should be non-negative. The library asserts in /// debug builds when practical, but allows you to perform the operation in release builds. template @@ -1260,7 +1280,7 @@ /// DECRYPTION otherwise /// \details A cipher can be operated in a "forward" direction (encryption) or a "reverse" /// direction (decryption). The operations do not have to be symmetric, meaning a second -/// application of the transformation does not necessariy return the original message. +/// application of the transformation does not necessarily return the original message. /// That is, E(D(m)) may not equal E(E(m)); and D(E(m)) may not /// equal D(D(m)). template @@ -1315,7 +1335,7 @@ } } -/// \brief Performs a branchless swap of values a and b if condition c is true +/// \brief Performs a branch-less swap of values a and b if condition c is true /// \tparam T class or type /// \param c the condition to perform the swap /// \param a the first value @@ -1328,7 +1348,7 @@ b ^= t; } -/// \brief Performs a branchless swap of pointers a and b if condition c is true +/// \brief Performs a branch-less swap of pointers a and b if condition c is true /// \tparam T class or type /// \param c the condition to perform the swap /// \param a the first pointer @@ -2193,12 +2213,12 @@ /// /// cout << "V1: "; /// for(unsigned int i = 0; i < v1.size(); i++) -/// cout << std::hex << v1[i] << " "; +/// cout << std::hex << v1[i] << " "; /// cout << endl; /// /// cout << "V2: "; /// for(unsigned int i = 0; i < v2.size(); i++) -/// cout << std::hex << v2[i] << " "; +/// cout << std::hex << v2[i] << " "; /// cout << endl; /// The program above results in the following output. /// 
V1: 00000001 00000002 00000003 00000004
diff -Nru libcrypto++-8.4.0/modes.cpp libcrypto++-8.6.0/modes.cpp
--- libcrypto++-8.4.0/modes.cpp	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/modes.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -253,7 +253,7 @@
 
 	// save copy now in case of in-place decryption
 	const unsigned int blockSize = BlockSize();
-	memcpy(m_temp, PtrAdd(inString,length-blockSize), blockSize);
+	memcpy(m_temp, PtrAdd(inString, length-blockSize), blockSize);
 	if (length > blockSize)
 		m_cipher->AdvancedProcessBlocks(PtrAdd(inString,blockSize), inString, PtrAdd(outString,blockSize), length-blockSize, BlockTransformation::BT_ReverseDirection|BlockTransformation::BT_AllowParallel);
 	m_cipher->ProcessAndXorBlock(inString, m_register, outString);
diff -Nru libcrypto++-8.4.0/mqueue.h libcrypto++-8.6.0/mqueue.h
--- libcrypto++-8.4.0/mqueue.h	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/mqueue.h	2021-09-24 11:48:47.000000000 +0000
@@ -1,3 +1,8 @@
+// mqueue.h - originally written and placed in the public domain by Wei Dai
+
+/// \file
+/// \brief Classes for an unlimited queue to store messages
+
 #ifndef CRYPTOPP_MQUEUE_H
 #define CRYPTOPP_MQUEUE_H
 
@@ -10,12 +15,21 @@
 
 NAMESPACE_BEGIN(CryptoPP)
 
-/// Message Queue
+/// \brief Data structure used to store messages
+/// \details The queue is implemented with a ByteQueue.
+/// \sa MessageQueue
+///  on the Crypto++ wiki.
+/// \since Crypto++ 2.0
 class CRYPTOPP_DLL MessageQueue : public AutoSignaling
 {
 public:
+	virtual ~MessageQueue() {}
+
+	/// \brief Construct a MessageQueue
+	/// \param nodeSize the initial node size
 	MessageQueue(unsigned int nodeSize=256);
 
+	// BufferedTransformation
 	void IsolatedInitialize(const NameValuePairs ¶meters)
 		{m_queue.IsolatedInitialize(parameters); m_lengths.assign(1, 0U); m_messageCounts.assign(1, 0U);}
 	size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking)
@@ -54,10 +68,23 @@
 	unsigned int NumberOfMessageSeries() const
 		{return (unsigned int)m_messageCounts.size()-1;}
 
+	/// \brief Copy messages from this object to another BufferedTransformation.
+	/// \param target the destination BufferedTransformation
+	/// \param count the number of messages to copy
+	/// \param channel the channel on which the transfer should occur
+	/// \return the number of messages that remain in the copy (i.e., messages not copied)
 	unsigned int CopyMessagesTo(BufferedTransformation &target, unsigned int count=UINT_MAX, const std::string &channel=DEFAULT_CHANNEL) const;
 
+	/// \brief Peek data in the queue
+	/// \param contiguousSize the size of the data
+	/// \details Spy() peeks at data at the head of the queue. Spy() does
+	///  not remove data from the queue.
+	/// \details The data's size is returned in contiguousSize.
+	///  Spy() returns the size of the first message in the list.
 	const byte * Spy(size_t &contiguousSize) const;
 
+	/// \brief Swap contents with another MessageQueue
+	/// \param rhs the other MessageQueue
 	void swap(MessageQueue &rhs);
 
 private:
@@ -66,26 +93,39 @@
 	std::deque m_messageCounts;
 };
 
-
-/// A filter that checks messages on two channels for equality
+/// \brief Filter that checks messages on two channels for equality
 class CRYPTOPP_DLL EqualityComparisonFilter : public Unflushable >
 {
 public:
-	struct MismatchDetected : public Exception {MismatchDetected() : Exception(DATA_INTEGRITY_CHECK_FAILED, "EqualityComparisonFilter: did not receive the same data on two channels") {}};
-
-	/*! if throwIfNotEqual is false, this filter will output a '\\0' byte when it detects a mismatch, '\\1' otherwise */
+	/// \brief Different messages were detected
+	struct MismatchDetected : public Exception
+	{
+		/// \brief Construct a MismatchDetected exception
+		MismatchDetected() : Exception(DATA_INTEGRITY_CHECK_FAILED, "EqualityComparisonFilter: did not receive the same data on two channels") {}
+	};
+
+	/// \brief Construct an EqualityComparisonFilter
+	/// \param attachment an attached transformation
+	/// \param throwIfNotEqual flag indicating whether the objects throws
+	/// \param firstChannel string naming the first channel
+	/// \param secondChannel string naming the second channel
+	/// \throw MismatchDetected if throwIfNotEqual is true and not equal
+	/// \details If throwIfNotEqual is false, this filter will output a '\\0'
+	///  byte when it detects a mismatch, '\\1' otherwise.
 	EqualityComparisonFilter(BufferedTransformation *attachment=NULLPTR, bool throwIfNotEqual=true, const std::string &firstChannel="0", const std::string &secondChannel="1")
 		: m_throwIfNotEqual(throwIfNotEqual), m_mismatchDetected(false)
 		, m_firstChannel(firstChannel), m_secondChannel(secondChannel)
 		{Detach(attachment);}
 
+	// BufferedTransformation
 	size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking);
 	bool ChannelMessageSeriesEnd(const std::string &channel, int propagation=-1, bool blocking=true);
 
-private:
+protected:
 	unsigned int MapChannel(const std::string &channel) const;
 	bool HandleMismatchDetected(bool blocking);
 
+private:
 	bool m_throwIfNotEqual, m_mismatchDetected;
 	std::string m_firstChannel, m_secondChannel;
 	MessageQueue m_q[2];
diff -Nru libcrypto++-8.4.0/nbtheory.cpp libcrypto++-8.6.0/nbtheory.cpp
--- libcrypto++-8.4.0/nbtheory.cpp	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/nbtheory.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -490,7 +490,7 @@
 		// progression p = p_0 + \lambda * q2 = p_0 + 2 * \lambda * q,
 		// with q the recursively generated prime above. We will be able
 		// to use Lucas tets for proving primality. A trick of Quisquater
-		// allows taking q > cubic_root(p) rather then square_root: this
+		// allows taking q > cubic_root(p) rather than square_root: this
 		// decreases the recursion.
 
 		p.Randomize(rng, minP, maxP, Integer::ANY, 1, q2);
diff -Nru libcrypto++-8.4.0/nbtheory.h libcrypto++-8.6.0/nbtheory.h
--- libcrypto++-8.4.0/nbtheory.h	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/nbtheory.h	2021-09-24 11:48:47.000000000 +0000
@@ -105,7 +105,7 @@
 /// \param level the level of thoroughness of testing
 /// \return true if p is a strong probable prime, false otherwise
 /// \details VerifyPrime() is suitable for testing candidate primes created by others. Internally,
-///   VerifyPrime() utilizes IsPrime() and one-round RabinMillerTest(). If the candiate passes and
+///   VerifyPrime() utilizes IsPrime() and one-round RabinMillerTest(). If the candidate passes and
 ///   level is greater than 1, then 10 round RabinMillerTest() primality testing is performed.
 CRYPTOPP_DLL bool CRYPTOPP_API VerifyPrime(RandomNumberGenerator &rng, const Integer &p, unsigned int level = 1);
 
@@ -181,7 +181,7 @@
 /// \brief Calculate the Jacobi symbol
 /// \param a the first term
 /// \param b the second term
-/// \return the the Jacobi symbol.
+/// \return the Jacobi symbol.
 /// \details Jacobi symbols are calculated using the following rules:
 ///  -# if b is prime, then Jacobi(a, b), then return 0
 ///  -# if a%b==0 AND a is quadratic residue mod b, then return 1
@@ -305,7 +305,7 @@
 	const Integer& SubPrime() const {return q;}
 
 	/// \brief Retrieve the generator
-	/// \return Generator() returns the the generator g.
+	/// \return Generator() returns the generator g.
 	const Integer& Generator() const {return g;}
 
 private:
diff -Nru libcrypto++-8.4.0/oids.h libcrypto++-8.6.0/oids.h
--- libcrypto++-8.4.0/oids.h	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/oids.h	2021-09-24 11:48:47.000000000 +0000
@@ -83,6 +83,9 @@
 					DEFINE_OID(rsadsi_digestAlgorithm()+5, id_md5)
 	DEFINE_OID(iso()+3, identified_organization)
 		// Arc from http://tools.ietf.org/html/draft-josefsson-pkix-newcurves
+		// GNU and OpenPGP uses 1.3.6.1.4.1.11591.15.1 for Ed25519. See
+		// https://www.gnu.org/prep/standards/html_node/OID-Allocations.html,
+		// https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-rfc4880bis
 		DEFINE_OID(identified_organization()+6, dod)
 			DEFINE_OID(dod()+1, internet)
 				DEFINE_OID(internet()+4, internet_private)
diff -Nru libcrypto++-8.4.0/osrng.h libcrypto++-8.6.0/osrng.h
--- libcrypto++-8.4.0/osrng.h	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/osrng.h	2021-09-24 11:48:47.000000000 +0000
@@ -140,7 +140,7 @@
 
 /// OS_GenerateRandomBlock
 /// \brief Generate random array of bytes
-/// \param blocking specifies whther a bobcking or non-blocking generator should be used
+/// \param blocking specifies whether a blocking or non-blocking generator should be used
 /// \param output the byte buffer
 /// \param size the length of the buffer, in bytes
 /// \details OS_GenerateRandomBlock() uses the underlying operating system's
@@ -245,7 +245,7 @@
 {
 	enum {BlockSize=BLOCK_CIPHER::BLOCKSIZE};
 	enum {KeyLength=BLOCK_CIPHER::DEFAULT_KEYLENGTH};
-	enum {SeedSize=BlockSize + KeyLength};
+	enum {SeedSize=EnumToInt(BlockSize)+EnumToInt(KeyLength)};
 
 	SecByteBlock seed(SeedSize), temp(SeedSize);
 	const byte label[] = "X9.17 key generation";
diff -Nru libcrypto++-8.4.0/ossig.h libcrypto++-8.6.0/ossig.h
--- libcrypto++-8.4.0/ossig.h	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/ossig.h	2021-09-24 11:48:47.000000000 +0000
@@ -29,7 +29,7 @@
 /// \brief Null signal handler function
 /// \param unused the signal number
 /// \details NullSignalHandler is provided as a stand alone function with external "C" linkage
-///  and not a static member function due to the the member function's implicit
+///  and not a static member function due to the member function's implicit
 ///  external "C++" linkage.
 /// \sa SignalHandler, SignalHandlerFn
 extern "C" {
diff -Nru libcrypto++-8.4.0/ppc_simd.h libcrypto++-8.6.0/ppc_simd.h
--- libcrypto++-8.4.0/ppc_simd.h	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/ppc_simd.h	2021-09-24 11:48:47.000000000 +0000
@@ -120,7 +120,7 @@
 // XL C++ on AIX does not define VSX and does not
 // provide an option to set it. We have to set it
 // for the code below. This define must stay in
-// sync with the define in test_ppc_power7.cxx.
+// sync with the define in test_ppc_power7.cpp.
 #ifndef CRYPTOPP_DISABLE_POWER7
 # if defined(_AIX) && defined(_ARCH_PWR7) && defined(__xlC__)
 #  define __VSX__ 1
@@ -130,7 +130,7 @@
 // XL C++ on AIX does not define CRYPTO and does not
 // provide an option to set it. We have to set it
 // for the code below. This define must stay in
-// sync with the define in test_ppc_power8.cxx
+// sync with the define in test_ppc_power8.cpp
 #ifndef CRYPTOPP_DISABLE_POWER8
 # if defined(_AIX) && defined(_ARCH_PWR8) && defined(__xlC__)
 #  define __CRYPTO__ 1
@@ -2510,7 +2510,7 @@
 ///  The 0x00 indicates the low 64-bits of a and b
 ///  are multiplied.
 /// \note An Intel XMM register is composed of 128-bits. The leftmost bit
-///  is MSB and numbered 127, while the the rightmost bit is LSB and numbered 0.
+///  is MSB and numbered 127, while the rightmost bit is LSB and numbered 0.
 /// \par Wraps
 ///  __vpmsumd, __builtin_altivec_crypto_vpmsumd and __builtin_crypto_vpmsumd.
 /// \since Crypto++ 8.0
@@ -2532,7 +2532,7 @@
 ///  The 0x01 indicates the low 64-bits of a and high
 ///  64-bits of b are multiplied.
 /// \note An Intel XMM register is composed of 128-bits. The leftmost bit
-///  is MSB and numbered 127, while the the rightmost bit is LSB and numbered 0.
+///  is MSB and numbered 127, while the rightmost bit is LSB and numbered 0.
 /// \par Wraps
 ///  __vpmsumd, __builtin_altivec_crypto_vpmsumd and __builtin_crypto_vpmsumd.
 /// \since Crypto++ 8.0
@@ -2554,7 +2554,7 @@
 ///  The 0x10 indicates the high 64-bits of a and low
 ///  64-bits of b are multiplied.
 /// \note An Intel XMM register is composed of 128-bits. The leftmost bit
-///  is MSB and numbered 127, while the the rightmost bit is LSB and numbered 0.
+///  is MSB and numbered 127, while the rightmost bit is LSB and numbered 0.
 /// \par Wraps
 ///  __vpmsumd, __builtin_altivec_crypto_vpmsumd and __builtin_crypto_vpmsumd.
 /// \since Crypto++ 8.0
@@ -2576,7 +2576,7 @@
 ///  The 0x11 indicates the high 64-bits of a and b
 ///  are multiplied.
 /// \note An Intel XMM register is composed of 128-bits. The leftmost bit
-///  is MSB and numbered 127, while the the rightmost bit is LSB and numbered 0.
+///  is MSB and numbered 127, while the rightmost bit is LSB and numbered 0.
 /// \par Wraps
 ///  __vpmsumd, __builtin_altivec_crypto_vpmsumd and __builtin_crypto_vpmsumd.
 /// \since Crypto++ 8.0
diff -Nru libcrypto++-8.4.0/pssr.h libcrypto++-8.6.0/pssr.h
--- libcrypto++-8.4.0/pssr.h	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/pssr.h	2021-09-24 11:48:47.000000000 +0000
@@ -1,7 +1,7 @@
 // pssr.h - originally written and placed in the public domain by Wei Dai
 
 /// \file pssr.h
-/// \brief Classes for probablistic signature schemes
+/// \brief Classes for probabilistic signature schemes
 /// \since Crypto++ 2.1
 
 #ifndef CRYPTOPP_PSSR_H
@@ -66,8 +66,8 @@
 /// \tparam SALT_LEN length of the salt
 /// \tparam MIN_PAD_LEN minimum length of the pad
 /// \tparam USE_HASH_ID flag indicating whether the HashId is used
-/// \details If ALLOW_RECOVERY is true, the the signature scheme provides message recovery. If
-///  ALLOW_RECOVERY is false, the the signature scheme is appendix, and the message must be
+/// \details If ALLOW_RECOVERY is true, the signature scheme provides message recovery. If
+///  ALLOW_RECOVERY is false, the signature scheme is appendix, and the message must be
 ///  provided during verification.
 /// \since Crypto++ 2.1
 template 
diff -Nru libcrypto++-8.4.0/pubkey.h libcrypto++-8.6.0/pubkey.h
--- libcrypto++-8.4.0/pubkey.h	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/pubkey.h	2021-09-24 11:48:47.000000000 +0000
@@ -22,10 +22,10 @@
 /// 
    
 ///   
  • x1, y1, z1 are abstract interface classes defined in cryptlib.h
 ///   
  • x2, y2, z2 are implementations of the interfaces using "abstract policies", which
-/// 	  are pure virtual functions that should return interfaces to interchangeable algorithms.
-/// 	  These classes have Base suffixes.
+///       are pure virtual functions that should return interfaces to interchangeable algorithms.
+///       These classes have Base suffixes.
 ///   
  • x3, y3, z3 hold actual algorithms and implement those virtual functions.
-/// 	  These classes have Impl suffixes.
+///       These classes have Impl suffixes.
 /// 

 ///
 /// \details The TF_ prefix means an implementation using trapdoor functions on integers.
@@ -62,13 +62,13 @@
 
 /// \brief Provides range for plaintext and ciphertext lengths
 /// \details A trapdoor function is a function that is easy to compute in one direction,
-///   but difficult to compute in the opposite direction without special knowledge.
-///   The special knowledge is usually the private key.
+///  but difficult to compute in the opposite direction without special knowledge.
+///  The special knowledge is usually the private key.
 /// \details Trapdoor functions only handle messages of a limited length or size.
-///   MaxPreimage is the plaintext's maximum length, and MaxImage is the
-///   ciphertext's maximum length.
+///  MaxPreimage is the plaintext's maximum length, and MaxImage is the
+///  ciphertext's maximum length.
 /// \sa TrapdoorFunctionBounds(), RandomizedTrapdoorFunction(), TrapdoorFunction(),
-///   RandomizedTrapdoorFunctionInverse() and TrapdoorFunctionInverse()
+///  RandomizedTrapdoorFunctionInverse() and TrapdoorFunctionInverse()
 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TrapdoorFunctionBounds
 {
 public:
@@ -87,16 +87,16 @@
 	/// \details The default implementation returns PreimageBound() - 1.
 	virtual Integer MaxPreimage() const {return --PreimageBound();}
 	/// \brief Returns the maximum size of a message after the trapdoor function is applied bound to a public key
-	/// \return the the maximum size of a message after the trapdoor function is applied bound to a public key
+	/// \return the maximum size of a message after the trapdoor function is applied bound to a public key
 	/// \details The default implementation returns ImageBound() - 1.
 	virtual Integer MaxImage() const {return --ImageBound();}
 };
 
 /// \brief Applies the trapdoor function, using random data if required
 /// \details ApplyFunction() is the foundation for encrypting a message under a public key.
-///   Derived classes will override it at some point.
+///  Derived classes will override it at some point.
 /// \sa TrapdoorFunctionBounds(), RandomizedTrapdoorFunction(), TrapdoorFunction(),
-///   RandomizedTrapdoorFunctionInverse() and TrapdoorFunctionInverse()
+///  RandomizedTrapdoorFunctionInverse() and TrapdoorFunctionInverse()
 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE RandomizedTrapdoorFunction : public TrapdoorFunctionBounds
 {
 public:
@@ -107,8 +107,8 @@
 	/// \param x the message on which the encryption function is applied
 	/// \return the message x encrypted under the public key
 	/// \details ApplyRandomizedFunction is a generalization of encryption under a public key
-	///    cryptosystem. The RandomNumberGenerator may (or may not) be required.
-	///    Derived classes must implement it.
+	///   cryptosystem. The RandomNumberGenerator may (or may not) be required.
+	///   Derived classes must implement it.
 	virtual Integer ApplyRandomizedFunction(RandomNumberGenerator &rng, const Integer &x) const =0;
 
 	/// \brief Determines if the encryption algorithm is randomized
@@ -119,9 +119,9 @@
 
 /// \brief Applies the trapdoor function
 /// \details ApplyFunction() is the foundation for encrypting a message under a public key.
-///    Derived classes will override it at some point.
+///   Derived classes will override it at some point.
 /// \sa TrapdoorFunctionBounds(), RandomizedTrapdoorFunction(), TrapdoorFunction(),
-///   RandomizedTrapdoorFunctionInverse() and TrapdoorFunctionInverse()
+///  RandomizedTrapdoorFunctionInverse() and TrapdoorFunctionInverse()
 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TrapdoorFunction : public RandomizedTrapdoorFunction
 {
 public:
@@ -131,9 +131,9 @@
 	/// \param rng a RandomNumberGenerator derived class
 	/// \param x the message on which the encryption function is applied
 	/// \details ApplyRandomizedFunction is a generalization of encryption under a public key
-	///    cryptosystem. The RandomNumberGenerator may (or may not) be required.
+	///   cryptosystem. The RandomNumberGenerator may (or may not) be required.
 	/// \details Internally, ApplyRandomizedFunction() calls ApplyFunction() \a
-	///   without the RandomNumberGenerator.
+	///  without the RandomNumberGenerator.
 	Integer ApplyRandomizedFunction(RandomNumberGenerator &rng, const Integer &x) const
 		{CRYPTOPP_UNUSED(rng); return ApplyFunction(x);}
 	bool IsRandomized() const {return false;}
@@ -142,15 +142,15 @@
 	/// \param x the message on which the encryption function is applied
 	/// \return the message x encrypted under the public key
 	/// \details ApplyFunction is a generalization of encryption under a public key
-	///    cryptosystem. Derived classes must implement it.
+	///   cryptosystem. Derived classes must implement it.
 	virtual Integer ApplyFunction(const Integer &x) const =0;
 };
 
 /// \brief Applies the inverse of the trapdoor function, using random data if required
 /// \details CalculateInverse() is the foundation for decrypting a message under a private key
-///   in a public key cryptosystem. Derived classes will override it at some point.
+///  in a public key cryptosystem. Derived classes will override it at some point.
 /// \sa TrapdoorFunctionBounds(), RandomizedTrapdoorFunction(), TrapdoorFunction(),
-///   RandomizedTrapdoorFunctionInverse() and TrapdoorFunctionInverse()
+///  RandomizedTrapdoorFunctionInverse() and TrapdoorFunctionInverse()
 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE RandomizedTrapdoorFunctionInverse
 {
 public:
@@ -161,7 +161,7 @@
 	/// \param x the message on which the decryption function is applied
 	/// \return the message x decrypted under the private key
 	/// \details CalculateRandomizedInverse is a generalization of decryption using the private key
-	///    The RandomNumberGenerator may (or may not) be required. Derived classes must implement it.
+	///   The RandomNumberGenerator may (or may not) be required. Derived classes must implement it.
 	virtual Integer CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const =0;
 
 	/// \brief Determines if the decryption algorithm is randomized
@@ -172,9 +172,9 @@
 
 /// \brief Applies the inverse of the trapdoor function
 /// \details CalculateInverse() is the foundation for decrypting a message under a private key
-///   in a public key cryptosystem. Derived classes will override it at some point.
+///  in a public key cryptosystem. Derived classes will override it at some point.
 /// \sa TrapdoorFunctionBounds(), RandomizedTrapdoorFunction(), TrapdoorFunction(),
-///   RandomizedTrapdoorFunctionInverse() and TrapdoorFunctionInverse()
+///  RandomizedTrapdoorFunctionInverse() and TrapdoorFunctionInverse()
 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TrapdoorFunctionInverse : public RandomizedTrapdoorFunctionInverse
 {
 public:
@@ -186,7 +186,7 @@
 	/// \return the message x decrypted under the private key
 	/// \details CalculateRandomizedInverse is a generalization of decryption using the private key
 	/// \details Internally, CalculateRandomizedInverse() calls CalculateInverse() \a
-	///   without the RandomNumberGenerator.
+	///  without the RandomNumberGenerator.
 	Integer CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const
 		{return CalculateInverse(rng, x);}
 
@@ -304,9 +304,9 @@
 
 /// \brief Interface for message encoding method for public key signature schemes.
 /// \details PK_SignatureMessageEncodingMethod provides interfaces for message
-///   encoding method for public key signature schemes. The methods support both
-///   trapdoor functions (TF_*) and discrete logarithm (DL_*)
-///   based schemes.
+///  encoding method for public key signature schemes. The methods support both
+///  trapdoor functions (TF_*) and discrete logarithm (DL_*)
+///  based schemes.
 class CRYPTOPP_NO_VTABLE PK_SignatureMessageEncodingMethod
 {
 public:
@@ -320,9 +320,9 @@
 	/// \brief Determines whether an encoding method requires a random number generator
 	/// \return true if the encoding method requires a RandomNumberGenerator()
 	/// \details if IsProbabilistic() returns false, then NullRNG() can be passed to functions that take
-	///   RandomNumberGenerator().
+	///  RandomNumberGenerator().
 	/// \sa Bellare and RogawayPSS:
-	///   Provably Secure Encoding Method for Digital Signatures
+	///  Provably Secure Encoding Method for Digital Signatures
 	bool IsProbabilistic() const
 		{return true;}
 	bool AllowNonrecoverablePart() const
@@ -387,7 +387,7 @@
 
 /// \brief Interface for message encoding method for public key signature schemes.
 /// \details PK_DeterministicSignatureMessageEncodingMethod provides interfaces
-///   for message encoding method for public key signature schemes.
+///  for message encoding method for public key signature schemes.
 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_DeterministicSignatureMessageEncodingMethod : public PK_SignatureMessageEncodingMethod
 {
 public:
@@ -398,7 +398,7 @@
 
 /// \brief Interface for message encoding method for public key signature schemes.
 /// \details PK_RecoverableSignatureMessageEncodingMethod provides interfaces
-///   for message encoding method for public key signature schemes.
+///  for message encoding method for public key signature schemes.
 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_RecoverableSignatureMessageEncodingMethod : public PK_SignatureMessageEncodingMethod
 {
 public:
@@ -409,7 +409,7 @@
 
 /// \brief Interface for message encoding method for public key signature schemes.
 /// \details DL_SignatureMessageEncodingMethod_DSA provides interfaces
-///   for message encoding method for DSA.
+///  for message encoding method for DSA.
 class CRYPTOPP_DLL DL_SignatureMessageEncodingMethod_DSA : public PK_DeterministicSignatureMessageEncodingMethod
 {
 public:
@@ -421,7 +421,7 @@
 
 /// \brief Interface for message encoding method for public key signature schemes.
 /// \details DL_SignatureMessageEncodingMethod_NR provides interfaces
-///   for message encoding method for Nyberg-Rueppel.
+///  for message encoding method for Nyberg-Rueppel.
 class CRYPTOPP_DLL DL_SignatureMessageEncodingMethod_NR : public PK_DeterministicSignatureMessageEncodingMethod
 {
 public:
@@ -434,7 +434,7 @@
 #if 0
 /// \brief Interface for message encoding method for public key signature schemes.
 /// \details DL_SignatureMessageEncodingMethod_SM2 provides interfaces
-///   for message encoding method for SM2.
+///  for message encoding method for SM2.
 class CRYPTOPP_DLL DL_SignatureMessageEncodingMethod_SM2 : public PK_DeterministicSignatureMessageEncodingMethod
 {
 public:
@@ -447,7 +447,7 @@
 
 /// \brief Interface for message encoding method for public key signature schemes.
 /// \details PK_MessageAccumulatorBase provides interfaces
-///   for message encoding method.
+///  for message encoding method.
 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_MessageAccumulatorBase : public PK_MessageAccumulator
 {
 public:
@@ -468,7 +468,7 @@
 
 /// \brief Interface for message encoding method for public key signature schemes.
 /// \details PK_MessageAccumulatorBase provides interfaces
-///   for message encoding method.
+///  for message encoding method.
 template 
 class PK_MessageAccumulatorImpl : public PK_MessageAccumulatorBase, protected ObjectHolder
 {
@@ -692,7 +692,7 @@
 	/// \brief Generate and apply mask
 	/// \param hash HashTransformation derived class
 	/// \param output the destination byte array
-	/// \param outputLength the size fo the the destination byte array
+	/// \param outputLength the size of the destination byte array
 	/// \param input the message to hash
 	/// \param inputLength the size of the message
 	/// \param mask flag indicating whether to apply the mask
@@ -703,7 +703,7 @@
 /// \brief P1363 mask generation function
 /// \param hash HashTransformation derived class
 /// \param output the destination byte array
-/// \param outputLength the size fo the the destination byte array
+/// \param outputLength the size of the destination byte array
 /// \param input the message to hash
 /// \param inputLength the size of the message
 /// \param derivationParams additional derivation parameters
@@ -721,13 +721,13 @@
 	/// \brief The algorithm name
 	/// \return the algorithm name
 	/// \details StaticAlgorithmName returns the algorithm's name as a static
-	///   member function.
+	///  member function.
 	CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "MGF1";}
 
 	/// \brief P1363 mask generation function
 	/// \param hash HashTransformation derived class
 	/// \param output the destination byte array
-	/// \param outputLength the size fo the the destination byte array
+	/// \param outputLength the size of the destination byte array
 	/// \param input the message to hash
 	/// \param inputLength the size of the message
 	/// \param mask flag indicating whether to apply the mask
@@ -751,7 +751,7 @@
 public:
 	/// \brief P1363 key derivation function
 	/// \param output the destination byte array
-	/// \param outputLength the size fo the the destination byte array
+	/// \param outputLength the size of the destination byte array
 	/// \param input the message to hash
 	/// \param inputLength the size of the message
 	/// \param derivationParams additional derivation parameters
@@ -825,9 +825,9 @@
 	/// \param precomputationStorage the suggested number of objects for the precompute table
 	/// \throw NotImplemented
 	/// \details The exact semantics of Precompute() varies, but it typically means calculate
-	///   a table of n objects that can be used later to speed up computation.
+	///  a table of n objects that can be used later to speed up computation.
 	/// \details If a derived class does not override Precompute(), then the base class throws
-	///   NotImplemented.
+	///  NotImplemented.
 	/// \sa SupportsPrecomputation(), LoadPrecomputation(), SavePrecomputation()
 	void Precompute(unsigned int precomputationStorage=16)
 	{
@@ -917,7 +917,7 @@
 	/// \param reversible flag indicating the encoding format
 	/// \return encoded element's size, in bytes
 	/// \details The format of the encoded element varies by the underlying type of the element and the
-	///   reversible flag. GetEncodedElementSize() must be implemented in a derived class.
+	///  reversible flag. GetEncodedElementSize() must be implemented in a derived class.
 	/// \sa GetEncodedElementSize(), EncodeElement(), DecodeElement()
 	virtual unsigned int GetEncodedElementSize(bool reversible) const =0;
 
@@ -948,14 +948,14 @@
 	/// \param level level of thoroughness
 	/// \return true if the tests succeed, false otherwise
 	/// \details There are four levels of thoroughness:
-	///   
    
-	///   
  • 0 - using this object won't cause a crash or exception
-	///   
  • 1 - this object will probably function, and encrypt, sign, other operations correctly
-	///   
  • 2 - ensure this object will function correctly, and perform reasonable security checks
-	///   
  • 3 - perform reasonable security checks, and do checks that may take a long time
-	///   

+	///  
    
+	///  
  • 0 - using this object won't cause a crash or exception
+	///  
  • 1 - this object will probably function, and encrypt, sign, other operations correctly
+	///  
  • 2 - ensure this object will function correctly, and perform reasonable security checks
+	///  
  • 3 - perform reasonable security checks, and do checks that may take a long time
+	///  

 	/// \details Level 0 does not require a RandomNumberGenerator. A NullRNG() can be used for level 0.
-	///   Level 1 may not check for weak keys and such. Levels 2 and 3 are recommended.
+	///  Level 1 may not check for weak keys and such. Levels 2 and 3 are recommended.
 	/// \details ValidateGroup() must be implemented in a derived class.
 	virtual bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const =0;
 
@@ -965,14 +965,14 @@
 	/// \param precomp optional pointer to DL_FixedBasePrecomputation
 	/// \return true if the tests succeed, false otherwise
 	/// \details There are four levels of thoroughness:
-	///   
    
-	///   
  • 0 - using this object won't cause a crash or exception
-	///   
  • 1 - this object will probably function, and encrypt, sign, other operations correctly
-	///   
  • 2 - ensure this object will function correctly, and perform reasonable security checks
-	///   
  • 3 - perform reasonable security checks, and do checks that may take a long time
-	///   

+	///  
    
+	///  
  • 0 - using this object won't cause a crash or exception
+	///  
  • 1 - this object will probably function, and encrypt, sign, other operations correctly
+	///  
  • 2 - ensure this object will function correctly, and perform reasonable security checks
+	///  
  • 3 - perform reasonable security checks, and do checks that may take a long time
+	///  

 	/// \details Level 0 performs group membership checks. Level 1 may not check for weak keys and such.
-	///   Levels 2 and 3 are recommended.
+	///  Levels 2 and 3 are recommended.
 	/// \details ValidateElement() must be implemented in a derived class.
 	virtual bool ValidateElement(unsigned int level, const Element &element, const DL_FixedBasePrecomputation *precomp) const =0;
 
@@ -982,7 +982,7 @@
 	/// \param element element to check
 	/// \return true if the element is an identity, false otherwise
 	/// \details The identity element or or neutral element is a special element in a group that leaves
-	///   other elements unchanged when combined with it.
+	///  other elements unchanged when combined with it.
 	/// \details IsIdentity() must be implemented in a derived class.
 	virtual bool IsIdentity(const Element &element) const =0;
 
@@ -992,7 +992,7 @@
 	/// \param exponents an array of exponents
 	/// \param exponentsCount the number of exponents in the array
 	/// \details SimultaneousExponentiate() raises the base to each exponent in the exponents array and stores the
-	///   result at the respective position in the results array.
+	///  result at the respective position in the results array.
 	/// \details SimultaneousExponentiate() must be implemented in a derived class.
 	/// \pre COUNTOF(results) == exponentsCount
 	/// \pre COUNTOF(exponents) == exponentsCount
@@ -1071,9 +1071,9 @@
 	/// \return true if the value was retrieved, false otherwise
 	/// \details GetVoidValue() retrieves the value of name if it exists.
 	/// \note GetVoidValue() is an internal function and should be implemented
-	///   by derived classes. Users should use one of the other functions instead.
+	///  by derived classes. Users should use one of the other functions instead.
 	/// \sa GetValue(), GetValueWithDefault(), GetIntValue(), GetIntValueWithDefault(),
-	///   GetRequiredParameter() and GetRequiredIntParameter()
+	///  GetRequiredParameter() and GetRequiredIntParameter()
 	bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
 	{
 		return GetValueHelper(this, name, valueType, pValue, &this->GetAbstractGroupParameters())
@@ -1106,7 +1106,7 @@
 	/// \param publicExp the second exponent
 	/// \return the public element raised to the exponent
 	/// \details CascadeExponentiateBaseAndPublicElement raises the public element to
-	///   the base element and precomputation.
+	///  the base element and precomputation.
 	virtual Element CascadeExponentiateBaseAndPublicElement(const Integer &baseExp, const Integer &publicExp) const
 	{
 		const DL_GroupParameters ¶ms = this->GetAbstractGroupParameters();
@@ -1115,14 +1115,14 @@
 
 	/// \brief Accesses the public precomputation
 	/// \details GetPublicPrecomputation returns a const reference, while
-	///   AccessPublicPrecomputation returns a non-const reference. Must be
-	///   overridden in derived classes.
+	///  AccessPublicPrecomputation returns a non-const reference. Must be
+	///  overridden in derived classes.
 	virtual const DL_FixedBasePrecomputation & GetPublicPrecomputation() const =0;
 
 	/// \brief Accesses the public precomputation
 	/// \details GetPublicPrecomputation returns a const reference, while
-	///   AccessPublicPrecomputation returns a non-const reference. Must be
-	///   overridden in derived classes.
+	///  AccessPublicPrecomputation returns a non-const reference. Must be
+	///  overridden in derived classes.
 	virtual DL_FixedBasePrecomputation & AccessPublicPrecomputation() =0;
 };
 
@@ -1156,9 +1156,9 @@
 	/// \return true if the value was retrieved, false otherwise
 	/// \details GetVoidValue() retrieves the value of name if it exists.
 	/// \note GetVoidValue() is an internal function and should be implemented
-	///   by derived classes. Users should use one of the other functions instead.
+	///  by derived classes. Users should use one of the other functions instead.
 	/// \sa GetValue(), GetValueWithDefault(), GetIntValue(), GetIntValueWithDefault(),
-	///   GetRequiredParameter() and GetRequiredIntParameter()
+	///  GetRequiredParameter() and GetRequiredIntParameter()
 	bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
 	{
 		return GetValueHelper(this, name, valueType, pValue, &this->GetAbstractGroupParameters())
@@ -1400,7 +1400,8 @@
 DL_PublicKeyImpl::~DL_PublicKeyImpl() {}
 
 /// \brief Interface for Elgamal-like signature algorithms
-/// \tparam T Field element
+/// \tparam T Field element type or class
+/// \details Field element T can be Integer, ECP or EC2N.
 template 
 class CRYPTOPP_NO_VTABLE DL_ElgamalLikeSignatureAlgorithm
 {
@@ -1468,7 +1469,9 @@
 };
 
 /// \brief Interface for DL key agreement algorithms
-/// \tparam T Field element
+/// \tparam T Field element type or class
+/// \details Field element T can be Integer, ECP or EC2N.
+/// \sa DLIES, ECIES, ECIES_P1363
 template 
 class CRYPTOPP_NO_VTABLE DL_KeyAgreementAlgorithm
 {
@@ -1482,7 +1485,9 @@
 };
 
 /// \brief Interface for key derivation algorithms used in DL cryptosystems
-/// \tparam T Field element
+/// \tparam T Field element type or class
+/// \details Field element T can be Integer, ECP or EC2N.
+/// \sa DLIES, ECIES, ECIES_P1363
 template 
 class CRYPTOPP_NO_VTABLE DL_KeyDerivationAlgorithm
 {
@@ -1495,6 +1500,7 @@
 };
 
 /// \brief Interface for symmetric encryption algorithms used in DL cryptosystems
+/// \sa DLIES, ECIES, ECIES_P1363
 class CRYPTOPP_NO_VTABLE DL_SymmetricEncryptionAlgorithm
 {
 public:
@@ -1531,7 +1537,7 @@
 /// \tparam INTFACE PK_Signer or PK_Verifier derived class
 /// \tparam KEY_INTFACE DL_Base key base used in the scheme
 /// \details DL_SignatureSchemeBase provides common functions for signers and verifiers.
-///   DL_Base is used for signers, and DL_Base is used for verifiers.
+///  DL_Base is used for signers, and DL_Base is used for verifiers.
 template 
 class CRYPTOPP_NO_VTABLE DL_SignatureSchemeBase : public INTFACE, public DL_Base
 {
@@ -1553,7 +1559,7 @@
 		{return GetMessageEncodingInterface().MaxRecoverableLength(0, GetHashIdentifier().second, GetDigestSize());}
 
 	/// \brief Provides the maximum recoverable length
-	/// \param signatureLength the size fo the signature
+	/// \param signatureLength the size of the signature
 	/// \return maximum recoverable length based on signature length, in bytes
 	/// \details this function is not implemented and always returns 0.
 	size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const
@@ -1588,7 +1594,8 @@
 };
 
 /// \brief Discrete Log (DL) signature scheme signer base implementation
-/// \tparam T Field element
+/// \tparam T Field element type or class
+/// \details Field element T can be Integer, ECP or EC2N.
 template 
 class CRYPTOPP_NO_VTABLE DL_SignerBase : public DL_SignatureSchemeBase >
 {
@@ -1705,7 +1712,8 @@
 };
 
 /// \brief Discret Log (DL) Verifier base class
-/// \tparam T Field element
+/// \tparam T Field element type or class
+/// \details Field element T can be Integer, ECP or EC2N.
 template 
 class CRYPTOPP_NO_VTABLE DL_VerifierBase : public DL_SignatureSchemeBase >
 {
@@ -1816,7 +1824,8 @@
 };
 
 /// \brief Discrete Log (DL) decryptor base implementation
-/// \tparam T Field element
+/// \tparam T Field element type or class
+/// \details Field element T can be Integer, ECP or EC2N.
 template 
 class CRYPTOPP_NO_VTABLE DL_DecryptorBase : public DL_CryptoSystemBase >
 {
@@ -1856,7 +1865,8 @@
 };
 
 /// \brief Discrete Log (DL) encryptor base implementation
-/// \tparam T Field element
+/// \tparam T Field element type or class
+/// \details Field element T can be Integer, ECP or EC2N.
 template 
 class CRYPTOPP_NO_VTABLE DL_EncryptorBase : public DL_CryptoSystemBase >
 {
@@ -2109,17 +2119,17 @@
 /// \brief Methods for avoiding "Small-Subgroup" attacks on Diffie-Hellman Key Agreement
 /// \details Additional methods exist and include public key validation and choice of prime p.
 /// \sa Methods for Avoiding the "Small-Subgroup" Attacks on the
-///   Diffie-Hellman Key Agreement Method for S/MIME
+///  Diffie-Hellman Key Agreement Method for S/MIME
 enum CofactorMultiplicationOption {
 	/// \brief No cofactor multiplication applied
 	NO_COFACTOR_MULTIPLICTION,
 	/// \brief Cofactor multiplication compatible with ordinary Diffie-Hellman
 	/// \details Modifies the computation of ZZ by including j (the cofactor) in the computations and is
-	///   compatible with ordinary Diffie-Hellman.
+	///  compatible with ordinary Diffie-Hellman.
 	COMPATIBLE_COFACTOR_MULTIPLICTION,
 	/// \brief Cofactor multiplication incompatible with ordinary Diffie-Hellman
 	/// \details Modifies the computation of ZZ by including j (the cofactor) in the computations but is
-	///   not compatible with ordinary Diffie-Hellman.
+	///  not compatible with ordinary Diffie-Hellman.
 	INCOMPATIBLE_COFACTOR_MULTIPLICTION};
 
 typedef EnumToType NoCofactorMultiplication;
@@ -2260,12 +2270,12 @@
 
 /// \brief Base class for public key encryption standard classes.
 /// \details These classes are used to select from variants of algorithms.
-///   Not all standards apply to all algorithms.
+///  Not all standards apply to all algorithms.
 struct EncryptionStandard {};
 
 /// \brief Base class for public key signature standard classes.
 /// \details These classes are used to select from variants of algorithms.
-///   Not all standards apply to all algorithms.
+///  Not all standards apply to all algorithms.
 struct SignatureStandard {};
 
 /// \brief Trapdoor Function (TF) encryption scheme
diff -Nru libcrypto++-8.4.0/queue.cpp libcrypto++-8.6.0/queue.cpp
--- libcrypto++-8.4.0/queue.cpp	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/queue.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -11,7 +11,7 @@
 
 NAMESPACE_BEGIN(CryptoPP)
 
-static const unsigned int s_maxAutoNodeSize = 16*1024;
+static const unsigned int s_maxAutoNodeSize = 16*1024u;
 
 // this class for use by ByteQueue only
 class ByteQueueNode
@@ -136,8 +136,9 @@
 // ********************************************************
 
 ByteQueue::ByteQueue(size_t nodeSize)
-	: Bufferless(), m_autoNodeSize(!nodeSize), m_nodeSize(nodeSize)
-	, m_head(NULLPTR), m_tail(NULLPTR), m_lazyString(NULLPTR), m_lazyLength(0), m_lazyStringModifiable(false)
+	: Bufferless()
+	, m_head(NULLPTR), m_tail(NULLPTR), m_lazyString(NULLPTR), m_lazyLength(0)
+	, m_nodeSize(nodeSize), m_lazyStringModifiable(false), m_autoNodeSize(!nodeSize)
 {
 	// See GH #962 for the reason for this assert.
 	CRYPTOPP_ASSERT(nodeSize != SIZE_MAX);
@@ -476,18 +477,18 @@
 	return true;
 }
 
-byte ByteQueue::operator[](lword i) const
+byte ByteQueue::operator[](lword index) const
 {
 	for (ByteQueueNode *current=m_head; current; current=current->m_next)
 	{
-		if (i < current->CurrentSize())
-			return (*current)[(size_t)i];
+		if (index < current->CurrentSize())
+			return (*current)[(size_t)index];
 
-		i -= current->CurrentSize();
+		index -= current->CurrentSize();
 	}
 
-	CRYPTOPP_ASSERT(i < m_lazyLength);
-	return m_lazyString[i];
+	CRYPTOPP_ASSERT(index < m_lazyLength);
+	return m_lazyString[index];
 }
 
 void ByteQueue::swap(ByteQueue &rhs)
diff -Nru libcrypto++-8.4.0/queue.h libcrypto++-8.6.0/queue.h
--- libcrypto++-8.4.0/queue.h	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/queue.h	2021-09-24 11:48:47.000000000 +0000
@@ -14,22 +14,29 @@
 class ByteQueueNode;
 
 /// \brief Data structure used to store byte strings
-/// \details The queue is implemented as a linked list of byte arrays
+/// \details The queue is implemented as a linked list of byte arrays.
+///  Each byte array is stored in a ByteQueueNode.
+/// \sa ByteQueue
+///  on the Crypto++ wiki.
+/// \since Crypto++ 2.0
 class CRYPTOPP_DLL ByteQueue : public Bufferless
 {
 public:
+	virtual ~ByteQueue();
+
 	/// \brief Construct a ByteQueue
 	/// \param nodeSize the initial node size
-	/// \details Internally, ByteQueue uses a ByteQueueNode to store bytes, and \p nodeSize determines the
-	///   size of the ByteQueueNode. A value of 0 indicates the ByteQueueNode should be automatically sized,
-	///   which means a value of 256 is used.
+	/// \details Internally, ByteQueue uses a ByteQueueNode to store bytes,
+	///  and nodeSize determines the size of the ByteQueueNode. A value
+	///  of 0 indicates the ByteQueueNode should be automatically sized,
+	///  which means a value of 256 is used.
 	ByteQueue(size_t nodeSize=0);
 
 	/// \brief Copy construct a ByteQueue
 	/// \param copy the other ByteQueue
 	ByteQueue(const ByteQueue ©);
-	~ByteQueue();
 
+	// BufferedTransformation
 	lword MaxRetrievable() const
 		{return CurrentSize();}
 	bool AnyRetrievable() const
@@ -48,28 +55,109 @@
 	size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true);
 	size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const;
 
-	// these member functions are not inherited
+	/// \brief Set node size
+	/// \param nodeSize the new node size, in bytes
+	/// \details The default node size is 256.
 	void SetNodeSize(size_t nodeSize);
 
+	/// \brief Determine data size
+	/// \return the data size, in bytes
 	lword CurrentSize() const;
+
+	/// \brief Determine data availability
+	/// \return true if the ByteQueue has data, false otherwise
 	bool IsEmpty() const;
 
+	/// \brief Empty the queue
 	void Clear();
 
+	/// \brief Insert data in the queue
+	/// \param inByte a byte to insert
+	/// \details Unget() inserts a byte at the head of the queue
 	void Unget(byte inByte);
+
+	/// \brief Insert data in the queue
+	/// \param inString a byte array to insert
+	/// \param length the size of the byte array
+	/// \details Unget() inserts a byte array at the head of the queue
 	void Unget(const byte *inString, size_t length);
 
+	/// \brief Peek data in the queue
+	/// \param contiguousSize the size of the data
+	/// \details Spy() peeks at data at the head of the queue. Spy() does
+	///  not remove data from the queue.
+	/// \details The data's size is returned in contiguousSize.
+	///  Spy() returns the size of the first byte array in the list. The
+	///  entire data may be larger since the queue is a linked list of
+	///  byte arrays.
 	const byte * Spy(size_t &contiguousSize) const;
 
+	/// \brief Insert data in the queue
+	/// \param inString a byte array to insert
+	/// \param size the length of the byte array
+	/// \details LazyPut() inserts a byte array at the tail of the queue.
+	///  The data may not be copied at this point. Rather, the pointer
+	///  and size to external data are recorded.
+	/// \details Another call to Put() or LazyPut() will force the data to
+	///  be copied. When lazy puts are used, the data is copied when
+	///  FinalizeLazyPut() is called.
+	/// \sa LazyPutter
 	void LazyPut(const byte *inString, size_t size);
+
+	/// \brief Insert data in the queue
+	/// \param inString a byte array to insert
+	/// \param size the length of the byte array
+	/// \details LazyPut() inserts a byte array at the tail of the queue.
+	///  The data may not be copied at this point. Rather, the pointer
+	///  and size to external data are recorded.
+	/// \details Another call to Put() or LazyPut() will force the data to
+	///  be copied. When lazy puts are used, the data is copied when
+	///  FinalizeLazyPut() is called.
+	/// \sa LazyPutter
 	void LazyPutModifiable(byte *inString, size_t size);
+
+	/// \brief Remove data from the queue
+	/// \param size the length of the data
+	/// \throw InvalidArgument if there is no lazy data in the queue or if
+	///  size is larger than the lazy string
+	/// \details UndoLazyPut() truncates data inserted using LazyPut() by
+	///  modifying size.
+	/// \sa LazyPutter
 	void UndoLazyPut(size_t size);
+
+	/// \brief Insert data in the queue
+	/// \details FinalizeLazyPut() copies external data inserted using
+	///  LazyPut() or LazyPutModifiable() into the tail of the queue.
+	/// \sa LazyPutter
 	void FinalizeLazyPut();
 
+	/// \brief Assign contents from another ByteQueue
+	/// \param rhs the other ByteQueue
+	/// \return reference to this ByteQueue
 	ByteQueue & operator=(const ByteQueue &rhs);
+
+	/// \brief Bitwise compare two ByteQueue
+	/// \param rhs the other ByteQueue
+	/// \return true if the size and bits are equal, false otherwise
+	/// \details operator==() walks each ByteQueue comparing bytes in
+	///  each queue. operator==() is not constant time.
 	bool operator==(const ByteQueue &rhs) const;
+
+	/// \brief Bitwise compare two ByteQueue
+	/// \param rhs the other ByteQueue
+	/// \return true if the size and bits are not equal, false otherwise
+	/// \details operator!=() is implemented in terms of operator==().
+	///  operator==() is not constant time.
 	bool operator!=(const ByteQueue &rhs) const {return !operator==(rhs);}
-	byte operator[](lword i) const;
+
+	/// \brief Retrieve data from the queue
+	/// \param index of byte to retrieve
+	/// \return byte at the specified index
+	/// \details operator[]() does not perform bounds checking.
+	byte operator[](lword index) const;
+
+	/// \brief Swap contents with another ByteQueue
+	/// \param rhs the other ByteQueue
 	void swap(ByteQueue &rhs);
 
 	/// \brief A ByteQueue iterator
@@ -109,37 +197,63 @@
 
 	friend class Walker;
 
-private:
+protected:
 	void CleanupUsedNodes();
 	void CopyFrom(const ByteQueue ©);
 	void Destroy();
 
-	bool m_autoNodeSize;
-	size_t m_nodeSize;
+private:
 	ByteQueueNode *m_head, *m_tail;
 	byte *m_lazyString;
 	size_t m_lazyLength;
+	size_t m_nodeSize;
 	bool m_lazyStringModifiable;
+	bool m_autoNodeSize;
 };
 
-/// use this to make sure LazyPut is finalized in event of exception
+/// \brief Helper class to finalize Puts on ByteQueue
+/// \details LazyPutter ensures LazyPut is committed to the ByteQueue
+///  in event of exception. During destruction, the LazyPutter class
+///  calls FinalizeLazyPut.
 class CRYPTOPP_DLL LazyPutter
 {
 public:
+	virtual ~LazyPutter() {
+		try {m_bq.FinalizeLazyPut();}
+		catch(const Exception&) {CRYPTOPP_ASSERT(0);}
+	}
+
+	/// \brief Construct a LazyPutter
+	/// \param bq the ByteQueue
+	/// \param inString a byte array to insert
+	/// \param size the length of the byte array
+	/// \details LazyPutter ensures LazyPut is committed to the ByteQueue
+	///  in event of exception. During destruction, the LazyPutter class
+	///  calls FinalizeLazyPut.
 	LazyPutter(ByteQueue &bq, const byte *inString, size_t size)
 		: m_bq(bq) {bq.LazyPut(inString, size);}
-	~LazyPutter()
-		{try {m_bq.FinalizeLazyPut();} catch(const Exception&) {CRYPTOPP_ASSERT(0);}}
+
 protected:
 	LazyPutter(ByteQueue &bq) : m_bq(bq) {}
+
 private:
 	ByteQueue &m_bq;
 };
 
-/// like LazyPutter, but does a LazyPutModifiable instead
+/// \brief Helper class to finalize Puts on ByteQueue
+/// \details LazyPutterModifiable ensures LazyPut is committed to the
+///  ByteQueue in event of exception. During destruction, the
+///  LazyPutterModifiable class calls FinalizeLazyPut.
 class LazyPutterModifiable : public LazyPutter
 {
 public:
+	/// \brief Construct a LazyPutterModifiable
+	/// \param bq the ByteQueue
+	/// \param inString a byte array to insert
+	/// \param size the length of the byte array
+	/// \details LazyPutterModifiable ensures LazyPut is committed to the
+	///  ByteQueue in event of exception. During destruction, the
+	///  LazyPutterModifiable class calls FinalizeLazyPut.
 	LazyPutterModifiable(ByteQueue &bq, byte *inString, size_t size)
 		: LazyPutter(bq) {bq.LazyPutModifiable(inString, size);}
 };
diff -Nru libcrypto++-8.4.0/rabbit.cpp libcrypto++-8.6.0/rabbit.cpp
--- libcrypto++-8.4.0/rabbit.cpp	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/rabbit.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -150,7 +150,7 @@
 	//  writing the result to the output buffer. In all cases the
 	//  keystream is written to the output buffer. The optional part is
 	//  adding the input buffer and keystream.
-	if ((operation & INPUT_NULL) != INPUT_NULL)
+	if ((operation & EnumToInt(INPUT_NULL)) != EnumToInt(INPUT_NULL))
 		xorbuf(output, input, GetBytesPerIteration() * iterationCount);
 }
 
@@ -252,7 +252,7 @@
 	//  writing the result to the output buffer. In all cases the
 	//  keystream is written to the output buffer. The optional part is
 	//  adding the input buffer and keystream.
-	if ((operation & INPUT_NULL) != INPUT_NULL)
+	if ((operation & EnumToInt(INPUT_NULL)) != EnumToInt(INPUT_NULL))
 		xorbuf(output, input, GetBytesPerIteration() * iterationCount);
 }
 
diff -Nru libcrypto++-8.4.0/randpool.cpp libcrypto++-8.6.0/randpool.cpp
--- libcrypto++-8.4.0/randpool.cpp	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/randpool.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -105,6 +105,28 @@
 	}
 }
 
+// GenerateWord32 is overriden and provides Crypto++ 5.4 behavior.
+// Taken from RandomNumberGenerator::GenerateWord32 in cryptlib.cpp.
+word32 OldRandomPool::GenerateWord32 (word32 min, word32 max)
+{
+	const word32 range = max-min;
+	const unsigned int maxBytes = BytePrecision(range);
+	const unsigned int maxBits = BitPrecision(range);
+
+	word32 value;
+
+	do
+	{
+		value = 0;
+		for (unsigned int i=0; i range);
+
+	return value+min;
+}
+
 void OldRandomPool::Stir()
 {
 	CFB_Mode::Encryption cipher;
diff -Nru libcrypto++-8.4.0/randpool.h libcrypto++-8.6.0/randpool.h
--- libcrypto++-8.4.0/randpool.h	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/randpool.h	2021-09-24 11:48:47.000000000 +0000
@@ -87,6 +87,10 @@
 	byte GenerateByte();
 	void GenerateBlock(byte *output, size_t size);
 
+	// GenerateWord32 is overriden and provides Crypto++ 5.4 behavior.
+	// Taken from RandomNumberSource::GenerateWord32 in cryptlib.cpp.
+	word32 GenerateWord32 (word32 min=0, word32 max=0xffffffffUL);
+
 protected:
 	void Stir();
 
diff -Nru libcrypto++-8.4.0/rdrand.h libcrypto++-8.6.0/rdrand.h
--- libcrypto++-8.4.0/rdrand.h	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/rdrand.h	2021-09-24 11:48:47.000000000 +0000
@@ -20,7 +20,7 @@
 //   GenerateBlock unconditionally retries and always fulfills the request.
 
 // Throughput varies wildly depending on processor and manufacturer. A Core i5 or
-//   Core i7 RDRAND can generate at over 200 MiB/s. It is below the theroetical
+//   Core i7 RDRAND can generate at over 200 MiB/s. It is below theroetical
 //   maximum, but it takes about 5 instructions to generate, retry and store a
 //   result. A low-end Celeron may perform RDRAND at about 7 MiB/s. RDSEED
 //   performs at about 1/4 to 1/2 the rate of RDRAND. AMD RDRAND performed poorly
diff -Nru libcrypto++-8.4.0/Readme.txt libcrypto++-8.6.0/Readme.txt
--- libcrypto++-8.4.0/Readme.txt	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/Readme.txt	2021-09-24 11:48:47.000000000 +0000
@@ -1,5 +1,5 @@
 Crypto++: free C++ Class Library of Cryptographic Schemes
-Version 8.4 - TBD
+Version 8.6 - TBD
 
 Crypto++ Library is a free C++ class library of cryptographic schemes.
 Currently the library contains the following algorithms:
@@ -28,12 +28,12 @@
                                    Poly1305, Poly1305 (IETF), SipHash, Two-Track-MAC,
                                    VMAC
 
-                                   BLAKE2s, BLAKE2b, Keccack (F1600), SHA-1,
-                   hash functions  SHA-2 (224/256/384/512), SHA-3 (224/256/384/512),
-                                   SHAKE (128/256), SipHash, SM3, Tiger,
+                                   BLAKE2s, BLAKE2b, Keccack (F1600), LSH (256/512),
+                   hash functions  SHA-1, SHA-2 (224/256/384/512), SHA-3 (224/256),
+                                   SHA-3 (384/512), SHAKE (128/256), SipHash, SM3, Tiger,
                                    RIPEMD (128/160/256/320), WHIRLPOOL
 
-                                   RSA, DSA, Determinsitic DSA, ElGamal,
+                                   RSA, DSA, Deterministic DSA, ElGamal,
           public-key cryptography  Nyberg-Rueppel (NR), Rabin-Williams (RW), LUC,
                                    LUCELG, EC-based German Digital Signature (ECGDSA),
                                    DLIES (variants of DHAES), ESIGN
@@ -45,7 +45,7 @@
             key agreement schemes  Menezes-Qu-Vanstone (MQV), Hashed MQV (HMQV),
                                    Fully Hashed MQV (FHMQV), LUCDIF, XTR-DH
 
-      elliptic curve cryptography  ECDSA, Determinsitic ECDSA, ed25519, ECNR, ECIES,
+      elliptic curve cryptography  ECDSA, Deterministic ECDSA, ed25519, ECNR, ECIES,
                                    ECDH, ECMQV, x25519
 
           insecure or obsolescent  MD2, MD4, MD5, Panama Hash, DES, ARC4, SEAL
@@ -76,15 +76,15 @@
   * A high level interface for most of the above, using a filter/pipeline
     metaphor
   * benchmarks and validation testing
-  * x86, x64 (x86-64), x32 (ILP32), ARM-32, Aarch32, Aarch64 and Power8 in-core code
-    for the commonly used algorithms
+  * x86, x64 (x86-64), x32 (ILP32), ARM-32, Aarch32, Aarch64 and Power8
+    in-core code for the commonly used algorithms
       + run-time CPU feature detection and code selection
       + supports GCC-style and MSVC-style inline assembly, and MASM for x64
       + x86, x64 (x86-64), x32 provides MMX, SSE2, and SSE4 implementations
       + ARM-32, Aarch32 and Aarch64 provides NEON, ASIMD and ARMv8 implementations
       + Power8 provides in-core AES using NX Crypto Acceleration
 
-The Crypto++ library was orginally written by Wei Dai. The library is now
+The Crypto++ library was originally written by Wei Dai. The library is now
 maintained by several team members and the community. You are welcome to use it
 for any purpose without paying anyone, but see License.txt for the fine print.
 
@@ -93,12 +93,12 @@
 
   * Visual Studio 2003 - 2019
   * GCC 3.3 - 10.1
-  * Apple Clang 4.3 - 9.3
-  * LLVM Clang 2.9 - 10.0
+  * Apple Clang 4.3 - 12.0
+  * LLVM Clang 2.9 - 11.0
   * C++ Builder 2015
   * Intel C++ Compiler 9 - 16.0
   * Sun Studio 12u1 - 12.6
-  * IBM XL C/C++ 10.0 - 13.3
+  * IBM XL C/C++ 10.0 - 14.0
 
 *** Important Usage Notes ***
 
@@ -128,9 +128,8 @@
 dlltest - This builds a sample application that only uses the DLL.
 
 The DLL used to provide FIPS validated cryptography. The library was moved
-to the CMVP's 
-Historical Validation List. The library and the DLL are no longer considered
+to the CMVP's [Historical Validation List](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-historical.htm).
+The library and the DLL are no longer considered
 validated. You should no longer use the DLL.
 
 To use the Crypto++ DLL in your application, #include "dll.h" before including
@@ -213,14 +212,14 @@
 
 The library uses hardware instructions when possible for block ciphers, hashes
 and other operations. The hardware acceleration remediates some timing
-attacks. The library also uses cache-aware algoirthms and access patterns
+attacks. The library also uses cache-aware algorithms and access patterns
 to minimize leakage cache evictions.
 
 Elliptic curves over binary fields are believed to leak information. The task is a
 work in progress. We don't believe binary fields are used in production, so we feel it
 is a low risk at the moment.
 
-Crypto++ does not enagage Specter remediations at this time. The GCC options
+Crypto++ does not engage Specter remediations at this time. The GCC options
 for Specter are -mfunction-return=thunk and -mindirect-branch=thunk, and the
 library uses them during testing. If you want the Specter workarounds then add
 the GCC options to your CXXFLAGS when building the library.
@@ -248,7 +247,7 @@
 
   * The Crypto++ GitHub repository allows you to view the latest (unreleased)
     Crypto++ source code via the Linux kernel's git beginning around June 2015.
-    Its also serves as an incubator to nuture and grow the library.
+    Its also serves as an incubator to nurture and grow the library.
   * The former Crypto++ SourceForge repository allows you to view the Crypto++
     source code via Apache's subversion until about July 2015. At that time,
     SourceForge had infrastructure problems and a cutover to GutHub was performed.
@@ -295,6 +294,37 @@
 The items in this section comprise the most recent history. Please see History.txt
 for the record back to Crypto++ 1.0.
 
+8.6.0 - September 21, 2021
+      - minor release, recompile of programs required
+      - expanded community input and support
+        * 74 unique contributors as of this release
+      - fix ElGamal encryption
+      - fix ChaCha20 AVX2 implementation
+      - add octal and decimal literal prefix parsing to Integer
+      - add missing overload in ed25519Signer and ed25519Verifier
+      - make SHA-NI independent of AVX and AVX2
+      - fix OldRandomPool GenerateWord32
+      - use CPPFLAGS during feature testing
+      - fix compile on CentOS 5
+      - fix compile on FreeBSD
+      - fix feature testing on ARM A-32 and Aarch64
+      - enable inline ASM for CRC and PMULL on Apple M1
+      - fix Intel oneAPI compile
+      - rename test files with *.cpp extension
+      - fix GCC compile error due to missing _mm256_set_m128i
+      - add LSH-256 and LSH-512 hash functions
+      - add ECIES_P1363 for backwards compatibility
+      - fix AdditiveCipherTemplate ProcessData
+      - remove CRYPTOPP_NO_CXX11 define
+      - add -fno-common for Darwin builds
+      - update documentation
+
+8.5.0 - March 7, 2021
+      - minor release, no recompile of programs required
+      - expanded community input and support
+        * 70 unique contributors as of this release
+      - port to Apple M1 hardware
+
 8.4.0 - January 2, 2021
       - minor release, recompile of programs required
       - expanded community input and support
diff -Nru libcrypto++-8.4.0/regtest1.cpp libcrypto++-8.6.0/regtest1.cpp
--- libcrypto++-8.4.0/regtest1.cpp	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/regtest1.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -25,6 +25,7 @@
 #include "ripemd.h"
 #include "panama.h"
 #include "whrlpool.h"
+#include "lsh.h"
 
 #include "osrng.h"
 #include "drbg.h"
@@ -115,6 +116,11 @@
 	RegisterDefaultFactoryFor();
 	RegisterDefaultFactoryFor();
 	RegisterDefaultFactoryFor();
+	RegisterDefaultFactoryFor();
+	RegisterDefaultFactoryFor();
+	RegisterDefaultFactoryFor();
+	RegisterDefaultFactoryFor();
+	RegisterDefaultFactoryFor();
 
 #ifdef BLOCKING_RNG_AVAILABLE
 	RegisterDefaultFactoryFor();
diff -Nru libcrypto++-8.4.0/regtest3.cpp libcrypto++-8.6.0/regtest3.cpp
--- libcrypto++-8.4.0/regtest3.cpp	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/regtest3.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -59,6 +59,7 @@
 	RegisterSymmetricCipherDefaultFactories >();
 	RegisterSymmetricCipherDefaultFactories >();
 	RegisterSymmetricCipherDefaultFactories >();
+	RegisterSymmetricCipherDefaultFactories >();
 	RegisterSymmetricCipherDefaultFactories >();
 	RegisterSymmetricCipherDefaultFactories >();
 	RegisterSymmetricCipherDefaultFactories >();
diff -Nru libcrypto++-8.4.0/rijndael_simd.cpp libcrypto++-8.6.0/rijndael_simd.cpp
--- libcrypto++-8.4.0/rijndael_simd.cpp	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/rijndael_simd.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -31,15 +31,16 @@
 # include 
 #endif
 
-#if (CRYPTOPP_ARM_NEON_HEADER)
+// Android makes  available with ARMv7-a
+#if (CRYPTOPP_BOOL_ARMV8)
 # include "adv_simd.h"
-# include 
-#endif
-
-#if (CRYPTOPP_ARM_ACLE_HEADER)
-# include "adv_simd.h"
-# include 
-# include 
+# if (CRYPTOPP_ARM_NEON_HEADER)
+#  include 
+# endif
+# if (CRYPTOPP_ARM_ACLE_HEADER)
+#  include 
+#  include 
+# endif
 #endif
 
 #if defined(_M_ARM64)
@@ -60,10 +61,6 @@
 # define EXCEPTION_EXECUTE_HANDLER 1
 #endif
 
-// Clang intrinsic casts, http://bugs.llvm.org/show_bug.cgi?id=20670
-#define M128_CAST(x) ((__m128i *)(void *)(x))
-#define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x))
-
 // Squash MS LNK4221 and libtool warnings
 extern const char RIJNDAEL_SIMD_FNAME[] = __FILE__;
 
diff -Nru libcrypto++-8.4.0/salsa.h libcrypto++-8.6.0/salsa.h
--- libcrypto++-8.4.0/salsa.h	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/salsa.h	2021-09-24 11:48:47.000000000 +0000
@@ -21,18 +21,20 @@
 /// \param data the data to transform
 /// \param rounds the number of rounds
 /// \details Several algorithms, like CryptoBox and Scrypt, require access to
-///   the core Salsa20 transform. The current Crypto++ implementation does not
-///   lend itself to disgorging the Salsa20 cipher from the Salsa20 core transform.
-///   Instead Salsa20_Core is provided with customary accelerations.
+///  the core Salsa20 transform. The current Crypto++ implementation does not
+///  lend itself to disgorging the Salsa20 cipher from the Salsa20 core transform.
+///  Instead Salsa20_Core is provided with customary accelerations.
 void Salsa20_Core(word32* data, unsigned int rounds);
 
 /// \brief Salsa20 stream cipher information
+/// \since Crypto++ 5.4
 struct Salsa20_Info : public VariableKeyLength<32, 16, 32, 16, SimpleKeyingInterface::UNIQUE_IV, 8>
 {
 	static std::string StaticAlgorithmName() {return "Salsa20";}
 };
 
 /// \brief Salsa20 stream cipher operation
+/// \since Crypto++ 5.4
 class CRYPTOPP_NO_VTABLE Salsa20_Policy : public AdditiveCipherConcretePolicy
 {
 protected:
@@ -57,7 +59,11 @@
 
 /// \brief Salsa20 stream cipher
 /// \details Salsa20 provides a variable number of rounds: 8, 12 or 20. The default number of rounds is 20.
-/// \sa XSalsa20
+/// \sa The Salsa20
+///  family of stream ciphers (20071225),
+///  Snuffle 2005: the Salsa20 encryption
+///  function and Salsa20
+/// \since Crypto++ 5.4
 struct Salsa20 : public Salsa20_Info, public SymmetricCipherDocumentation
 {
 	typedef SymmetricCipherFinal >, Salsa20_Info> Encryption;
@@ -65,12 +71,14 @@
 };
 
 /// \brief XSalsa20 stream cipher information
+/// \since Crypto++ 5.4
 struct XSalsa20_Info : public FixedKeyLength<32, SimpleKeyingInterface::UNIQUE_IV, 24>
 {
 	static std::string StaticAlgorithmName() {return "XSalsa20";}
 };
 
 /// \brief XSalsa20 stream cipher operation
+/// \since Crypto++ 5.4
 class CRYPTOPP_NO_VTABLE XSalsa20_Policy : public Salsa20_Policy
 {
 public:
@@ -84,6 +92,7 @@
 /// \brief XSalsa20 stream cipher
 /// \details XSalsa20 provides a variable number of rounds: 8, 12 or 20. The default number of rounds is 20.
 /// \sa XSalsa20
+/// \since Crypto++ 5.4
 struct XSalsa20 : public XSalsa20_Info, public SymmetricCipherDocumentation
 {
 	typedef SymmetricCipherFinal >, XSalsa20_Info> Encryption;
diff -Nru libcrypto++-8.4.0/secblock.h libcrypto++-8.6.0/secblock.h
--- libcrypto++-8.4.0/secblock.h	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/secblock.h	2021-09-24 11:48:47.000000000 +0000
@@ -723,6 +723,9 @@
 /// \brief Secure memory block with allocator and cleanup
 /// \tparam T a class or type
 /// \tparam A AllocatorWithCleanup derived class for allocation and cleanup
+/// \sa SecBlock
+///  on the Crypto++ wiki.
+/// \since Crypto++ 2.0
 template  >
 class SecBlock
 {
@@ -758,6 +761,7 @@
 	/// \param size the size of the allocation, in elements
 	/// \throw std::bad_alloc
 	/// \details The elements are not initialized.
+	/// \since Crypto++ 2.0
 	/// \note size is the count of elements, and not the number of bytes
 	explicit SecBlock(size_type size=0)
 		: m_mark(ELEMS_MAX), m_size(size), m_ptr(m_alloc.allocate(size, NULLPTR)) { }
@@ -765,6 +769,7 @@
 	/// \brief Copy construct a SecBlock from another SecBlock
 	/// \param t the other SecBlock
 	/// \throw std::bad_alloc
+	/// \since Crypto++ 2.0
 	SecBlock(const SecBlock &t)
 		: m_mark(t.m_mark), m_size(t.m_size), m_ptr(m_alloc.allocate(t.m_size, NULLPTR)) {
 			CRYPTOPP_ASSERT((!t.m_ptr && !m_size) || (t.m_ptr && m_size));
@@ -779,6 +784,7 @@
 	/// \details If ptr!=NULL and len!=0, then the block is initialized from the pointer
 	///  ptr. If ptr==NULL and len!=0, then the block is initialized to 0.
 	///  Otherwise, the block is empty and not initialized.
+	/// \since Crypto++ 2.0
 	/// \note size is the count of elements, and not the number of bytes
 	SecBlock(const T *ptr, size_type len)
 		: m_mark(ELEMS_MAX), m_size(len), m_ptr(m_alloc.allocate(len, NULLPTR)) {
@@ -794,102 +800,101 @@
 
 #ifdef __BORLANDC__
 	/// \brief Cast operator
-        /// \return block pointer cast to non-const T *
+	/// \return block pointer cast to non-const T *
+	/// \since Crypto++ 2.0
 	operator T *() const
 		{return (T*)m_ptr;}
 #else
 	/// \brief Cast operator
-        /// \return block pointer cast to const void *
+	/// \return block pointer cast to const void *
+	/// \since Crypto++ 2.0
 	operator const void *() const
 		{return m_ptr;}
 
 	/// \brief Cast operator
-        /// \return block pointer cast to non-const void *
+	/// \return block pointer cast to non-const void *
+	/// \since Crypto++ 2.0
 	operator void *()
 		{return m_ptr;}
 
 	/// \brief Cast operator
-        /// \return block pointer cast to const T *
+	/// \return block pointer cast to const T *
+	/// \since Crypto++ 2.0
 	operator const T *() const
 		{return m_ptr;}
 
 	/// \brief Cast operator
-        /// \return block pointer cast to non-const T *
+	/// \return block pointer cast to non-const T *
+	/// \since Crypto++ 2.0
 	operator T *()
 		{return m_ptr;}
 #endif
 
 	/// \brief Provides an iterator pointing to the first element in the memory block
 	/// \return iterator pointing to the first element in the memory block
+	/// \since Crypto++ 2.0
 	iterator begin()
 		{return m_ptr;}
 	/// \brief Provides a constant iterator pointing to the first element in the memory block
 	/// \return constant iterator pointing to the first element in the memory block
+	/// \since Crypto++ 2.0
 	const_iterator begin() const
 		{return m_ptr;}
 	/// \brief Provides an iterator pointing beyond the last element in the memory block
 	/// \return iterator pointing beyond the last element in the memory block
+	/// \since Crypto++ 2.0
 	iterator end()
 		{return m_ptr+m_size;}
 	/// \brief Provides a constant iterator pointing beyond the last element in the memory block
 	/// \return constant iterator pointing beyond the last element in the memory block
+	/// \since Crypto++ 2.0
 	const_iterator end() const
 		{return m_ptr+m_size;}
 
 	/// \brief Provides a pointer to the first element in the memory block
 	/// \return pointer to the first element in the memory block
+	/// \since Crypto++ 2.0
 	typename A::pointer data() {return m_ptr;}
 	/// \brief Provides a pointer to the first element in the memory block
 	/// \return constant pointer to the first element in the memory block
+	/// \since Crypto++ 2.0
 	typename A::const_pointer data() const {return m_ptr;}
 
 	/// \brief Provides the count of elements in the SecBlock
 	/// \return number of elements in the memory block
 	/// \note the return value is the count of elements, and not the number of bytes
+	/// \since Crypto++ 2.0
 	size_type size() const {return m_size;}
 	/// \brief Determines if the SecBlock is empty
 	/// \return true if number of elements in the memory block is 0, false otherwise
+	/// \since Crypto++ 2.0
 	bool empty() const {return m_size == 0;}
 
 	/// \brief Provides a byte pointer to the first element in the memory block
 	/// \return byte pointer to the first element in the memory block
+	/// \since Crypto++ 2.0
 	byte * BytePtr() {return (byte *)m_ptr;}
 	/// \brief Return a byte pointer to the first element in the memory block
 	/// \return constant byte pointer to the first element in the memory block
+	/// \since Crypto++ 2.0
 	const byte * BytePtr() const {return (const byte *)m_ptr;}
 	/// \brief Provides the number of bytes in the SecBlock
 	/// \return the number of bytes in the memory block
 	/// \note the return value is the number of bytes, and not count of elements.
+	/// \since Crypto++ 2.0
 	size_type SizeInBytes() const {return m_size*sizeof(T);}
 
-	/// \brief Sets the number of elements to zeroize
-	/// \param count the number of elements
-	/// \details SetMark is a remediation for Issue 346/CVE-2016-9939 while
-	///  preserving the streaming interface. The count controls the number of
-	///  elements zeroized, which can be less than size or 0.
-	/// \details An internal variable, m_mark, is initialized to the maximum number
-	///  of elements. The maximum number of elements is ELEMS_MAX. Deallocation
-	///  triggers a zeroization, and the number of elements zeroized is
-	///  STDMIN(m_size, m_mark). After zeroization, the memory is returned to the
-	///  system.
-	/// \details The ASN.1 decoder uses SetMark() to set the element count to 0
-	///  before throwing an exception. In this case, the attacker provides a large
-	///  BER encoded length (say 64MB) but only a small number of content octets
-	///  (say 16). If the allocator zeroized all 64MB, then a transient DoS could
-	///  occur as CPU cycles are spent zeroizing unintialized memory.
-	/// \details Generally speaking, any operation which changes the size of the SecBlock
-	///  results in the mark being reset to ELEMS_MAX. In particular, if Assign(),
-	///  New(), Grow(), CleanNew(), CleanGrow() are called, then the count is reset to
-	///  ELEMS_MAX. The list is not exhaustive.
-	/// \since Crypto++ 6.0
-	/// \sa Issue 346/CVE-2016-9939
-	void SetMark(size_t count) {m_mark = count;}
-
 	/// \brief Set contents and size from an array
 	/// \param ptr a pointer to an array of T
 	/// \param len the number of elements in the memory block
-	/// \details If the memory block is reduced in size, then the reclaimed memory is set to 0.
-	///  Assign() resets the element count after the previous block is zeroized.
+	/// \details The array pointed to by ptr must be distinct
+	///  from this SecBlock because Assign() calls New() and then memcpy().
+	///  The call to New() will invalidate all pointers and iterators, like
+	///  the pointer returned from data().
+	/// \details If the memory block is reduced in size, then the reclaimed
+	///  memory is set to 0. If an assignment occurs, then Assign() resets
+	///  the element count after the previous block is zeroized.
+	/// \since Crypto++ 2.0
 	void Assign(const T *ptr, size_type len)
 	{
 		New(len);
@@ -901,23 +906,25 @@
 	/// \brief Set contents from a value
 	/// \param count the number of values to copy
 	/// \param value the value, repeated count times
-	/// \details If the memory block is reduced in size, then the reclaimed memory is set to 0.
-	///  Assign() resets the element count after the previous block is zeroized.
+	/// \details If the memory block is reduced in size, then the reclaimed
+	///  memory is set to 0. If an assignment occurs, then Assign() resets
+	///  the element count after the previous block is zeroized.
+	/// \since Crypto++ 6.0
 	void Assign(size_type count, T value)
 	{
 		New(count);
 		for (size_t i=0; i &t)
 	{
 		if (this != &t)
@@ -929,12 +936,114 @@
 		m_mark = ELEMS_MAX;
 	}
 
+	/// \brief Append contents from an array
+	/// \param ptr a pointer to an array of T
+	/// \param len the number of elements in the memory block
+	/// \throw InvalidArgument if resulting size would overflow
+	/// \details The array pointed to by ptr must be distinct
+	///  from this SecBlock because Append() calls Grow() and then memcpy().
+	///  The call to Grow() will invalidate all pointers and iterators, like
+	///  the pointer returned from data().
+	/// \details Append() may be less efficient than a ByteQueue because
+	///  Append() must Grow() the internal array and then copy elements.
+	///  The ByteQueue can copy elements without growing.
+	/// \sa ByteQueue
+	/// \since Crypto++ 8.6
+	void Append(const T *ptr, size_type len)
+	{
+		if (ELEMS_MAX - m_size < len)
+			throw InvalidArgument("SecBlock: buffer overflow");
+
+		const size_type oldSize = m_size;
+		Grow(m_size+len);
+		if (m_ptr && ptr)  // GCC analyzer warning
+			memcpy_s(m_ptr+oldSize, (m_size-oldSize)*sizeof(T), ptr, len*sizeof(T));
+		m_mark = ELEMS_MAX;
+	}
+
+	/// \brief Append contents from another SecBlock
+	/// \param t the other SecBlock
+	/// \throw InvalidArgument if resulting size would overflow
+	/// \details Internally, this SecBlock calls Grow() and then appends t.
+	/// \details Append() may be less efficient than a ByteQueue because
+	///  Append() must Grow() the internal array and then copy elements.
+	///  The ByteQueue can copy elements without growing.
+	/// \sa ByteQueue
+	/// \since Crypto++ 8.6
+	void Append(const SecBlock &t)
+	{
+		if (ELEMS_MAX - m_size < t.m_size)
+			throw InvalidArgument("SecBlock: buffer overflow");
+
+		const size_type oldSize = m_size;
+		if (this != &t)  // s += t
+		{
+			Grow(m_size+t.m_size);
+			if (m_ptr && t.m_ptr)  // GCC analyzer warning
+				memcpy_s(m_ptr+oldSize, (m_size-oldSize)*sizeof(T), t.m_ptr, t.m_size*sizeof(T));
+		}
+		else            // t += t
+		{
+			Grow(m_size*2);
+			if (m_ptr)  // GCC analyzer warning
+				memmove_s(m_ptr+oldSize, (m_size-oldSize)*sizeof(T), m_ptr, oldSize*sizeof(T));
+		}
+		m_mark = ELEMS_MAX;
+	}
+
+	/// \brief Append contents from a value
+	/// \param count the number of values to copy
+	/// \param value the value, repeated count times
+	/// \throw InvalidArgument if resulting size would overflow
+	/// \details Internally, this SecBlock calls Grow() and then appends value.
+	/// \details Append() may be less efficient than a ByteQueue because
+	///  Append() must Grow() the internal array and then copy elements.
+	///  The ByteQueue can copy elements without growing.
+	/// \sa ByteQueue
+	/// \since Crypto++ 8.6
+	void Append(size_type count, T value)
+	{
+		if (ELEMS_MAX - m_size < count)
+			throw InvalidArgument("SecBlock: buffer overflow");
+
+		const size_type oldSize = m_size;
+		Grow(m_size+count);
+		for (size_t i=oldSize; icount controls the number of
+	///  elements zeroized, which can be less than size or 0.
+	/// \details An internal variable, m_mark, is initialized to the maximum number
+	///  of elements. The maximum number of elements is ELEMS_MAX. Deallocation
+	///  triggers a zeroization, and the number of elements zeroized is
+	///  STDMIN(m_size, m_mark). After zeroization, the memory is returned to the
+	///  system.
+	/// \details The ASN.1 decoder uses SetMark() to set the element count to 0
+	///  before throwing an exception. In this case, the attacker provides a large
+	///  BER encoded length (say 64MB) but only a small number of content octets
+	///  (say 16). If the allocator zeroized all 64MB, then a transient DoS could
+	///  occur as CPU cycles are spent zeroizing uninitialized memory.
+	/// \details Generally speaking, any operation which changes the size of the SecBlock
+	///  results in the mark being reset to ELEMS_MAX. In particular, if Assign(),
+	///  New(), Grow(), CleanNew(), CleanGrow() are called, then the count is reset to
+	///  ELEMS_MAX. The list is not exhaustive.
+	/// \since Crypto++ 6.0
+	/// \sa Issue 346/CVE-2016-9939
+	void SetMark(size_t count) {m_mark = count;}
+
 	/// \brief Assign contents from another SecBlock
 	/// \param t the other SecBlock
+	/// \return reference to this SecBlock
 	/// \details Internally, operator=() calls Assign().
-	/// \details If the memory block is reduced in size, then the reclaimed memory is set to 0.
-	///  If an assignment occurs, then Assign() resets the element count after the previous block
-	///  is zeroized.
+	/// \details If the memory block is reduced in size, then the reclaimed
+	///  memory is set to 0. If an assignment occurs, then Assign() resets
+	///  the element count after the previous block is zeroized.
+	/// \since Crypto++ 2.0
 	SecBlock& operator=(const SecBlock &t)
 	{
 		// Assign guards for self-assignment
@@ -944,34 +1053,23 @@
 
 	/// \brief Append contents from another SecBlock
 	/// \param t the other SecBlock
-	/// \details Internally, this SecBlock calls Grow and then appends t.
+	/// \return reference to this SecBlock
+	/// \details Internally, operator+=() calls Append().
+	/// \since Crypto++ 2.0
 	SecBlock& operator+=(const SecBlock &t)
 	{
-		CRYPTOPP_ASSERT((!t.m_ptr && !t.m_size) || (t.m_ptr && t.m_size));
-		if (t.m_size)
-		{
-			const size_type oldSize = m_size;
-			if (this != &t)  // s += t
-			{
-				Grow(m_size+t.m_size);
-				if (m_ptr && t.m_ptr)  // GCC analyzer warning
-					memcpy_s(m_ptr+oldSize, (m_size-oldSize)*sizeof(T), t.m_ptr, t.m_size*sizeof(T));
-			}
-			else            // t += t
-			{
-				Grow(m_size*2);
-				if (m_ptr && t.m_ptr)  // GCC analyzer warning
-					memcpy_s(m_ptr+oldSize, (m_size-oldSize)*sizeof(T), m_ptr, oldSize*sizeof(T));
-			}
-		}
-		m_mark = ELEMS_MAX;
+		// Append guards for overflow
+		Append(t);
 		return *this;
 	}
 
 	/// \brief Construct a SecBlock from this and another SecBlock
 	/// \param t the other SecBlock
-	/// \return a newly constructed SecBlock that is a conacentation of this and t
-	/// \details Internally, a new SecBlock is created from this and a concatenation of t.
+	/// \return a newly constructed SecBlock that is a concatenation of this
+	///  and t.
+	/// \details Internally, a new SecBlock is created from this and a
+	///  concatenation of t.
+	/// \since Crypto++ 2.0
 	SecBlock operator+(const SecBlock &t)
 	{
 		CRYPTOPP_ASSERT((!m_ptr && !m_size) || (m_ptr && m_size));
@@ -989,9 +1087,11 @@
 	/// \brief Bitwise compare two SecBlocks
 	/// \param t the other SecBlock
 	/// \return true if the size and bits are equal, false otherwise
-	/// \details Uses a constant time compare if the arrays are equal size. The constant time
-	///  compare is VerifyBufsEqual() found in misc.h.
+	/// \details Uses a constant time compare if the arrays are equal size.
+	///  The constant time compare is VerifyBufsEqual() found in
+	///  misc.h.
 	/// \sa operator!=()
+	/// \since Crypto++ 2.0
 	bool operator==(const SecBlock &t) const
 	{
 		return m_size == t.m_size && VerifyBufsEqual(
@@ -1002,10 +1102,12 @@
 	/// \brief Bitwise compare two SecBlocks
 	/// \param t the other SecBlock
 	/// \return true if the size and bits are equal, false otherwise
-	/// \details Uses a constant time compare if the arrays are equal size. The constant time
-	///  compare is VerifyBufsEqual() found in misc.h.
+	/// \details Uses a constant time compare if the arrays are equal size.
+	///  The constant time compare is VerifyBufsEqual() found in
+	///  misc.h.
 	/// \details Internally, operator!=() returns the inverse of operator==().
 	/// \sa operator==()
+	/// \since Crypto++ 2.0
 	bool operator!=(const SecBlock &t) const
 	{
 		return !operator==(t);
@@ -1013,12 +1115,14 @@
 
 	/// \brief Change size without preserving contents
 	/// \param newSize the new size of the memory block
-	/// \details Old content is not preserved. If the memory block is reduced in size,
-	///  then the reclaimed memory is set to 0. If the memory block grows in size, then
-	///  the new memory is not initialized. New() resets the element count after the
-	///  previous block is zeroized.
+	/// \details Old content is not preserved. If the memory block is
+	///  reduced in size, then the reclaimed content is set to 0. If the
+	///  memory block grows in size, then the new memory is initialized
+	///  to 0. New() resets the element count after the previous block
+	///  is zeroized.
 	/// \details Internally, this SecBlock calls reallocate().
 	/// \sa New(), CleanNew(), Grow(), CleanGrow(), resize()
+	/// \since Crypto++ 2.0
 	void New(size_type newSize)
 	{
 		m_ptr = m_alloc.reallocate(m_ptr, m_size, newSize, false);
@@ -1028,12 +1132,14 @@
 
 	/// \brief Change size without preserving contents
 	/// \param newSize the new size of the memory block
-	/// \details Old content is not preserved. If the memory block is reduced in size,
-	///  then the reclaimed content is set to 0. If the memory block grows in size, then
-	///  the new memory is initialized to 0. CleanNew() resets the element count after the
-	///  previous block is zeroized.
+	/// \details Old content is not preserved. If the memory block is
+	///  reduced in size, then the reclaimed content is set to 0. If the
+	///  memory block grows in size, then the new memory is initialized
+	///  to 0. CleanNew() resets the element count after the previous
+	///  block is zeroized.
 	/// \details Internally, this SecBlock calls New().
 	/// \sa New(), CleanNew(), Grow(), CleanGrow(), resize()
+	/// \since Crypto++ 2.0
 	void CleanNew(size_type newSize)
 	{
 		New(newSize);
@@ -1044,11 +1150,13 @@
 	/// \brief Change size and preserve contents
 	/// \param newSize the new size of the memory block
 	/// \details Old content is preserved. New content is not initialized.
-	/// \details Internally, this SecBlock calls reallocate() when size must increase. If the
-	///  size does not increase, then Grow() does not take action. If the size must
-	///  change, then use resize(). Grow() resets the element count after the
-	///  previous block is zeroized.
+	/// \details Internally, this SecBlock calls reallocate() when size must
+	///  increase. If the size does not increase, then CleanGrow() does not
+	///  take action. If the size must change, then use resize(). CleanGrow()
+	///  resets the element count after the previous block is zeroized.
+	/// \sa New(), CleanNew(), Grow(), CleanGrow(), resize()
 	/// \sa New(), CleanNew(), Grow(), CleanGrow(), resize()
+	/// \since Crypto++ 2.0
 	void Grow(size_type newSize)
 	{
 		if (newSize > m_size)
@@ -1062,11 +1170,12 @@
 	/// \brief Change size and preserve contents
 	/// \param newSize the new size of the memory block
 	/// \details Old content is preserved. New content is initialized to 0.
-	/// \details Internally, this SecBlock calls reallocate() when size must increase. If the
-	///  size does not increase, then CleanGrow() does not take action. If the size must
-	///  change, then use resize(). CleanGrow() resets the element count after the
-	///  previous block is zeroized.
+	/// \details Internally, this SecBlock calls reallocate() when size must
+	///  increase. If the size does not increase, then CleanGrow() does not
+	///  take action. If the size must change, then use resize(). CleanGrow()
+	///  resets the element count after the previous block is zeroized.
 	/// \sa New(), CleanNew(), Grow(), CleanGrow(), resize()
+	/// \since Crypto++ 2.0
 	void CleanGrow(size_type newSize)
 	{
 		if (newSize > m_size)
@@ -1085,6 +1194,7 @@
 	///  the previous block is zeroized.
 	/// \details Internally, this SecBlock calls reallocate().
 	/// \sa New(), CleanNew(), Grow(), CleanGrow(), resize()
+	/// \since Crypto++ 2.0
 	void resize(size_type newSize)
 	{
 		m_ptr = m_alloc.reallocate(m_ptr, m_size, newSize, true);
@@ -1095,6 +1205,7 @@
 	/// \brief Swap contents with another SecBlock
 	/// \param b the other SecBlock
 	/// \details Internally, std::swap() is called on m_alloc, m_size and m_ptr.
+	/// \since Crypto++ 2.0
 	void swap(SecBlock &b)
 	{
 		// Swap must occur on the allocator in case its FixedSize that spilled into the heap.
@@ -1141,7 +1252,8 @@
 /// \brief Fixed size stack-based SecBlock with 16-byte alignment
 /// \tparam T class or type
 /// \tparam S fixed-size of the stack-based memory block, in elements
-/// \tparam T_Align16 boolean that determines whether allocations should be aligned on a 16-byte boundary
+/// \tparam T_Align16 boolean that determines whether allocations should be
+///  aligned on a 16-byte boundary
 template 
 class FixedSizeAlignedSecBlock : public FixedSizeSecBlock, T_Align16> >
 {
diff -Nru libcrypto++-8.4.0/shacal2_simd.cpp libcrypto++-8.6.0/shacal2_simd.cpp
--- libcrypto++-8.4.0/shacal2_simd.cpp	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/shacal2_simd.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -22,10 +22,6 @@
 # include 
 #endif
 
-// Clang intrinsic casts, http://bugs.llvm.org/show_bug.cgi?id=20670
-#define M128_CAST(x) ((__m128i *)(void *)(x))
-#define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x))
-
 // Squash MS LNK4221 and libtool warnings
 extern const char SHACAL2_SIMD_FNAME[] = __FILE__;
 
diff -Nru libcrypto++-8.4.0/sha_simd.cpp libcrypto++-8.6.0/sha_simd.cpp
--- libcrypto++-8.4.0/sha_simd.cpp	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/sha_simd.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -23,13 +23,15 @@
 # include 
 #endif
 
-#if (CRYPTOPP_ARM_NEON_HEADER)
-# include 
-#endif
-
-#if (CRYPTOPP_ARM_ACLE_HEADER)
-# include 
-# include 
+// Android makes  available with ARMv7-a
+#if (CRYPTOPP_BOOL_ARMV8)
+# if (CRYPTOPP_ARM_NEON_HEADER)
+#  include 
+# endif
+# if (CRYPTOPP_ARM_ACLE_HEADER)
+#  include 
+#  include 
+# endif
 #endif
 
 #if CRYPTOPP_POWER8_SHA_AVAILABLE
@@ -45,10 +47,6 @@
 # define EXCEPTION_EXECUTE_HANDLER 1
 #endif
 
-// Clang intrinsic casts
-#define M128_CAST(x) ((__m128i *)(void *)(x))
-#define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x))
-
 // Squash MS LNK4221 and libtool warnings
 extern const char SHA_SIMD_FNAME[] = __FILE__;
 
diff -Nru libcrypto++-8.4.0/simon128_simd.cpp libcrypto++-8.6.0/simon128_simd.cpp
--- libcrypto++-8.4.0/simon128_simd.cpp	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/simon128_simd.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -286,14 +286,6 @@
 
 #if (CRYPTOPP_SSSE3_AVAILABLE)
 
-// Clang intrinsic casts, http://bugs.llvm.org/show_bug.cgi?id=20670
-#ifndef M128_CAST
-# define M128_CAST(x) ((__m128i *)(void *)(x))
-#endif
-#ifndef CONST_M128_CAST
-# define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x))
-#endif
-
 // GCC double casts, https://www.spinics.net/lists/gcchelp/msg47735.html
 #ifndef DOUBLE_CAST
 # define DOUBLE_CAST(x) ((double *)(void *)(x))
diff -Nru libcrypto++-8.4.0/simple.h libcrypto++-8.6.0/simple.h
--- libcrypto++-8.4.0/simple.h	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/simple.h	2021-09-24 11:48:47.000000000 +0000
@@ -47,7 +47,7 @@
 	/// \brief The algorithm name
 	/// \return the algorithm name
 	/// \details AlgorithmName returns the algorithm's name as a member function.
-	///  The name is is acquired by calling StaticAlgorithmName.
+	///  The name is acquired by calling StaticAlgorithmName.
 	std::string AlgorithmName() const {return ALGORITHM_INFO::StaticAlgorithmName();}
 };
 
diff -Nru libcrypto++-8.4.0/sm3.h libcrypto++-8.6.0/sm3.h
--- libcrypto++-8.4.0/sm3.h	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/sm3.h	2021-09-24 11:48:47.000000000 +0000
@@ -29,7 +29,7 @@
 public:
     /// \brief Initialize state array
     /// \param state the state of the hash
-    /// \details InitState sets a state array to SHA256 initial values
+    /// \details InitState sets a state array to SM3 initial values
     /// \details Hashes which derive from IteratedHashWithStaticTransform provide static
     ///   member functions InitState() and Transform(). External classes, like SEAL and MDC,
     ///   can initialize state with a user provided key and operate the hash on the data
diff -Nru libcrypto++-8.4.0/speck128_simd.cpp libcrypto++-8.6.0/speck128_simd.cpp
--- libcrypto++-8.4.0/speck128_simd.cpp	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/speck128_simd.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -261,14 +261,6 @@
 
 #if defined(CRYPTOPP_SSSE3_AVAILABLE)
 
-// Clang intrinsic casts, http://bugs.llvm.org/show_bug.cgi?id=20670
-#ifndef M128_CAST
-# define M128_CAST(x) ((__m128i *)(void *)(x))
-#endif
-#ifndef CONST_M128_CAST
-# define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x))
-#endif
-
 // GCC double casts, https://www.spinics.net/lists/gcchelp/msg47735.html
 #ifndef DOUBLE_CAST
 # define DOUBLE_CAST(x) ((double *)(void *)(x))
diff -Nru libcrypto++-8.4.0/strciphr.cpp libcrypto++-8.6.0/strciphr.cpp
--- libcrypto++-8.4.0/strciphr.cpp	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/strciphr.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -1,5 +1,15 @@
 // strciphr.cpp - originally written and placed in the public domain by Wei Dai
 
+// TODO: Figure out what is happening in ProcessData. The issue surfaced for
+//       CFB_CipherTemplate::ProcessData when we cut-in Cryptogams
+//       AES ARMv7 asm. Then again in AdditiveCipherTemplate::ProcessData
+//       for CTR mode with HIGHT, which is a 64-bit block cipher. In both cases,
+//       inString == outString leads to incorrect results. We think it relates to
+//       aliasing violations because inString == outString.
+//
+//       Also see https://github.com/weidai11/cryptopp/issues/683 and
+//       https://github.com/weidai11/cryptopp/issues/1010.
+
 #include "pch.h"
 
 #ifndef CRYPTOPP_IMPORTS
@@ -68,36 +78,66 @@
 template 
 void AdditiveCipherTemplate::ProcessData(byte *outString, const byte *inString, size_t length)
 {
+	CRYPTOPP_ASSERT(outString); CRYPTOPP_ASSERT(inString);
+	CRYPTOPP_ASSERT(length % this->MandatoryBlockSize() == 0);
+
+	PolicyInterface &policy = this->AccessPolicy();
+	unsigned int bytesPerIteration = policy.GetBytesPerIteration();
+
+	// GCC and Clang do not like this for CTR mode and 64-bit ciphers like HIGHT.
+	// The incorrect result is a partial string of 0's instead of plaintext or
+	// ciphertext. Recovered plaintext is partially garbage.
+	//
+	// It almost feels as if the compiler does not see the string is transformed
+	// in-place so it short-circuits the transform. In this case, if we use a
+	// stand-alone reproducer with the same data then the issue is present.
+
+	byte* savedOutString = outString;
+	size_t savedLength = length;
+	bool copyOut = false;
+
+	if (inString == outString)
+	{
+		// No need to copy inString to outString.
+		// Just allocate the space.
+		m_tempOutString.New(length);
+		m_tempOutString.SetMark(0);
+		outString = m_tempOutString.BytePtr();
+		copyOut = true;
+	}
+
 	if (m_leftOver > 0)
 	{
 		const size_t len = STDMIN(m_leftOver, length);
 		xorbuf(outString, inString, PtrSub(KeystreamBufferEnd(), m_leftOver), len);
 
-		length -= len; m_leftOver -= len;
 		inString = PtrAdd(inString, len);
 		outString = PtrAdd(outString, len);
+		length -= len; m_leftOver -= len;
+	}
 
-		if (!length) {return;}
+	if (!length) {
+		if (copyOut)
+			std::memcpy(savedOutString, m_tempOutString.BytePtr(), savedLength);
+		return;
 	}
 
-	PolicyInterface &policy = this->AccessPolicy();
-	unsigned int bytesPerIteration = policy.GetBytesPerIteration();
+	const unsigned int alignment = policy.GetAlignment();
+	const bool inAligned = IsAlignedOn(inString, alignment);
+	const bool outAligned = IsAlignedOn(outString, alignment);
+	CRYPTOPP_UNUSED(inAligned); CRYPTOPP_UNUSED(outAligned);
 
 	if (policy.CanOperateKeystream() && length >= bytesPerIteration)
 	{
 		const size_t iterations = length / bytesPerIteration;
-		unsigned int alignment = policy.GetAlignment();
-		volatile int inAligned = IsAlignedOn(inString, alignment) << 1;
-		volatile int outAligned = IsAlignedOn(outString, alignment) << 0;
-
-		KeystreamOperation operation = KeystreamOperation(inAligned | outAligned);
+		KeystreamOperationFlags flags = static_cast(
+			(inAligned ? EnumToInt(INPUT_ALIGNED) : 0) | (outAligned ? EnumToInt(OUTPUT_ALIGNED) : 0));
+		KeystreamOperation operation = KeystreamOperation(flags);
 		policy.OperateKeystream(operation, outString, inString, iterations);
 
 		inString = PtrAdd(inString, iterations * bytesPerIteration);
 		outString = PtrAdd(outString, iterations * bytesPerIteration);
 		length -= iterations * bytesPerIteration;
-
-		if (!length) {return;}
 	}
 
 	size_t bufferByteSize = m_buffer.size();
@@ -108,9 +148,9 @@
 		policy.WriteKeystream(m_buffer, bufferIterations);
 		xorbuf(outString, inString, KeystreamBufferBegin(), bufferByteSize);
 
-		length -= bufferByteSize;
 		inString = PtrAdd(inString, bufferByteSize);
 		outString = PtrAdd(outString, bufferByteSize);
+		length -= bufferByteSize;
 	}
 
 	if (length > 0)
@@ -120,8 +160,12 @@
 
 		policy.WriteKeystream(PtrSub(KeystreamBufferEnd(), bufferByteSize), bufferIterations);
 		xorbuf(outString, inString, PtrSub(KeystreamBufferEnd(), bufferByteSize), length);
+
 		m_leftOver = bufferByteSize - length;
 	}
+
+	if (copyOut)
+		std::memcpy(savedOutString, m_tempOutString.BytePtr(), savedLength);
 }
 
 template 
@@ -137,7 +181,7 @@
 void AdditiveCipherTemplate::Seek(lword position)
 {
 	PolicyInterface &policy = this->AccessPolicy();
-	word32 bytesPerIteration = policy.GetBytesPerIteration();
+	unsigned int bytesPerIteration = policy.GetBytesPerIteration();
 
 	policy.SeekToIteration(position / bytesPerIteration);
 	position %= bytesPerIteration;
@@ -145,7 +189,7 @@
 	if (position > 0)
 	{
 		policy.WriteKeystream(PtrSub(KeystreamBufferEnd(), bytesPerIteration), 1);
-		m_leftOver = bytesPerIteration - static_cast(position);
+		m_leftOver = bytesPerIteration - static_cast(position);
 	}
 	else
 		m_leftOver = 0;
@@ -182,64 +226,58 @@
 	CRYPTOPP_ASSERT(length % this->MandatoryBlockSize() == 0);
 
 	PolicyInterface &policy = this->AccessPolicy();
-	word32 bytesPerIteration = policy.GetBytesPerIteration();
+	unsigned int bytesPerIteration = policy.GetBytesPerIteration();
 	byte *reg = policy.GetRegisterBegin();
 
+	// GCC and Clang do not like this on ARM when inString == outString. The incorrect
+	// result is a string of 0's instead of plaintext or ciphertext. The 0's trace back
+	// to the allocation for the std::string in datatest.cpp. Elements in the string
+	// are initialized to their default value, which is 0.
+	//
+	// It almost feels as if the compiler does not see the string is transformed
+	// in-place so it short-circuits the transform. However, if we use a stand-alone
+	// reproducer with the same data then the issue is _not_ present.
+
+	byte* savedOutString = outString;
+	size_t savedLength = length;
+	bool copyOut = false;
+
+	if (inString == outString)
+	{
+		// No need to copy inString to outString.
+		// Just allocate the space.
+		m_tempOutString.New(length);
+		m_tempOutString.SetMark(0);
+		outString = m_tempOutString.BytePtr();
+		copyOut = true;
+	}
+
 	if (m_leftOver)
 	{
 		const size_t len = STDMIN(m_leftOver, length);
 		CombineMessageAndShiftRegister(outString, PtrAdd(reg, bytesPerIteration - m_leftOver), inString, len);
 
-		m_leftOver -= len; length -= len;
 		inString = PtrAdd(inString, len);
 		outString = PtrAdd(outString, len);
+		m_leftOver -= len; length -= len;
 	}
 
-	if (!length) {return;}
-
-	// TODO: Figure out what is happening on ARM A-32. x86, Aarch64 and PowerPC are OK.
-	//       The issue surfaced for CFB mode when we cut-in Cryptogams AES ARMv7 asm.
-	//       Using 'outString' for both input and output leads to incorrect results.
-	//
-	//       Benchmarking on Cortex-A7 and Cortex-A9 indicates removing the block
-	//       below costs about 9 cpb for CFB mode on ARM.
-	//
-	//       Also see https://github.com/weidai11/cryptopp/issues/683.
+	if (!length) {
+		if (copyOut)
+			std::memcpy(savedOutString, m_tempOutString.BytePtr(), savedLength);
+		return;
+	}
 
 	const unsigned int alignment = policy.GetAlignment();
-	volatile bool inAligned = IsAlignedOn(inString, alignment);
-	volatile bool outAligned = IsAlignedOn(outString, alignment);
+	const bool inAligned = IsAlignedOn(inString, alignment);
+	const bool outAligned = IsAlignedOn(outString, alignment);
+	CRYPTOPP_UNUSED(inAligned); CRYPTOPP_UNUSED(outAligned);
 
 	if (policy.CanIterate() && length >= bytesPerIteration && outAligned)
 	{
 		CipherDir cipherDir = GetCipherDir(*this);
-		if (inAligned)
-			policy.Iterate(outString, inString, cipherDir, length / bytesPerIteration);
-		else
-		{
-			// GCC and Clang do not like this on ARM. The incorrect result is a string
-			// of 0's instead of ciphertext (or plaintext if decrypting). The 0's trace
-			// back to the allocation for the std::string in datatest.cpp. Elements in the
-			// string are initialized to their default value, which is 0.
-			//
-			// It almost feels as if the compiler does not see the string is transformed
-			// in-place so it short-circuits the transform. However, if we use a stand-alone
-			// reproducer with the same data then the issue is _not_ present.
-			//
-			// When working on this issue we introduced PtrAdd and PtrSub to ensure we were
-			// not running afoul of pointer arithmetic rules of the language. Namely we need
-			// to use ptrdiff_t when subtracting pointers. We believe the relevant code paths
-			// are clean.
-			//
-			// One workaround is a distinct and aligned temporary buffer. It [mostly] works
-			// as expected but requires an extra allocation (casts not shown):
-			//
-			//   std::string temp(inString, length);
-			//   policy.Iterate(outString, &temp[0], cipherDir, length / bytesPerIteration);
-
-			std::memcpy(outString, inString, length);
-			policy.Iterate(outString, outString, cipherDir, length / bytesPerIteration);
-		}
+		policy.Iterate(outString, inString, cipherDir, length / bytesPerIteration);
+
 		const size_t remainder = length % bytesPerIteration;
 		inString = PtrAdd(inString, length - remainder);
 		outString = PtrAdd(outString, length - remainder);
@@ -250,9 +288,10 @@
 	{
 		policy.TransformRegister();
 		CombineMessageAndShiftRegister(outString, reg, inString, bytesPerIteration);
-		length -= bytesPerIteration;
+
 		inString = PtrAdd(inString, bytesPerIteration);
 		outString = PtrAdd(outString, bytesPerIteration);
+		length -= bytesPerIteration;
 	}
 
 	if (length > 0)
@@ -261,6 +300,9 @@
 		CombineMessageAndShiftRegister(outString, reg, inString, length);
 		m_leftOver = bytesPerIteration - length;
 	}
+
+	if (copyOut)
+		std::memcpy(savedOutString, m_tempOutString.BytePtr(), savedLength);
 }
 
 template 
diff -Nru libcrypto++-8.4.0/strciphr.h libcrypto++-8.6.0/strciphr.h
--- libcrypto++-8.4.0/strciphr.h	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/strciphr.h	2021-09-24 11:48:47.000000000 +0000
@@ -3,27 +3,27 @@
 /// \file strciphr.h
 /// \brief Classes for implementing stream ciphers
 /// \details This file contains helper classes for implementing stream ciphers.
-///   All this infrastructure may look very complex compared to what's in Crypto++ 4.x,
-///   but stream ciphers implementations now support a lot of new functionality,
-///   including better performance (minimizing copying), resetting of keys and IVs, and
-///   methods to query which features are supported by a cipher.
+///  All this infrastructure may look very complex compared to what's in Crypto++ 4.x,
+///  but stream ciphers implementations now support a lot of new functionality,
+///  including better performance (minimizing copying), resetting of keys and IVs, and
+///  methods to query which features are supported by a cipher.
 /// \details Here's an explanation of these classes. The word "policy" is used here to
-///   mean a class with a set of methods that must be implemented by individual stream
-///   cipher implementations. This is usually much simpler than the full stream cipher
-///   API, which is implemented by either AdditiveCipherTemplate or CFB_CipherTemplate
-///   using the policy. So for example, an implementation of SEAL only needs to implement
-///   the AdditiveCipherAbstractPolicy interface (since it's an additive cipher, i.e., it
-///   xors a keystream into the plaintext). See this line in seal.h:
+///  mean a class with a set of methods that must be implemented by individual stream
+///  cipher implementations. This is usually much simpler than the full stream cipher
+///  API, which is implemented by either AdditiveCipherTemplate or CFB_CipherTemplate
+///  using the policy. So for example, an implementation of SEAL only needs to implement
+///  the AdditiveCipherAbstractPolicy interface (since it's an additive cipher, i.e., it
+///  xors a keystream into the plaintext). See this line in seal.h:
 /// 
 ///     typedef SymmetricCipherFinal\, AdditiveCipherTemplate\<\> \> \> Encryption;
 /// 

 /// \details AdditiveCipherTemplate and CFB_CipherTemplate are designed so that they don't
-///   need to take a policy class as a template parameter (although this is allowed), so
-///   that their code is not duplicated for each new cipher. Instead they each get a
-///   reference to an abstract policy interface by calling AccessPolicy() on itself, so
-///   AccessPolicy() must be overridden to return the actual policy reference. This is done
-///   by the ConceretePolicyHolder class. Finally, SymmetricCipherFinal implements the
-///   constructors and other functions that must be implemented by the most derived class.
+///  need to take a policy class as a template parameter (although this is allowed), so
+///  that their code is not duplicated for each new cipher. Instead they each get a
+///  reference to an abstract policy interface by calling AccessPolicy() on itself, so
+///  AccessPolicy() must be overridden to return the actual policy reference. This is done
+///  by the ConcretePolicyHolder class. Finally, SymmetricCipherFinal implements the
+///  constructors and other functions that must be implemented by the most derived class.
 
 #ifndef CRYPTOPP_STRCIPHR_H
 #define CRYPTOPP_STRCIPHR_H
@@ -72,7 +72,7 @@
 
 /// \brief Keystream operation flags
 /// \sa AdditiveCipherAbstractPolicy::GetBytesPerIteration(), AdditiveCipherAbstractPolicy::GetOptimalBlockSize()
-///   and AdditiveCipherAbstractPolicy::GetAlignment()
+///  and AdditiveCipherAbstractPolicy::GetAlignment()
 enum KeystreamOperationFlags {
 	/// \brief Output buffer is aligned
 	OUTPUT_ALIGNED=1,
@@ -84,7 +84,7 @@
 
 /// \brief Keystream operation flags
 /// \sa AdditiveCipherAbstractPolicy::GetBytesPerIteration(), AdditiveCipherAbstractPolicy::GetOptimalBlockSize()
-///   and AdditiveCipherAbstractPolicy::GetAlignment()
+///  and AdditiveCipherAbstractPolicy::GetAlignment()
 enum KeystreamOperation {
 	/// \brief Wirte the keystream to the output buffer, input is NULL
 	WRITE_KEYSTREAM				= INPUT_NULL,
@@ -108,7 +108,7 @@
 	/// \brief Provides data alignment requirements
 	/// \return data alignment requirements, in bytes
 	/// \details Internally, the default implementation returns 1. If the stream cipher is implemented
-	///   using an SSE2 ASM or intrinsics, then the value returned is usually 16.
+	///  using an SSE2 ASM or intrinsics, then the value returned is usually 16.
 	virtual unsigned int GetAlignment() const {return 1;}
 
 	/// \brief Provides number of bytes operated upon during an iteration
@@ -144,7 +144,7 @@
 	/// \param input the input buffer
 	/// \param iterationCount the number of iterations to perform on the input
 	/// \details OperateKeystream() will attempt to operate upon GetOptimalBlockSize() buffer,
-	///   which will be derived from GetBytesPerIteration().
+	///  which will be derived from GetBytesPerIteration().
 	/// \sa CanOperateKeystream(), OperateKeystream(), WriteKeystream(), KeystreamOperation()
 	virtual void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount)
 		{CRYPTOPP_UNUSED(operation); CRYPTOPP_UNUSED(output); CRYPTOPP_UNUSED(input);
@@ -178,16 +178,16 @@
 	/// \brief Retrieve the provider of this algorithm
 	/// \return the algorithm provider
 	/// \details The algorithm provider can be a name like "C++", "SSE", "NEON", "AESNI",
-	///    "ARMv8" and "Power8". C++ is standard C++ code. Other labels, like SSE,
-	///    usually indicate a specialized implementation using instructions from a higher
-	///    instruction set architecture (ISA). Future labels may include external hardware
-	///    like a hardware security module (HSM).
+	///  "ARMv8" and "Power8". C++ is standard C++ code. Other labels, like SSE,
+	///  usually indicate a specialized implementation using instructions from a higher
+	///  instruction set architecture (ISA). Future labels may include external hardware
+	///  like a hardware security module (HSM).
 	/// \details Generally speaking Wei Dai's original IA-32 ASM code falls under "SSE2".
-	///    Labels like "SSSE3" and "SSE4.1" follow after Wei's code and use intrinsics
-	///    instead of ASM.
+	///  Labels like "SSSE3" and "SSE4.1" follow after Wei's code and use intrinsics
+	///  instead of ASM.
 	/// \details Algorithms which combine different instructions or ISAs provide the
-	///    dominant one. For example on x86 AES/GCM returns "AESNI" rather than
-	///    "CLMUL" or "AES+SSE4.1" or "AES+CLMUL" or "AES+SSE4.1+CLMUL".
+	///  dominant one. For example on x86 AES/GCM returns "AESNI" rather than
+	///  "CLMUL" or "AES+SSE4.1" or "AES+CLMUL" or "AES+SSE4.1+CLMUL".
 	/// \note Provider is not universally implemented yet.
 	virtual std::string AlgorithmProvider() const { return "C++"; }
 };
@@ -212,14 +212,12 @@
 
 	virtual ~AdditiveCipherConcretePolicy() {}
 
-#if !(CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X64)
 	/// \brief Provides data alignment requirements
 	/// \return data alignment requirements, in bytes
 	/// \details Internally, the default implementation returns 1. If the stream
 	///  cipher is implemented using an SSE2 ASM or intrinsics, then the value
 	///  returned is usually 16.
 	unsigned int GetAlignment() const {return GetAlignmentOf();}
-#endif
 
 	/// \brief Provides number of bytes operated upon during an iteration
 	/// \return bytes operated upon during an iteration, in bytes
@@ -242,7 +240,7 @@
 	/// \param input the input buffer
 	/// \param iterationCount the number of iterations to perform on the input
 	/// \details OperateKeystream() will attempt to operate upon GetOptimalBlockSize() buffer,
-	///   which will be derived from GetBytesPerIteration().
+	///  which will be derived from GetBytesPerIteration().
 	/// \sa CanOperateKeystream(), OperateKeystream(), WriteKeystream(), KeystreamOperation()
 	virtual void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) =0;
 };
@@ -253,7 +251,7 @@
 /// \param i index in output buffer
 /// \param a value to output
 #define CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, b, i, a)	\
-	PutWord(bool(x & OUTPUT_ALIGNED), b, output+i*sizeof(WordType), (x & INPUT_NULL) ? (a) : (a) ^ GetWord(bool(x & INPUT_ALIGNED), b, input+i*sizeof(WordType)));
+	PutWord(((x & OUTPUT_ALIGNED) != 0), b, output+i*sizeof(WordType), (x & INPUT_NULL) ? (a) : (a) ^ GetWord(((x & INPUT_ALIGNED) != 0), b, input+i*sizeof(WordType)));
 
 /// \brief Helper macro to implement OperateKeystream
 /// \param x KeystreamOperation mask
@@ -265,32 +263,32 @@
 	else _mm_storeu_si128((__m128i *)output+i, t);}
 
 /// \brief Helper macro to implement OperateKeystream
-#define CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(x, y)	\
-	switch (operation)							\
-	{											\
-		case WRITE_KEYSTREAM:					\
-			x(WRITE_KEYSTREAM)					\
-			break;								\
-		case XOR_KEYSTREAM:						\
-			x(XOR_KEYSTREAM)					\
-			input += y;							\
-			break;								\
-		case XOR_KEYSTREAM_INPUT_ALIGNED:		\
-			x(XOR_KEYSTREAM_INPUT_ALIGNED)		\
-			input += y;							\
-			break;								\
-		case XOR_KEYSTREAM_OUTPUT_ALIGNED:		\
-			x(XOR_KEYSTREAM_OUTPUT_ALIGNED)		\
-			input += y;							\
-			break;								\
-		case WRITE_KEYSTREAM_ALIGNED:			\
-			x(WRITE_KEYSTREAM_ALIGNED)			\
-			break;								\
-		case XOR_KEYSTREAM_BOTH_ALIGNED:		\
-			x(XOR_KEYSTREAM_BOTH_ALIGNED)		\
-			input += y;							\
-			break;								\
-	}											\
+#define CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(x, y)		\
+	switch (operation)								\
+	{												\
+		case WRITE_KEYSTREAM:						\
+			x(EnumToInt(WRITE_KEYSTREAM))	\
+			break;									\
+		case XOR_KEYSTREAM:							\
+			x(EnumToInt(XOR_KEYSTREAM))		\
+			input += y;								\
+			break;									\
+		case XOR_KEYSTREAM_INPUT_ALIGNED:			\
+			x(EnumToInt(XOR_KEYSTREAM_INPUT_ALIGNED))		\
+			input += y;								\
+			break;									\
+		case XOR_KEYSTREAM_OUTPUT_ALIGNED:			\
+			x(EnumToInt(XOR_KEYSTREAM_OUTPUT_ALIGNED))		\
+			input += y;								\
+			break;									\
+		case WRITE_KEYSTREAM_ALIGNED:				\
+			x(EnumToInt(WRITE_KEYSTREAM_ALIGNED))			\
+			break;									\
+		case XOR_KEYSTREAM_BOTH_ALIGNED:			\
+			x(EnumToInt(XOR_KEYSTREAM_BOTH_ALIGNED))		\
+			input += y;								\
+			break;									\
+	}												\
 	output += y;
 
 /// \brief Base class for additive stream ciphers with SymmetricCipher interface
@@ -306,13 +304,13 @@
 	/// \param output the byte buffer
 	/// \param size the length of the buffer, in bytes
 	/// \details All generated values are uniformly distributed over the range specified
-	///   within the constraints of a particular generator.
+	///  within the constraints of a particular generator.
 	void GenerateBlock(byte *output, size_t size);
 
 	/// \brief Apply keystream to data
 	/// \param outString a buffer to write the transformed data
 	/// \param inString a buffer to read the data
-	/// \param length the size fo the buffers, in bytes
+	/// \param length the size of the buffers, in bytes
 	/// \details This is the primary method to operate a stream cipher. For example:
 	/// 
 	///     size_t size = 30;
@@ -367,16 +365,16 @@
 	/// \brief Retrieve the provider of this algorithm
 	/// \return the algorithm provider
 	/// \details The algorithm provider can be a name like "C++", "SSE", "NEON", "AESNI",
-	///    "ARMv8" and "Power8". C++ is standard C++ code. Other labels, like SSE,
-	///    usually indicate a specialized implementation using instructions from a higher
-	///    instruction set architecture (ISA). Future labels may include external hardware
-	///    like a hardware security module (HSM).
+	///  "ARMv8" and "Power8". C++ is standard C++ code. Other labels, like SSE,
+	///  usually indicate a specialized implementation using instructions from a higher
+	///  instruction set architecture (ISA). Future labels may include external hardware
+	///  like a hardware security module (HSM).
 	/// \details Generally speaking Wei Dai's original IA-32 ASM code falls under "SSE2".
-	///    Labels like "SSSE3" and "SSE4.1" follow after Wei's code and use intrinsics
-	///    instead of ASM.
+	///  Labels like "SSSE3" and "SSE4.1" follow after Wei's code and use intrinsics
+	///  instead of ASM.
 	/// \details Algorithms which combine different instructions or ISAs provide the
-	///    dominant one. For example on x86 AES/GCM returns "AESNI" rather than
-	///    "CLMUL" or "AES+SSE4.1" or "AES+CLMUL" or "AES+SSE4.1+CLMUL".
+	///  dominant one. For example on x86 AES/GCM returns "AESNI" rather than
+	///  "CLMUL" or "AES+SSE4.1" or "AES+CLMUL" or "AES+SSE4.1+CLMUL".
 	/// \note Provider is not universally implemented yet.
 	std::string AlgorithmProvider() const { return this->GetPolicy().AlgorithmProvider(); }
 
@@ -390,7 +388,8 @@
 	inline byte * KeystreamBufferBegin() {return this->m_buffer.data();}
 	inline byte * KeystreamBufferEnd() {return (PtrAdd(this->m_buffer.data(), this->m_buffer.size()));}
 
-	AlignedSecByteBlock m_buffer;
+	// m_tempOutString added due to GH #1010
+	AlignedSecByteBlock m_buffer, m_tempOutString;
 	size_t m_leftOver;
 };
 
@@ -403,7 +402,7 @@
 	/// \brief Provides data alignment requirements
 	/// \return data alignment requirements, in bytes
 	/// \details Internally, the default implementation returns 1. If the stream cipher is implemented
-	///   using an SSE2 ASM or intrinsics, then the value returned is usually 16.
+	///  using an SSE2 ASM or intrinsics, then the value returned is usually 16.
 	virtual unsigned int GetAlignment() const =0;
 
 	/// \brief Provides number of bytes operated upon during an iteration
@@ -449,16 +448,16 @@
 	/// \brief Retrieve the provider of this algorithm
 	/// \return the algorithm provider
 	/// \details The algorithm provider can be a name like "C++", "SSE", "NEON", "AESNI",
-	///    "ARMv8" and "Power8". C++ is standard C++ code. Other labels, like SSE,
-	///    usually indicate a specialized implementation using instructions from a higher
-	///    instruction set architecture (ISA). Future labels may include external hardware
-	///    like a hardware security module (HSM).
+	///  "ARMv8" and "Power8". C++ is standard C++ code. Other labels, like SSE,
+	///  usually indicate a specialized implementation using instructions from a higher
+	///  instruction set architecture (ISA). Future labels may include external hardware
+	///  like a hardware security module (HSM).
 	/// \details Generally speaking Wei Dai's original IA-32 ASM code falls under "SSE2".
-	///    Labels like "SSSE3" and "SSE4.1" follow after Wei's code and use intrinsics
-	///    instead of ASM.
+	///  Labels like "SSSE3" and "SSE4.1" follow after Wei's code and use intrinsics
+	///  instead of ASM.
 	/// \details Algorithms which combine different instructions or ISAs provide the
-	///    dominant one. For example on x86 AES/GCM returns "AESNI" rather than
-	///    "CLMUL" or "AES+SSE4.1" or "AES+CLMUL" or "AES+SSE4.1+CLMUL".
+	///  dominant one. For example on x86 AES/GCM returns "AESNI" rather than
+	///  "CLMUL" or "AES+SSE4.1" or "AES+CLMUL" or "AES+SSE4.1+CLMUL".
 	/// \note Provider is not universally implemented yet.
 	virtual std::string AlgorithmProvider() const { return "C++"; }
 };
@@ -569,7 +568,7 @@
 	/// \brief Apply keystream to data
 	/// \param outString a buffer to write the transformed data
 	/// \param inString a buffer to read the data
-	/// \param length the size fo the buffers, in bytes
+	/// \param length the size of the buffers, in bytes
 	/// \details This is the primary method to operate a stream cipher. For example:
 	/// 
 	///     size_t size = 30;
@@ -615,16 +614,16 @@
 	/// \brief Retrieve the provider of this algorithm
 	/// \return the algorithm provider
 	/// \details The algorithm provider can be a name like "C++", "SSE", "NEON", "AESNI",
-	///    "ARMv8" and "Power8". C++ is standard C++ code. Other labels, like SSE,
-	///    usually indicate a specialized implementation using instructions from a higher
-	///    instruction set architecture (ISA). Future labels may include external hardware
-	///    like a hardware security module (HSM).
+	///  "ARMv8" and "Power8". C++ is standard C++ code. Other labels, like SSE,
+	///  usually indicate a specialized implementation using instructions from a higher
+	///  instruction set architecture (ISA). Future labels may include external hardware
+	///  like a hardware security module (HSM).
 	/// \details Generally speaking Wei Dai's original IA-32 ASM code falls under "SSE2".
-	///    Labels like "SSSE3" and "SSE4.1" follow after Wei's code and use intrinsics
-	///    instead of ASM.
+	///  Labels like "SSSE3" and "SSE4.1" follow after Wei's code and use intrinsics
+	///  instead of ASM.
 	/// \details Algorithms which combine different instructions or ISAs provide the
-	///    dominant one. For example on x86 AES/GCM returns "AESNI" rather than
-	///    "CLMUL" or "AES+SSE4.1" or "AES+CLMUL" or "AES+SSE4.1+CLMUL".
+	///  dominant one. For example on x86 AES/GCM returns "AESNI" rather than
+	///  "CLMUL" or "AES+SSE4.1" or "AES+CLMUL" or "AES+SSE4.1+CLMUL".
 	/// \note Provider is not universally implemented yet.
 	std::string AlgorithmProvider() const { return this->GetPolicy().AlgorithmProvider(); }
 
@@ -635,6 +634,8 @@
 
 	void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms);
 
+	// m_tempOutString added due to GH #1010
+	AlignedSecByteBlock m_tempOutString;
 	size_t m_leftOver;
 };
 
@@ -704,13 +705,16 @@
 
 NAMESPACE_END
 
+// Used by dll.cpp to ensure objects are in dll.o, and not strciphr.o.
 #ifdef CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES
-#include "strciphr.cpp"
+# include "strciphr.cpp"
 #endif
 
 NAMESPACE_BEGIN(CryptoPP)
+
 CRYPTOPP_DLL_TEMPLATE_CLASS AbstractPolicyHolder;
 CRYPTOPP_DLL_TEMPLATE_CLASS AdditiveCipherTemplate >;
+
 CRYPTOPP_DLL_TEMPLATE_CLASS CFB_CipherTemplate >;
 CRYPTOPP_DLL_TEMPLATE_CLASS CFB_EncryptionTemplate >;
 CRYPTOPP_DLL_TEMPLATE_CLASS CFB_DecryptionTemplate >;
diff -Nru libcrypto++-8.4.0/test.cpp libcrypto++-8.6.0/test.cpp
--- libcrypto++-8.4.0/test.cpp	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/test.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -1009,7 +1009,8 @@
 	case 65: result = ValidateARIA(); break;
 	case 66: result = ValidateCamellia(); break;
 	case 67: result = ValidateWhirlpool(); break;
-	case 68: result = ValidateTTMAC(); break;
+	case 68: result = ValidateLSH(); break;
+	case 69: result = ValidateTTMAC(); break;
 	case 70: result = ValidateSalsa(); break;
 	case 71: result = ValidateChaCha(); break;
 	case 72: result = ValidateChaChaTLS(); break;
@@ -1059,12 +1060,13 @@
 	case 9994: result = TestHuffmanCodes(); break;
 	// http://github.com/weidai11/cryptopp/issues/346
 	case 9993: result = TestASN1Parse(); break;
+	case 9992: result = TestASN1Functions(); break;
 	// http://github.com/weidai11/cryptopp/issues/242
-	case 9992: result = TestX25519(); break;
+	case 9991: result = TestX25519(); break;
 	// http://github.com/weidai11/cryptopp/issues/346
-	case 9991: result = TestEd25519(); break;
+	case 9990: result = TestEd25519(); break;
 # if defined(CRYPTOPP_ALTIVEC_AVAILABLE)
-	case 9990: result = TestAltivecOps(); break;
+	case 9989: result = TestAltivecOps(); break;
 # endif
 #endif
 
diff -Nru libcrypto++-8.4.0/TestPrograms/dump2def.cpp libcrypto++-8.6.0/TestPrograms/dump2def.cpp
--- libcrypto++-8.4.0/TestPrograms/dump2def.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/dump2def.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,214 @@
+// dump2def.cpp - Written and placed in public domain by Jeffrey Walton
+//                Create a module definitions file from a dumpbin file.
+//                dump2def can be used to create a list of exports from
+//                a static library. Then, the exports can used to build
+//                a dynamic link library with the same exports.
+//
+//    If you wish to compile this source file using cl.exe, then:
+//      cl.exe /DNDEBUG /Oi /Oy /O2 /Zi /TP /GR /EHsc /MT dump2def.cpp
+//
+//    The intended workflow in Crypto++ is:
+//
+//      1. Open a Developer Prompt
+//      2. CD to cryptopp/ directory
+//      3. nmake /f cryptest.nmake cryptopp.dll
+//
+//    The cryptopp.dll recipe first builds cryptlib.lib. Then it calls
+//    dumpbin.exe to export all symbols from cryptlib.lib and writes them
+//    to cryptopp.dump. The recipe then calls dump2def.exe to create a
+//    module definition file. Finally, the recipe builds cryptopp.dll
+//    using the module definition file cryptopp.def. The linker creates
+//    the import lib cryptopp.lib and export cryptopp.exp automatically.
+//
+//    This is only "half the problem solved" for those who wish to use
+//    a DLL. The program must import the import lib cryptopp.lib. Then
+//    the program must ensure the library headers export the symbol or
+//    class with CRYPTOPP_DLL. CRYPTOPP_DLL is only present on some classes
+//    because the FIPS module only allowed approved algorithms like AES and
+//    SHA. Other classes like Base64Encoder and HexEncoder lack CRYPTOPP_DLL.
+//
+//    CRYPTOPP_DLL simply adds declspec(dllimport) when CRYPTOPP_IMPORTS is
+//    defined. The limitation of requiring declspec(dllimport) is imposed by
+//    Microsoft. Microsoft does not allow a program to "import everything".
+//
+//    If you would like to read more about the FIPS module and the pain it
+//    causes then see https://www.cryptopp.com/wiki/FIPS_DLL. In fact we
+//    recommend you delete the CryptDll and DllTest projects from the
+//    Visual Studio solution file.
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+// Friendly name
+#define LIBRARY_DESC "Crypto++ Library"
+typedef std::set SymbolMap;
+
+const int ErrorSuccess = 0;
+const int ErrorDumpExtension = 1;
+const int ErrorTooFewOpts = 2;
+const int ErrorTooManyOpts = 3;
+const int ErrorOpenInputFailed = 4;
+const int ErrorOpenOutputFailed = 5;
+const int ErrorReadException = 6;
+const int ErrorWriteException = 7;
+
+void PrintHelpAndExit(int code)
+{
+    std::cout << "dump2def - create a module definitions file from a dumpbin file" << std::endl;
+    std::cout << "           Written and placed in public domain by Jeffrey Walton" << std::endl;
+    std::cout << std::endl;
+
+    switch (code)
+    {
+        case ErrorDumpExtension:
+            std::cout << "Error: input file is missing \".dump\" extension.\n" << std::endl;
+            break;
+        case ErrorTooFewOpts:
+            std::cout << "Error: Too few options were supplied.\n" << std::endl;
+            break;
+        case ErrorTooManyOpts:
+            std::cout << "Error: Too many options were supplied.\n" << std::endl;
+            break;
+        case ErrorOpenInputFailed:
+            std::cout << "Error: Failed to open input file.\n" << std::endl;
+            break;
+        case ErrorOpenOutputFailed:
+            std::cout << "Error: Failed to open output file.\n" << std::endl;
+            break;
+        default:
+            ;;
+    }
+
+    std::cout << "Usage: " << std::endl;
+
+    std::cout << "  dump2def " << std::endl;
+    std::cout << "    - Create a def file from  and write it to a file with" << std::endl;
+    std::cout << "      the same name as  but using the .def extension" << std::endl;
+
+    std::cout << "  dump2def  " << std::endl;
+    std::cout << "    - Create a def file from  and write it to " << std::endl;
+
+    std::exit((code == ErrorSuccess ? 0 : 1));
+}
+
+int main(int argc, char* argv[])
+{
+    // ******************** Handle Options ******************** //
+
+    // Convenience item
+    std::vector opts;
+    for (size_t i=0; i 1 ? opts[1].substr(0,2) : "");
+    if (opt == "/h" || opt == "-h" || opt == "/?" || opt == "-?")
+        PrintHelpAndExit(ErrorSuccess);
+
+    // Add  as needed
+    if (opts.size() == 2)
+    {
+        std::string outfile = opts[1];
+        std::string::size_type pos = outfile.length() < 5 ? std::string::npos : outfile.length() - 5;
+        if (pos == std::string::npos || outfile.substr(pos) != ".dump")
+            PrintHelpAndExit(ErrorDumpExtension);
+
+        outfile.replace(pos, 5, ".def");
+        opts.push_back(outfile);
+    }
+
+    // Check or exit
+    if (opts.size() < 2)
+        PrintHelpAndExit(ErrorTooFewOpts);
+    if (opts.size() > 3)
+        PrintHelpAndExit(ErrorTooManyOpts);
+
+    // ******************** Read MAP file ******************** //
+
+    SymbolMap symbols;
+
+    try
+    {
+        std::ifstream infile(opts[1].c_str());
+
+        if (infile.is_open() == false)
+            PrintHelpAndExit(ErrorOpenInputFailed);
+
+        std::string::size_type pos;
+        std::string line;
+
+        // Find start of the symbol table
+        while (std::getline(infile, line))
+        {
+            pos = line.find("public symbols");
+            if (pos == std::string::npos) { continue; }
+
+            // Eat the whitespace after the table heading
+            infile >> std::ws;
+            break;
+        }
+
+        while (std::getline(infile, line))
+        {
+            // End of table
+            if (line.empty()) { break; }
+
+            std::istringstream iss(line);
+            std::string address, symbol;
+            iss >> address >> symbol;
+
+            symbols.insert(symbol);
+        }
+    }
+    catch (const std::exception& ex)
+    {
+        std::cerr << "Unexpected exception:" << std::endl;
+        std::cerr << ex.what() << std::endl;
+        std::cerr << std::endl;
+
+        PrintHelpAndExit(ErrorReadException);
+    }
+
+    // ******************** Write DEF file ******************** //
+
+    try
+    {
+        std::ofstream outfile(opts[2].c_str());
+
+        if (outfile.is_open() == false)
+            PrintHelpAndExit(ErrorOpenOutputFailed);
+
+        // Library name, cryptopp.dll
+        std::string name = opts[2];
+        std::string::size_type pos = name.find_last_of(".");
+
+        if (pos != std::string::npos)
+            name.erase(pos);
+
+        outfile << "LIBRARY " << name << std::endl;
+        outfile << "DESCRIPTION \"" << LIBRARY_DESC << "\"" << std::endl;
+        outfile << "EXPORTS" << std::endl;
+        outfile << std::endl;
+
+        outfile << "\t;; " << symbols.size() << " symbols" << std::endl;
+
+        // Symbols from our object files
+        SymbolMap::const_iterator it = symbols.begin();
+        for ( ; it != symbols.end(); ++it)
+            outfile << "\t" << *it << std::endl;
+    }
+    catch (const std::exception& ex)
+    {
+        std::cerr << "Unexpected exception:" << std::endl;
+        std::cerr << ex.what() << std::endl;
+        std::cerr << std::endl;
+
+        PrintHelpAndExit(ErrorWriteException);
+    }
+
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/dump2def.cxx libcrypto++-8.6.0/TestPrograms/dump2def.cxx
--- libcrypto++-8.4.0/TestPrograms/dump2def.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/dump2def.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,214 +0,0 @@
-// dump2def.cxx - Written and placed in public domain by Jeffrey Walton
-//                Create a module definitions file from a dumpbin file.
-//                dump2def can be used to create a list of exports from
-//                a static library. Then, the exports can used to build
-//                a dynamic link library with the same exports.
-//
-//    If you wish to compile this source file using cl.exe, then:
-//      cl.exe /DNDEBUG /Oi /Oy /O2 /Zi /TP /GR /EHsc /MT dump2def.cxx
-//
-//    The intended workflow in Crypto++ is:
-//
-//      1. Open a Developer Prompt
-//      2. CD to cryptopp/ directory
-//      3. nmake /f cryptest.nmake cryptopp.dll
-//
-//    The cryptopp.dll recipe first builds cryptlib.lib. Then it calls
-//    dumpbin.exe to export all symbols from cryptlib.lib and writes them
-//    to cryptopp.dump. The recipe then calls dump2def.exe to create a
-//    module definition file. Finally, the recipe builds cryptopp.dll
-//    using the module definition file cryptopp.def. The linker creates
-//    the import lib cryptopp.lib and export cryptopp.exp automatically.
-//
-//    This is only "half the problem solved" for those who wish to use
-//    a DLL. The program must import the import lib cryptopp.lib. Then
-//    the program must ensure the library headers export the symbol or
-//    class with CRYPTOPP_DLL. CRYPTOPP_DLL is only present on some classes
-//    because the FIPS module only allowed approved algorithms like AES and
-//    SHA. Other classes like Base64Encoder and HexEncoder lack CRYPTOPP_DLL.
-//
-//    CRYPTOPP_DLL simply adds declspec(dllimport) when CRYPTOPP_IMPORTS is
-//    defined. The limitation of requiring declspec(dllimport) is imposed by
-//    Microsoft. Microsoft does not allow a program to "import everything".
-//
-//    If you would like to read more about the FIPS module and the pain it
-//    causes then see https://www.cryptopp.com/wiki/FIPS_DLL. In fact we
-//    recommend you delete the CryptDll and DllTest projects from the
-//    Visual Studio solution file.
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-// Friendly name
-#define LIBRARY_DESC "Crypto++ Library"
-typedef std::set SymbolMap;
-
-const int ErrorSuccess = 0;
-const int ErrorDumpExtension = 1;
-const int ErrorTooFewOpts = 2;
-const int ErrorTooManyOpts = 3;
-const int ErrorOpenInputFailed = 4;
-const int ErrorOpenOutputFailed = 5;
-const int ErrorReadException = 6;
-const int ErrorWriteException = 7;
-
-void PrintHelpAndExit(int code)
-{
-    std::cout << "dump2def - create a module definitions file from a dumpbin file" << std::endl;
-    std::cout << "           Written and placed in public domain by Jeffrey Walton" << std::endl;
-    std::cout << std::endl;
-
-    switch (code)
-    {
-        case ErrorDumpExtension:
-            std::cout << "Error: input file is missing \".dump\" extension.\n" << std::endl;
-            break;
-        case ErrorTooFewOpts:
-            std::cout << "Error: Too few options were supplied.\n" << std::endl;
-            break;
-        case ErrorTooManyOpts:
-            std::cout << "Error: Too many options were supplied.\n" << std::endl;
-            break;
-        case ErrorOpenInputFailed:
-            std::cout << "Error: Failed to open input file.\n" << std::endl;
-            break;
-        case ErrorOpenOutputFailed:
-            std::cout << "Error: Failed to open output file.\n" << std::endl;
-            break;
-        default:
-            ;;
-    }
-
-    std::cout << "Usage: " << std::endl;
-
-    std::cout << "  dump2def " << std::endl;
-    std::cout << "    - Create a def file from  and write it to a file with" << std::endl;
-    std::cout << "      the same name as  but using the .def extension" << std::endl;
-
-    std::cout << "  dump2def  " << std::endl;
-    std::cout << "    - Create a def file from  and write it to " << std::endl;
-
-    std::exit((code == ErrorSuccess ? 0 : 1));
-}
-
-int main(int argc, char* argv[])
-{
-    // ******************** Handle Options ******************** //
-
-    // Convenience item
-    std::vector opts;
-    for (size_t i=0; i 1 ? opts[1].substr(0,2) : "");
-    if (opt == "/h" || opt == "-h" || opt == "/?" || opt == "-?")
-        PrintHelpAndExit(ErrorSuccess);
-
-    // Add  as needed
-    if (opts.size() == 2)
-    {
-        std::string outfile = opts[1];
-        std::string::size_type pos = outfile.length() < 5 ? std::string::npos : outfile.length() - 5;
-        if (pos == std::string::npos || outfile.substr(pos) != ".dump")
-            PrintHelpAndExit(ErrorDumpExtension);
-
-        outfile.replace(pos, 5, ".def");
-        opts.push_back(outfile);
-    }
-
-    // Check or exit
-    if (opts.size() < 2)
-        PrintHelpAndExit(ErrorTooFewOpts);
-    if (opts.size() > 3)
-        PrintHelpAndExit(ErrorTooManyOpts);
-
-    // ******************** Read MAP file ******************** //
-
-    SymbolMap symbols;
-
-    try
-    {
-        std::ifstream infile(opts[1].c_str());
-
-        if (infile.is_open() == false)
-            PrintHelpAndExit(ErrorOpenInputFailed);
-
-        std::string::size_type pos;
-        std::string line;
-
-        // Find start of the symbol table
-        while (std::getline(infile, line))
-        {
-            pos = line.find("public symbols");
-            if (pos == std::string::npos) { continue; }
-
-            // Eat the whitespace after the table heading
-            infile >> std::ws;
-            break;
-        }
-
-        while (std::getline(infile, line))
-        {
-            // End of table
-            if (line.empty()) { break; }
-
-            std::istringstream iss(line);
-            std::string address, symbol;
-            iss >> address >> symbol;
-
-            symbols.insert(symbol);
-        }
-    }
-    catch (const std::exception& ex)
-    {
-        std::cerr << "Unexpected exception:" << std::endl;
-        std::cerr << ex.what() << std::endl;
-        std::cerr << std::endl;
-
-        PrintHelpAndExit(ErrorReadException);
-    }
-
-    // ******************** Write DEF file ******************** //
-
-    try
-    {
-        std::ofstream outfile(opts[2].c_str());
-
-        if (outfile.is_open() == false)
-            PrintHelpAndExit(ErrorOpenOutputFailed);
-
-        // Library name, cryptopp.dll
-        std::string name = opts[2];
-        std::string::size_type pos = name.find_last_of(".");
-
-        if (pos != std::string::npos)
-            name.erase(pos);
-
-        outfile << "LIBRARY " << name << std::endl;
-        outfile << "DESCRIPTION \"" << LIBRARY_DESC << "\"" << std::endl;
-        outfile << "EXPORTS" << std::endl;
-        outfile << std::endl;
-
-        outfile << "\t;; " << symbols.size() << " symbols" << std::endl;
-
-        // Symbols from our object files
-        SymbolMap::const_iterator it = symbols.begin();
-        for ( ; it != symbols.end(); ++it)
-            outfile << "\t" << *it << std::endl;
-    }
-    catch (const std::exception& ex)
-    {
-        std::cerr << "Unexpected exception:" << std::endl;
-        std::cerr << ex.what() << std::endl;
-        std::cerr << std::endl;
-
-        PrintHelpAndExit(ErrorWriteException);
-    }
-
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_32bit.cpp libcrypto++-8.6.0/TestPrograms/test_32bit.cpp
--- libcrypto++-8.4.0/TestPrograms/test_32bit.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_32bit.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,7 @@
+#include 
+int main(int argc, char* argv[])
+{
+    enum {N = (sizeof(std::size_t) == 4 ? 4 : -1)};
+    int x[N];
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_32bit.cxx libcrypto++-8.6.0/TestPrograms/test_32bit.cxx
--- libcrypto++-8.4.0/TestPrograms/test_32bit.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_32bit.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,7 +0,0 @@
-#include 
-int main(int argc, char* argv[])
-{
-    enum {N = (sizeof(std::size_t) == 4 ? 4 : -1)};
-    int x[N];
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_64bit.cpp libcrypto++-8.6.0/TestPrograms/test_64bit.cpp
--- libcrypto++-8.4.0/TestPrograms/test_64bit.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_64bit.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,7 @@
+#include 
+int main(int argc, char* argv[])
+{
+    enum {N = (sizeof(std::size_t) == 8 ? 8 : -1)};
+    int x[N];
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_64bit.cxx libcrypto++-8.6.0/TestPrograms/test_64bit.cxx
--- libcrypto++-8.4.0/TestPrograms/test_64bit.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_64bit.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,7 +0,0 @@
-#include 
-int main(int argc, char* argv[])
-{
-    enum {N = (sizeof(std::size_t) == 8 ? 8 : -1)};
-    int x[N];
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_acle_header.cpp libcrypto++-8.6.0/TestPrograms/test_arm_acle_header.cpp
--- libcrypto++-8.4.0/TestPrograms/test_arm_acle_header.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_acle_header.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,6 @@
+#include 
+
+int main(int argc, char* argv[])
+{
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_acle_header.cxx libcrypto++-8.6.0/TestPrograms/test_arm_acle_header.cxx
--- libcrypto++-8.4.0/TestPrograms/test_arm_acle_header.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_acle_header.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,6 +0,0 @@
-#include 
-
-int main(int argc, char* argv[])
-{
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_aes.cpp libcrypto++-8.6.0/TestPrograms/test_arm_aes.cpp
--- libcrypto++-8.4.0/TestPrograms/test_arm_aes.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_aes.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,14 @@
+#include 
+#ifdef CRYPTOPP_ARM_NEON_HEADER
+# include 
+#endif
+
+int main(int argc, char* argv[])
+{
+    uint8x16_t x={0};
+    x=vaeseq_u8(x,x);
+    x=vaesmcq_u8(x);
+    x=vaesdq_u8(x,x);
+    x=vaesimcq_u8(x);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_aes.cxx libcrypto++-8.6.0/TestPrograms/test_arm_aes.cxx
--- libcrypto++-8.4.0/TestPrograms/test_arm_aes.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_aes.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,17 +0,0 @@
-#include 
-#ifdef CRYPTOPP_ARM_NEON_HEADER
-# include 
-#endif
-#ifdef CRYPTOPP_ARM_ACLE_HEADER
-# include 
-#endif
-
-int main(int argc, char* argv[])
-{
-    uint8x16_t x={0};
-    x=vaeseq_u8(x,x);
-    x=vaesmcq_u8(x);
-    x=vaesdq_u8(x,x);
-    x=vaesimcq_u8(x);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_asimd.cpp libcrypto++-8.6.0/TestPrograms/test_arm_asimd.cpp
--- libcrypto++-8.4.0/TestPrograms/test_arm_asimd.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_asimd.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,11 @@
+#include 
+#ifdef CRYPTOPP_ARM_NEON_HEADER
+# include 
+#endif
+
+int main(int argc, char* argv[])
+{
+    uint32x4_t x={0};
+    x=veorq_u32(x,x);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_asimd.cxx libcrypto++-8.6.0/TestPrograms/test_arm_asimd.cxx
--- libcrypto++-8.4.0/TestPrograms/test_arm_asimd.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_asimd.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,14 +0,0 @@
-#include 
-#ifdef CRYPTOPP_ARM_NEON_HEADER
-# include 
-#endif
-#ifdef CRYPTOPP_ARM_ACLE_HEADER
-# include 
-#endif
-
-int main(int argc, char* argv[])
-{
-    uint32x4_t x={0};
-    x=veorq_u32(x,x);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_crc.cpp libcrypto++-8.6.0/TestPrograms/test_arm_crc.cpp
--- libcrypto++-8.4.0/TestPrograms/test_arm_crc.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_crc.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,23 @@
+#include 
+#ifdef CRYPTOPP_ARM_NEON_HEADER
+# include 
+#endif
+#if (CRYPTOPP_ARM_ACLE_HEADER)
+# include 
+# include 
+#endif
+
+// Keep sync'd with arm_simd.h
+#include "../arm_simd.h"
+
+int main(int argc, char* argv[])
+{
+    uint32_t w=0xffffffff;
+
+    w = CRC32B(w,w);
+    w = CRC32W(w,w);
+    w = CRC32CB(w,w);
+    w = CRC32CW(w,w);
+
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_crc.cxx libcrypto++-8.6.0/TestPrograms/test_arm_crc.cxx
--- libcrypto++-8.4.0/TestPrograms/test_arm_crc.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_crc.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,21 +0,0 @@
-#include 
-#ifdef CRYPTOPP_ARM_NEON_HEADER
-# include 
-#endif
-#ifdef CRYPTOPP_ARM_ACLE_HEADER
-# include 
-#endif
-
-int main(int argc, char* argv[])
-{
-    uint32_t w=0xffffffff;
-
-    w = __crc32w(w,w);
-    w = __crc32h(w,w);
-    w = __crc32b(w,w);
-    w = __crc32cw(w,w);
-    w = __crc32ch(w,w);
-    w = __crc32cb(w,w);
-
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_neon.cpp libcrypto++-8.6.0/TestPrograms/test_arm_neon.cpp
--- libcrypto++-8.4.0/TestPrograms/test_arm_neon.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_neon.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,11 @@
+#include 
+#ifdef CRYPTOPP_ARM_NEON_HEADER
+# include 
+#endif
+
+int main(int argc, char* argv[])
+{
+    uint32x4_t x={0};
+    x=veorq_u32(x,x);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_neon.cxx libcrypto++-8.6.0/TestPrograms/test_arm_neon.cxx
--- libcrypto++-8.4.0/TestPrograms/test_arm_neon.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_neon.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,11 +0,0 @@
-#include 
-#ifdef CRYPTOPP_ARM_NEON_HEADER
-# include 
-#endif
-
-int main(int argc, char* argv[])
-{
-    uint32x4_t x={0};
-    x=veorq_u32(x,x);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_neon_header.cpp libcrypto++-8.6.0/TestPrograms/test_arm_neon_header.cpp
--- libcrypto++-8.4.0/TestPrograms/test_arm_neon_header.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_neon_header.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,6 @@
+#include 
+
+int main(int argc, char* argv[])
+{
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_neon_header.cxx libcrypto++-8.6.0/TestPrograms/test_arm_neon_header.cxx
--- libcrypto++-8.4.0/TestPrograms/test_arm_neon_header.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_neon_header.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,6 +0,0 @@
-#include 
-
-int main(int argc, char* argv[])
-{
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_pmull.cpp libcrypto++-8.6.0/TestPrograms/test_arm_pmull.cpp
--- libcrypto++-8.4.0/TestPrograms/test_arm_pmull.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_pmull.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,26 @@
+#include 
+#ifdef CRYPTOPP_ARM_NEON_HEADER
+# include 
+#endif
+
+// Keep sync'd with arm_simd.h
+#include "../arm_simd.h"
+
+int main(int argc, char* argv[])
+{
+    // Linaro is missing a lot of pmull gear. Also see http://github.com/weidai11/cryptopp/issues/233.
+    const uint64_t wa1[]={0,0x9090909090909090}, wb1[]={0,0xb0b0b0b0b0b0b0b0};
+    const uint64x2_t a1=vld1q_u64(wa1), b1=vld1q_u64(wb1);
+
+    const uint8_t wa2[]={0x80,0x80,0x80,0x80,0x80,0x80,0x80,0x80,
+                         0xa0,0xa0,0xa0,0xa0,0xa0,0xa0,0xa0,0xa0},
+                  wb2[]={0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,
+                         0xe0,0xe0,0xe0,0xe0,0xe0,0xe0,0xe0,0xe0};
+    const uint8x16_t a2=vld1q_u8(wa2), b2=vld1q_u8(wb2);
+
+    const uint64x2_t r1 = PMULL_00(a1, b1);
+    const uint64x2_t r2 = PMULL_11(vreinterpretq_u64_u8(a2),
+                                   vreinterpretq_u64_u8(b2));
+
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_pmull.cxx libcrypto++-8.6.0/TestPrograms/test_arm_pmull.cxx
--- libcrypto++-8.4.0/TestPrograms/test_arm_pmull.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_pmull.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,20 +0,0 @@
-#include 
-#ifdef CRYPTOPP_ARM_NEON_HEADER
-# include 
-#endif
-#ifdef CRYPTOPP_ARM_ACLE_HEADER
-# include 
-#endif
-
-int main(int argc, char* argv[])
-{
-    const poly64_t   a=0x60606060, b=0x90909090, c=0xb0b0b0b0;
-    const poly64x2_t d={0x60606060,0x90909090};
-    const poly8x16_t e={0x80,0x80,0x80,0x80,0x80,0x80,0x80,0x80,
-                        0xa0,0xa0,0xa0,0xa0,0xa0,0xa0,0xa0,0xa0};
-
-    const poly128_t r1 = vmull_p64(a, b);
-    const poly128_t r2 = vmull_high_p64(d, d);
-
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_sha1.cpp libcrypto++-8.6.0/TestPrograms/test_arm_sha1.cpp
--- libcrypto++-8.4.0/TestPrograms/test_arm_sha1.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_sha1.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,13 @@
+#include 
+#ifdef CRYPTOPP_ARM_NEON_HEADER
+# include 
+#endif
+
+int main(int argc, char* argv[])
+{
+    uint32x4_t y = {0};
+    y=vsha1cq_u32(y,0,y);
+    y=vsha1mq_u32(y,1,y);
+    y=vsha1pq_u32(y,2,y);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_sha1.cxx libcrypto++-8.6.0/TestPrograms/test_arm_sha1.cxx
--- libcrypto++-8.4.0/TestPrograms/test_arm_sha1.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_sha1.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,16 +0,0 @@
-#include 
-#ifdef CRYPTOPP_ARM_NEON_HEADER
-# include 
-#endif
-#ifdef CRYPTOPP_ARM_ACLE_HEADER
-# include 
-#endif
-
-int main(int argc, char* argv[])
-{
-    uint32x4_t y = {0};
-    y=vsha1cq_u32(y,0,y);
-    y=vsha1mq_u32(y,1,y);
-    y=vsha1pq_u32(y,2,y);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_sha256.cpp libcrypto++-8.6.0/TestPrograms/test_arm_sha256.cpp
--- libcrypto++-8.4.0/TestPrograms/test_arm_sha256.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_sha256.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,13 @@
+#include 
+#ifdef CRYPTOPP_ARM_NEON_HEADER
+# include 
+#endif
+
+int main(int argc, char* argv[])
+{
+    uint32x4_t y = {0};
+    y=vsha256hq_u32(y, y, y);
+    y=vsha256h2q_u32(y, y, y);
+    y=vsha256su1q_u32(y, y, y);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_sha256.cxx libcrypto++-8.6.0/TestPrograms/test_arm_sha256.cxx
--- libcrypto++-8.4.0/TestPrograms/test_arm_sha256.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_sha256.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,16 +0,0 @@
-#include 
-#ifdef CRYPTOPP_ARM_NEON_HEADER
-# include 
-#endif
-#ifdef CRYPTOPP_ARM_ACLE_HEADER
-# include 
-#endif
-
-int main(int argc, char* argv[])
-{
-    uint32x4_t y = {0};
-    y=vsha256hq_u32(y, y, y);
-    y=vsha256h2q_u32(y, y, y);
-    y=vsha256su1q_u32(y, y, y);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_sha3.cpp libcrypto++-8.6.0/TestPrograms/test_arm_sha3.cpp
--- libcrypto++-8.4.0/TestPrograms/test_arm_sha3.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_sha3.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,19 @@
+#include 
+#ifdef CRYPTOPP_ARM_NEON_HEADER
+# include 
+#endif
+
+// Keep sync'd with arm_simd.h
+#include "../arm_simd.h"
+
+int main(int argc, char* argv[])
+{
+    // SHA3 intrinsics are merely ARMv8.2 instructions.
+    // https://developer.arm.com/architectures/instruction-sets/simd-isas/neon/intrinsics
+    uint32x4_t x={0}, y={1}, z={2};
+    x=VEOR3(x,y,z);
+    x=VXAR(y,z,6);
+    x=VRAX1(y,z);
+
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_sha3.cxx libcrypto++-8.6.0/TestPrograms/test_arm_sha3.cxx
--- libcrypto++-8.4.0/TestPrograms/test_arm_sha3.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_sha3.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,27 +0,0 @@
-#include 
-#ifdef CRYPTOPP_ARM_NEON_HEADER
-# include 
-#endif
-#ifdef CRYPTOPP_ARM_ACLE_HEADER
-# include 
-#endif
-
-int main(int argc, char* argv[])
-{
-    // SM4 block cipher
-    uint32x4_t x;
-    x=vsm4ekeyq_u32(x,x);
-    x=vsm4eq_u32(x,x);
-
-    // SM3 hash
-    uint32x4_t y;
-    y=vsm3ss1q_u32(x,y,y);
-    y=vsm3tt1aq_u32(x,y,y,3);
-    y=vsm3tt1bq_u32(x,y,y,1);
-    y=vsm3tt2aq_u32(x,y,y,2);
-    y=vsm3tt2bq_u32(x,y,y,3);
-    y=vsm3partw1q_u32(x,y,y);
-    y=vsm3partw2q_u32(x,y,y);
-
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_sha512.cpp libcrypto++-8.6.0/TestPrograms/test_arm_sha512.cpp
--- libcrypto++-8.4.0/TestPrograms/test_arm_sha512.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_sha512.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,17 @@
+#include 
+#ifdef CRYPTOPP_ARM_NEON_HEADER
+# include 
+#endif
+
+int main(int argc, char* argv[])
+{
+    // SHA512 hash
+    // https://developer.arm.com/architectures/instruction-sets/simd-isas/neon/intrinsics?search=SHA512
+    uint32x4_t w={0}, x={0}, y={0}, z={0};
+    w=vsha512hq_u64(x,y,z);
+    w=vsha512h2q_u64(x,y);
+    w=vsha512su0q_u64(x,y);
+    w=vsha512su1q_u64 (x,y,z);
+
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_sha512.cxx libcrypto++-8.6.0/TestPrograms/test_arm_sha512.cxx
--- libcrypto++-8.4.0/TestPrograms/test_arm_sha512.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_sha512.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,27 +0,0 @@
-#include 
-#ifdef CRYPTOPP_ARM_NEON_HEADER
-# include 
-#endif
-#ifdef CRYPTOPP_ARM_ACLE_HEADER
-# include 
-#endif
-
-int main(int argc, char* argv[])
-{
-    // SM4 block cipher
-    uint32x4_t x;
-    x=vsm4ekeyq_u32(x,x);
-    x=vsm4eq_u32(x,x);
-
-    // SM3 hash
-    uint32x4_t y;
-    y=vsm3ss1q_u32(x,y,y);
-    y=vsm3tt1aq_u32(x,y,y,3);
-    y=vsm3tt1bq_u32(x,y,y,1);
-    y=vsm3tt2aq_u32(x,y,y,2);
-    y=vsm3tt2bq_u32(x,y,y,3);
-    y=vsm3partw1q_u32(x,y,y);
-    y=vsm3partw2q_u32(x,y,y);
-
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_sm3.cpp libcrypto++-8.6.0/TestPrograms/test_arm_sm3.cpp
--- libcrypto++-8.4.0/TestPrograms/test_arm_sm3.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_sm3.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,19 @@
+#include 
+#ifdef CRYPTOPP_ARM_NEON_HEADER
+# include 
+#endif
+
+int main(int argc, char* argv[])
+{
+    // SM3 hash
+    // https://developer.arm.com/architectures/instruction-sets/simd-isas/neon/intrinsics?search=SM3
+    uint32x4_t y;
+    y=vsm3ss1q_u32(x,y,y);
+    y=vsm3tt1aq_u32(x,y,y,3);
+    y=vsm3tt1bq_u32(x,y,y,1);
+    y=vsm3tt2aq_u32(x,y,y,2);
+    y=vsm3tt2bq_u32(x,y,y,3);
+    y=vsm3partw1q_u32(x,y,y);
+    y=vsm3partw2q_u32(x,y,y);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_sm3.cxx libcrypto++-8.6.0/TestPrograms/test_arm_sm3.cxx
--- libcrypto++-8.4.0/TestPrograms/test_arm_sm3.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_sm3.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,21 +0,0 @@
-#include 
-#ifdef CRYPTOPP_ARM_NEON_HEADER
-# include 
-#endif
-#ifdef CRYPTOPP_ARM_ACLE_HEADER
-# include 
-#endif
-
-int main(int argc, char* argv[])
-{
-    // SM3 hash
-    uint32x4_t y;
-    y=vsm3ss1q_u32(x,y,y);
-    y=vsm3tt1aq_u32(x,y,y,3);
-    y=vsm3tt1bq_u32(x,y,y,1);
-    y=vsm3tt2aq_u32(x,y,y,2);
-    y=vsm3tt2bq_u32(x,y,y,3);
-    y=vsm3partw1q_u32(x,y,y);
-    y=vsm3partw2q_u32(x,y,y);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_sm4.cpp libcrypto++-8.6.0/TestPrograms/test_arm_sm4.cpp
--- libcrypto++-8.4.0/TestPrograms/test_arm_sm4.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_sm4.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,15 @@
+#include 
+#ifdef CRYPTOPP_ARM_NEON_HEADER
+# include 
+#endif
+
+int main(int argc, char* argv[])
+{
+    // SM4 block cipher
+    // https://developer.arm.com/architectures/instruction-sets/simd-isas/neon/intrinsics?search=SM4
+    uint32x4_t x, y={1}, z={2};
+    x=vsm4ekeyq_u32(y,z);
+    x=vsm4eq_u32(y,z);
+
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_arm_sm4.cxx libcrypto++-8.6.0/TestPrograms/test_arm_sm4.cxx
--- libcrypto++-8.4.0/TestPrograms/test_arm_sm4.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_arm_sm4.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,16 +0,0 @@
-#include 
-#ifdef CRYPTOPP_ARM_NEON_HEADER
-# include 
-#endif
-#ifdef CRYPTOPP_ARM_ACLE_HEADER
-# include 
-#endif
-
-int main(int argc, char* argv[])
-{
-    // SM4 block cipher
-    uint32x4_t x;
-    x=vsm4ekeyq_u32(x,x);
-    x=vsm4eq_u32(x,x);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_asm_mixed.cpp libcrypto++-8.6.0/TestPrograms/test_asm_mixed.cpp
--- libcrypto++-8.4.0/TestPrograms/test_asm_mixed.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_asm_mixed.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,31 @@
+// Most Clang cannot handle mixed asm with positional arguments, where the
+// body is Intel style with no prefix and the templates are AT&T style.
+// Also see https://bugs.llvm.org/show_bug.cgi?id=39895 .
+#include 
+int main(int argc, char* argv[])
+{
+    size_t ret = 1, N = 1;
+    asm __volatile__
+    (
+#if defined(__amd64__) || defined(__x86_64__)
+        ".intel_syntax   noprefix ;\n"
+        "xor rsi, rsi    ;\n"
+        "neg %1          ;\n"
+        "inc %1          ;\n"
+        "push %1         ;\n"
+        "pop rax         ;\n"
+        ".att_syntax     prefix ;\n"
+        : "=a" (ret) : "c" (N) : "%rsi"
+#else
+        ".intel_syntax   noprefix ;\n"
+        "xor esi, esi    ;\n"
+        "neg %1          ;\n"
+        "inc %1          ;\n"
+        "push %1         ;\n"
+        "pop eax         ;\n"
+        ".att_syntax     prefix ;\n"
+        : "=a" (ret) : "c" (N) : "%esi"
+#endif
+    );
+    return (int)ret;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_asm_mixed.cxx libcrypto++-8.6.0/TestPrograms/test_asm_mixed.cxx
--- libcrypto++-8.4.0/TestPrograms/test_asm_mixed.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_asm_mixed.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,31 +0,0 @@
-// Most Clang cannot handle mixed asm with positional arguments, where the
-// body is Intel style with no prefix and the templates are AT&T style.
-// Also see https://bugs.llvm.org/show_bug.cgi?id=39895 .
-#include 
-int main(int argc, char* argv[])
-{
-    size_t ret = 1, N = 1;
-    asm __volatile__
-    (
-#if defined(__amd64__) || defined(__x86_64__)
-        ".intel_syntax   noprefix ;\n"
-        "xor rsi, rsi    ;\n"
-        "neg %1          ;\n"
-        "inc %1          ;\n"
-        "push %1         ;\n"
-        "pop rax         ;\n"
-        ".att_syntax     prefix ;\n"
-        : "=a" (ret) : "c" (N) : "%rsi"
-#else
-        ".intel_syntax   noprefix ;\n"
-        "xor esi, esi    ;\n"
-        "neg %1          ;\n"
-        "inc %1          ;\n"
-        "push %1         ;\n"
-        "pop eax         ;\n"
-        ".att_syntax     prefix ;\n"
-        : "=a" (ret) : "c" (N) : "%esi"
-#endif
-    );
-    return (int)ret;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_alignas.cpp libcrypto++-8.6.0/TestPrograms/test_cxx11_alignas.cpp
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_alignas.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_alignas.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,5 @@
+int main(int argc, char* argv[])
+{
+    alignas(8) unsigned char x[16];
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_alignas.cxx libcrypto++-8.6.0/TestPrograms/test_cxx11_alignas.cxx
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_alignas.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_alignas.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,5 +0,0 @@
-int main(int argc, char* argv[])
-{
-    alignas(8) unsigned char x[16];
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_alignof.cpp libcrypto++-8.6.0/TestPrograms/test_cxx11_alignof.cpp
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_alignof.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_alignof.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,6 @@
+#include 
+int main (int argc, char* argv[])
+{
+    std::size_t n = alignof(int);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_alignof.cxx libcrypto++-8.6.0/TestPrograms/test_cxx11_alignof.cxx
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_alignof.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_alignof.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,6 +0,0 @@
-#include 
-int main (int argc, char* argv[])
-{
-    std::size_t n = alignof(int);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_assert.cpp libcrypto++-8.6.0/TestPrograms/test_cxx11_assert.cpp
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_assert.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_assert.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,10 @@
+// https://en.cppreference.com/w/cpp/feature_test
+int main(int argc, char* argv[])
+{
+#if __cpp_static_assert >= 200410L
+    int x[1];
+#else
+    int x[-1];
+#endif
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_assert.cxx libcrypto++-8.6.0/TestPrograms/test_cxx11_assert.cxx
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_assert.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_assert.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,10 +0,0 @@
-// https://en.cppreference.com/w/cpp/feature_test
-int main(int argc, char* argv[])
-{
-#if __cpp_static_assert >= 200410L
-    int x[1];
-#else
-    int x[-1];
-#endif
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_atomic.cpp libcrypto++-8.6.0/TestPrograms/test_cxx11_atomic.cpp
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_atomic.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_atomic.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,7 @@
+#include 
+int main(int argc, char* argv[])
+{
+    std::atomic_flag f = ATOMIC_FLAG_INIT;
+    std::atomic g (false);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_atomic.cxx libcrypto++-8.6.0/TestPrograms/test_cxx11_atomic.cxx
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_atomic.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_atomic.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,7 +0,0 @@
-#include 
-int main(int argc, char* argv[])
-{
-    std::atomic_flag f = ATOMIC_FLAG_INIT;
-    std::atomic g (false);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_auto.cpp libcrypto++-8.6.0/TestPrograms/test_cxx11_auto.cpp
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_auto.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_auto.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,5 @@
+int main(int argc, char* argv[])
+{
+    auto a = 1 + 2;
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_auto.cxx libcrypto++-8.6.0/TestPrograms/test_cxx11_auto.cxx
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_auto.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_auto.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,5 +0,0 @@
-int main(int argc, char* argv[])
-{
-    auto a = 1 + 2;
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_constexpr.cpp libcrypto++-8.6.0/TestPrograms/test_cxx11_constexpr.cpp
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_constexpr.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_constexpr.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,10 @@
+constexpr int fact(int n)
+{
+    return n <= 1 ? 1 : (n * fact(n - 1));
+}
+
+int main(int argc, char* argv[])
+{
+    fact(4);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_constexpr.cxx libcrypto++-8.6.0/TestPrograms/test_cxx11_constexpr.cxx
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_constexpr.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_constexpr.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,10 +0,0 @@
-constexpr int fact(int n)
-{
-    return n <= 1 ? 1 : (n * fact(n - 1));
-}
-
-int main(int argc, char* argv[])
-{
-    fact(4);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11.cpp libcrypto++-8.6.0/TestPrograms/test_cxx11.cpp
--- libcrypto++-8.4.0/TestPrograms/test_cxx11.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,11 @@
+// Real C++11 libraries provide 
+#include 
+int main(int argc, char* argv[])
+{
+#if __cplusplus >= 201103L
+    std::forward_list x;
+#else
+    int x[-1];
+#endif
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11.cxx libcrypto++-8.6.0/TestPrograms/test_cxx11.cxx
--- libcrypto++-8.4.0/TestPrograms/test_cxx11.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,11 +0,0 @@
-// Real C++11 libraries provide 
-#include 
-int main(int argc, char* argv[])
-{
-#if __cplusplus >= 201103L
-    std::forward_list x;
-#else
-    int x[-1];
-#endif
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_deletefn.cpp libcrypto++-8.6.0/TestPrograms/test_cxx11_deletefn.cpp
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_deletefn.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_deletefn.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,10 @@
+struct S {
+    S() = delete;
+    explicit S(int n) { }
+};
+
+int main (int argc, char* rgv[])
+{
+    S s(1);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_deletefn.cxx libcrypto++-8.6.0/TestPrograms/test_cxx11_deletefn.cxx
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_deletefn.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_deletefn.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,10 +0,0 @@
-struct S {
-    S() = delete;
-    explicit S(int n) { }
-};
-
-int main (int argc, char* rgv[])
-{
-    S s(1);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_enumtype.cpp libcrypto++-8.6.0/TestPrograms/test_cxx11_enumtype.cpp
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_enumtype.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_enumtype.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,7 @@
+#include 
+int main(int argc, char* argv[])
+{
+    enum Size : std::size_t { Zero=0, One=1, Two=2 };
+    Size s(Size::Zero);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_enumtype.cxx libcrypto++-8.6.0/TestPrograms/test_cxx11_enumtype.cxx
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_enumtype.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_enumtype.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,7 +0,0 @@
-#include 
-int main(int argc, char* argv[])
-{
-    enum Size : std::size_t { Zero=0, One=1, Two=2 };
-    Size s(Size::Zero);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_initializer.cpp libcrypto++-8.6.0/TestPrograms/test_cxx11_initializer.cpp
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_initializer.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_initializer.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,6 @@
+#include 
+int main(int argc, char* argv[])
+{
+    std::vector v{0,1,2,3,4};
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_initializer.cxx libcrypto++-8.6.0/TestPrograms/test_cxx11_initializer.cxx
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_initializer.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_initializer.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,6 +0,0 @@
-#include 
-int main(int argc, char* argv[])
-{
-    std::vector v{0,1,2,3,4};
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_lambda.cpp libcrypto++-8.6.0/TestPrograms/test_cxx11_lambda.cpp
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_lambda.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_lambda.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,10 @@
+// https://en.cppreference.com/w/cpp/feature_test
+int main(int argc, char* argv[])
+{
+#if __cpp_lambdas >= 200907L
+    int x[1];
+#else
+    int x[-1];
+#endif
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_lambda.cxx libcrypto++-8.6.0/TestPrograms/test_cxx11_lambda.cxx
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_lambda.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_lambda.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,10 +0,0 @@
-// https://en.cppreference.com/w/cpp/feature_test
-int main(int argc, char* argv[])
-{
-#if __cpp_lambdas >= 200907L
-    int x[1];
-#else
-    int x[-1];
-#endif
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_noexcept.cpp libcrypto++-8.6.0/TestPrograms/test_cxx11_noexcept.cpp
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_noexcept.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_noexcept.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,29 @@
+#if defined(__GNUC__)
+# define GNUC_VERSION (__GNUC__*1000 + __GNUC_MINOR__*10)
+#endif
+
+#if defined(__clang__) && defined(__apple_build_version__)
+# undef GNUC_VERSION
+# define APPLE_VERSION (__clang_major__*1000 + __clang_minor__*10)
+#elif defined(__clang__)
+# undef GNUC_VERSION
+# define LLVM_VERSION (__clang_major__*1000 + __clang_minor__*10)
+#endif
+
+#if (GNUC_VERSION >= 7030)
+# pragma GCC diagnostic ignored "-Wterminate"
+#endif
+
+#include 
+
+void f(int n) noexcept(false)
+{
+    if (n > 2)
+        throw std::runtime_error("Oops");
+}
+
+int main(int argc, char* argv[])
+{
+    f(argc);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_noexcept.cxx libcrypto++-8.6.0/TestPrograms/test_cxx11_noexcept.cxx
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_noexcept.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_noexcept.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,29 +0,0 @@
-#if defined(__GNUC__)
-# define GNUC_VERSION (__GNUC__*1000 + __GNUC_MINOR__*10)
-#endif
-
-#if defined(__clang__) && defined(__apple_build_version__)
-# undef GNUC_VERSION
-# define APPLE_VERSION (__clang_major__*1000 + __clang_minor__*10)
-#elif defined(__clang__)
-# undef GNUC_VERSION
-# define LLVM_VERSION (__clang_major__*1000 + __clang_minor__*10)
-#endif
-
-#if (GNUC_VERSION >= 7030)
-# pragma GCC diagnostic ignored "-Wterminate"
-#endif
-
-#include 
-
-void f(int n) noexcept(false)
-{
-    if (n > 2)
-        throw std::runtime_error("Oops");
-}
-
-int main(int argc, char* argv[])
-{
-    f(argc);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_nullptr.cpp libcrypto++-8.6.0/TestPrograms/test_cxx11_nullptr.cpp
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_nullptr.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_nullptr.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,6 @@
+#include 
+int main(int argc, char* argv[])
+{
+    int* p = nullptr;
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_nullptr.cxx libcrypto++-8.6.0/TestPrograms/test_cxx11_nullptr.cxx
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_nullptr.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_nullptr.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,6 +0,0 @@
-#include 
-int main(int argc, char* argv[])
-{
-    int* p = nullptr;
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_staticinit.cpp libcrypto++-8.6.0/TestPrograms/test_cxx11_staticinit.cpp
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_staticinit.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_staticinit.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,11 @@
+// https://en.cppreference.com/w/cpp/feature_test
+// Apple bug https://bugs.llvm.org/show_bug.cgi?id=47012.
+int main(int argc, char* argv[])
+{
+#if __cpp_threadsafe_static_init >= 200806L
+    int x[1];
+#else
+    int x[-1];
+#endif
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_staticinit.cxx libcrypto++-8.6.0/TestPrograms/test_cxx11_staticinit.cxx
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_staticinit.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_staticinit.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,11 +0,0 @@
-// https://en.cppreference.com/w/cpp/feature_test
-// Apple bug https://bugs.llvm.org/show_bug.cgi?id=47012.
-int main(int argc, char* argv[])
-{
-#if __cpp_threadsafe_static_init >= 200806L
-    int x[1];
-#else
-    int x[-1];
-#endif
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_sync.cpp libcrypto++-8.6.0/TestPrograms/test_cxx11_sync.cpp
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_sync.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_sync.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,7 @@
+#include 
+int main(int argc, char* argv[])
+{
+    std::mutex m;
+    std::lock_guard l(m);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_sync.cxx libcrypto++-8.6.0/TestPrograms/test_cxx11_sync.cxx
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_sync.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_sync.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,7 +0,0 @@
-#include 
-int main(int argc, char* argv[])
-{
-    std::mutex m;
-    std::lock_guard l(m);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_vartemplates.cpp libcrypto++-8.6.0/TestPrograms/test_cxx11_vartemplates.cpp
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_vartemplates.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_vartemplates.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,9 @@
+int main(int argc, char* argv[])
+{
+#if __cpp_variadic_templates >= 200704L
+    int x[1];
+#else
+    int x[-1];
+#endif
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx11_vartemplates.cxx libcrypto++-8.6.0/TestPrograms/test_cxx11_vartemplates.cxx
--- libcrypto++-8.4.0/TestPrograms/test_cxx11_vartemplates.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx11_vartemplates.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,9 +0,0 @@
-int main(int argc, char* argv[])
-{
-#if __cpp_variadic_templates >= 200704L
-    int x[1];
-#else
-    int x[-1];
-#endif
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx14.cpp libcrypto++-8.6.0/TestPrograms/test_cxx14.cpp
--- libcrypto++-8.4.0/TestPrograms/test_cxx14.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx14.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,9 @@
+int main(int argc, char* argv[])
+{
+#if __cplusplus >= 201402L
+    int x[1];
+#else
+    int x[-1];
+#endif
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx14.cxx libcrypto++-8.6.0/TestPrograms/test_cxx14.cxx
--- libcrypto++-8.4.0/TestPrograms/test_cxx14.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx14.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,9 +0,0 @@
-int main(int argc, char* argv[])
-{
-#if __cplusplus >= 201402L
-    int x[1];
-#else
-    int x[-1];
-#endif
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx17_assert.cpp libcrypto++-8.6.0/TestPrograms/test_cxx17_assert.cpp
--- libcrypto++-8.4.0/TestPrograms/test_cxx17_assert.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx17_assert.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,10 @@
+// https://en.cppreference.com/w/cpp/feature_test
+int main(int argc, char* argv[])
+{
+#if __cpp_static_assert >= 201411L
+    int x[1];
+#else
+    int x[-1];
+#endif
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx17_assert.cxx libcrypto++-8.6.0/TestPrograms/test_cxx17_assert.cxx
--- libcrypto++-8.4.0/TestPrograms/test_cxx17_assert.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx17_assert.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,10 +0,0 @@
-// https://en.cppreference.com/w/cpp/feature_test
-int main(int argc, char* argv[])
-{
-#if __cpp_static_assert >= 201411L
-    int x[1];
-#else
-    int x[-1];
-#endif
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx17.cpp libcrypto++-8.6.0/TestPrograms/test_cxx17.cpp
--- libcrypto++-8.4.0/TestPrograms/test_cxx17.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx17.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,9 @@
+int main(int argc, char* argv[])
+{
+#if __cplusplus >= 201703L
+    int x[1];
+#else
+    int x[-1];
+#endif
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx17.cxx libcrypto++-8.6.0/TestPrograms/test_cxx17.cxx
--- libcrypto++-8.4.0/TestPrograms/test_cxx17.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx17.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,9 +0,0 @@
-int main(int argc, char* argv[])
-{
-#if __cplusplus >= 201703L
-    int x[1];
-#else
-    int x[-1];
-#endif
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx17_exceptions.cpp libcrypto++-8.6.0/TestPrograms/test_cxx17_exceptions.cpp
--- libcrypto++-8.4.0/TestPrograms/test_cxx17_exceptions.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx17_exceptions.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,11 @@
+// https://en.cppreference.com/w/cpp/feature_test
+#include 
+int main(int argc, char* argv[])
+{
+#if __cpp_lib_uncaught_exceptions >= 201411L
+    int x = std::uncaught_exceptions();
+#else
+    int x[-1];
+#endif
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx17_exceptions.cxx libcrypto++-8.6.0/TestPrograms/test_cxx17_exceptions.cxx
--- libcrypto++-8.4.0/TestPrograms/test_cxx17_exceptions.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx17_exceptions.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,11 +0,0 @@
-// https://en.cppreference.com/w/cpp/feature_test
-#include 
-int main(int argc, char* argv[])
-{
-#if __cpp_lib_uncaught_exceptions >= 201411L
-    int x = std::uncaught_exceptions();
-#else
-    int x[-1];
-#endif
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx98_exception.cpp libcrypto++-8.6.0/TestPrograms/test_cxx98_exception.cpp
--- libcrypto++-8.4.0/TestPrograms/test_cxx98_exception.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx98_exception.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,12 @@
+#include 
+struct S {
+    S() {}
+    virtual ~S() {
+        bool b = std::uncaught_exception();
+    }
+};
+int main(int argc, char* argv[])
+{
+    S s;
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx98_exception.cxx libcrypto++-8.6.0/TestPrograms/test_cxx98_exception.cxx
--- libcrypto++-8.4.0/TestPrograms/test_cxx98_exception.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx98_exception.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,12 +0,0 @@
-#include 
-struct S {
-    S() {}
-    virtual ~S() {
-        bool b = std::uncaught_exception();
-    }
-};
-int main(int argc, char* argv[])
-{
-    S s;
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx.cpp libcrypto++-8.6.0/TestPrograms/test_cxx.cpp
--- libcrypto++-8.4.0/TestPrograms/test_cxx.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,6 @@
+#include 
+int main(int argc, char* argv[])
+{
+    unsigned int x=0;
+    return x;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_cxx.cxx libcrypto++-8.6.0/TestPrograms/test_cxx.cxx
--- libcrypto++-8.4.0/TestPrograms/test_cxx.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_cxx.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,6 +0,0 @@
-#include 
-int main(int argc, char* argv[])
-{
-    unsigned int x=0;
-    return x;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_glibc.cpp libcrypto++-8.6.0/TestPrograms/test_glibc.cpp
--- libcrypto++-8.4.0/TestPrograms/test_glibc.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_glibc.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,8 @@
+#include 
+int main(int argc, char* argv[])
+{
+#ifndef __GLIBCXX__
+    int x[-1];
+#endif
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_glibc.cxx libcrypto++-8.6.0/TestPrograms/test_glibc.cxx
--- libcrypto++-8.4.0/TestPrograms/test_glibc.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_glibc.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,8 +0,0 @@
-#include 
-int main(int argc, char* argv[])
-{
-#ifndef __GLIBCXX__
-    int x[-1];
-#endif
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_newlib.cpp libcrypto++-8.6.0/TestPrograms/test_newlib.cpp
--- libcrypto++-8.4.0/TestPrograms/test_newlib.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_newlib.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,8 @@
+#include 
+int main(int argc, char* argv[])
+{
+#ifndef __NEWLIB__
+    int x[-1];
+#endif
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_newlib.cxx libcrypto++-8.6.0/TestPrograms/test_newlib.cxx
--- libcrypto++-8.4.0/TestPrograms/test_newlib.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_newlib.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,8 +0,0 @@
-#include 
-int main(int argc, char* argv[])
-{
-#ifndef __NEWLIB__
-    int x[-1];
-#endif
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_ppc_aes.cpp libcrypto++-8.6.0/TestPrograms/test_ppc_aes.cpp
--- libcrypto++-8.4.0/TestPrograms/test_ppc_aes.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_ppc_aes.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,26 @@
+#include 
+int main(int argc, char* argv[])
+{
+#if defined(__ibmxl__) || (defined(_AIX) && defined(__xlC__))
+    __vector unsigned char x = {1,2,3,4,5,6,7,8};
+    x=__vcipher(x,x);
+    x=__vcipherlast(x,x);
+    x=__vncipher(x,x);
+    x=__vncipherlast(x,x);
+#elif defined(__clang__)
+    __vector unsigned long long x = {1,2};
+    x=__builtin_altivec_crypto_vcipher(x,x);
+    x=__builtin_altivec_crypto_vcipherlast(x,x);
+    x=__builtin_altivec_crypto_vncipher(x,x);
+    x=__builtin_altivec_crypto_vncipherlast(x,x);
+#elif defined(__GNUC__)
+    __vector unsigned long long x = {1,2};
+    x=__builtin_crypto_vcipher(x,x);
+    x=__builtin_crypto_vcipherlast(x,x);
+    x=__builtin_crypto_vncipher(x,x);
+    x=__builtin_crypto_vncipherlast(x,x);
+#else
+    int XXX[-1];
+#endif
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_ppc_aes.cxx libcrypto++-8.6.0/TestPrograms/test_ppc_aes.cxx
--- libcrypto++-8.4.0/TestPrograms/test_ppc_aes.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_ppc_aes.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,26 +0,0 @@
-#include 
-int main(int argc, char* argv[])
-{
-#if defined(__ibmxl__) || (defined(_AIX) && defined(__xlC__))
-    __vector unsigned char x = {1,2,3,4,5,6,7,8};
-    x=__vcipher(x,x);
-    x=__vcipherlast(x,x);
-    x=__vncipher(x,x);
-    x=__vncipherlast(x,x);
-#elif defined(__clang__)
-    __vector unsigned long long x = {1,2};
-    x=__builtin_altivec_crypto_vcipher(x,x);
-    x=__builtin_altivec_crypto_vcipherlast(x,x);
-    x=__builtin_altivec_crypto_vncipher(x,x);
-    x=__builtin_altivec_crypto_vncipherlast(x,x);
-#elif defined(__GNUC__)
-    __vector unsigned long long x = {1,2};
-    x=__builtin_crypto_vcipher(x,x);
-    x=__builtin_crypto_vcipherlast(x,x);
-    x=__builtin_crypto_vncipher(x,x);
-    x=__builtin_crypto_vncipherlast(x,x);
-#else
-    int XXX[-1];
-#endif
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_ppc_altivec.cpp libcrypto++-8.6.0/TestPrograms/test_ppc_altivec.cpp
--- libcrypto++-8.4.0/TestPrograms/test_ppc_altivec.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_ppc_altivec.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,13 @@
+#define GNUC_VERSION (__GNUC__*1000 + __GNUC_MAJOR__*10)
+#if (GNUC_VERSION >= 4060) || defined(__clang__)
+# pragma GCC diagnostic ignored "-Wdeprecated"
+#endif
+
+#include 
+int main(int argc, char* argv[])
+{
+    __vector unsigned char x;
+    x=vec_ld(0, (unsigned char*)argv[0]);
+    x=vec_add(x,x);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_ppc_altivec.cxx libcrypto++-8.6.0/TestPrograms/test_ppc_altivec.cxx
--- libcrypto++-8.4.0/TestPrograms/test_ppc_altivec.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_ppc_altivec.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,13 +0,0 @@
-#define GNUC_VERSION (__GNUC__*1000 + __GNUC_MAJOR__*10)
-#if (GNUC_VERSION >= 4060) || defined(__clang__)
-# pragma GCC diagnostic ignored "-Wdeprecated"
-#endif
-
-#include 
-int main(int argc, char* argv[])
-{
-    __vector unsigned char x;
-    x=vec_ld(0, (unsigned char*)argv[0]);
-    x=vec_add(x,x);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_ppc_power7.cpp libcrypto++-8.6.0/TestPrograms/test_ppc_power7.cpp
--- libcrypto++-8.4.0/TestPrograms/test_ppc_power7.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_ppc_power7.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,44 @@
+#if defined(__GNUC__)
+# define GNUC_VERSION (__GNUC__*1000 + __GNUC_MINOR__*10)
+#endif
+
+#if defined(__clang__) && defined(__apple_build_version__)
+# undef GNUC_VERSION
+# define APPLE_VERSION (__clang_major__*1000 + __clang_minor__*10)
+#elif defined(__clang__)
+# undef GNUC_VERSION
+# define LLVM_VERSION (__clang_major__*1000 + __clang_minor__*10)
+#endif
+
+#if (GNUC_VERSION >= 4060) || (LLVM_VERSION >= 1070) || (APPLE_VERSION >= 2000)
+# pragma GCC diagnostic ignored "-Wdeprecated"
+#endif
+
+// XL C++ on AIX does not define VSX and does not
+// provide an option to set it. We have to set it
+// for the code below. This define must stay in
+// sync with the define in test_ppc_power7.cpp.
+#if defined(_AIX) && defined(_ARCH_PWR7) && defined(__xlC__)
+# define __VSX__ 1
+#endif
+
+#include 
+int main(int argc, char* argv[])
+{
+#if defined(_ARCH_PWR7) && defined(__VSX__)
+    // PWR7
+    __vector unsigned int a = {1,2,3,4};
+    __vector unsigned int b = vec_ld(0, (unsigned int*)argv[0]);
+    __vector unsigned int c = vec_xor(a, b);
+
+    // VSX
+    __vector unsigned int x = {5,6,7,8};
+    __vector unsigned int y = vec_xl(0, (unsigned int*)argv[0]);
+    __vector unsigned int z = vec_xor(x, y);
+    __vector unsigned long long xx = {1,2};
+    __vector unsigned long long yy = (__vector unsigned long long)y;
+#else
+    int x[-1];
+#endif
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_ppc_power7.cxx libcrypto++-8.6.0/TestPrograms/test_ppc_power7.cxx
--- libcrypto++-8.4.0/TestPrograms/test_ppc_power7.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_ppc_power7.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,44 +0,0 @@
-#if defined(__GNUC__)
-# define GNUC_VERSION (__GNUC__*1000 + __GNUC_MINOR__*10)
-#endif
-
-#if defined(__clang__) && defined(__apple_build_version__)
-# undef GNUC_VERSION
-# define APPLE_VERSION (__clang_major__*1000 + __clang_minor__*10)
-#elif defined(__clang__)
-# undef GNUC_VERSION
-# define LLVM_VERSION (__clang_major__*1000 + __clang_minor__*10)
-#endif
-
-#if (GNUC_VERSION >= 4060) || (LLVM_VERSION >= 1070) || (APPLE_VERSION >= 2000)
-# pragma GCC diagnostic ignored "-Wdeprecated"
-#endif
-
-// XL C++ on AIX does not define VSX and does not
-// provide an option to set it. We have to set it
-// for the code below. This define must stay in
-// sync with the define in test_ppc_power7.cxx.
-#if defined(_AIX) && defined(_ARCH_PWR7) && defined(__xlC__)
-# define __VSX__ 1
-#endif
-
-#include 
-int main(int argc, char* argv[])
-{
-#if defined(_ARCH_PWR7) && defined(__VSX__)
-    // PWR7
-    __vector unsigned int a = {1,2,3,4};
-    __vector unsigned int b = vec_ld(0, (unsigned int*)argv[0]);
-    __vector unsigned int c = vec_xor(a, b);
-
-    // VSX
-    __vector unsigned int x = {5,6,7,8};
-    __vector unsigned int y = vec_xl(0, (unsigned int*)argv[0]);
-    __vector unsigned int z = vec_xor(x, y);
-    __vector unsigned long long xx = {1,2};
-    __vector unsigned long long yy = (__vector unsigned long long)y;
-#else
-    int x[-1];
-#endif
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_ppc_power8.cpp libcrypto++-8.6.0/TestPrograms/test_ppc_power8.cpp
--- libcrypto++-8.4.0/TestPrograms/test_ppc_power8.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_ppc_power8.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,46 @@
+#if defined(__GNUC__)
+# define GNUC_VERSION (__GNUC__*1000 + __GNUC_MINOR__*10)
+#endif
+
+#if defined(__clang__) && defined(__apple_build_version__)
+# undef GNUC_VERSION
+# define APPLE_VERSION (__clang_major__*1000 + __clang_minor__*10)
+#elif defined(__clang__)
+# undef GNUC_VERSION
+# define LLVM_VERSION (__clang_major__*1000 + __clang_minor__*10)
+#endif
+
+#if (GNUC_VERSION >= 4060) || (LLVM_VERSION >= 1070) || (APPLE_VERSION >= 2000)
+# pragma GCC diagnostic ignored "-Wdeprecated"
+#endif
+
+// XL C++ on AIX does not define CRYPTO and does not
+// provide an option to set it. We have to set it
+// for the code below. This define must stay in
+// sync with the define in test_ppc_power8.cpp
+#if defined(_AIX) && defined(_ARCH_PWR8) && defined(__xlC__)
+# define __CRYPTO__ 1
+#endif
+
+#include 
+int main(int argc, char* argv[])
+{
+#if defined(_ARCH_PWR8)
+    __vector unsigned long long r = {1, 2};
+    __vector unsigned int s = vec_xl(0, (unsigned int*)argv[0]);  // Power7
+    __vector unsigned long long w = (__vector unsigned long long)r;
+    __vector unsigned long long x = (__vector unsigned long long)s;
+    __vector unsigned long long y = vec_xor(w, x);
+    __vector unsigned long long z = vec_add(y, vec_add(w, x));
+#  if defined(__ibmxl__) || (defined(_AIX) && defined(__xlC__))
+    __vector unsigned long long u = __vpmsumd (y, z);
+#  elif defined(__clang__)
+    __vector unsigned long long u = __builtin_altivec_crypto_vpmsumd (y, z);
+#  else
+    __vector unsigned long long u = __builtin_crypto_vpmsumd (y, z);
+#  endif
+#else
+    int x[-1];
+#endif
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_ppc_power8.cxx libcrypto++-8.6.0/TestPrograms/test_ppc_power8.cxx
--- libcrypto++-8.4.0/TestPrograms/test_ppc_power8.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_ppc_power8.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,46 +0,0 @@
-#if defined(__GNUC__)
-# define GNUC_VERSION (__GNUC__*1000 + __GNUC_MINOR__*10)
-#endif
-
-#if defined(__clang__) && defined(__apple_build_version__)
-# undef GNUC_VERSION
-# define APPLE_VERSION (__clang_major__*1000 + __clang_minor__*10)
-#elif defined(__clang__)
-# undef GNUC_VERSION
-# define LLVM_VERSION (__clang_major__*1000 + __clang_minor__*10)
-#endif
-
-#if (GNUC_VERSION >= 4060) || (LLVM_VERSION >= 1070) || (APPLE_VERSION >= 2000)
-# pragma GCC diagnostic ignored "-Wdeprecated"
-#endif
-
-// XL C++ on AIX does not define CRYPTO and does not
-// provide an option to set it. We have to set it
-// for the code below. This define must stay in
-// sync with the define in test_ppc_power8.cxx
-#if defined(_AIX) && defined(_ARCH_PWR8) && defined(__xlC__)
-# define __CRYPTO__ 1
-#endif
-
-#include 
-int main(int argc, char* argv[])
-{
-#if defined(_ARCH_PWR8)
-    __vector unsigned long long r = {1, 2};
-    __vector unsigned int s = vec_xl(0, (unsigned int*)argv[0]);  // Power7
-    __vector unsigned long long w = (__vector unsigned long long)r;
-    __vector unsigned long long x = (__vector unsigned long long)s;
-    __vector unsigned long long y = vec_xor(w, x);
-    __vector unsigned long long z = vec_add(y, vec_add(w, x));
-#  if defined(__ibmxl__) || (defined(_AIX) && defined(__xlC__))
-    __vector unsigned long long u = __vpmsumd (y, z);
-#  elif defined(__clang__)
-    __vector unsigned long long u = __builtin_altivec_crypto_vpmsumd (y, z);
-#  else
-    __vector unsigned long long u = __builtin_crypto_vpmsumd (y, z);
-#  endif
-#else
-    int x[-1];
-#endif
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_ppc_power9.cpp libcrypto++-8.6.0/TestPrograms/test_ppc_power9.cpp
--- libcrypto++-8.4.0/TestPrograms/test_ppc_power9.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_ppc_power9.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,33 @@
+#if defined(__GNUC__)
+# define GNUC_VERSION (__GNUC__*1000 + __GNUC_MINOR__*10)
+#endif
+
+#if defined(__clang__) && defined(__apple_build_version__)
+# undef GNUC_VERSION
+# define APPLE_VERSION (__clang_major__*1000 + __clang_minor__*10)
+#elif defined(__clang__)
+# undef GNUC_VERSION
+# define LLVM_VERSION (__clang_major__*1000 + __clang_minor__*10)
+#endif
+
+#if (GNUC_VERSION >= 4060) || (LLVM_VERSION >= 1070) || (APPLE_VERSION >= 2000)
+# pragma GCC diagnostic ignored "-Wdeprecated"
+#endif
+
+#include 
+int main(int argc, char* argv[])
+{
+#if defined(_ARCH_PWR9)
+    __vector unsigned int v = vec_xl_be(0, (unsigned int*)argv[0]);
+#else
+    int XXX[-1];
+#endif
+
+#if defined(__GNUC__) || defined(__IBM_GCC_ASM)
+    unsigned int y = __builtin_darn_32();
+#else
+    int XXX[-1];
+#endif
+
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_ppc_power9.cxx libcrypto++-8.6.0/TestPrograms/test_ppc_power9.cxx
--- libcrypto++-8.4.0/TestPrograms/test_ppc_power9.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_ppc_power9.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,33 +0,0 @@
-#if defined(__GNUC__)
-# define GNUC_VERSION (__GNUC__*1000 + __GNUC_MINOR__*10)
-#endif
-
-#if defined(__clang__) && defined(__apple_build_version__)
-# undef GNUC_VERSION
-# define APPLE_VERSION (__clang_major__*1000 + __clang_minor__*10)
-#elif defined(__clang__)
-# undef GNUC_VERSION
-# define LLVM_VERSION (__clang_major__*1000 + __clang_minor__*10)
-#endif
-
-#if (GNUC_VERSION >= 4060) || (LLVM_VERSION >= 1070) || (APPLE_VERSION >= 2000)
-# pragma GCC diagnostic ignored "-Wdeprecated"
-#endif
-
-#include 
-int main(int argc, char* argv[])
-{
-#if defined(_ARCH_PWR9)
-    __vector unsigned int v = vec_xl_be(0, (unsigned int*)argv[0]);
-#else
-    int XXX[-1];
-#endif
-
-#if defined(__GNUC__) || defined(__IBM_GCC_ASM)
-    unsigned int y = __builtin_darn_32();
-#else
-    int XXX[-1];
-#endif
-
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_ppc_sha.cpp libcrypto++-8.6.0/TestPrograms/test_ppc_sha.cpp
--- libcrypto++-8.4.0/TestPrograms/test_ppc_sha.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_ppc_sha.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,23 @@
+#include 
+int main(int argc, char* argv[])
+{
+#if defined(__ibmxl__) || (defined(_AIX) && defined(__xlC__))
+    __vector unsigned int x = {1,2,3,4};
+    x=__vshasigmaw(x, 0, 0);
+    __vector unsigned long long y = {1,2};
+    y=__vshasigmad(y, 0, 0);
+#elif defined(__clang__)
+    __vector unsigned int x = {1,2,3,4};
+    x=__builtin_altivec_crypto_vshasigmaw(x, 0, 0);
+    __vector unsigned long long y = {1,2};
+    y=__builtin_altivec_crypto_vshasigmad(y, 0, 0);
+#elif defined(__GNUC__)
+    __vector unsigned int x = {1,2,3,4};
+    x=__builtin_crypto_vshasigmaw(x, 0, 0);
+    __vector unsigned long long y = {1,2};
+    y=__builtin_crypto_vshasigmad(y, 0, 0);
+#else
+    int XXX[-1];
+#endif
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_ppc_sha.cxx libcrypto++-8.6.0/TestPrograms/test_ppc_sha.cxx
--- libcrypto++-8.4.0/TestPrograms/test_ppc_sha.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_ppc_sha.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,23 +0,0 @@
-#include 
-int main(int argc, char* argv[])
-{
-#if defined(__ibmxl__) || (defined(_AIX) && defined(__xlC__))
-    __vector unsigned int x = {1,2,3,4};
-    x=__vshasigmaw(x, 0, 0);
-    __vector unsigned long long y = {1,2};
-    y=__vshasigmad(y, 0, 0);
-#elif defined(__clang__)
-    __vector unsigned int x = {1,2,3,4};
-    x=__builtin_altivec_crypto_vshasigmaw(x, 0, 0);
-    __vector unsigned long long y = {1,2};
-    y=__builtin_altivec_crypto_vshasigmad(y, 0, 0);
-#elif defined(__GNUC__)
-    __vector unsigned int x = {1,2,3,4};
-    x=__builtin_crypto_vshasigmaw(x, 0, 0);
-    __vector unsigned long long y = {1,2};
-    y=__builtin_crypto_vshasigmad(y, 0, 0);
-#else
-    int XXX[-1];
-#endif
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_ppc_vmull.cpp libcrypto++-8.6.0/TestPrograms/test_ppc_vmull.cpp
--- libcrypto++-8.4.0/TestPrograms/test_ppc_vmull.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_ppc_vmull.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,17 @@
+#include 
+int main(int argc, char* argv[])
+{
+    __vector unsigned long long x = {1,2};
+    __vector unsigned long long y = {3,4};
+
+#if defined(__ibmxl__) || (defined(_AIX) && defined(__xlC__))
+    __vector unsigned long long z=__vpmsumd(x,y);
+#elif defined(__clang__)
+    __vector unsigned long long z=__builtin_altivec_crypto_vpmsumd(x,y);
+#elif defined(__GNUC__)
+    __vector unsigned long long z=__builtin_crypto_vpmsumd(x,y);
+#else
+    int XXX[-1];
+#endif
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_ppc_vmull.cxx libcrypto++-8.6.0/TestPrograms/test_ppc_vmull.cxx
--- libcrypto++-8.4.0/TestPrograms/test_ppc_vmull.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_ppc_vmull.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,17 +0,0 @@
-#include 
-int main(int argc, char* argv[])
-{
-    __vector unsigned long long x = {1,2};
-    __vector unsigned long long y = {3,4};
-
-#if defined(__ibmxl__) || (defined(_AIX) && defined(__xlC__))
-    __vector unsigned long long z=__vpmsumd(x,y);
-#elif defined(__clang__)
-    __vector unsigned long long z=__builtin_altivec_crypto_vpmsumd(x,y);
-#elif defined(__GNUC__)
-    __vector unsigned long long z=__builtin_crypto_vpmsumd(x,y);
-#else
-    int XXX[-1];
-#endif
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_pthreads.cpp libcrypto++-8.6.0/TestPrograms/test_pthreads.cpp
--- libcrypto++-8.4.0/TestPrograms/test_pthreads.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_pthreads.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,15 @@
+#include 
+#include 
+
+void* function(void *ptr)
+{
+    return 0;
+}
+
+int main(int argc, char* argv[])
+{
+    pthread_t thread;
+    int ret = pthread_create(&thread, NULL, function, (void*)0);
+    pthread_join(thread, NULL);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_pthreads.cxx libcrypto++-8.6.0/TestPrograms/test_pthreads.cxx
--- libcrypto++-8.4.0/TestPrograms/test_pthreads.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_pthreads.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,15 +0,0 @@
-#include 
-#include 
-
-void* function(void *ptr)
-{
-    return 0;
-}
-
-int main(int argc, char* argv[])
-{
-    pthread_t thread;
-    int ret = pthread_create(&thread, NULL, function, (void*)0);
-    pthread_join(thread, NULL);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_aes.cpp libcrypto++-8.6.0/TestPrograms/test_x86_aes.cpp
--- libcrypto++-8.4.0/TestPrograms/test_x86_aes.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_aes.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,11 @@
+#include 
+#include 
+int main(int argc, char* argv[])
+{
+    __m128i x = _mm_setzero_si128();
+    x=_mm_aesenc_si128(x,x);
+    x=_mm_aesenclast_si128(x,x);
+    x=_mm_aesdec_si128(x,x);
+    x=_mm_aesdeclast_si128(x,x);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_aes.cxx libcrypto++-8.6.0/TestPrograms/test_x86_aes.cxx
--- libcrypto++-8.4.0/TestPrograms/test_x86_aes.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_aes.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,11 +0,0 @@
-#include 
-#include 
-int main(int argc, char* argv[])
-{
-    __m128i x = _mm_setzero_si128();
-    x=_mm_aesenc_si128(x,x);
-    x=_mm_aesenclast_si128(x,x);
-    x=_mm_aesdec_si128(x,x);
-    x=_mm_aesdeclast_si128(x,x);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_avx2.cpp libcrypto++-8.6.0/TestPrograms/test_x86_avx2.cpp
--- libcrypto++-8.4.0/TestPrograms/test_x86_avx2.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_avx2.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,9 @@
+#include 
+int main(int argc, char* argv[])
+{
+    // _mm256_broadcastsi128_si256 due to Clang
+    __m128i x = _mm_setzero_si128 ();
+    __m256i y = _mm256_broadcastsi128_si256 (x);
+    y = _mm256_add_epi64 (y,y);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_avx2.cxx libcrypto++-8.6.0/TestPrograms/test_x86_avx2.cxx
--- libcrypto++-8.4.0/TestPrograms/test_x86_avx2.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_avx2.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,9 +0,0 @@
-#include 
-int main(int argc, char* argv[])
-{
-    // _mm256_broadcastsi128_si256 due to Clang
-    __m128i x = _mm_setzero_si128 ();
-    __m256i y = _mm256_broadcastsi128_si256 (x);
-    y = _mm256_add_epi64 (y,y);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_avx512.cpp libcrypto++-8.6.0/TestPrograms/test_x86_avx512.cpp
--- libcrypto++-8.4.0/TestPrograms/test_x86_avx512.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_avx512.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,8 @@
+#include 
+#include 
+int main(int argc, char* argv[])
+{
+    uint64_t x[8] = {0};
+    __m512i y = _mm512_loadu_si512((__m512i*)x);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_avx512.cxx libcrypto++-8.6.0/TestPrograms/test_x86_avx512.cxx
--- libcrypto++-8.4.0/TestPrograms/test_x86_avx512.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_avx512.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,8 +0,0 @@
-#include 
-#include 
-int main(int argc, char* argv[])
-{
-    uint64_t x[8] = {0};
-    __m512i y = _mm512_loadu_si512((__m512i*)x);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_avx.cpp libcrypto++-8.6.0/TestPrograms/test_x86_avx.cpp
--- libcrypto++-8.4.0/TestPrograms/test_x86_avx.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_avx.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,7 @@
+#include 
+int main(int argc, char* argv[])
+{
+    __m256d x = _mm256_setzero_pd();
+    x=_mm256_addsub_pd(x,x);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_avx.cxx libcrypto++-8.6.0/TestPrograms/test_x86_avx.cxx
--- libcrypto++-8.4.0/TestPrograms/test_x86_avx.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_avx.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,7 +0,0 @@
-#include 
-int main(int argc, char* argv[])
-{
-    __m256d x = _mm256_setzero_pd();
-    x=_mm256_addsub_pd(x,x);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_clmul.cpp libcrypto++-8.6.0/TestPrograms/test_x86_clmul.cpp
--- libcrypto++-8.4.0/TestPrograms/test_x86_clmul.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_clmul.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,8 @@
+#include 
+#include 
+int main(int argc, char* argv[])
+{
+    __m128i x = _mm_setzero_si128();
+    x=_mm_clmulepi64_si128(x,x,0x11);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_clmul.cxx libcrypto++-8.6.0/TestPrograms/test_x86_clmul.cxx
--- libcrypto++-8.4.0/TestPrograms/test_x86_clmul.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_clmul.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,8 +0,0 @@
-#include 
-#include 
-int main(int argc, char* argv[])
-{
-    __m128i x = _mm_setzero_si128();
-    x=_mm_clmulepi64_si128(x,x,0x11);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_cpuid.cpp libcrypto++-8.6.0/TestPrograms/test_x86_cpuid.cpp
--- libcrypto++-8.4.0/TestPrograms/test_x86_cpuid.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_cpuid.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,7 @@
+int main(int argc, char* argv[])
+{
+    unsigned int a, b, c, d;
+    asm volatile ( "cpuid" : "+a"(a), "=b"(b), "+c"(c), "=d"(d) );
+
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_cpuid.cxx libcrypto++-8.6.0/TestPrograms/test_x86_cpuid.cxx
--- libcrypto++-8.4.0/TestPrograms/test_x86_cpuid.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_cpuid.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,7 +0,0 @@
-int main(int argc, char* argv[])
-{
-    unsigned int a, b, c, d;
-    asm volatile ( "cpuid" : "+a"(a), "=b"(b), "+c"(c), "=d"(d) );
-
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_rdrand.cpp libcrypto++-8.6.0/TestPrograms/test_x86_rdrand.cpp
--- libcrypto++-8.4.0/TestPrograms/test_x86_rdrand.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_rdrand.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,10 @@
+#include 
+#if (__GNUC__ >= 5) || ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 6))
+# include 
+#endif
+int main(int argc, char* argv[])
+{
+    unsigned int x=0;
+    (void)_rdrand32_step (&x);
+    return x == 0 ? 0 : 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_rdrand.cxx libcrypto++-8.6.0/TestPrograms/test_x86_rdrand.cxx
--- libcrypto++-8.4.0/TestPrograms/test_x86_rdrand.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_rdrand.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,10 +0,0 @@
-#include 
-#if (__GNUC__ >= 5) || ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 6))
-# include 
-#endif
-int main(int argc, char* argv[])
-{
-    unsigned int x=0;
-    (void)_rdrand32_step (&x);
-    return x == 0 ? 0 : 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_rdseed.cpp libcrypto++-8.6.0/TestPrograms/test_x86_rdseed.cpp
--- libcrypto++-8.4.0/TestPrograms/test_x86_rdseed.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_rdseed.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,10 @@
+#include 
+#if (__GNUC__ >= 5) || ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 6))
+# include 
+#endif
+int main(int argc, char* argv[])
+{
+    unsigned int x=0;
+    (void)_rdseed32_step (&x);
+    return x == 0 ? 0 : 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_rdseed.cxx libcrypto++-8.6.0/TestPrograms/test_x86_rdseed.cxx
--- libcrypto++-8.4.0/TestPrograms/test_x86_rdseed.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_rdseed.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,10 +0,0 @@
-#include 
-#if (__GNUC__ >= 5) || ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 6))
-# include 
-#endif
-int main(int argc, char* argv[])
-{
-    unsigned int x=0;
-    (void)_rdseed32_step (&x);
-    return x == 0 ? 0 : 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_sha.cpp libcrypto++-8.6.0/TestPrograms/test_x86_sha.cpp
--- libcrypto++-8.4.0/TestPrograms/test_x86_sha.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_sha.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,14 @@
+#include 
+#include 
+int main(int argc, char* argv[])
+{
+    __m128i x = _mm_setzero_si128();
+    x=_mm_sha1msg1_epu32(x,x);
+    x=_mm_sha1msg2_epu32(x,x);
+    x=_mm_sha1nexte_epu32(x,x);
+    x=_mm_sha1rnds4_epu32(x,x,0);
+    x=_mm_sha256msg1_epu32(x,x);
+    x=_mm_sha256msg2_epu32(x,x);
+    x=_mm_sha256rnds2_epu32(x,x,x);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_sha.cxx libcrypto++-8.6.0/TestPrograms/test_x86_sha.cxx
--- libcrypto++-8.4.0/TestPrograms/test_x86_sha.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_sha.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,14 +0,0 @@
-#include 
-#include 
-int main(int argc, char* argv[])
-{
-    __m128i x = _mm_setzero_si128();
-    x=_mm_sha1msg1_epu32(x,x);
-    x=_mm_sha1msg2_epu32(x,x);
-    x=_mm_sha1nexte_epu32(x,x);
-    x=_mm_sha1rnds4_epu32(x,x,0);
-    x=_mm_sha256msg1_epu32(x,x);
-    x=_mm_sha256msg2_epu32(x,x);
-    x=_mm_sha256rnds2_epu32(x,x,x);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_sse2.cpp libcrypto++-8.6.0/TestPrograms/test_x86_sse2.cpp
--- libcrypto++-8.4.0/TestPrograms/test_x86_sse2.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_sse2.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,7 @@
+#include 
+int main(int argc, char* argv[])
+{
+    __m128i x = _mm_setzero_si128();
+    x=_mm_add_epi64(x,x);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_sse2.cxx libcrypto++-8.6.0/TestPrograms/test_x86_sse2.cxx
--- libcrypto++-8.4.0/TestPrograms/test_x86_sse2.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_sse2.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,7 +0,0 @@
-#include 
-int main(int argc, char* argv[])
-{
-    __m128i x = _mm_setzero_si128();
-    x=_mm_add_epi64(x,x);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_sse3.cpp libcrypto++-8.6.0/TestPrograms/test_x86_sse3.cpp
--- libcrypto++-8.4.0/TestPrograms/test_x86_sse3.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_sse3.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,8 @@
+#include 
+#include 
+int main(int argc, char* argv[])
+{
+    __m128d x = _mm_setzero_pd();
+    x=_mm_addsub_pd(x,x);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_sse3.cxx libcrypto++-8.6.0/TestPrograms/test_x86_sse3.cxx
--- libcrypto++-8.4.0/TestPrograms/test_x86_sse3.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_sse3.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,8 +0,0 @@
-#include 
-#include 
-int main(int argc, char* argv[])
-{
-    __m128d x = _mm_setzero_pd();
-    x=_mm_addsub_pd(x,x);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_sse41.cpp libcrypto++-8.6.0/TestPrograms/test_x86_sse41.cpp
--- libcrypto++-8.4.0/TestPrograms/test_x86_sse41.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_sse41.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,10 @@
+#include 
+#include 
+int main(int argc, char* argv[])
+{
+    __m128i x = _mm_setzero_si128();
+    __m128i a = _mm_setzero_si128();
+    __m128i b = _mm_setzero_si128();
+    x=_mm_blend_epi16(a,b,4);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_sse41.cxx libcrypto++-8.6.0/TestPrograms/test_x86_sse41.cxx
--- libcrypto++-8.4.0/TestPrograms/test_x86_sse41.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_sse41.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,10 +0,0 @@
-#include 
-#include 
-int main(int argc, char* argv[])
-{
-    __m128i x = _mm_setzero_si128();
-    __m128i a = _mm_setzero_si128();
-    __m128i b = _mm_setzero_si128();
-    x=_mm_blend_epi16(a,b,4);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_sse42.cpp libcrypto++-8.6.0/TestPrograms/test_x86_sse42.cpp
--- libcrypto++-8.4.0/TestPrograms/test_x86_sse42.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_sse42.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,7 @@
+#include 
+int main(int argc, char* argv[])
+{
+    unsigned int x=32;
+    x=_mm_crc32_u8(x,4);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_sse42.cxx libcrypto++-8.6.0/TestPrograms/test_x86_sse42.cxx
--- libcrypto++-8.4.0/TestPrograms/test_x86_sse42.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_sse42.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,7 +0,0 @@
-#include 
-int main(int argc, char* argv[])
-{
-    unsigned int x=32;
-    x=_mm_crc32_u8(x,4);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_ssse3.cpp libcrypto++-8.6.0/TestPrograms/test_x86_ssse3.cpp
--- libcrypto++-8.4.0/TestPrograms/test_x86_ssse3.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_ssse3.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,8 @@
+#include 
+#include 
+int main(int argc, char* argv[])
+{
+    __m128i x = _mm_setzero_si128();
+    x=_mm_alignr_epi8(x,x,2);
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_ssse3.cxx libcrypto++-8.6.0/TestPrograms/test_x86_ssse3.cxx
--- libcrypto++-8.4.0/TestPrograms/test_x86_ssse3.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_ssse3.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,8 +0,0 @@
-#include 
-#include 
-int main(int argc, char* argv[])
-{
-    __m128i x = _mm_setzero_si128();
-    x=_mm_alignr_epi8(x,x,2);
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_via_aes.cpp libcrypto++-8.6.0/TestPrograms/test_x86_via_aes.cpp
--- libcrypto++-8.4.0/TestPrograms/test_x86_via_aes.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_via_aes.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,39 @@
+// TODO: cut-in xcrypt-ecb
+#include 
+int main(int argc, char* argv[])
+{
+    unsigned int msr=0;
+    unsigned int divisor=2;
+    unsigned int buffer;
+
+    __asm__ __volatile__
+    (
+#if defined(__x86_64__) || defined(__amd64__)
+        "mov  %1, %%rdi          ;\n"
+        "movl %2, %%edx          ;\n"
+#else
+        "mov  %1, %%edi          ;\n"
+        "movl %2, %%edx          ;\n"
+#endif
+
+        // xstore-rng
+        ".byte 0x0f, 0xa7, 0xc0  ;\n"
+
+#if defined(__x86_64__) || defined(__amd64__)
+        "andq %%rax, 0x1f        ;\n"
+        "movl %%eax, %0          ;\n"
+#else
+        "andl  %%eax, 0x1f       ;\n"
+        "movl  %%eax, %0         ;\n"
+#endif
+
+        : "=g" (msr) : "g" (buffer), "g" (divisor)
+#if defined(__x86_64__) || defined(__amd64__)
+        : "rax", "rdx", "rdi", "cc"
+#else
+        : "eax", "edx", "edi", "cc"
+#endif
+    );
+
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_via_aes.cxx libcrypto++-8.6.0/TestPrograms/test_x86_via_aes.cxx
--- libcrypto++-8.4.0/TestPrograms/test_x86_via_aes.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_via_aes.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,39 +0,0 @@
-// TODO: cut-in xcrypt-ecb
-#include 
-int main(int argc, char* argv[])
-{
-    unsigned int msr=0;
-    unsigned int divisor=2;
-    unsigned int buffer;
-
-    __asm__ __volatile__
-    (
-#if defined(__x86_64__) || defined(__amd64__)
-        "mov  %1, %%rdi          ;\n"
-        "movl %2, %%edx          ;\n"
-#else
-        "mov  %1, %%edi          ;\n"
-        "movl %2, %%edx          ;\n"
-#endif
-
-        // xstore-rng
-        ".byte 0x0f, 0xa7, 0xc0  ;\n"
-
-#if defined(__x86_64__) || defined(__amd64__)
-        "andq %%rax, 0x1f        ;\n"
-        "movl %%eax, %0          ;\n"
-#else
-        "andl  %%eax, 0x1f       ;\n"
-        "movl  %%eax, %0         ;\n"
-#endif
-
-        : "=g" (msr) : "g" (buffer), "g" (divisor)
-#if defined(__x86_64__) || defined(__amd64__)
-        : "rax", "rdx", "rdi", "cc"
-#else
-        : "eax", "edx", "edi", "cc"
-#endif
-    );
-
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_via_rng.cpp libcrypto++-8.6.0/TestPrograms/test_x86_via_rng.cpp
--- libcrypto++-8.4.0/TestPrograms/test_x86_via_rng.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_via_rng.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,38 @@
+#include 
+int main(int argc, char* argv[])
+{
+    unsigned int msr=0;
+    unsigned int divisor=2;
+    unsigned int buffer;
+
+    __asm__ __volatile__
+    (
+#if defined(__x86_64__) || defined(__amd64__)
+        "mov  %1, %%rdi          ;\n"
+        "movl %2, %%edx          ;\n"
+#else
+        "mov  %1, %%edi          ;\n"
+        "movl %2, %%edx          ;\n"
+#endif
+
+        // xstore-rng
+        ".byte 0x0f, 0xa7, 0xc0  ;\n"
+
+#if defined(__x86_64__) || defined(__amd64__)
+        "andq %%rax, 0x1f        ;\n"
+        "movl %%eax, %0          ;\n"
+#else
+        "andl  %%eax, 0x1f       ;\n"
+        "movl  %%eax, %0         ;\n"
+#endif
+
+        : "=g" (msr) : "g" (buffer), "g" (divisor)
+#if defined(__x86_64__) || defined(__amd64__)
+        : "rax", "rdx", "rdi", "cc"
+#else
+        : "eax", "edx", "edi", "cc"
+#endif
+    );
+
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_via_rng.cxx libcrypto++-8.6.0/TestPrograms/test_x86_via_rng.cxx
--- libcrypto++-8.4.0/TestPrograms/test_x86_via_rng.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_via_rng.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,38 +0,0 @@
-#include 
-int main(int argc, char* argv[])
-{
-    unsigned int msr=0;
-    unsigned int divisor=2;
-    unsigned int buffer;
-
-    __asm__ __volatile__
-    (
-#if defined(__x86_64__) || defined(__amd64__)
-        "mov  %1, %%rdi          ;\n"
-        "movl %2, %%edx          ;\n"
-#else
-        "mov  %1, %%edi          ;\n"
-        "movl %2, %%edx          ;\n"
-#endif
-
-        // xstore-rng
-        ".byte 0x0f, 0xa7, 0xc0  ;\n"
-
-#if defined(__x86_64__) || defined(__amd64__)
-        "andq %%rax, 0x1f        ;\n"
-        "movl %%eax, %0          ;\n"
-#else
-        "andl  %%eax, 0x1f       ;\n"
-        "movl  %%eax, %0         ;\n"
-#endif
-
-        : "=g" (msr) : "g" (buffer), "g" (divisor)
-#if defined(__x86_64__) || defined(__amd64__)
-        : "rax", "rdx", "rdi", "cc"
-#else
-        : "eax", "edx", "edi", "cc"
-#endif
-    );
-
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_via_sha.cpp libcrypto++-8.6.0/TestPrograms/test_x86_via_sha.cpp
--- libcrypto++-8.4.0/TestPrograms/test_x86_via_sha.cpp	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_via_sha.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,39 @@
+// TODO: cut-in xsha1
+#include 
+int main(int argc, char* argv[])
+{
+    unsigned int msr=0;
+    unsigned int divisor=2;
+    unsigned int buffer;
+
+    __asm__ __volatile__
+    (
+#if defined(__x86_64__) || defined(__amd64__)
+        "mov  %1, %%rdi          ;\n"
+        "movl %2, %%edx          ;\n"
+#else
+        "mov  %1, %%edi          ;\n"
+        "movl %2, %%edx          ;\n"
+#endif
+
+        // xstore-rng
+        ".byte 0x0f, 0xa7, 0xc0  ;\n"
+
+#if defined(__x86_64__) || defined(__amd64__)
+        "andq %%rax, 0x1f        ;\n"
+        "movl %%eax, %0          ;\n"
+#else
+        "andl  %%eax, 0x1f       ;\n"
+        "movl  %%eax, %0         ;\n"
+#endif
+
+        : "=g" (msr) : "g" (buffer), "g" (divisor)
+#if defined(__x86_64__) || defined(__amd64__)
+        : "rax", "rdx", "rdi", "cc"
+#else
+        : "eax", "edx", "edi", "cc"
+#endif
+    );
+
+    return 0;
+}
diff -Nru libcrypto++-8.4.0/TestPrograms/test_x86_via_sha.cxx libcrypto++-8.6.0/TestPrograms/test_x86_via_sha.cxx
--- libcrypto++-8.4.0/TestPrograms/test_x86_via_sha.cxx	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestPrograms/test_x86_via_sha.cxx	1970-01-01 00:00:00.000000000 +0000
@@ -1,39 +0,0 @@
-// TODO: cut-in xsha1
-#include 
-int main(int argc, char* argv[])
-{
-    unsigned int msr=0;
-    unsigned int divisor=2;
-    unsigned int buffer;
-
-    __asm__ __volatile__
-    (
-#if defined(__x86_64__) || defined(__amd64__)
-        "mov  %1, %%rdi          ;\n"
-        "movl %2, %%edx          ;\n"
-#else
-        "mov  %1, %%edi          ;\n"
-        "movl %2, %%edx          ;\n"
-#endif
-
-        // xstore-rng
-        ".byte 0x0f, 0xa7, 0xc0  ;\n"
-
-#if defined(__x86_64__) || defined(__amd64__)
-        "andq %%rax, 0x1f        ;\n"
-        "movl %%eax, %0          ;\n"
-#else
-        "andl  %%eax, 0x1f       ;\n"
-        "movl  %%eax, %0         ;\n"
-#endif
-
-        : "=g" (msr) : "g" (buffer), "g" (divisor)
-#if defined(__x86_64__) || defined(__amd64__)
-        : "rax", "rdx", "rdi", "cc"
-#else
-        : "eax", "edx", "edi", "cc"
-#endif
-    );
-
-    return 0;
-}
diff -Nru libcrypto++-8.4.0/TestScripts/change-version.sh libcrypto++-8.6.0/TestScripts/change-version.sh
--- libcrypto++-8.4.0/TestScripts/change-version.sh	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestScripts/change-version.sh	2021-09-24 11:48:47.000000000 +0000
@@ -1,17 +1,29 @@
 #!/usr/bin/env bash
 
-# Use this script to switch back to the previous Crypto++ version before
+#############################################################################
+#
+# This script switches back to the previous Crypto++ version before
 # building the docs. Before running the script, copy it to the root
 # directory. After running this script, you can 'make docs'
+#
+# Written and placed in public domain by Jeffrey Walton.
+#
+# Crypto++ Library is copyrighted as a compilation and (as of version 5.6.2)
+# licensed under the Boost Software License 1.0, while the individual files
+# in the compilation are all public domain.
+#
+# See https://www.cryptopp.com/wiki/Release_Versioning for more details
+#
+#############################################################################
 
-sed 's|Library 8.4 API|Library 8.3 API|g' cryptlib.h > cryptlib.h.new
+sed 's/Library 8.6 API/Library 8.5 API/g' cryptlib.h > cryptlib.h.new
 mv cryptlib.h.new cryptlib.h
 
-sed 's|= 8.4|= 8.3|g' Doxyfile > Doxyfile.new
+sed 's/= 8.6/= 8.5/g' Doxyfile > Doxyfile.new
 mv Doxyfile.new Doxyfile
 
-sed 's|CRYPTOPP_MINOR 4|CRYPTOPP_MINOR 3|g' config_ver.h > config_ver.h.new
+sed 's/CRYPTOPP_MINOR 6/CRYPTOPP_MINOR 5/g' config_ver.h > config_ver.h.new
 mv config_ver.h.new config_ver.h
 
-sed 's|CRYPTOPP_VERSION 840|CRYPTOPP_VERSION 830|g' config_ver.h > config_ver.h.new
+sed 's/CRYPTOPP_VERSION 860/CRYPTOPP_VERSION 850/g' config_ver.h > config_ver.h.new
 mv config_ver.h.new config_ver.h
diff -Nru libcrypto++-8.4.0/TestScripts/configure.sh libcrypto++-8.6.0/TestScripts/configure.sh
--- libcrypto++-8.4.0/TestScripts/configure.sh	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestScripts/configure.sh	2021-09-24 11:48:47.000000000 +0000
@@ -24,7 +24,7 @@
 #
 #   export CXXFLAGS="$IOS_CXXFLAGS --sysroot=$IOS_SYSROOT"
 # or
-#   export CXXFLAGS="$ANDROID_CXXFLAGS --sysroot=$ANDROID_SYSROOT"
+#   export CXXFLAGS="${ANDROID_CXXFLAGS} --sysroot=${ANDROID_SYSROOT}"
 #
 # Do not use this script for a multiarch environment unless the cpu features
 # are the same for each arch. For example, -arch i386 -arch x86_64 could
@@ -53,9 +53,10 @@
 fi
 
 TMPDIR="${TMPDIR:-$HOME/tmp}"
-TPROG="${TPROG:-TestPrograms/test_cxx.cxx}"
+TPROG="${TPROG:-TestPrograms/test_cxx.cpp}"
 TOUT="${TOUT:-a.out}"
 
+CC="${CC:-cc}"
 CXX="${CXX:-c++}"
 LD="${LD:-ld}"
 CXXFLAGS="${CXXFLAGS:--DNDEBUG -g2 -O3}"
@@ -216,12 +217,12 @@
   # Shell redirection
   {
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${SSE2_FLAG} TestPrograms/test_x86_sse2.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${SSE2_FLAG} TestPrograms/test_x86_sse2.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -ne 0 ]]; then
     echo '#define CRYPTOPP_DISABLE_ASM 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${SSE2_FLAG} TestPrograms/test_asm_sse2.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${SSE2_FLAG} TestPrograms/test_asm_sse2.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_X86_ASM_AVAILABLE 1'
     if [[ "${IS_X64}" -ne 0 ]]; then
@@ -230,13 +231,13 @@
     fi
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${SSE2_FLAG} TestPrograms/test_x86_sse2.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${SSE2_FLAG} TestPrograms/test_x86_sse2.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     have_sse2=1
     echo '#define CRYPTOPP_SSE2_INTRIN_AVAILABLE 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${SSE3_FLAG} TestPrograms/test_x86_sse3.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${SSE3_FLAG} TestPrograms/test_x86_sse3.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     have_sse3=1
     echo '#define CRYPTOPP_SSE3_AVAILABLE 1'
@@ -245,7 +246,7 @@
     echo '#define CRYPTOPP_DISABLE_SSE3 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${SSSE3_FLAG} TestPrograms/test_x86_ssse3.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${SSSE3_FLAG} TestPrograms/test_x86_ssse3.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 && "$have_sse3" -ne 0 ]]; then
     have_ssse3=1
     echo '#define CRYPTOPP_SSSE3_ASM_AVAILABLE 1'
@@ -255,7 +256,7 @@
     echo '#define CRYPTOPP_DISABLE_SSSE3 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${SSE41_FLAG} TestPrograms/test_x86_sse41.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${SSE41_FLAG} TestPrograms/test_x86_sse41.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 && "$have_ssse3" -ne 0 ]]; then
     have_sse41=1
     echo '#define CRYPTOPP_SSE41_AVAILABLE 1'
@@ -265,7 +266,7 @@
     echo '#define CRYPTOPP_DISABLE_SSE41 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${SSE42_FLAG} TestPrograms/test_x86_sse42.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${SSE42_FLAG} TestPrograms/test_x86_sse42.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 && "$have_sse41" -ne 0 ]]; then
     have_sse42=1
     echo '#define CRYPTOPP_SSE42_AVAILABLE 1'
@@ -278,42 +279,42 @@
   ########################################################
   # AES, CLMUL, RDRAND, RDSEED, SHA and AVX tied to SSE4.2
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${CLMUL_FLAG} TestPrograms/test_x86_clmul.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${CLMUL_FLAG} TestPrograms/test_x86_clmul.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 && "$have_sse42" -ne 0 ]]; then
     echo '#define CRYPTOPP_CLMUL_AVAILABLE 1'
   else
     echo '#define CRYPTOPP_DISABLE_CLMUL 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${AESNI_FLAG} TestPrograms/test_x86_aes.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${AESNI_FLAG} TestPrograms/test_x86_aes.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 && "$have_sse42" -ne 0 ]]; then
     echo '#define CRYPTOPP_AESNI_AVAILABLE 1'
   else
     echo '#define CRYPTOPP_DISABLE_AESNI 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${RDRAND_FLAG} TestPrograms/test_x86_rdrand.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${RDRAND_FLAG} TestPrograms/test_x86_rdrand.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 && "$have_sse42" -ne 0 ]]; then
     echo '#define CRYPTOPP_RDRAND_AVAILABLE 1'
   else
     echo '#define CRYPTOPP_DISABLE_RDRAND 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${RDSEED_FLAG} TestPrograms/test_x86_rdseed.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${RDSEED_FLAG} TestPrograms/test_x86_rdseed.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 && "$have_sse42" -ne 0 ]]; then
     echo '#define CRYPTOPP_RDSEED_AVAILABLE 1'
   else
     echo '#define CRYPTOPP_DISABLE_RDSEED 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${SHANI_FLAG} TestPrograms/test_x86_sha.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${SHANI_FLAG} TestPrograms/test_x86_sha.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 && "$have_sse42" -ne 0 ]]; then
     echo '#define CRYPTOPP_SHANI_AVAILABLE 1'
   else
     echo '#define CRYPTOPP_DISABLE_SHANI 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${AVX_FLAG} TestPrograms/test_x86_avx.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${AVX_FLAG} TestPrograms/test_x86_avx.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 && "$have_sse42" -ne 0 ]]; then
     have_avx=1
     echo '#define CRYPTOPP_AVX_AVAILABLE 1'
@@ -325,7 +326,7 @@
   #####################
   # AVX2 depends on AVX
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${AVX2_FLAG} TestPrograms/test_x86_avx2.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${AVX2_FLAG} TestPrograms/test_x86_avx2.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 && "$have_avx" -ne 0 ]]; then
     have_avx2=1
     echo '#define CRYPTOPP_AVX2_AVAILABLE 1'
@@ -335,7 +336,7 @@
   fi
 
   # No flags, requires inline ASM
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_x86_via_rng.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_x86_via_rng.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_PADLOCK_RNG_AVAILABLE 1'
   else
@@ -343,7 +344,7 @@
   fi
 
   # No flags, requires inline ASM
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_x86_via_aes.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_x86_via_aes.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_PADLOCK_AES_AVAILABLE 1'
   else
@@ -351,7 +352,7 @@
   fi
 
   # No flags, requires inline ASM
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_x86_via_sha.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_x86_via_sha.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_PADLOCK_SHA_AVAILABLE 1'
   else
@@ -359,7 +360,7 @@
   fi
 
   # Clang workaround
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_asm_mixed.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_asm_mixed.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -ne 0 ]]; then
     echo '#define CRYPTOPP_DISABLE_MIXED_ASM 1'
   fi
@@ -379,6 +380,13 @@
     echo '#endif'
   fi
 
+  echo ''
+  echo '// Clang intrinsic casts, http://bugs.llvm.org/show_bug.cgi?id=20670'
+  echo '#define M128_CAST(x) ((__m128i *)(void *)(x))'
+  echo '#define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x))'
+  echo '#define M256_CAST(x) ((__m256i *)(void *)(x))'
+  echo '#define CONST_M256_CAST(x) ((const __m256i *)(const void *)(x))'
+
   } >> config_asm.h.new
 
 fi
@@ -404,20 +412,20 @@
   # Shell redirection
   {
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${NEON_FLAG} TestPrograms/test_arm_neon_header.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${NEON_FLAG} TestPrograms/test_arm_neon_header.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_ARM_NEON_HEADER 1'
     HDRFLAGS="-DCRYPTOPP_ARM_NEON_HEADER=1"
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} ${ARMV7_FLAG} TestPrograms/test_cxx.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} ${ARMV7_FLAG} TestPrograms/test_cxx.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_ARM_ARMV7_AVAILABLE 1'
   else
     echo '#define CRYPTOPP_DISABLE_ARM_ARMV7 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} ${NEON_FLAG} TestPrograms/test_arm_neon.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} ${NEON_FLAG} TestPrograms/test_arm_neon.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_ARM_NEON_AVAILABLE 1'
   else
@@ -425,23 +433,23 @@
   fi
 
   # Cryptogams is special. Attempt to compile the actual source files
-  # TestPrograms/test_cxx.cxx is needed for main().
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} aes_armv4.S TestPrograms/test_cxx.cxx -o ${TOUT} 2>&1 | wc -w)
+  # TestPrograms/test_cxx.cpp is needed for main().
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} aes_armv4.S TestPrograms/test_cxx.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOGAMS_ARM_AES 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} sha1_armv4.S TestPrograms/test_cxx.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} sha1_armv4.S TestPrograms/test_cxx.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOGAMS_ARM_SHA1 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} sha256_armv4.S TestPrograms/test_cxx.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} sha256_armv4.S TestPrograms/test_cxx.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOGAMS_ARM_SHA256 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} sha512_armv4.S TestPrograms/test_cxx.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} sha512_armv4.S TestPrograms/test_cxx.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOGAMS_ARM_SHA512 1'
   fi
@@ -472,19 +480,19 @@
   # Shell redirection
   {
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_arm_neon_header.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_arm_neon_header.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_ARM_NEON_HEADER 1'
     HDRFLAGS="-DCRYPTOPP_ARM_NEON_HEADER=1"
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} TestPrograms/test_arm_acle_header.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} TestPrograms/test_arm_acle_header.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_ARM_ACLE_HEADER 1'
     HDRFLAGS="${HDRFLAGS} -DCRYPTOPP_ARM_ACLE_HEADER=1"
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} TestPrograms/test_arm_neon.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} TestPrograms/test_arm_neon.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_ARM_NEON_AVAILABLE 1'
   else
@@ -492,35 +500,35 @@
   fi
 
   # This should be an unneeded test. ASIMD on Aarch64 is NEON on A32 and T32
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} TestPrograms/test_arm_asimd.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} TestPrograms/test_arm_asimd.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_ARM_ASIMD_AVAILABLE 1'
   else
     echo '#define CRYPTOPP_DISABLE_ARM_ASIMD 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} ${ARMV81_CRC_FLAG} TestPrograms/test_arm_crc.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} ${ARMV81_CRC_FLAG} TestPrograms/test_arm_crc.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_ARM_CRC32_AVAILABLE 1'
   else
     echo '#define CRYPTOPP_DISABLE_ARM_CRC32 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} ${ARMV81_CRYPTO_FLAG} TestPrograms/test_arm_aes.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} ${ARMV81_CRYPTO_FLAG} TestPrograms/test_arm_aes.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_ARM_AES_AVAILABLE 1'
   else
     echo '#define CRYPTOPP_DISABLE_ARM_AES 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} ${ARMV81_CRYPTO_FLAG} TestPrograms/test_arm_pmull.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} ${ARMV81_CRYPTO_FLAG} TestPrograms/test_arm_pmull.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_ARM_PMULL_AVAILABLE 1'
   else
     echo '#define CRYPTOPP_DISABLE_ARM_PMULL 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} ${ARMV81_CRYPTO_FLAG} TestPrograms/test_arm_sha1.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} ${ARMV81_CRYPTO_FLAG} TestPrograms/test_arm_sha1.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_ARM_SHA_AVAILABLE 1'
     echo '#define CRYPTOPP_ARM_SHA1_AVAILABLE 1'
@@ -529,35 +537,35 @@
     echo '#define CRYPTOPP_DISABLE_ARM_SHA1 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} ${ARMV81_CRYPTO_FLAG} TestPrograms/test_arm_sha256.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} ${ARMV81_CRYPTO_FLAG} TestPrograms/test_arm_sha256.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_ARM_SHA2_AVAILABLE 1'
   else
     echo '#define CRYPTOPP_DISABLE_ARM_SHA2 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} ${ARMV84_CRYPTO_FLAG} TestPrograms/test_arm_sha3.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} ${ARMV84_CRYPTO_FLAG} TestPrograms/test_arm_sha3.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_ARM_SHA3_AVAILABLE 1'
   else
     echo '#define CRYPTOPP_DISABLE_ARM_SHA3 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} ${ARMV84_CRYPTO_FLAG} TestPrograms/test_arm_sha512.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} ${ARMV84_CRYPTO_FLAG} TestPrograms/test_arm_sha512.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_ARM_SHA512_AVAILABLE 1'
   else
     echo '#define CRYPTOPP_DISABLE_ARM_SHA512 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} ${ARMV84_CRYPTO_FLAG} TestPrograms/test_arm_sm3.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} ${ARMV84_CRYPTO_FLAG} TestPrograms/test_arm_sm3.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_ARM_SM3_AVAILABLE 1'
   else
     echo '#define CRYPTOPP_DISABLE_ARM_SM3 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} ${ARMV84_CRYPTO_FLAG} TestPrograms/test_arm_sm4.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${HDRFLAGS} ${ARMV84_CRYPTO_FLAG} TestPrograms/test_arm_sm4.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_ARM_SM4_AVAILABLE 1'
   else
@@ -595,7 +603,7 @@
   # Shell redirection
   {
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${ALTIVEC_FLAG} TestPrograms/test_ppc_altivec.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${ALTIVEC_FLAG} TestPrograms/test_ppc_altivec.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     have_altivec=1
     echo '#define CRYPTOPP_ALTIVEC_AVAILABLE 1'
@@ -604,7 +612,7 @@
     echo '#define CRYPTOPP_DISABLE_ALTIVEC 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${POWER7_PWR_FLAG} TestPrograms/test_ppc_power7.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${POWER7_PWR_FLAG} TestPrograms/test_ppc_power7.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 && "$have_altivec" -ne 0 ]]; then
     have_power7=1
     echo '#define CRYPTOPP_POWER7_AVAILABLE 1'
@@ -613,7 +621,7 @@
     echo '#define CRYPTOPP_DISABLE_POWER7 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${POWER8_FLAG} TestPrograms/test_ppc_power8.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${POWER8_FLAG} TestPrograms/test_ppc_power8.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 && "$have_power7" -ne 0 ]]; then
     have_power8=1
     echo '#define CRYPTOPP_POWER8_AVAILABLE 1'
@@ -622,7 +630,7 @@
     echo '#define CRYPTOPP_DISABLE_POWER8 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${POWER9_FLAG} TestPrograms/test_ppc_power9.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${POWER9_FLAG} TestPrograms/test_ppc_power9.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 && "$have_power8" -ne 0 ]]; then
     have_power9=1
     echo '#define CRYPTOPP_POWER9_AVAILABLE 1'
@@ -631,21 +639,21 @@
     echo '#define CRYPTOPP_DISABLE_POWER9 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${POWER8_FLAG} TestPrograms/test_ppc_aes.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${POWER8_FLAG} TestPrograms/test_ppc_aes.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 && "$have_power8" -ne 0 ]]; then
     echo '#define CRYPTOPP_POWER8_AES_AVAILABLE 1'
   else
     echo '#define CRYPTOPP_DISABLE_POWER8_AES 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${POWER8_FLAG} TestPrograms/test_ppc_vmull.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${POWER8_FLAG} TestPrograms/test_ppc_vmull.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 && "$have_power8" -ne 0 ]]; then
     echo '#define CRYPTOPP_POWER8_VMULL_AVAILABLE 1'
   else
     echo '#define CRYPTOPP_DISABLE_POWER8_VMULL 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${POWER8_FLAG} TestPrograms/test_ppc_sha.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} ${POWER8_FLAG} TestPrograms/test_ppc_sha.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 && "$have_power8" -ne 0 ]]; then
     echo '#define CRYPTOPP_POWER8_SHA_AVAILABLE 1'
   else
@@ -696,7 +704,7 @@
   echo '// ***************** C++98 and C++03 ********************'
   echo ''
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx98_exception.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx98_exception.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '// Ancient Crypto++ define, dating back to C++98.'
     echo '#define CRYPTOPP_UNCAUGHT_EXCEPTION_AVAILABLE 1'
@@ -711,11 +719,11 @@
   echo '// ***************** C++11 and above ********************'
   echo ''
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_CXX11 1'
   else
-    echo '// test_cxx11.cxx returned non-zero result'
+    echo '// test_cxx11.cpp returned non-zero result'
     echo '// #define CRYPTOPP_CXX11 1'
   fi
 
@@ -723,21 +731,21 @@
   echo '#if defined(CRYPTOPP_CXX11)'
   echo ''
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_atomic.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_atomic.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_CXX11_ATOMIC 1'
   else
     echo '// #define CRYPTOPP_CXX11_ATOMIC 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_auto.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_auto.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_CXX11_AUTO 1'
   else
     echo '// #define CRYPTOPP_CXX11_AUTO 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_sync.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_sync.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_CXX11_SYNCHRONIZATION 1'
   else
@@ -745,7 +753,7 @@
   fi
 
   # CRYPTOPP_CXX11_DYNAMIC_INIT is old name
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_staticinit.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_staticinit.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_CXX11_STATIC_INIT 1'
     echo '#define CRYPTOPP_CXX11_DYNAMIC_INIT 1'
@@ -754,70 +762,70 @@
     echo '// #define CRYPTOPP_CXX11_DYNAMIC_INIT 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_deletefn.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_deletefn.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_CXX11_DELETED_FUNCTIONS 1'
   else
     echo '// #define CRYPTOPP_CXX11_DELETED_FUNCTIONS 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_alignas.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_alignas.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_CXX11_ALIGNAS 1'
   else
     echo '// #define CRYPTOPP_CXX11_ALIGNAS 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_alignof.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_alignof.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_CXX11_ALIGNOF 1'
   else
     echo '// #define CRYPTOPP_CXX11_ALIGNOF 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_initializer.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_initializer.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_CXX11_INITIALIZER_LIST 1'
   else
     echo '// #define CRYPTOPP_CXX11_INITIALIZER_LIST 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_lambda.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_lambda.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_CXX11_LAMBDA 1'
   else
     echo '// #define CRYPTOPP_CXX11_LAMBDA 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_noexcept.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_noexcept.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_CXX11_NOEXCEPT 1'
   else
     echo '// #define CRYPTOPP_CXX11_NOEXCEPT 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_vartemplates.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_vartemplates.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1'
   else
     echo '// #define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_constexpr.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_constexpr.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_CXX11_CONSTEXPR 1'
   else
     echo '// #define CRYPTOPP_CXX11_CONSTEXPR 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_enumtype.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_enumtype.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_CXX11_STRONG_ENUM 1'
   else
     echo '// #define CRYPTOPP_CXX11_STRONG_ENUM 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_nullptr.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_nullptr.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_CXX11_NULLPTR 1'
   else
@@ -825,7 +833,7 @@
   fi
 
   # 2-argument static assert
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_assert.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx11_assert.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_CXX11_ASSERT 1'
   else
@@ -839,11 +847,11 @@
   echo '// ***************** C++14 and above ********************'
   echo ''
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx14.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx14.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_CXX14 1'
   else
-    echo '// test_cxx14.cxx returned non-zero result'
+    echo '// test_cxx14.cpp returned non-zero result'
     echo '// #define CRYPTOPP_CXX14 1'
   fi
 
@@ -858,11 +866,11 @@
   echo '// ***************** C++17 and above ********************'
   echo ''
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx17.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx17.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_CXX17 1'
   else
-    echo '// test_cxx17.cxx returned non-zero result'
+    echo '// test_cxx17.cpp returned non-zero result'
     echo '// #define CRYPTOPP_CXX17 1'
   fi
 
@@ -871,14 +879,14 @@
   echo ''
 
   # 1-argument static assert
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx17_assert.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx17_assert.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_CXX17_ASSERT 1'
   else
     echo '// #define CRYPTOPP_CXX17_ASSERT 1'
   fi
 
-  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx17_exceptions.cxx -o ${TOUT} 2>&1 | wc -w)
+  CXX_RESULT=$(${CXX} ${CXXFLAGS} TestPrograms/test_cxx17_exceptions.cpp -o ${TOUT} 2>&1 | wc -w)
   if [[ "${CXX_RESULT}" -eq 0 ]]; then
     echo '#define CRYPTOPP_CXX17_UNCAUGHT_EXCEPTIONS 1'
   else
diff -Nru libcrypto++-8.4.0/TestScripts/cryptest-android-mk.sh libcrypto++-8.6.0/TestScripts/cryptest-android-mk.sh
--- libcrypto++-8.4.0/TestScripts/cryptest-android-mk.sh	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestScripts/cryptest-android-mk.sh	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,125 @@
+#!/usr/bin/env bash
+
+#############################################################################
+#
+# This script tests the cryptopp-android-mk gear using ndk-build. The
+# source files include Application.mk and Android.mk.
+#
+# Written and placed in public domain by Jeffrey Walton and Uri Blumenthal.
+#
+# Crypto++ Library is copyrighted as a compilation and (as of version 5.6.2)
+# licensed under the Boost Software License 1.0, while the individual files
+# in the compilation are all public domain.
+#
+# See http://www.cryptopp.com/wiki/Android.mk_(Command_Line) for more details
+#
+#############################################################################
+
+# Error checking
+if [ ! -d "${ANDROID_NDK_ROOT}" ]; then
+    echo "ERROR: ANDROID_NDK_ROOT is not a valid path for ${USER}. Please set it."
+    echo "ANDROID_NDK_ROOT is '${ANDROID_NDK_ROOT}'"
+    exit 1
+fi
+
+# Error checking
+if [ ! -d "${ANDROID_SDK_ROOT}" ]; then
+    echo "ERROR: ANDROID_SDK_ROOT is not a valid path for ${USER}. Please set it."
+    echo "ANDROID_SDK_ROOT is '${ANDROID_SDK_ROOT}'"
+    exit 1
+fi
+
+# Error checking
+if [ -z "$(command -v ndk-build 2>/dev/null)"  ]; then
+    echo "ERROR: ndk-build is not on-path for ${USER}. Please set it."
+    echo "PATH is '${PATH}'"
+    exit 1
+fi
+
+# Temp directory
+if [[ -z "${TMPDIR}" ]]; then
+    TMPDIR="$HOME/tmp"
+    mkdir -p "${TMPDIR}"
+    if [ -n "${SUDO_USER}" ]; then
+        chown -R "${SUDO_USER}" "${TMPDIR}"
+    fi
+fi
+
+# Sane default
+if [[ -z "${MAKE_JOBS}" ]]; then
+    MAKE_JOBS=4
+fi
+
+# Fixup for sed and "illegal byte sequence"
+IS_DARWIN=$(uname -s 2>/dev/null | grep -i -c darwin)
+if [[ "${IS_DARWIN}" -ne 0 ]] && [[ -z "${LC_ALL}" ]]; then
+    export LC_ALL=C
+fi
+
+# Cleanup old artifacts
+rm -rf "${TMPDIR}/build.failed" 2>/dev/null
+rm -rf "${TMPDIR}/build.log" 2>/dev/null
+
+#############################################################################
+
+# Prepare the environment
+unset CXX CPPFLAGS CXXFLAGS LDFLAGS
+unset ANDROID_CPPFLAGS ANDROID_CXXFLAGS ANDROID_LDFLAGS ANDROID_SYSROOT
+
+if [[ -e TestScripts/setenv-android.sh ]]; then
+    cp TestScripts/setenv-android.sh .
+    chmod u+x setenv-android.sh
+fi
+
+#############################################################################
+
+files=(Android.mk Application.mk test_shared.hxx test_shared.cxx)
+
+for file in "${files[@]}"; do
+    echo "Downloading $file"
+    if ! curl -L -s -o "${file}" "https://raw.githubusercontent.com/noloader/cryptopp-android-mk/master/${file}"; then
+        echo "${file} download failed"
+        exit 1
+    fi
+    # Permissions
+    chmod u=rw,go=r "${file}"
+    # Throttle
+    sleep 1
+done
+
+#############################################################################
+
+# Paydirt
+NDK_PROJECT_PATH="$PWD"
+NDK_APPLICATION_MK="$PWD/Application.mk"
+PLATFORMS=(armeabi-v7a arm64-v8a x86 x86_64)
+
+# Clean all past artifacts
+ndk-build APP_ABI=all NDK_PROJECT_PATH="${NDK_PROJECT_PATH}" NDK_APPLICATION_MK="${NDK_APPLICATION_MK}" distclean &>/dev/null
+
+for platform in "${PLATFORMS[@]}"
+do
+    echo ""
+    echo "===================================================================="
+    echo "Building for ${platform}..."
+
+    if ndk-build -j "${MAKE_JOBS}" APP_ABI="${platform}" NDK_PROJECT_PATH="${NDK_PROJECT_PATH}" NDK_APPLICATION_MK="${NDK_APPLICATION_MK}" V=1;
+    then
+        echo "${platform} ==> SUCCESS" >> "${TMPDIR}/build.log"
+    else
+        echo "${platform} ==> FAILURE" >> "${TMPDIR}/build.log"
+        touch "${TMPDIR}/build.failed"
+    fi
+
+done
+
+echo
+echo "===================================================================="
+cat "${TMPDIR}/build.log"
+
+# let the script fail if any of the builds failed
+if [ -f "${TMPDIR}/build.failed" ]; then
+    exit 1
+fi
+
+exit 0
diff -Nru libcrypto++-8.4.0/TestScripts/cryptest-android.sh libcrypto++-8.6.0/TestScripts/cryptest-android.sh
--- libcrypto++-8.4.0/TestScripts/cryptest-android.sh	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestScripts/cryptest-android.sh	2021-09-24 11:48:47.000000000 +0000
@@ -1,76 +1,236 @@
 #!/usr/bin/env bash
 
-# ====================================================================
-# Tests Android cross-compiles
+#############################################################################
+#
+# This script tests Android cross-compiles using setenv-android.sh script.
+#
+# Written and placed in public domain by Jeffrey Walton and Uri Blumenthal.
+#
+# Crypto++ Library is copyrighted as a compilation and (as of version 5.6.2)
+# licensed under the Boost Software License 1.0, while the individual files
+# in the compilation are all public domain.
 #
 # See http://www.cryptopp.com/wiki/Android_(Command_Line) for more details
-# ====================================================================
+#
+#############################################################################
+
+# Error checking
+if [ -z "$(command -v ./setenv-android.sh 2>/dev/null)" ]; then
+    echo "Failed to locate setenv-android.sh."
+    exit 1
+fi
+
+# Error checking
+if [ ! -d "${ANDROID_NDK_ROOT}" ]; then
+    echo "ERROR: ANDROID_NDK_ROOT is not a valid path for ${USER}. Please set it."
+    echo "ANDROID_NDK_ROOT is '${ANDROID_NDK_ROOT}'"
+    exit 1
+fi
+
+# Error checking
+if [ ! -d "${ANDROID_SDK_ROOT}" ]; then
+    echo "ERROR: ANDROID_SDK_ROOT is not a valid path for ${USER}. Please set it."
+    echo "ANDROID_SDK_ROOT is '${ANDROID_SDK_ROOT}'"
+    exit 1
+fi
 
-if [ -z "$(command -v ./setenv-android.sh)" ]; then
-    echo "Failed to locate setenv-android.sh"
-    [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1
+# Error checking
+if [ -z "$(command -v ndk-build 2>/dev/null)"  ]; then
+    echo "ERROR: ndk-build is not on-path for ${USER}. Please set it."
+    echo "PATH is '${PATH}'"
+    exit 1
 fi
 
 # Temp directory
-if [[ -z "$TMPDIR" ]]; then
+if [[ -z "${TMPDIR}" ]]; then
     TMPDIR="$HOME/tmp"
-    mkdir -p "$TMPDIR"
+    mkdir -p "${TMPDIR}"
+    if [ -n "${SUDO_USER}" ]; then
+        chown -R "${SUDO_USER}" "${TMPDIR}"
+    fi
 fi
 
-MAKE_JOBS=2
+# Sane default
+if [[ -z "${MAKE_JOBS}" ]]; then
+    MAKE_JOBS=4
+fi
 
 # Cleanup old artifacts
-rm -rf "$TMPDIR/build.failed" 2>/dev/null
-rm -rf "$TMPDIR/build.log" 2>/dev/null
+rm -rf "${TMPDIR}/build.failed" 2>/dev/null
+rm -rf "${TMPDIR}/build.log" 2>/dev/null
+
+#############################################################################
+
+# Prepare the environment
+unset CXX CPPFLAGS CXXFLAGS LDFLAGS
+unset ANDROID_CPPFLAGS ANDROID_CXXFLAGS ANDROID_LDFLAGS ANDROID_SYSROOT
+
+if [[ -e TestScripts/setenv-android.sh ]]; then
+    cp TestScripts/setenv-android.sh .
+    chmod u+x setenv-android.sh
+fi
+
+#############################################################################
 
 PLATFORMS=(armv7a aarch64 x86 x86_64)
 
 for platform in "${PLATFORMS[@]}"
 do
     # setenv-android.sh reads these two variables for configuration info.
-    export ANDROID_API="23"
-    export ANDROID_CPU="$platform"
+    # Android 5.0 is 21. Android 6.0 is 23.
+    export ANDROID_API="21"
+    export ANDROID_CPU="${platform}"
 
     make -f GNUmakefile-cross distclean > /dev/null 2>&1
 
     echo
     echo "===================================================================="
-    echo "Testing for Android support of $platform"
+    echo "Testing for Android support of ${platform}"
 
     # Test if we can set the environment for the platform
     if ! ./setenv-android.sh > /dev/null 2>&1;
     then
         echo
-        echo "There were problems testing $platform"
-        echo "$platform ==> SKIPPED" >> "$TMPDIR/build.log"
+        echo "There were problems testing ${platform}"
+        echo "${platform} ==> SKIPPED" >> "${TMPDIR}/build.log"
 
         continue
     fi
 
     echo
-    echo "Building for $platform..."
-    echo
+    echo "===================================================================="
+    echo "Building for ${platform}..."
 
     # run in subshell to not keep any envars
     (
         source ./setenv-android.sh
-        if make -k -j "$MAKE_JOBS" -f GNUmakefile-cross static dynamic cryptest.exe;
+        if make -k -j "${MAKE_JOBS}" -f GNUmakefile-cross static dynamic cryptest.exe;
         then
-            echo "$platform ==> SUCCESS" >> "$TMPDIR/build.log"
+            echo "${platform} ==> SUCCESS" >> "${TMPDIR}/build.log"
         else
-            echo "$platform ==> FAILURE" >> "$TMPDIR/build.log"
-            touch "$TMPDIR/build.failed"
+            echo "${platform} ==> FAILURE" >> "${TMPDIR}/build.log"
+            touch "${TMPDIR}/build.failed"
+        fi
+
+        # Test code generation
+        if [[ "${platform}" == "armv7a" ]]
+        then
+
+            # Test NEON code generation
+            count=$(${OBJDUMP} --disassemble aria_simd.o 2>&1 | grep -c -E 'vld|vst|vshl|vshr|veor')
+            if [[ "${count}" -gt 64 ]]
+            then
+                echo "${platform} : NEON ==> SUCCESS" >> "${TMPDIR}/build.log"
+            else
+                echo "${platform} : NEON ==> FAILURE" >> "${TMPDIR}/build.log"
+                touch "${TMPDIR}/build.failed"
+            fi
+
+        elif [[ "${platform}" == "aarch64" ]]
+        then
+
+            # Test ASIMD code generation
+            count=$(${OBJDUMP} --disassemble aria_simd.o 2>&1 | grep -c -E 'vld|vst|vshl|vshr|veor')
+            if [[ "${count}" -gt 64 ]]
+            then
+                echo "${platform} : ASIMD ==> SUCCESS" >> "${TMPDIR}/build.log"
+            else
+                echo "${platform} : ASIMD ==> FAILURE" >> "${TMPDIR}/build.log"
+                touch "${TMPDIR}/build.failed"
+            fi
+
+            # Test AES code generation
+            count=$(${OBJDUMP} --disassemble rijndael_simd.o 2>&1 | grep -c -E 'aese|aesd|aesmc|aesimc')
+            if [[ "${count}" -gt 32 ]]
+            then
+                echo "${platform} : AES ==> SUCCESS" >> "${TMPDIR}/build.log"
+            else
+                echo "${platform} : AES ==> FAILURE" >> "${TMPDIR}/build.log"
+                touch "${TMPDIR}/build.failed"
+            fi
+
+            # Test PMULL code generation
+            count=$(${OBJDUMP} --disassemble gcm_simd.o 2>&1 | grep -c -E 'pmull|pmull2')
+            if [[ "${count}" -gt 16 ]]
+            then
+                echo "${platform} : PMULL ==> SUCCESS" >> "${TMPDIR}/build.log"
+            else
+                echo "${platform} : PMULL ==> FAILURE" >> "${TMPDIR}/build.log"
+                touch "${TMPDIR}/build.failed"
+            fi
+
+            # Test SHA1 code generation
+            count=$(${OBJDUMP} --disassemble sha_simd.o 2>&1 | grep -c -E 'sha1c|sha1m|sha1p|sha1h|sha1su0|sha1su1')
+            if [[ "${count}" -gt 32 ]]
+            then
+                echo "${platform} : SHA1 ==> SUCCESS" >> "${TMPDIR}/build.log"
+            else
+                echo "${platform} : SHA1 ==> FAILURE" >> "${TMPDIR}/build.log"
+                touch "${TMPDIR}/build.failed"
+            fi
+
+            # Test SHA2 code generation
+            count=$(${OBJDUMP} --disassemble sha_simd.o | grep -c -E 'sha256h|sha256su0|sha256su1')
+            if [[ "${count}" -gt 32 ]]
+            then
+                echo "${platform} : SHA2 ==> SUCCESS" >> "${TMPDIR}/build.log"
+            else
+                echo "${platform} : SHA2 ==> FAILURE" >> "${TMPDIR}/build.log"
+                touch "${TMPDIR}/build.failed"
+            fi
+        elif [[ "${platform}" == "x86" || "${platform}" == "x86_64" ]]
+        then
+
+            # Test AES code generation
+            count=$(${OBJDUMP} --disassemble rijndael_simd.o 2>&1 | grep -c -E 'aesenc|aesdec|aesenclast|aesdeclast|aesimc')
+            if [[ "${count}" -gt 32 ]]
+            then
+                echo "${platform} : AES ==> SUCCESS" >> "${TMPDIR}/build.log"
+            else
+                echo "${platform} : AES ==> FAILURE" >> "${TMPDIR}/build.log"
+                touch "${TMPDIR}/build.failed"
+            fi
+
+            # Test CLMUL code generation
+            count=$(${OBJDUMP} --disassemble gcm_simd.o 2>&1 | grep -c -E 'pclmulqdq|pclmullqlq|pclmullqhq|vpclmulqdq')
+            if [[ "${count}" -gt 16 ]]
+            then
+                echo "${platform} : CLMUL ==> SUCCESS" >> "${TMPDIR}/build.log"
+            else
+                echo "${platform} : CLMUL ==> FAILURE" >> "${TMPDIR}/build.log"
+                touch "${TMPDIR}/build.failed"
+            fi
+
+            # Test SHA1 code generation
+            count=$(${OBJDUMP} --disassemble sha_simd.o 2>&1 | grep -c -E 'sha1rnds4|sha1nexte|sha1msg1|sha1msg2')
+            if [[ "${count}" -gt 32 ]]
+            then
+                echo "${platform} : SHA1 ==> SUCCESS" >> "${TMPDIR}/build.log"
+            else
+                echo "${platform} : SHA1 ==> FAILURE" >> "${TMPDIR}/build.log"
+                touch "${TMPDIR}/build.failed"
+            fi
+
+            # Test SHA2 code generation
+            count=$(${OBJDUMP} --disassemble sha_simd.o | grep -c -E 'sha256rnds2|sha256msg1|sha256msg2')
+            if [[ "${count}" -gt 32 ]]
+            then
+                echo "${platform} : SHA2 ==> SUCCESS" >> "${TMPDIR}/build.log"
+            else
+                echo "${platform} : SHA2 ==> FAILURE" >> "${TMPDIR}/build.log"
+                touch "${TMPDIR}/build.failed"
+            fi
         fi
     )
 done
 
-echo ""
+echo
 echo "====================================================="
-cat "$TMPDIR/build.log"
+cat "${TMPDIR}/build.log"
 
 # let the script fail if any of the builds failed
-if [ -f "$TMPDIR/build.failed" ]; then
-    [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1
+if [ -f "${TMPDIR}/build.failed" ]; then
+    exit 1
 fi
 
-[[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 0 || return 0
+exit 0
diff -Nru libcrypto++-8.4.0/TestScripts/cryptest-autotools.sh libcrypto++-8.6.0/TestScripts/cryptest-autotools.sh
--- libcrypto++-8.4.0/TestScripts/cryptest-autotools.sh	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestScripts/cryptest-autotools.sh	2021-09-24 11:48:47.000000000 +0000
@@ -1,5 +1,20 @@
 #!/usr/bin/env bash
 
+#############################################################################
+#
+# This script tests the Autotools gear.
+#
+# Written and placed in public domain by Jeffrey Walton.
+#
+# Crypto++ Library is copyrighted as a compilation and (as of version 5.6.2)
+# licensed under the Boost Software License 1.0, while the individual files
+# in the compilation are all public domain.
+#
+# See https://www.cryptopp.com/wiki/Autotools for more details
+#
+#############################################################################
+
+# Default tools
 GREP=grep
 SED=sed
 AWK=awk
@@ -79,10 +94,12 @@
 
 for file in "${files[@]}"; do
 	echo "Downloading $file"
-	if ! curl -o "$file" --silent --insecure "https://raw.githubusercontent.com/noloader/cryptopp-autotools/master/$file"; then
+	if ! curl -L -s -o "$file" "https://raw.githubusercontent.com/noloader/cryptopp-autotools/master/$file"; then
 		echo "$file download failed"
 		exit 1
 	fi
+    # Throttle
+    sleep 1
 done
 
 mkdir -p m4/
@@ -116,7 +133,7 @@
 
 # Update config.sub config.guess. GNU recommends using the latest for all projects.
 echo "Updating config.sub"
-curl -o config.sub.new --silent --insecure 'https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub'
+curl -L -s -o config.sub.new 'https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub'
 
 # Solaris removes +w, can't overwrite
 chmod +w build-aux/config.sub
@@ -129,7 +146,7 @@
 fi
 
 echo "Updating config.guess"
-curl -o config.guess.new --silent --insecure 'https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess'
+curl -L -s -o config.guess.new 'https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess'
 
 # Solaris removes +w, can't overwrite
 chmod +w build-aux/config.guess
diff -Nru libcrypto++-8.4.0/TestScripts/cryptest-cmake.sh libcrypto++-8.6.0/TestScripts/cryptest-cmake.sh
--- libcrypto++-8.4.0/TestScripts/cryptest-cmake.sh	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestScripts/cryptest-cmake.sh	2021-09-24 11:48:47.000000000 +0000
@@ -1,5 +1,19 @@
 #!/usr/bin/env bash
 
+#############################################################################
+#
+# This script tests the CMake gear.
+#
+# Written and placed in public domain by Jeffrey Walton.
+#
+# Crypto++ Library is copyrighted as a compilation and (as of version 5.6.2)
+# licensed under the Boost Software License 1.0, while the individual files
+# in the compilation are all public domain.
+#
+# See https://www.cryptopp.com/wiki/CMake for more details
+#
+#############################################################################
+
 # Fixup ancient Bash
 # https://unix.stackexchange.com/q/468579/56041
 if [[ -z "$BASH_SOURCE" ]]; then
@@ -34,10 +48,12 @@
 
 for file in "${files[@]}"; do
 	echo "Downloading $file"
-	if ! curl -o "$file" --silent "https://raw.githubusercontent.com/noloader/cryptopp-cmake/master/$file"; then
+	if ! curl -L -s -o "$file" "https://raw.githubusercontent.com/noloader/cryptopp-cmake/master/$file"; then
 		echo "$file download failed"
 		exit 1
 	fi
+    # Throttle
+    sleep 1
 done
 
 rm -rf "$(pwd)/cmake_build"
diff -Nru libcrypto++-8.4.0/TestScripts/cryptest-coverage.sh libcrypto++-8.6.0/TestScripts/cryptest-coverage.sh
--- libcrypto++-8.4.0/TestScripts/cryptest-coverage.sh	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestScripts/cryptest-coverage.sh	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,149 @@
+#!/usr/bin/env bash
+
+if ! command -v gcov > /dev/null; then
+    echo "Please install gcov"
+    exit 1
+fi
+
+if ! command -v lcov > /dev/null; then
+    echo "Please install lcov"
+    exit 1
+fi
+
+# Default make jobs
+MAKE_JOBS=${MAKE_JOBS:-4}
+
+# Default temp directory
+if [ -z "${TMPDIR}" ];
+then
+    if [ -d "${HOME}/tmp" ]; then
+        TMPDIR="${HOME}/tmp"
+    else
+        TMPDIR="/tmp"
+    fi
+fi
+
+DEBUG_CXXFLAGS="-DDEBUG -DCRYPTOPP_COVERAGE=1 -g3 -O1 -coverage"
+NOASM_CXXFLAGS="-DNDEBUG -DCRYPTOPP_DISABLE_ASM -DCRYPTOPP_COVERAGE=1 -g3 -O1 -coverage"
+RELEASE_CXXFLAGS="-DNDEBUG -DCRYPTOPP_COVERAGE=1 -g3 -O1 -coverage"
+
+# Clean old artifacts
+rm -rf TestCoverage/ >/dev/null
+make distclean >/dev/null
+
+echo "**************************************************"
+echo "*****             Baseline build             *****"
+echo "**************************************************"
+
+# The man page says to run a baseline, but the cryptest_base recipe
+# breaks things. Zeroing the counters seems to be the best we can do.
+if lcov --base-directory . --directory . --zerocounters;
+then
+	echo
+	echo "Baseline zero counters ok"
+	echo
+else
+	echo
+	echo "Baseline zero counters failed"
+	echo
+fi
+
+#make clean > /dev/null
+#if ! make -j "${MAKE_JOBS}";
+#then
+#    echo "Baseline build failed"
+#    exit 1
+#fi
+
+# Run test programs
+#./cryptest.exe v
+#./cryptest.exe tv all
+
+# Create a baseline
+#lcov --base-directory . --directory . -i -c -o cryptest_base.info
+
+echo "**************************************************"
+echo "*****               Debug build              *****"
+echo "**************************************************"
+
+make clean > /dev/null
+if ! CXXFLAGS="${DEBUG_CXXFLAGS}" make -j "${MAKE_JOBS}";
+then
+    echo "Debug build failed"
+    exit 1
+fi
+
+# Run test programs
+./cryptest.exe v
+./cryptest.exe tv all
+
+# Gather data
+lcov --base-directory . --directory . -c -o cryptest_debug.info
+
+echo "**************************************************"
+echo "*****              No ASM build              *****"
+echo "**************************************************"
+
+make clean > /dev/null
+if ! CXXFLAGS="${NOASM_CXXFLAGS}" make -j "${MAKE_JOBS}";
+then
+    echo "No ASM build failed"
+    exit 1
+fi
+
+# Run test programs
+./cryptest.exe v
+./cryptest.exe tv all
+
+# Gather data
+lcov --base-directory . --directory . -c -o cryptest_noasm.info
+
+echo "**************************************************"
+echo "*****              Release build             *****"
+echo "**************************************************"
+
+make clean > /dev/null
+if ! CXXFLAGS="${RELEASE_CXXFLAGS}" make -j "${MAKE_JOBS}";
+then
+    echo "Release build failed"
+    exit 1
+fi
+
+# Run test programs
+./cryptest.exe v
+./cryptest.exe tv all
+./cryptest.exe b 0.5
+
+# Gather data
+lcov --base-directory . --directory . -c -o cryptest_release.info
+
+echo "**************************************************"
+echo "*****             HTML processing            *****"
+echo "**************************************************"
+
+if [ ! -e cryptest_debug.info ]; then
+    echo "WARN: cryptest_debug.info does not exist"
+fi
+if [ ! -e cryptest_noasm.info ]; then
+    echo "WARN: cryptest_noasm.info does not exist"
+fi
+if [ ! -e cryptest_release.info ]; then
+    echo "WARN: cryptest_release.info does not exist"
+fi
+
+# The man page says to run a baseline, but the cryptest_base recipe
+# breaks things. Zeroing the counters seems to be the best we can do.
+# --add-tracefile cryptest_base.info
+
+lcov --add-tracefile cryptest_debug.info \
+    --add-tracefile cryptest_noasm.info \
+    --add-tracefile cryptest_release.info \
+    --output-file cryptest_all.info
+
+lcov --remove cryptest_all.info \
+    '/usr/*' '*/adhoc*.*' '*/dlltest*.*' '*/fipstest*.*' '*/fips140*.*' '*/test*.*' \
+    --output-file cryptest.info
+
+genhtml -o TestCoverage/ -t "Crypto++ test coverage" --num-spaces 4 cryptest.info
+
+exit 0
diff -Nru libcrypto++-8.4.0/TestScripts/cryptest-ios.sh libcrypto++-8.6.0/TestScripts/cryptest-ios.sh
--- libcrypto++-8.4.0/TestScripts/cryptest-ios.sh	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestScripts/cryptest-ios.sh	2021-09-24 11:48:47.000000000 +0000
@@ -1,27 +1,50 @@
 #!/usr/bin/env bash
 
-# ====================================================================
-# Tests iOS cross-compiles
+#############################################################################
+#
+# This script tests the cryptopp-ios gear.
+#
+# Written and placed in public domain by Jeffrey Walton and Uri Blumenthal.
+#
+# Crypto++ Library is copyrighted as a compilation and (as of version 5.6.2)
+# licensed under the Boost Software License 1.0, while the individual files
+# in the compilation are all public domain.
 #
 # See http://www.cryptopp.com/wiki/iOS_(Command_Line) for more details
-# ====================================================================
+#############################################################################
 
 if [ -z "$(command -v ./setenv-ios.sh)" ]; then
     echo "Failed to locate setenv-ios.sh"
-    [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1
+    exit 1
 fi
 
 # Temp directory
-if [[ -z "$TMPDIR" ]]; then
+if [[ -z "${TMPDIR}" ]]; then
     TMPDIR="$HOME/tmp"
-    mkdir "$TMPDIR"
+    mkdir "${TMPDIR}"
 fi
 
-MAKE_JOBS=2
+# Sane default
+if [[ -z "${MAKE_JOBS}" ]]; then
+    MAKE_JOBS=4
+fi
 
 # Cleanup old artifacts
-rm -rf "$TMPDIR/build.failed" 2>/dev/null
-rm -rf "$TMPDIR/build.log" 2>/dev/null
+rm -rf "${TMPDIR}/build.failed" 2>/dev/null
+rm -rf "${TMPDIR}/build.log" 2>/dev/null
+
+#############################################################################
+
+# Prepare the environment
+unset CXX CPPFLAGS CXXFLAGS LDFLAGS
+unset IOS_CPPFLAGS IOS_CXXFLAGS IOS_LDFLAGS IOS_SYSROOT
+
+if [[ -e TestScripts/setenv-ios.sh ]]; then
+    cp TestScripts/setenv-ios.sh .
+    chmod u+x setenv-ios.sh
+fi
+
+#############################################################################
 
 # Hack a Bash data structure...
 PLATFORMS=()
@@ -31,6 +54,7 @@
 PLATFORMS+=("AppleTVOS:arm64")
 PLATFORMS+=("WatchOS:armv7")
 PLATFORMS+=("WatchOS:arm64")
+PLATFORMS+=("WatchOS:arm64_32")
 PLATFORMS+=("iPhoneSimulator:i386")
 PLATFORMS+=("iPhoneSimulator:x86_64")
 PLATFORMS+=("AppleTVSimulator:i386")
@@ -52,42 +76,111 @@
 
     echo
     echo "====================================================="
-    echo "Testing for iOS support of $platform"
+    echo "Testing for iOS support of ${platform}"
 
     # Test if we can set the environment for the platform
     if ! ./setenv-ios.sh > /dev/null 2>&1;
     then
         echo
-        echo "$platform not supported by Xcode"
-        echo "$platform ==> SKIPPED" >> "$TMPDIR/build.log"
+        echo "${platform} not supported by Xcode"
+        echo "${platform} ==> SKIPPED" >> "${TMPDIR}/build.log"
 
         continue
     fi
 
     echo
-    echo "Building for $platform..."
-    echo
+    echo "====================================================="
+    echo "Building for ${platform}..."
 
     # run in subshell to not keep any envars
     (
         source ./setenv-ios.sh
-        if make -k -j "$MAKE_JOBS" -f GNUmakefile-cross static dynamic cryptest.exe;
+
+        if make -k -j "${MAKE_JOBS}" -f GNUmakefile-cross static dynamic cryptest.exe;
         then
-            echo "$platform ==> SUCCESS" >> "$TMPDIR/build.log"
+            echo "${platform} ==> SUCCESS" >> "${TMPDIR}/build.log"
         else
-            echo "$platform ==> FAILURE" >> "$TMPDIR/build.log"
-            touch "$TMPDIR/build.failed"
+            echo "${platform} ==> FAILURE" >> "${TMPDIR}/build.log"
+            touch "${TMPDIR}/build.failed"
+        fi
+
+        # Test code generation
+        if [[ "${cpu}" == "armv7" ]]
+        then
+
+            # Test NEON code generation
+            count=$(otool -tV aria_simd.o 2>&1 | grep -c -E 'vld|vst|vshl|vshr|veor')
+            if [[ "${count}" -gt 64 ]]
+            then
+                echo "${platform} : NEON ==> SUCCESS" >> "${TMPDIR}/build.log"
+            else
+                echo "${platform} : NEON ==> FAILURE" >> "${TMPDIR}/build.log"
+                touch "${TMPDIR}/build.failed"
+            fi
+
+        elif [[ "${cpu}" == "arm64" ]]
+        then
+
+            # Test ASIMD code generation
+            count=$(otool -tV aria_simd.o 2>&1 | grep -c -E 'ldr[[:space:]]*q|str[[:space:]]*q|shl.4|shr.4|eor.16')
+            if [[ "${count}" -gt 64 ]]
+            then
+                echo "${platform} : ASIMD ==> SUCCESS" >> "${TMPDIR}/build.log"
+            else
+                echo "${platform} : ASIMD ==> FAILURE" >> "${TMPDIR}/build.log"
+                touch "${TMPDIR}/build.failed"
+            fi
+
+            # Test AES code generation
+            count=$(otool -tV rijndael_simd.o 2>&1 | grep -c -E 'aese|aesd|aesmc|aesimc')
+            if [[ "${count}" -gt 32 ]]
+            then
+                echo "${platform} : AES ==> SUCCESS" >> "${TMPDIR}/build.log"
+            else
+                echo "${platform} : AES ==> FAILURE" >> "${TMPDIR}/build.log"
+                touch "${TMPDIR}/build.failed"
+            fi
+
+            # Test PMULL code generation
+            count=$(otool -tV gcm_simd.o 2>&1 | grep -c -E 'pmull|pmull2')
+            if [[ "${count}" -gt 16 ]]
+            then
+                echo "${platform} : PMULL ==> SUCCESS" >> "${TMPDIR}/build.log"
+            else
+                echo "${platform} : PMULL ==> FAILURE" >> "${TMPDIR}/build.log"
+                touch "${TMPDIR}/build.failed"
+            fi
+
+            # Test SHA1 code generation
+            count=$(otool -tV sha_simd.o 2>&1 | grep -c -E 'sha1c|sha1m|sha1p|sha1h|sha1su0|sha1su1')
+            if [[ "${count}" -gt 32 ]]
+            then
+                echo "${platform} : SHA1 ==> SUCCESS" >> "${TMPDIR}/build.log"
+            else
+                echo "${platform} : SHA1 ==> FAILURE" >> "${TMPDIR}/build.log"
+                touch "${TMPDIR}/build.failed"
+            fi
+
+            # Test SHA2 code generation
+            count=$(otool -tV sha_simd.o | grep -c -E 'sha256h|sha256su0|sha256su1')
+            if [[ "${count}" -gt 32 ]]
+            then
+                echo "${platform} : SHA2 ==> SUCCESS" >> "${TMPDIR}/build.log"
+            else
+                echo "${platform} : SHA2 ==> FAILURE" >> "${TMPDIR}/build.log"
+                touch "${TMPDIR}/build.failed"
+            fi
         fi
     )
 done
 
-echo ""
+echo
 echo "====================================================="
-cat "$TMPDIR/build.log"
+cat "${TMPDIR}/build.log"
 
 # let the script fail if any of the builds failed
-if [ -f "$TMPDIR/build.failed" ]; then
-    [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1
+if [ -f "${TMPDIR}/build.failed" ]; then
+    exit 1
 fi
 
-[[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 0 || return 0
+exit 0
diff -Nru libcrypto++-8.4.0/TestScripts/cryptest-pem.sh libcrypto++-8.6.0/TestScripts/cryptest-pem.sh
--- libcrypto++-8.4.0/TestScripts/cryptest-pem.sh	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestScripts/cryptest-pem.sh	2021-09-24 11:48:47.000000000 +0000
@@ -1,11 +1,15 @@
 #!/usr/bin/env bash
 
-PWD_DIR=$(pwd)
-function cleanup {
-	cd "$PWD_DIR"
-}
-trap cleanup EXIT
-
+#############################################################################
+#
+# This script tests the cryptopp-pem gear.
+#
+# Written and placed in public domain by Jeffrey Walton.
+#
+# Crypto++ Library is copyrighted as a compilation and (as of version 5.6.2)
+# licensed under the Boost Software License 1.0, while the individual files
+# in the compilation are all public domain.
+#
 #############################################################################
 
 GREP=grep
@@ -31,7 +35,7 @@
 fi
 
 # Fixup for Solaris and BSDs
-if [[ ! -z $(command -v gmake) ]]; then
+if command -v gmake 2>/dev/null; then
 	MAKE=gmake
 else
 	MAKE=make
@@ -39,15 +43,15 @@
 
 #############################################################################
 
-if [[ -z $(command -v "$MAKE") ]]; then
+if ! command -v "${MAKE}" 2>/dev/null; then
 	echo "Cannot find $MAKE. Things may fail."
 fi
 
-if [[ -z $(command -v curl) ]]; then
+if ! command -v curl 2>/dev/null; then
 	echo "Cannot find cURL. Things may fail."
 fi
 
-if [[ -z $(command -v openssl) ]]; then
+if ! command -v openssl 2>/dev/null; then
 	echo "Cannot find openssl. Things may fail."
 fi
 
@@ -59,10 +63,12 @@
 
 for file in "${files[@]}"; do
 	echo "Downloading $file"
-	if ! curl -o "$file" --silent --insecure "https://raw.githubusercontent.com/noloader/cryptopp-pem/master/$file"; then
+	if ! curl -L -s -o "$file" "https://raw.githubusercontent.com/noloader/cryptopp-pem/master/$file"; then
 		echo "$file download failed"
 		exit 1
 	fi
+    # Throttle
+    sleep 1
 done
 
 # Add execute to scripts
diff -Nru libcrypto++-8.4.0/TestScripts/cryptest.sh libcrypto++-8.6.0/TestScripts/cryptest.sh
--- libcrypto++-8.4.0/TestScripts/cryptest.sh	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestScripts/cryptest.sh	2021-09-24 11:48:47.000000000 +0000
@@ -51,7 +51,7 @@
 fi
 
 if [[ -z "$test_prog" ]]; then
-    test_prog="TestPrograms/test_cxx.cxx"
+    test_prog="TestPrograms/test_cxx.cpp"
 fi
 
 # Remove previous test results
@@ -79,12 +79,12 @@
 ############################################
 # Setup tools and platforms
 
-GREP=grep
-SED=sed
-AWK=awk
-MAKE=make
+GREP="grep"
+SED="sed"
+AWK="awk"
+MAKE="make"
 
-DISASS=objdump
+DISASS="objdump"
 DISASSARGS=("--disassemble")
 
 # Fixup, Solaris and friends
@@ -137,6 +137,13 @@
 IS_X32=0
 
 # Fixup
+if [[ "$IS_AIX" -ne 0 ]]; then
+    THIS_MACHINE="$(prtconf | "$GREP" -i "Processor Type" | head -n 1 | cut -f 2 -d ':')"
+    IS_PPC32=$("$GREP" -i -c -E "(Power|PPC)" <<< "$THIS_MACHINE")
+    IS_PPC64=$("$GREP" -i -c -E "(Power64|PPC64)" <<< "$THIS_MACHINE")
+fi
+
+# Fixup
 if [[ "$IS_PPC64" -ne 0 ]]; then
     IS_PPC32=0
 fi
@@ -158,6 +165,12 @@
     DISASSARGS=("-tV")
 fi
 
+# Fixup
+if [[ "$IS_AIX" -ne 0 ]]; then
+    DISASS=dis
+    DISASSARGS=()
+fi
+
 # CPU features and flags
 if [[ ("$IS_X86" -ne 0 || "$IS_X64" -ne 0) ]]; then
     if [[ ("$IS_DARWIN" -ne 0) ]]; then
@@ -165,9 +178,9 @@
     elif [[ ("$IS_SOLARIS" -ne 0) ]]; then
         X86_CPU_FLAGS=$(isainfo -v 2>/dev/null)
     elif [[ ("$IS_FREEBSD" -ne 0) ]]; then
-        X86_CPU_FLAGS=$(grep Features /var/run/dmesg.boot)
+        X86_CPU_FLAGS=$("$GREP" Features /var/run/dmesg.boot)
     elif [[ ("$IS_DRAGONFLY" -ne 0) ]]; then
-        X86_CPU_FLAGS=$(dmesg | grep Features)
+        X86_CPU_FLAGS=$(dmesg | "$GREP" Features)
     elif [[ ("$IS_HURD" -ne 0) ]]; then
         : # Do nothing... cpuid is not helpful at the moment
     else
@@ -176,9 +189,49 @@
 elif [[ ("$IS_ARM32" -ne 0 || "$IS_ARM64" -ne 0) ]]; then
     if [[ ("$IS_DARWIN" -ne 0) ]]; then
         ARM_CPU_FLAGS="$(sysctl machdep.cpu.features 2>&1 | cut -f 2 -d ':')"
+        # Apple M1 hardware
+        if [[ $(sysctl hw.optional.arm64 2>&1 | "$GREP" -i 'hw.optional.arm64: 1') ]]; then
+            ARM_CPU_FLAGS="asimd crc32 aes pmull sha1 sha2"
+        fi
+        if [[ $(sysctl hw.optional.armv8_2_sha3 2>&1 | "$GREP" -i 'hw.optional.armv8_2_sha3: 1') ]]; then
+            ARM_CPU_FLAGS+=" sha3"
+        fi
+        if [[ $(sysctl hw.optional.armv8_2_sha512 2>&1 | "$GREP" -i 'hw.optional.armv8_2_sha512: 1') ]]; then
+            ARM_CPU_FLAGS+=" sha512"
+        fi
     else
         ARM_CPU_FLAGS="$($AWK '{IGNORECASE=1}{if ($1 == "Features"){print;exit}}' < /proc/cpuinfo | cut -f 2 -d ':')"
     fi
+elif [[ ("$IS_PPC32" -ne 0 || "$IS_PPC64" -ne 0) ]]; then
+    if [[ ("$IS_DARWIN" -ne 0) ]]; then
+        PPC_CPU_FLAGS="$(sysctl -a 2>&1 | "$GREP" machdep.cpu.features | cut -f 2 -d ':')"
+        # PowerMac
+        if [[ $(sysctl hw.optional.altivec 2>&1 | "$GREP" -i 'hw.optional.altivec: 1') ]]; then
+            PPC_CPU_FLAGS+=" altivec"
+        fi
+    elif [[ ("$IS_AIX" -ne 0) ]]; then
+        CPUINFO="$(prtconf | "$GREP" -i "Processor Type" | head -n 1 | cut -f 2 -d ':')"
+        if echo -n "$CPUINFO" | "$GREP" -q -i -c "power9"; then
+            PPC_CPU_FLAGS="power9 power8 power7 altivec"
+        elif echo -n "$CPUINFO" | "$GREP" -q -i -c "power8"; then
+            PPC_CPU_FLAGS="power8 power7 altivec"
+        elif echo -n "$CPUINFO" | "$GREP" -q -i -c "power7"; then
+            PPC_CPU_FLAGS="power7 altivec"
+        elif echo -n "$CPUINFO" | "$GREP" -q -i -c "altivec"; then
+            PPC_CPU_FLAGS="altivec"
+        fi
+    else
+        CPUINFO="$(cat /proc/cpuinfo | grep "cpu" | head -n 1 | cut -f 2 -d ':')"
+        if echo -n "$CPUINFO" | "$GREP" -q -i -c "power9"; then
+            PPC_CPU_FLAGS="power9 power8 power7 altivec"
+        elif echo -n "$CPUINFO" | "$GREP" -q -i -c "power8"; then
+            PPC_CPU_FLAGS="power8 power7 altivec"
+        elif echo -n "$CPUINFO" | "$GREP" -q -i -c "power7"; then
+            PPC_CPU_FLAGS="power7 altivec"
+        elif echo -n "$CPUINFO" | "$GREP" -q -i -c "altivec"; then
+            PPC_CPU_FLAGS="altivec"
+        fi
+    fi
 fi
 
 for ARG in "$@"
@@ -271,7 +324,7 @@
 fi
 
 # GCC compile farm is mounted RO
-if [[ (-z "$TMPDIR") ]]; then
+if [[ (-z "${TMPDIR}") ]]; then
     if [[ (-d "/tmp") ]] && [[ $(touch "/tmp/ok-to-delete" &>/dev/null) ]]; then
         TMPDIR=/tmp
         rm -f "/tmp/ok-to-delete"
@@ -286,109 +339,119 @@
 fi
 
 # Make temp if it does not exist
-mkdir -p "$TMPDIR" &>/dev/null
+mkdir -p "${TMPDIR}" &>/dev/null
 
-rm -f "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
 if [[ (-z "$HAVE_CXX17") ]]; then
     HAVE_CXX17=0
-    rm -f "$TMPDIR/test.exe" &>/dev/null
-    "$CXX" -std=c++17 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
+    "$CXX" -std=c++17 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
         HAVE_CXX17=1
     fi
 fi
 
-rm -f "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
 if [[ (-z "$HAVE_GNU17") ]]; then
     HAVE_GNU17=0
-    "$CXX" -std=gnu++17 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    "$CXX" -std=gnu++17 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
         HAVE_GNU17=1
     fi
 fi
 
-rm -f "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
 if [[ (-z "$HAVE_CXX20") ]]; then
     HAVE_CXX20=0
-    rm -f "$TMPDIR/test.exe" &>/dev/null
-    "$CXX" -std=c++20 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
+    "$CXX" -std=c++20 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
         HAVE_CXX20=1
     fi
 fi
 
-rm -f "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
 if [[ (-z "$HAVE_GNU20") ]]; then
     HAVE_GNU20=0
-    "$CXX" -std=gnu++20 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    "$CXX" -std=gnu++20 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
         HAVE_GNU20=1
     fi
 fi
 
-rm -f "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
 if [[ (-z "$HAVE_CXX14") ]]; then
     HAVE_CXX14=0
-    "$CXX" -std=c++14 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    "$CXX" -std=c++14 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
         HAVE_CXX14=1
     fi
 fi
 
-rm -f "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
 if [[ (-z "$HAVE_GNU14") ]]; then
     HAVE_GNU14=0
-    "$CXX" -std=gnu++14 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    "$CXX" -std=gnu++14 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
         HAVE_GNU14=1
     fi
 fi
 
-rm -f "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
 if [[ (-z "$HAVE_CXX11") ]]; then
     HAVE_CXX11=0
-    "$CXX" -std=c++11 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    "$CXX" -std=c++11 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
         HAVE_CXX11=1
     fi
 fi
 
-rm -f "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
 if [[ (-z "$HAVE_GNU11") ]]; then
     HAVE_GNU11=0
-    "$CXX" -std=gnu++11 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    "$CXX" -std=gnu++11 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
         HAVE_GNU11=1
     fi
 fi
 
-rm -f "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
 if [[ (-z "$HAVE_CXX03") ]]; then
     HAVE_CXX03=0
-    "$CXX" -std=c++03 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    "$CXX" -std=c++03 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
         HAVE_CXX03=1
     fi
 fi
 
-rm -f "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
 if [[ (-z "$HAVE_GNU03") ]]; then
     HAVE_GNU03=0
-    "$CXX" -std=gnu++03 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    "$CXX" -std=gnu++03 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
         HAVE_GNU03=1
     fi
 fi
 
+# Apple M1's do not do the -stdlib=libstdc++ thing
+rm -f "${TMPDIR}/test.exe" &>/dev/null
+if [[ (-z "$HAVE_LIBSTDCXX") ]]; then
+    HAVE_LIBSTDCXX=0
+    "$CXX" -stdlib=libstdc++ "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
+    if [[ "$?" -eq 0 ]]; then
+        HAVE_LIBSTDCXX=1
+    fi
+fi
+
 # Use a fallback strategy so OPT_O0 can be used with DEBUG_CXXFLAGS
 OPT_O0=
-rm -f "$TMPDIR/test.exe" &>/dev/null
-"$CXX" -O0 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
+"$CXX" -O0 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
 if [[ ("$?" -eq 0) ]]; then
     OPT_O0=-O0
 else
-    rm -f "$TMPDIR/test.exe" &>/dev/null
-    "$CXX" -xO0 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
+    "$CXX" -xO0 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ ("$?" -eq 0) ]]; then
         OPT_O0=-xO0
     fi
@@ -396,14 +459,14 @@
 
 # Use a fallback strategy so OPT_O1 can be used with VALGRIND_CXXFLAGS
 OPT_O1=
-rm -f "$TMPDIR/test.exe" &>/dev/null
-"$CXX" -O1 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
+"$CXX" -O1 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
 if [[ ("$?" -eq 0) ]]; then
     HAVE_O1=1
     OPT_O1=-O1
 else
-    rm -f "$TMPDIR/test.exe" &>/dev/null
-    "$CXX" -xO1 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
+    "$CXX" -xO1 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ ("$?" -eq 0) ]]; then
         HAVE_O1=1
         OPT_O1=-xO1
@@ -412,14 +475,14 @@
 
 # https://github.com/weidai11/cryptopp/issues/588
 OPT_O2=
-rm -f "$TMPDIR/test.exe" &>/dev/null
-"$CXX" -O2 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
+"$CXX" -O2 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
 if [[ ("$?" -eq 0) ]]; then
     HAVE_O2=1
     OPT_O2=-O2
 else
-    rm -f "$TMPDIR/test.exe" &>/dev/null
-    "$CXX" -xO2 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
+    "$CXX" -xO2 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ ("$?" -eq 0) ]]; then
         HAVE_O2=1
         OPT_O2=-xO2
@@ -428,14 +491,14 @@
 
 # Use a fallback strategy so OPT_O3 can be used with RELEASE_CXXFLAGS
 OPT_O3=
-rm -f "$TMPDIR/test.exe" &>/dev/null
-"$CXX" -O3 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
+"$CXX" -O3 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
 if [[ ("$?" -eq 0) ]]; then
     HAVE_O3=1
     OPT_O3=-O3
 else
-    rm -f "$TMPDIR/test.exe" &>/dev/null
-    "$CXX" -xO3 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
+    "$CXX" -xO3 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ ("$?" -eq 0) ]]; then
         HAVE_O3=1
         OPT_O3=-xO3
@@ -446,8 +509,8 @@
 if [[ (-z "$HAVE_OS") ]]; then
     HAVE_OS=0
     OPT_OS=
-    rm -f "$TMPDIR/test.exe" &>/dev/null
-    "$CXX" -Os "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
+    "$CXX" -Os "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ ("$?" -eq 0) ]]; then
         HAVE_OS=1
         OPT_OS=-Os
@@ -455,11 +518,23 @@
 fi
 
 # Hit or miss, mostly hit
+if [[ (-z "$HAVE_OZ") ]]; then
+    HAVE_OZ=0
+    OPT_OZ=
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
+    "$CXX" -Oz "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
+    if [[ ("$?" -eq 0) ]]; then
+        HAVE_OZ=1
+        OPT_OZ=-Oz
+    fi
+fi
+
+# Hit or miss, mostly hit
 if [[ (-z "$HAVE_OFAST") ]]; then
     HAVE_OFAST=0
     OPT_OFAST=
-    rm -f "$TMPDIR/test.exe" &>/dev/null
-    "$CXX" -Ofast "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
+    "$CXX" -Ofast "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ ("$?" -eq 0) ]]; then
         HAVE_OFAST=1
         OPT_OFAST=-Ofast
@@ -468,13 +543,13 @@
 
 # Use a fallback strategy so OPT_G2 can be used with RELEASE_CXXFLAGS
 OPT_G2=
-rm -f "$TMPDIR/test.exe" &>/dev/null
-"$CXX" -g2 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
+"$CXX" -g2 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
 if [[ ("$?" -eq 0) ]]; then
     OPT_G2=-g2
 else
-    rm -f "$TMPDIR/test.exe" &>/dev/null
-    "$CXX" -g "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
+    "$CXX" -g "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ ("$?" -eq 0) ]]; then
         OPT_G2=-g
     fi
@@ -482,13 +557,13 @@
 
 # Use a fallback strategy so OPT_G3 can be used with DEBUG_CXXFLAGS
 OPT_G3=
-rm -f "$TMPDIR/test.exe" &>/dev/null
-"$CXX" -g3 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
+"$CXX" -g3 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
 if [[ ("$?" -eq 0) ]]; then
     OPT_G3=-g3
 else
-    rm -f "$TMPDIR/test.exe" &>/dev/null
-    "$CXX" -g "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
+    "$CXX" -g "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ ("$?" -eq 0) ]]; then
         OPT_G3=-g
     fi
@@ -496,10 +571,10 @@
 
 # Cygwin and noisy compiles
 OPT_PIC=
-rm -f "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
 if [[ (-z "$HAVE_PIC") ]]; then
     HAVE_PIC=0
-    PIC_PROBLEMS=$("$CXX" -fPIC "$test_prog" -o "$TMPDIR/test.exe" 2>&1 | "$GREP" -i -c -E  '(warning|error)')
+    PIC_PROBLEMS=$("$CXX" -fPIC "$test_prog" -o "${TMPDIR}/test.exe" 2>&1 | "$GREP" -i -c -E  '(warning|error)')
     if [[ "$PIC_PROBLEMS" -eq 0 ]]; then
         HAVE_PIC=1
         OPT_PIC=-fPIC
@@ -510,12 +585,12 @@
 fi
 
 # GCC 4.8; Clang 3.4
-rm -f "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
 if [[ (-z "$HAVE_UBSAN") ]]; then
     HAVE_UBSAN=0
-    "$CXX" -fsanitize=undefined "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    "$CXX" -fsanitize=undefined "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ ("$?" -eq 0) ]]; then
-        "$TMPDIR/test.exe" &>/dev/null
+        "${TMPDIR}/test.exe" &>/dev/null
         if [[ ("$?" -eq 0) ]]; then
             HAVE_UBSAN=1
         fi
@@ -523,12 +598,12 @@
 fi
 
 # GCC 4.8; Clang 3.4
-rm -f "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
 if [[ (-z "$HAVE_ASAN") ]]; then
     HAVE_ASAN=0
-    "$CXX" -fsanitize=address "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    "$CXX" -fsanitize=address "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ ("$?" -eq 0) ]]; then
-        "$TMPDIR/test.exe" &>/dev/null
+        "${TMPDIR}/test.exe" &>/dev/null
         if [[ ("$?" -eq 0) ]]; then
             HAVE_ASAN=1
         fi
@@ -536,12 +611,12 @@
 fi
 
 # GCC 6.0; maybe Clang
-rm -f "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
 if [[ (-z "$HAVE_BSAN") ]]; then
     HAVE_BSAN=0
-    "$CXX" -fsanitize=bounds-strict "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    "$CXX" -fsanitize=bounds-strict "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ ("$?" -eq 0) ]]; then
-        "$TMPDIR/test.exe" &>/dev/null
+        "${TMPDIR}/test.exe" &>/dev/null
         if [[ ("$?" -eq 0) ]]; then
             HAVE_BSAN=1
         fi
@@ -551,12 +626,12 @@
 # Analyzer available in GCC 10.0, but C++ is not planned until GCC 11.
 # https://developers.redhat.com/blog/2020/03/26/static-analysis-in-gcc-10/
 # and https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95031#c2.
-rm -f "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
 if [[ (-z "$HAVE_ANALYZER") ]]; then
     HAVE_ANALYZER=0
-    "$CXX" -fanalyzer "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    "$CXX" -fanalyzer "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ ("$?" -eq 0) ]]; then
-        "$TMPDIR/test.exe" &>/dev/null
+        "${TMPDIR}/test.exe" &>/dev/null
         if [[ ("$?" -eq 0) ]]; then
             HAVE_ANALYZER=1
         fi
@@ -564,12 +639,12 @@
 fi
 
 # GCC 8.0; maybe Clang?
-rm -f "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
 if [[ (-z "$HAVE_CET") ]]; then
     HAVE_CET=0
-    "$CXX" -fcf-protection=full -mcet "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    "$CXX" -fcf-protection=full -mcet "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ ("$?" -eq 0) ]]; then
-        "$TMPDIR/test.exe" &>/dev/null
+        "${TMPDIR}/test.exe" &>/dev/null
         if [[ ("$?" -eq 0) ]]; then
             HAVE_CET=1
         fi
@@ -577,41 +652,41 @@
 fi
 
 # Meltdown and Specter. This is the Reptoline fix
-rm -f "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
 if [[ (-z "$HAVE_REPTOLINE") ]]; then
     HAVE_REPTOLINE=0
-    "$CXX" -mfunction-return=thunk -mindirect-branch=thunk "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    "$CXX" -mfunction-return=thunk -mindirect-branch=thunk "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ ("$?" -eq 0) ]]; then
-        "$TMPDIR/test.exe" &>/dev/null
+        "${TMPDIR}/test.exe" &>/dev/null
         if [[ ("$?" -eq 0) ]]; then
             HAVE_REPTOLINE=1
         fi
     fi
 fi
 
-rm -f "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
 if [[ (-z "$HAVE_OMP") ]]; then
     HAVE_OMP=0
     if [[ "$GCC_COMPILER" -ne 0 ]]; then
-        "$CXX" -fopenmp -O3 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+        "$CXX" -fopenmp -O3 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
         if [[ "$?" -eq 0 ]]; then
             HAVE_OMP=1
             OMP_FLAGS=("-fopenmp" "-O3")
         fi
     elif [[ "$INTEL_COMPILER" -ne 0 ]]; then
-        "$CXX" -openmp -O3 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+        "$CXX" -openmp -O3 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
         if [[ "$?" -eq 0 ]]; then
             HAVE_OMP=1
             OMP_FLAGS=("-openmp" "-O3")
         fi
     elif [[ "$CLANG_COMPILER" -ne 0 ]]; then
-        "$CXX" -fopenmp=libomp -O3 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+        "$CXX" -fopenmp=libomp -O3 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
         if [[ "$?" -eq 0 ]]; then
             HAVE_OMP=1
             OMP_FLAGS=("-fopenmp=libomp" "-O3")
         fi
     elif [[ "$SUN_COMPILER" -ne 0 ]]; then
-        "$CXX" -xopenmp=parallel -xO3 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+        "$CXX" -xopenmp=parallel -xO3 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
         if [[ "$?" -eq 0 ]]; then
             HAVE_OMP=1
             OMP_FLAGS=("-xopenmp=parallel" "-xO3")
@@ -619,33 +694,33 @@
     fi
 fi
 
-rm -f "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
 if [[ (-z "$HAVE_INTEL_MULTIARCH") ]]; then
     HAVE_INTEL_MULTIARCH=0
     if [[ ("$IS_DARWIN" -ne 0) && ("$IS_X86" -ne 0 || "$IS_X64" -ne 0) ]]; then
-        "$CXX" -arch i386 -arch x86_64 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+        "$CXX" -arch i386 -arch x86_64 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
         if [[ "$?" -eq 0 ]]; then
             HAVE_INTEL_MULTIARCH=1
         fi
     fi
 fi
 
-rm -f "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
 if [[ (-z "$HAVE_PPC_MULTIARCH") ]]; then
     HAVE_PPC_MULTIARCH=0
     if [[ ("$IS_DARWIN" -ne 0) && ("$IS_PPC32" -ne 0 || "$IS_PPC64" -ne 0) ]]; then
-        "$CXX" -arch ppc -arch ppc64 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+        "$CXX" -arch ppc -arch ppc64 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
         if [[ "$?" -eq 0 ]]; then
             HAVE_PPC_MULTIARCH=1
         fi
     fi
 fi
 
-rm -f "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
 if [[ (-z "$HAVE_X32") ]]; then
     HAVE_X32=0
     if [[ "$IS_X32" -ne 0 ]]; then
-        "$CXX" -mx32 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+        "$CXX" -mx32 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
         if [[ "$?" -eq 0 ]]; then
             HAVE_X32=1
         fi
@@ -655,8 +730,8 @@
 # Hit or miss, mostly hit
 if [[ (-z "$HAVE_NATIVE_ARCH") ]]; then
     HAVE_NATIVE_ARCH=0
-    rm -f "$TMPDIR/test.exe" &>/dev/null
-    "$CXX" -march=native "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
+    "$CXX" -march=native "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ ("$?" -eq 0) ]]; then
         HAVE_NATIVE_ARCH=1
     fi
@@ -670,7 +745,7 @@
     if [[ (-n "$LD_GOLD") && (-n "$ELF_FILE") ]]; then
         LD_GOLD=$(file "$LD_GOLD" | cut -d":" -f 2 | "$GREP" -i -c "elf")
         if [[ ("$LD_GOLD" -ne 0) ]]; then
-            "$CXX" -fuse-ld=gold "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+            "$CXX" -fuse-ld=gold "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
             if [[ "$?" -eq 0 ]]; then
                 HAVE_LDGOLD=1
             fi
@@ -682,48 +757,77 @@
 if [[ ("$IS_ARM32" -ne 0 || "$IS_ARM64" -ne 0) ]]; then
 
     if [[ (-z "$HAVE_ARMV7A" && "$IS_ARM32" -ne 0) ]]; then
-        HAVE_ARMV7A=$(echo -n "$ARM_CPU_FLAGS" | "$GREP" -i -c 'neon')
+        HAVE_ARMV7A=$("$GREP" -i -c 'neon' <<< "$ARM_CPU_FLAGS")
         if [[ ("$HAVE_ARMV7A" -gt 0) ]]; then HAVE_ARMV7A=1; fi
     fi
 
-    if [[ (-z "$HAVE_ARMV8A" && ("$IS_ARM32" -ne 0 || "$IS_ARM64" -ne 0)) ]]; then
-        HAVE_ARMV8A=$(echo -n "$ARM_CPU_FLAGS" | "$GREP" -i -c -E '(asimd|crc|crypto)')
-        if [[ ("$HAVE_ARMV8A" -gt 0) ]]; then HAVE_ARMV8A=1; fi
+    if [[ (-z "$HAVE_ARMV8" && ("$IS_ARM32" -ne 0 || "$IS_ARM64" -ne 0)) ]]; then
+        HAVE_ARMV8=$("$GREP" -i -c -E '(asimd|crc|crypto)' <<< "$ARM_CPU_FLAGS")
+        if [[ ("$HAVE_ARMV8" -gt 0) ]]; then HAVE_ARMV8=1; fi
     fi
 
     if [[ (-z "$HAVE_ARM_VFPV3") ]]; then
-        HAVE_ARM_VFPV3=$(echo -n "$ARM_CPU_FLAGS" | "$GREP" -i -c 'vfpv3')
+        HAVE_ARM_VFPV3=$("$GREP" -i -c 'vfpv3' <<< "$ARM_CPU_FLAGS")
         if [[ ("$HAVE_ARM_VFPV3" -gt 0) ]]; then HAVE_ARM_VFPV3=1; fi
     fi
 
     if [[ (-z "$HAVE_ARM_VFPV4") ]]; then
-        HAVE_ARM_VFPV4=$(echo -n "$ARM_CPU_FLAGS" | "$GREP" -i -c 'vfpv4')
+        HAVE_ARM_VFPV4=$("$GREP" -i -c 'vfpv4' <<< "$ARM_CPU_FLAGS")
         if [[ ("$HAVE_ARM_VFPV4" -gt 0) ]]; then HAVE_ARM_VFPV4=1; fi
     fi
 
     if [[ (-z "$HAVE_ARM_VFPV5") ]]; then
-        HAVE_ARM_VFPV5=$(echo -n "$ARM_CPU_FLAGS" | "$GREP" -i -c 'fpv5')
+        HAVE_ARM_VFPV5=$("$GREP" -i -c 'fpv5' <<< "$ARM_CPU_FLAGS")
         if [[ ("$HAVE_ARM_VFPV5" -gt 0) ]]; then HAVE_ARM_VFPV5=1; fi
     fi
 
     if [[ (-z "$HAVE_ARM_VFPD32") ]]; then
-        HAVE_ARM_VFPD32=$(echo -n "$ARM_CPU_FLAGS" | "$GREP" -i -c 'vfpd32')
+        HAVE_ARM_VFPD32=$("$GREP" -i -c 'vfpd32' <<< "$ARM_CPU_FLAGS")
         if [[ ("$HAVE_ARM_VFPD32" -gt 0) ]]; then HAVE_ARM_VFPD32=1; fi
     fi
 
     if [[ (-z "$HAVE_ARM_NEON") ]]; then
-        HAVE_ARM_NEON=$(echo -n "$ARM_CPU_FLAGS" | "$GREP" -i -c 'neon')
+        HAVE_ARM_NEON=$("$GREP" -i -c 'neon' <<< "$ARM_CPU_FLAGS")
         if [[ ("$HAVE_ARM_NEON" -gt 0) ]]; then HAVE_ARM_NEON=1; fi
     fi
 
+    if [[ (-z "$HAVE_ARM_CRC") ]]; then
+        HAVE_ARM_CRC=$("$GREP" -i -c 'crc32' <<< "$ARM_CPU_FLAGS")
+        if [[ ("$HAVE_ARM_CRC" -gt 0) ]]; then HAVE_ARM_CRC=1; fi
+    fi
+
     if [[ (-z "$HAVE_ARM_CRYPTO") ]]; then
-        HAVE_ARM_CRYPTO=$(echo -n "$ARM_CPU_FLAGS" | "$GREP" -i -c -E '(aes|pmull|sha1|sha2)')
+        HAVE_ARM_CRYPTO=$("$GREP" -i -c -E '(aes|pmull|sha1|sha2)' <<< "$ARM_CPU_FLAGS")
         if [[ ("$HAVE_ARM_CRYPTO" -gt 0) ]]; then HAVE_ARM_CRYPTO=1; fi
     fi
 
-    if [[ (-z "$HAVE_ARM_CRC") ]]; then
-        HAVE_ARM_CRC=$(echo -n "$ARM_CPU_FLAGS" | "$GREP" -i -c 'crc32')
-        if [[ ("$HAVE_ARM_CRC" -gt 0) ]]; then HAVE_ARM_CRC=1; fi
+    if [[ (-z "$HAVE_ARM_SHA3") ]]; then
+        HAVE_ARM_SHA3=$("$GREP" -i -c 'sha3' <<< "$ARM_CPU_FLAGS")
+        if [[ ("$HAVE_ARM_SHA3" -gt 0) ]]; then HAVE_ARM_SHA3=1; fi
+    fi
+
+    if [[ (-z "$HAVE_ARM_SHA512") ]]; then
+        HAVE_ARM_SHA512=$("$GREP" -i -c 'sha512' <<< "$ARM_CPU_FLAGS")
+        if [[ ("$HAVE_ARM_SHA512" -gt 0) ]]; then HAVE_ARM_SHA512=1; fi
+    fi
+fi
+
+if [[ ("$IS_PPC32" -ne 0 || "$IS_PPC64" -ne 0) ]]; then
+    if [[ (-z "$HAVE_PPC_ALTIVEC") ]]; then
+        HAVE_PPC_ALTIVEC=$("$GREP" -i -c 'altivec' <<< "$PPC_CPU_FLAGS")
+        if [[ ("$HAVE_PPC_ALTIVEC" -gt 0) ]]; then HAVE_PPC_ALTIVEC=1; fi
+    fi
+    if [[ (-z "$HAVE_PPC_POWER7") ]]; then
+        HAVE_PPC_POWER7=$("$GREP" -i -c -E 'pwr7|power7' <<< "$PPC_CPU_FLAGS")
+        if [[ ("$HAVE_PPC_POWER7" -gt 0) ]]; then HAVE_PPC_POWER7=1; fi
+    fi
+    if [[ (-z "$HAVE_PPC_POWER8") ]]; then
+        HAVE_PPC_POWER8=$("$GREP" -i -c -E 'pwr8|power8' <<< "$PPC_CPU_FLAGS")
+        if [[ ("$HAVE_PPC_POWER8" -gt 0) ]]; then HAVE_PPC_POWER8=1; fi
+    fi
+    if [[ (-z "$HAVE_PPC_POWER9") ]]; then
+        HAVE_PPC_POWER9=$("$GREP" -i -c -E 'pwr9|power9' <<< "$PPC_CPU_FLAGS")
+        if [[ ("$HAVE_PPC_POWER9" -gt 0) ]]; then HAVE_PPC_POWER9=1; fi
     fi
 fi
 
@@ -758,10 +862,10 @@
 
 # Used to disassemble object modules so we can verify some aspects of code generation
 if [[ (-z "$HAVE_DISASS") ]]; then
-    echo "int main(int argc, char* argv[]) {return 0;}" > "$TMPDIR/test.cc"
-    "$CXX" "$TMPDIR/test.cc" -o "$TMPDIR/testest.exe" &>/dev/null
+    echo "int main(int argc, char* argv[]) {return 0;}" > "${TMPDIR}/test.cc"
+    "$CXX" "${TMPDIR}/test.cc" -o "${TMPDIR}/testest.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
-        "$DISASS" "${DISASSARGS[@]}" "$TMPDIR/testest.exe" &>/dev/null
+        "$DISASS" "${DISASSARGS[@]}" "${TMPDIR}/testest.exe" &>/dev/null
         if [[ "$?" -eq 0 ]]; then
             HAVE_DISASS=1
         else
@@ -788,32 +892,10 @@
     WANT_BENCHMARKS=1
 fi
 
-# IBM XL C/C++ compiler fixups. Not sure why it fails to return non-0 on failure...
-if [[ "$XLC_COMPILER" -ne 0 ]]; then
-    HAVE_CXX03=0
-    HAVE_GNU03=0
-    HAVE_CXX11=0
-    HAVE_GNU11=0
-    HAVE_CXX14=0
-    HAVE_GNU14=0
-    HAVE_CXX17=0
-    HAVE_GNU17=0
-    HAVE_CXX20=0
-    HAVE_GNU20=0
-    HAVE_OMP=0
-    HAVE_CET=0
-    HAVE_REPTOLINE=0
-    HAVE_ASAN=0
-    HAVE_BSAN=0
-    HAVE_UBSAN=0
-    HAVE_ANALYZER=0
-    HAVE_LDGOLD=0
-fi
-
 ############################################
 # System information
 
-echo | tee -a "$TEST_RESULTS"
+echo "" | tee -a "$TEST_RESULTS"
 if [[ "$IS_LINUX" -ne 0 ]]; then
     echo "IS_LINUX: $IS_LINUX" | tee -a "$TEST_RESULTS"
 elif [[ "$IS_CYGWIN" -ne 0 ]]; then
@@ -840,8 +922,8 @@
 fi
 if [[ "$HAVE_ARMV7A" -ne 0 ]]; then
     echo "HAVE_ARMV7A: $HAVE_ARMV7A" | tee -a "$TEST_RESULTS"
-elif [[ "$HAVE_ARMV8A" -ne 0 ]]; then
-    echo "HAVE_ARMV8A: $HAVE_ARMV8A" | tee -a "$TEST_RESULTS"
+elif [[ "$HAVE_ARMV8" -ne 0 ]]; then
+    echo "HAVE_ARMV8: $HAVE_ARMV8" | tee -a "$TEST_RESULTS"
 fi
 if [[ "$HAVE_ARM_NEON" -ne 0 ]]; then
     echo "HAVE_ARM_NEON: $HAVE_ARM_NEON" | tee -a "$TEST_RESULTS"
@@ -861,6 +943,24 @@
 if [[ "$HAVE_ARM_CRYPTO" -ne 0 ]]; then
     echo "HAVE_ARM_CRYPTO: $HAVE_ARM_CRYPTO" | tee -a "$TEST_RESULTS"
 fi
+if [[ "$HAVE_ARM_SHA3" -ne 0 ]]; then
+    echo "HAVE_ARM_SHA3: $HAVE_ARM_SHA3" | tee -a "$TEST_RESULTS"
+fi
+if [[ "$HAVE_ARM_SHA512" -ne 0 ]]; then
+    echo "HAVE_ARM_SHA512: $HAVE_ARM_SHA512" | tee -a "$TEST_RESULTS"
+fi
+if [[ "$HAVE_PPC_ALTIVEC" -ne 0 ]]; then
+    echo "HAVE_PPC_ALTIVEC: $HAVE_PPC_ALTIVEC" | tee -a "$TEST_RESULTS"
+fi
+if [[ "$HAVE_PPC_POWER7" -ne 0 ]]; then
+    echo "HAVE_PPC_POWER7: $HAVE_PPC_POWER7" | tee -a "$TEST_RESULTS"
+fi
+if [[ "$HAVE_PPC_POWER8" -ne 0 ]]; then
+    echo "HAVE_PPC_POWER8: $HAVE_PPC_POWER8" | tee -a "$TEST_RESULTS"
+fi
+if [[ "$HAVE_PPC_POWER9" -ne 0 ]]; then
+    echo "HAVE_PPC_POWER9: $HAVE_PPC_POWER9" | tee -a "$TEST_RESULTS"
+fi
 
 if [[ "$IS_X32" -ne 0 ]]; then
     echo "IS_X32: $IS_X32" | tee -a "$TEST_RESULTS"
@@ -875,34 +975,38 @@
 fi
 
 # C++03, C++11, C++14 and C++17
-echo | tee -a "$TEST_RESULTS"
+echo "" | tee -a "$TEST_RESULTS"
 echo "HAVE_CXX03: $HAVE_CXX03" | tee -a "$TEST_RESULTS"
 echo "HAVE_GNU03: $HAVE_GNU03" | tee -a "$TEST_RESULTS"
 echo "HAVE_CXX11: $HAVE_CXX11" | tee -a "$TEST_RESULTS"
 echo "HAVE_GNU11: $HAVE_GNU11" | tee -a "$TEST_RESULTS"
-if [[ ("$HAVE_CXX14" -ne 0 || "$HAVE_CXX17" -ne 0 || "$HAVE_CXX20" -ne 0 || "$HAVE_GNU14" -ne 0 || "$HAVE_GNU17" -ne 0 || "$HAVE_GNU20" -ne 0) ]]; then
-    echo "HAVE_CXX14: $HAVE_CXX14" | tee -a "$TEST_RESULTS"
-    echo "HAVE_GNU14: $HAVE_GNU14" | tee -a "$TEST_RESULTS"
-    echo "HAVE_CXX17: $HAVE_CXX17" | tee -a "$TEST_RESULTS"
-    echo "HAVE_GNU17: $HAVE_GNU17" | tee -a "$TEST_RESULTS"
-    echo "HAVE_CXX20: $HAVE_CXX20" | tee -a "$TEST_RESULTS"
-    echo "HAVE_GNU20: $HAVE_GNU20" | tee -a "$TEST_RESULTS"
-fi
+echo "HAVE_CXX14: $HAVE_CXX14" | tee -a "$TEST_RESULTS"
+echo "HAVE_GNU14: $HAVE_GNU14" | tee -a "$TEST_RESULTS"
+echo "HAVE_CXX17: $HAVE_CXX17" | tee -a "$TEST_RESULTS"
+echo "HAVE_GNU17: $HAVE_GNU17" | tee -a "$TEST_RESULTS"
+echo "HAVE_CXX20: $HAVE_CXX20" | tee -a "$TEST_RESULTS"
+echo "HAVE_GNU20: $HAVE_GNU20" | tee -a "$TEST_RESULTS"
+
 if [[ "$HAVE_LDGOLD" -ne 0 ]]; then
     echo "HAVE_LDGOLD: $HAVE_LDGOLD" | tee -a "$TEST_RESULTS"
 fi
 
 # -O2, -O3, -Os and -Ofast
-echo | tee -a "$TEST_RESULTS"
+echo "" | tee -a "$TEST_RESULTS"
 echo "OPT_O2: $OPT_O2" | tee -a "$TEST_RESULTS"
 echo "OPT_O3: $OPT_O3" | tee -a "$TEST_RESULTS"
-if [[ (-n "$OPT_OS") || (-n "$OPT_OFAST") ]]; then
+if [[ ("$HAVE_OS" -eq 1) ]]; then
     echo "OPT_OS: $OPT_OS" | tee -a "$TEST_RESULTS"
+fi
+if [[ ("$HAVE_OZ" -eq 1) ]]; then
+    echo "OPT_OZ: $OPT_OZ" | tee -a "$TEST_RESULTS"
+fi
+if [[ ("$HAVE_OFAST" -eq 1) ]]; then
     echo "OPT_OFAST: $OPT_OFAST" | tee -a "$TEST_RESULTS"
 fi
 
 # Tools available for testing
-echo | tee -a "$TEST_RESULTS"
+echo "" | tee -a "$TEST_RESULTS"
 if [[ ((-n "$HAVE_OMP") && ("$HAVE_OMP" -ne 0)) ]]; then echo "HAVE_OMP: $HAVE_OMP" | tee -a "$TEST_RESULTS"; fi
 echo "HAVE_ASAN: $HAVE_ASAN" | tee -a "$TEST_RESULTS"
 if [[ ("$HAVE_ASAN" -ne 0) && (-n "$ASAN_SYMBOLIZE") ]]; then echo "ASAN_SYMBOLIZE: $ASAN_SYMBOLIZE" | tee -a "$TEST_RESULTS"; fi
@@ -978,6 +1082,10 @@
         CPU_FREQ="$(sysctl -a 2>&1 | $GREP "hw.cpufrequency" | $AWK '{print int($2); exit;}')"
         CPU_FREQ="$(echo "$CPU_FREQ" | $AWK '{print int($0/1024/1024/1024)}')"
     fi
+    if [[ (-z "$CPU_FREQ") || ("$CPU_FREQ" -eq 0) ]]; then
+        CPU_FREQ="$(sysctl -a 2>&1 | $GREP "hw.tbfrequency" | $AWK '{print int($2); exit;}')"
+        CPU_FREQ="$(echo "$CPU_FREQ" | $AWK '{print int($0/10/1024/1024)}')"
+    fi
 fi
 
 # Some ARM devboards cannot use 'make -j N', even with multiple cores and RAM
@@ -997,7 +1105,7 @@
     fi
 fi
 
-echo | tee -a "$TEST_RESULTS"
+echo "" | tee -a "$TEST_RESULTS"
 echo "CPU: $CPU_COUNT logical" | tee -a "$TEST_RESULTS"
 echo "FREQ: $CPU_FREQ GHz" | tee -a "$TEST_RESULTS"
 echo "MEM: $MEM_SIZE MB" | tee -a "$TEST_RESULTS"
@@ -1018,7 +1126,7 @@
     GIT_HASH=$(git rev-parse HEAD 2>/dev/null | cut -c 1-16)
 fi
 
-echo | tee -a "$TEST_RESULTS"
+echo "" | tee -a "$TEST_RESULTS"
 if [[ -n "$GIT_BRANCH" ]]; then
     echo "Git branch: $GIT_BRANCH (commit $GIT_HASH)" | tee -a "$TEST_RESULTS"
 fi
@@ -1055,7 +1163,7 @@
     WARNING_CXXFLAGS+=("-Wno-deprecated")
 fi
 
-echo | tee -a "$TEST_RESULTS"
+echo "" | tee -a "$TEST_RESULTS"
 echo "DEBUG_CXXFLAGS: $DEBUG_CXXFLAGS" | tee -a "$TEST_RESULTS"
 echo "RELEASE_CXXFLAGS: $RELEASE_CXXFLAGS" | tee -a "$TEST_RESULTS"
 echo "VALGRIND_CXXFLAGS: $VALGRIND_CXXFLAGS" | tee -a "$TEST_RESULTS"
@@ -1070,7 +1178,7 @@
 #############################################
 
 TEST_BEGIN=$(date)
-echo | tee -a "$TEST_RESULTS"
+echo "" | tee -a "$TEST_RESULTS"
 echo "Start time: $TEST_BEGIN" | tee -a "$TEST_RESULTS"
 
 ############################################
@@ -1194,7 +1302,7 @@
     ############################################
     # Test CRC-32C code generation
 
-    "$CXX" -msse4.2 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    "$CXX" -msse4.2 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
         X86_CRC32=1
     fi
@@ -1234,7 +1342,7 @@
     ############################################
     # Test AES-NI code generation
 
-    "$CXX" -maes "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    "$CXX" -maes "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
         X86_AESNI=1
     fi
@@ -1298,7 +1406,7 @@
     ############################################
     # X86 carryless multiply code generation
 
-    "$CXX" -mpclmul "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    "$CXX" -mpclmul "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
         X86_PCLMUL=1
     fi
@@ -1338,11 +1446,11 @@
     ############################################
     # Test RDRAND and RDSEED code generation
 
-    "$CXX" -mrdrnd "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    "$CXX" -mrdrnd "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
         X86_RDRAND=1
     fi
-    "$CXX" -mrdseed "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    "$CXX" -mrdseed "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
         X86_RDSEED=1
     fi
@@ -1386,7 +1494,7 @@
     ############################################
     # X86 SHA code generation
 
-    "$CXX" -msha "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    "$CXX" -msha "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
         X86_SHA=1
     fi
@@ -1477,41 +1585,41 @@
         FAILED=0
         DISASS_TEXT=$("$DISASS" "${DISASSARGS[@]}" "$OBJFILE" 2>/dev/null)
 
-        if [[ ("$HAVE_ARMV8A" -ne 0) ]]; then
+        if [[ ("$HAVE_ARMV8" -ne 0) ]]; then
             # ARIA::UncheckedKeySet: 4 ldr q{N}
-            COUNT=$(echo -n "$DISASS_TEXT" | "$GREP" -i -c -E 'ldr[[:space:]]*q')
+            COUNT=$(echo -n "$DISASS_TEXT" | "$GREP" -i -c -E 'ldr[[:space:]]*q|ldp[[:space:]]*q')
             if [[ ("$COUNT" -lt 4) ]]; then
                 FAILED=1
                 echo "ERROR: failed to generate NEON load instructions" | tee -a "$TEST_RESULTS"
             fi
         else  # ARMv7
             # ARIA::UncheckedKeySet: 4 vld1.32 {d1,d2}
-            COUNT=$(echo -n "$DISASS_TEXT" | "$GREP" -i -c -E 'vld1.32[[:space:]]*{')
+            COUNT=$(echo -n "$DISASS_TEXT" | "$GREP" -i -c -E 'vld1.32[[:space:]]*')
             if [[ ("$COUNT" -lt 4) ]]; then
                 FAILED=1
                 echo "ERROR: failed to generate NEON load instructions" | tee -a "$TEST_RESULTS"
             fi
         fi
 
-        if [[ ("$HAVE_ARMV8A" -ne 0) ]]; then
+        if [[ ("$HAVE_ARMV8" -ne 0) ]]; then
             # ARIA::UncheckedKeySet: 17 str q{N}
-            COUNT=$(echo -n "$DISASS_TEXT" | "$GREP" -i -c -E 'str[[:space:]]*q')
-            if [[ ("$COUNT" -lt 16) ]]; then
+            COUNT=$(echo -n "$DISASS_TEXT" | "$GREP" -i -c -E 'str[[:space:]]*q|stp[[:space:]]*q')
+            if [[ ("$COUNT" -lt 8) ]]; then
                 FAILED=1
                 echo "ERROR: failed to generate NEON store instructions" | tee -a "$TEST_RESULTS"
             fi
         else
             # ARIA::UncheckedKeySet: 17 vstr1.32 {d1,d2}
-            COUNT=$(echo -n "$DISASS_TEXT" | "$GREP" -i -c -E 'vst1.32[[:space:]]*{')
+            COUNT=$(echo -n "$DISASS_TEXT" | "$GREP" -i -c -E 'vst1.32[[:space:]]*')
             if [[ ("$COUNT" -lt 16) ]]; then
                 FAILED=1
                 echo "ERROR: failed to generate NEON store instructions" | tee -a "$TEST_RESULTS"
             fi
         fi
 
-        if [[ ("$HAVE_ARMV8A" -ne 0) ]]; then
+        if [[ ("$HAVE_ARMV8" -ne 0) ]]; then
             # ARIA::UncheckedKeySet: 17 shl v{N}
-            COUNT=$(echo -n "$DISASS_TEXT" | "$GREP" -i -c -E 'shl[[:space:]]*v')
+            COUNT=$(echo -n "$DISASS_TEXT" | "$GREP" -i -c -E 'shl[[:space:]]*v|shl.4s')
             if [[ ("$COUNT" -lt 16) ]]; then
                 FAILED=1
                 echo "ERROR: failed to generate NEON shift left instructions" | tee -a "$TEST_RESULTS"
@@ -1521,29 +1629,29 @@
             COUNT=$(echo -n "$DISASS_TEXT" | "$GREP" -i -c -E 'vshl')
             if [[ ("$COUNT" -lt 16) ]]; then
                 FAILED=1
-                echo "ERROR: failed to generate NEON store instructions" | tee -a "$TEST_RESULTS"
+                echo "ERROR: failed to generate NEON shift left instructions" | tee -a "$TEST_RESULTS"
             fi
         fi
 
-        if [[ ("$HAVE_ARMV8A" -ne 0) ]]; then
+        if [[ ("$HAVE_ARMV8" -ne 0) ]]; then
             # ARIA::UncheckedKeySet: 17 shr v{N}
-            COUNT=$(echo -n "$DISASS_TEXT" | "$GREP" -i -c -E 'shr[[:space:]]*v')
+            COUNT=$(echo -n "$DISASS_TEXT" | "$GREP" -i -c -E 'shr[[:space:]]*v|shr.4s')
             if [[ ("$COUNT" -lt 16) ]]; then
                 FAILED=1
-                echo "ERROR: failed to generate NEON shift left instructions" | tee -a "$TEST_RESULTS"
+                echo "ERROR: failed to generate NEON shift right instructions" | tee -a "$TEST_RESULTS"
             fi
         else
             # ARIA::UncheckedKeySet: 17 vshr
             COUNT=$(echo -n "$DISASS_TEXT" | "$GREP" -i -c -E 'vshr')
             if [[ ("$COUNT" -lt 16) ]]; then
                 FAILED=1
-                echo "ERROR: failed to generate NEON store instructions" | tee -a "$TEST_RESULTS"
+                echo "ERROR: failed to generate NEON shift right instructions" | tee -a "$TEST_RESULTS"
             fi
         fi
 
-        if [[ ("$HAVE_ARMV8A" -ne 0) ]]; then
+        if [[ ("$HAVE_ARMV8" -ne 0) ]]; then
             # ARIA::UncheckedKeySet: 12 ext v{N}
-            COUNT=$(echo -n "$DISASS_TEXT" | "$GREP" -i -c -E 'ext[[:space:]]*v')
+            COUNT=$(echo -n "$DISASS_TEXT" | "$GREP" -i -c -E 'ext[[:space:]]*v|ext.*v')
             if [[ ("$COUNT" -lt 12) ]]; then
                 FAILED=1
                 echo "ERROR: failed to generate NEON extract instructions" | tee -a "$TEST_RESULTS"
@@ -1565,12 +1673,12 @@
     ############################################
     # ARM CRC32 code generation
 
-    "$CXX" -march=armv8-a+crc "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    "$CXX" -march=armv8-a+crc "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
         ARM_CRC32=1
     fi
 
-    if [[ ("$HAVE_ARMV8A" -ne 0 && "$ARM_CRC32" -ne 0) ]]; then
+    if [[ ("$HAVE_ARMV8" -ne 0 && "$ARM_CRC32" -ne 0) ]]; then
         echo
         echo "************************************" | tee -a "$TEST_RESULTS"
         echo "Testing: ARM CRC32 code generation" | tee -a "$TEST_RESULTS"
@@ -1617,12 +1725,12 @@
     ############################################
     # ARM carryless multiply code generation
 
-    "$CXX" -march=armv8-a+crypto "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    "$CXX" -march=armv8-a+crypto "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
         ARM_PMULL=1
     fi
 
-    if [[ ("$HAVE_ARMV8A" -ne 0 && "$ARM_PMULL" -ne 0) ]]; then
+    if [[ ("$HAVE_ARMV8" -ne 0 && "$ARM_PMULL" -ne 0) ]]; then
         echo
         echo "************************************" | tee -a "$TEST_RESULTS"
         echo "Testing: ARM carryless multiply code generation" | tee -a "$TEST_RESULTS"
@@ -1657,18 +1765,18 @@
     ############################################
     # ARM AES code generation
 
-    "$CXX" -march=armv8-a+crypto "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    "$CXX" -march=armv8-a+crypto "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
         ARM_AES=1
     fi
 
-    if [[ ("$HAVE_ARMV8A" -ne 0 && "$ARM_AES" -ne 0) ]]; then
+    if [[ ("$HAVE_ARMV8" -ne 0 && "$ARM_AES" -ne 0) ]]; then
         echo
         echo "************************************" | tee -a "$TEST_RESULTS"
-        echo "Testing: ARM AES generation" | tee -a "$TEST_RESULTS"
+        echo "Testing: ARM AES code generation" | tee -a "$TEST_RESULTS"
         echo
 
-        TEST_LIST+=("ARM AES generation")
+        TEST_LIST+=("ARM AES code generation")
 
         OBJFILE=rijndael_simd.o; rm -f "$OBJFILE" 2>/dev/null
         CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
@@ -1709,18 +1817,19 @@
     ############################################
     # ARM SHA code generation
 
-    "$CXX" -march=armv8-a+crypto "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    "$CXX" -march=armv8-a+crypto "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
-        ARM_SHA=1
+        ARM_SHA1=1
+        ARM_SHA2=1
     fi
 
-    if [[ ("$HAVE_ARMV8A" -ne 0 && "$ARM_SHA" -ne 0) ]]; then
+    if [[ ("$HAVE_ARMV8" -ne 0 && "$ARM_SHA1" -ne 0) ]]; then
         echo
         echo "************************************" | tee -a "$TEST_RESULTS"
-        echo "Testing: ARM SHA generation" | tee -a "$TEST_RESULTS"
+        echo "Testing: ARM SHA1 code generation" | tee -a "$TEST_RESULTS"
         echo
 
-        TEST_LIST+=("ARM SHA generation")
+        TEST_LIST+=("ARM SHA1 code generation")
 
         OBJFILE=sha_simd.o; rm -f "$OBJFILE" 2>/dev/null
         CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
@@ -1765,6 +1874,27 @@
             echo "ERROR: failed to generate sha1su1 instruction" | tee -a "$TEST_RESULTS"
         fi
 
+        if [[ ("$FAILED" -eq 0) ]]; then
+            echo "Verified sha1c, sha1m, sha1p, sha1su0, sha1su1 machine instructions" | tee -a "$TEST_RESULTS"
+        fi
+    fi
+
+
+    if [[ ("$HAVE_ARMV8" -ne 0 && "$ARM_SHA2" -ne 0) ]]; then
+        echo
+        echo "************************************" | tee -a "$TEST_RESULTS"
+        echo "Testing: ARM SHA2 code generation" | tee -a "$TEST_RESULTS"
+        echo
+
+        TEST_LIST+=("ARM SHA2 code generation")
+
+        OBJFILE=sha_simd.o; rm -f "$OBJFILE" 2>/dev/null
+        CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
+
+        COUNT=0
+        FAILED=0
+        DISASS_TEXT=$("$DISASS" "${DISASSARGS[@]}" "$OBJFILE" 2>/dev/null)
+
         COUNT=$(echo -n "$DISASS_TEXT" | "$GREP" -v sha256h2 | "$GREP" -i -c sha256h)
         if [[ ("$COUNT" -eq 0) ]]; then
             FAILED=1
@@ -1790,7 +1920,7 @@
         fi
 
         if [[ ("$FAILED" -eq 0) ]]; then
-            echo "Verified sha1c, sha1m, sha1p, sha1su0, sha1su1, sha256h, sha256h2, sha256su0, sha256su1 machine instructions" | tee -a "$TEST_RESULTS"
+            echo "Verified sha256h, sha256h2, sha256su0, sha256su1 machine instructions" | tee -a "$TEST_RESULTS"
         fi
     fi
 fi
@@ -1804,30 +1934,28 @@
 
     PPC_AES=0
     if [[ ("$PPC_AES" -eq 0) ]]; then
-        "$CXX" -mcpu=power8 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+        "$CXX" -mcpu=power8 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
         if [[ "$?" -eq 0 ]]; then
             PPC_AES=1
-            PPC_AES_FLAGS="-mcpu=power8"
         fi
     fi
     if [[ ("$PPC_AES" -eq 0) ]]; then
-        "$CXX" -qarch=pwr8 -qaltivec "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+        "$CXX" -qarch=pwr8 -qaltivec "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
         if [[ "$?" -eq 0 ]]; then
             PPC_AES=1
-            PPC_AES_FLAGS="-qarch=pwr8 -qaltivec"
         fi
     fi
 
     if [[ ("$PPC_AES" -ne 0) ]]; then
         echo
         echo "************************************" | tee -a "$TEST_RESULTS"
-        echo "Testing: Power8 AES generation" | tee -a "$TEST_RESULTS"
+        echo "Testing: Power8 AES code generation" | tee -a "$TEST_RESULTS"
         echo
 
-        TEST_LIST+=("Power8 AES generation")
+        TEST_LIST+=("Power8 AES code generation")
 
         OBJFILE=rijndael_simd.o; rm -f "$OBJFILE" 2>/dev/null
-        CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS $PPC_AES_FLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
+        CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
 
         COUNT=0
         FAILED=0
@@ -1858,7 +1986,7 @@
         fi
 
         if [[ ("$FAILED" -eq 0) ]]; then
-            echo "Verified vcipher, vcipherlast,vncipher, vncipherlast machine instructions" | tee -a "$TEST_RESULTS"
+            echo "Verified vcipher, vcipherlast, vncipher, vncipherlast machine instructions" | tee -a "$TEST_RESULTS"
         fi
     fi
 
@@ -1867,30 +1995,28 @@
 
     PPC_SHA=0
     if [[ ("$PPC_SHA" -eq 0) ]]; then
-        "$CXX" -mcpu=power8 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+        "$CXX" -mcpu=power8 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
         if [[ "$?" -eq 0 ]]; then
             PPC_SHA=1
-            PPC_SHA_FLAGS="-mcpu=power8"
         fi
     fi
     if [[ ("$PPC_SHA" -eq 0) ]]; then
-        "$CXX" -qarch=pwr8 -qaltivec "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+        "$CXX" -qarch=pwr8 -qaltivec "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
         if [[ "$?" -eq 0 ]]; then
             PPC_SHA=1
-            PPC_SHA_FLAGS="-qarch=pwr8 -qaltivec"
         fi
     fi
 
     if [[ ("$PPC_SHA" -ne 0) ]]; then
         echo
         echo "************************************" | tee -a "$TEST_RESULTS"
-        echo "Testing: Power8 SHA generation" | tee -a "$TEST_RESULTS"
+        echo "Testing: Power8 SHA code generation" | tee -a "$TEST_RESULTS"
         echo
 
-        TEST_LIST+=("Power8 SHA generation")
+        TEST_LIST+=("Power8 SHA code generation")
 
         OBJFILE=sha_simd.o; rm -f "$OBJFILE" 2>/dev/null
-        CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS $PPC_SHA_FLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
+        CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
 
         COUNT=0
         FAILED=0
@@ -1918,30 +2044,28 @@
 
     PPC_VMULL=0
     if [[ ("$PPC_VMULL" -eq 0) ]]; then
-        "$CXX" -mcpu=power8 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+        "$CXX" -mcpu=power8 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
         if [[ "$?" -eq 0 ]]; then
             PPC_VMULL=1
-            PPC_VMULL_FLAGS="-mcpu=power8"
         fi
     fi
     if [[ ("$PPC_VMULL" -eq 0) ]]; then
-        "$CXX" -qarch=pwr8 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+        "$CXX" -qarch=pwr8 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
         if [[ "$?" -eq 0 ]]; then
             PPC_VMULL=1
-            PPC_VMULL_FLAGS="-qarch=pwr8"
         fi
     fi
 
     if [[ ("$PPC_VMULL" -ne 0) ]]; then
         echo
         echo "************************************" | tee -a "$TEST_RESULTS"
-        echo "Testing: Power8 carryless multiply generation" | tee -a "$TEST_RESULTS"
+        echo "Testing: Power8 carryless multiply code generation" | tee -a "$TEST_RESULTS"
         echo
 
-        TEST_LIST+=("Power8 carryless multiply generation")
+        TEST_LIST+=("Power8 carryless multiply code generation")
 
         OBJFILE=gcm_simd.o; rm -f "$OBJFILE" 2>/dev/null
-        CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS $PPC_VMULL_FLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
+        CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
 
         COUNT=0
         FAILED=0
@@ -1960,8 +2084,81 @@
 fi
 
 ############################################
+# Altivec generation tests
+if [[ ("$HAVE_DISASS" -ne 0 && ("$IS_PPC32" -ne 0 || "$IS_PPC64" -ne 0)) ]]; then
+
+    ############################################
+    # Altivec
+
+    PPC_ALTIVEC=0
+    if [[ ("$PPC_ALTIVEC" -eq 0) ]]; then
+        "$CXX" -maltivec "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
+        if [[ "$?" -eq 0 ]]; then
+            PPC_ALTIVEC=1
+        fi
+    fi
+    if [[ ("$PPC_ALTIVEC" -eq 0) ]]; then
+        "$CXX" -qarch=altivec "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
+        if [[ "$?" -eq 0 ]]; then
+            PPC_ALTIVEC=1
+        fi
+    fi
+
+    if [[ ("$PPC_ALTIVEC" -ne 0) ]]; then
+        echo
+        echo "************************************" | tee -a "$TEST_RESULTS"
+        echo "Testing: Altivec code generation" | tee -a "$TEST_RESULTS"
+        echo
+
+        TEST_LIST+=("Altivec code generation")
+
+        OBJFILE=speck128_simd.o; rm -f "$OBJFILE" 2>/dev/null
+        CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS"
+
+        COUNT=0
+        FAILED=0
+        DISASS_TEXT=$("$DISASS" "${DISASSARGS[@]}" "$OBJFILE" 2>/dev/null)
+
+        COUNT=$(echo -n "$DISASS_TEXT" | "$GREP" -i -c lvx)
+        if [[ ("$COUNT" -lt 8) ]]; then
+            FAILED=1
+            echo "ERROR: failed to generate lvx instruction" | tee -a "$TEST_RESULTS"
+        fi
+
+        COUNT=$(echo -n "$DISASS_TEXT" | "$GREP" -i -c stvx)
+        if [[ ("$COUNT" -lt 8) ]]; then
+            FAILED=1
+            echo "ERROR: failed to generate stvx instruction" | tee -a "$TEST_RESULTS"
+        fi
+
+        COUNT=$(echo -n "$DISASS_TEXT" | "$GREP" -i -c vsldoi)
+        if [[ ("$COUNT" -lt 8) ]]; then
+            FAILED=1
+            echo "ERROR: failed to generate vsldoi instruction" | tee -a "$TEST_RESULTS"
+        fi
+
+        COUNT=$(echo -n "$DISASS_TEXT" | "$GREP" -i -c vxor)
+        if [[ ("$COUNT" -lt 8) ]]; then
+            FAILED=1
+            echo "ERROR: failed to generate vxor instruction" | tee -a "$TEST_RESULTS"
+        fi
+
+        COUNT=$(echo -n "$DISASS_TEXT" | "$GREP" -i -c vperm)
+        if [[ ("$COUNT" -lt 8) ]]; then
+            FAILED=1
+            echo "ERROR: failed to generate vperm instruction" | tee -a "$TEST_RESULTS"
+        fi
+
+        if [[ ("$FAILED" -eq 0) ]]; then
+            echo "Verified vxl, stvx, vsldoi, vxor, vperm instructions" | tee -a "$TEST_RESULTS"
+        fi
+    fi
+fi
+
+############################################
 # Default CXXFLAGS
 if true; then
+
     ############################################
     # Debug build
     echo
@@ -1972,7 +2169,7 @@
     TEST_LIST+=("Debug, default CXXFLAGS")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -2006,7 +2203,7 @@
     TEST_LIST+=("Release, default CXXFLAGS")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -2045,7 +2242,7 @@
     TEST_LIST+=("Debug, shared object")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXX="$CXX" CXXFLAGS="$DEBUG_CXXFLAGS" LINK_LIBRARY=libcryptopp.so \
         "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -2073,7 +2270,7 @@
     TEST_LIST+=("Release, shared object")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" LINK_LIBRARY=libcryptopp.so \
         "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -2106,7 +2303,7 @@
     TEST_LIST+=("Debug, dynamic library")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXX="$CXX" CXXFLAGS="$DEBUG_CXXFLAGS" LINK_LIBRARY=libcryptopp.dylib \
         "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -2134,7 +2331,7 @@
     TEST_LIST+=("Release, dynamic library")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" LINK_LIBRARY=libcryptopp.dylib \
         "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -2174,7 +2371,7 @@
     TEST_LIST+=("Debian standard build")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXX="g++" "$MAKE" "${MAKEARGS[@]}" CXXFLAGS="${DEBIAN_FLAGS[*]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
 
@@ -2220,7 +2417,7 @@
         echo "ERROR: please install redhat-rpm-config package"
     else
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXX="g++" "$MAKE" "${MAKEARGS[@]}" CXXFLAGS="${FEDORA_FLAGS[*]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
 
@@ -2252,26 +2449,26 @@
         "-fpic" "-fPIC"
         "-pthread" "-fopenmp")
 
-    rm -f "$TMPDIR/test.exe" &>/dev/null
-    "$CXX" -fstack-protector-strong "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
+    "$CXX" -fstack-protector-strong "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
         SUSE_FLAGS+=("-fstack-protector-strong")
     fi
 
-    rm -f "$TMPDIR/test.exe" &>/dev/null
-    "$CXX" -fasynchronous-unwind-tables "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
+    "$CXX" -fasynchronous-unwind-tables "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
         SUSE_FLAGS+=("-fasynchronous-unwind-tables")
     fi
 
-    rm -f "$TMPDIR/test.exe" &>/dev/null
-    "$CXX" -fstack-clash-protection "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
+    "$CXX" -fstack-clash-protection "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
         SUSE_FLAGS+=("-fstack-clash-protection")
     fi
 
-    rm -f "$TMPDIR/test.exe" &>/dev/null
-    "$CXX" -flto=6 "$test_prog" -o "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
+    "$CXX" -flto=6 "$test_prog" -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
         SUSE_FLAGS+=("-flto=6")
     fi
@@ -2284,7 +2481,7 @@
     TEST_LIST+=("openSUSE standard build")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXX="g++" "$MAKE" "${MAKEARGS[@]}" CXXFLAGS="${SUSE_FLAGS[*]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
 
@@ -2318,7 +2515,7 @@
         TEST_LIST+=("Debug, i686 minimum arch CXXFLAGS")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="$DEBUG_CXXFLAGS -march=i686 $OPT_PIC"
         CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -2346,7 +2543,7 @@
         TEST_LIST+=("Release, i686 minimum arch CXXFLAGS")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="$RELEASE_CXXFLAGS -march=i686 $OPT_PIC"
         CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -2377,7 +2574,7 @@
         TEST_LIST+=("Debug, x86_64 minimum arch CXXFLAGS")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="$DEBUG_CXXFLAGS -march=x86-64 $OPT_PIC"
         CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -2405,7 +2602,7 @@
         TEST_LIST+=("Release, x86_64 minimum arch CXXFLAGS")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="$RELEASE_CXXFLAGS -march=x86-64 $OPT_PIC"
         CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -2441,7 +2638,7 @@
         TEST_LIST+=("Debug, mismatched arch capabilities")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="$DEBUG_CXXFLAGS -march=i686 $OPT_PIC"
         CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static 2>&1 | tee -a "$TEST_RESULTS"
@@ -2473,7 +2670,7 @@
         TEST_LIST+=("Release, mismatched arch capabilities")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="$RELEASE_CXXFLAGS -march=i686 $OPT_PIC"
         CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static 2>&1 | tee -a "$TEST_RESULTS"
@@ -2508,7 +2705,7 @@
         TEST_LIST+=("Debug, mismatched arch capabilities")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="$DEBUG_CXXFLAGS -march=x86-64 $OPT_PIC"
         CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static 2>&1 | tee -a "$TEST_RESULTS"
@@ -2540,7 +2737,7 @@
         TEST_LIST+=("Release, mismatched arch capabilities")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="$RELEASE_CXXFLAGS -march=x86-64 $OPT_PIC"
         CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static 2>&1 | tee -a "$TEST_RESULTS"
@@ -2578,7 +2775,7 @@
     TEST_LIST+=("Debug, DISABLE_ASM")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -DCRYPTOPP_DISABLE_ASM"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -2606,7 +2803,7 @@
     TEST_LIST+=("Release, DISABLE_ASM")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -DCRYPTOPP_DISABLE_ASM"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -2639,7 +2836,7 @@
     TEST_LIST+=("Debug, NO_CPU_FEATURE_PROBES")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -DCRYPTOPP_NO_CPU_FEATURE_PROBES=1"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -2667,7 +2864,7 @@
     TEST_LIST+=("Release, NO_CPU_FEATURE_PROBES")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -DCRYPTOPP_NO_CPU_FEATURE_PROBES=1"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -2687,67 +2884,6 @@
 fi
 
 ############################################
-# Debug build, CRYPTOPP_NO_CXX11
-if [[ "$HAVE_CXX11" -ne 0 ]] || [[ "$HAVE_GNU11" -ne 0 ]]; then
-
-    ############################################
-    # Debug build
-    echo
-    echo "************************************" | tee -a "$TEST_RESULTS"
-    echo "Testing: Debug, CRYPTOPP_NO_CXX11" | tee -a "$TEST_RESULTS"
-    echo
-
-    TEST_LIST+=("Debug, CRYPTOPP_NO_CXX11")
-
-    "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
-
-    CXXFLAGS="$DEBUG_CXXFLAGS -DCRYPTOPP_NO_CXX11=1"
-    CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
-
-    if [[ ("${PIPESTATUS[0]}" -ne 0) ]]; then
-        echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS"
-    else
-        ./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
-        if [[ ("${PIPESTATUS[0]}" -ne 0) ]]; then
-            echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS"
-        fi
-        ./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
-        if [[ ("${PIPESTATUS[0]}" -ne 0) ]]; then
-            echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS"
-        fi
-    fi
-
-    ############################################
-    # Release build
-    echo
-    echo "************************************" | tee -a "$TEST_RESULTS"
-    echo "Testing: Release, CRYPTOPP_NO_CXX11" | tee -a "$TEST_RESULTS"
-    echo
-
-    TEST_LIST+=("Release, CRYPTOPP_NO_CXX11")
-
-    "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
-
-    CXXFLAGS="$RELEASE_CXXFLAGS -DCRYPTOPP_NO_CXX11=1"
-    CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
-
-    if [[ ("${PIPESTATUS[0]}" -ne 0) ]]; then
-        echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS"
-    else
-        ./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
-        if [[ ("${PIPESTATUS[0]}" -ne 0) ]]; then
-            echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS"
-        fi
-        ./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
-        if [[ ("${PIPESTATUS[0]}" -ne 0) ]]; then
-            echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS"
-        fi
-    fi
-fi
-
-############################################
 # c++03 debug and release build
 if [[ "$HAVE_CXX03" -ne 0 ]]; then
 
@@ -2761,7 +2897,7 @@
     TEST_LIST+=("Debug, c++03")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=c++03 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -2789,7 +2925,7 @@
     TEST_LIST+=("Release, c++03")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++03 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -2822,7 +2958,7 @@
     TEST_LIST+=("Debug, gnu++03")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=gnu++03 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -2850,7 +2986,7 @@
     TEST_LIST+=("Release, gnu++03")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=gnu++03 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -2883,7 +3019,7 @@
     TEST_LIST+=("Debug, c++11")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=c++11 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -2911,7 +3047,7 @@
     TEST_LIST+=("Release, c++11")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++11 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -2944,7 +3080,7 @@
     TEST_LIST+=("Debug, gnu++11")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=gnu++11 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -2972,7 +3108,7 @@
     TEST_LIST+=("Release, gnu++11")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=gnu++11 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3005,7 +3141,7 @@
     TEST_LIST+=("Debug, c++14")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=c++14 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3033,7 +3169,7 @@
     TEST_LIST+=("Release, c++14")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++14 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3066,7 +3202,7 @@
     TEST_LIST+=("Debug, gnu++14")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=gnu++14 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3094,7 +3230,7 @@
     TEST_LIST+=("Release, gnu++14")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=gnu++14 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3127,7 +3263,7 @@
     TEST_LIST+=("Debug, c++17")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=c++17 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3155,7 +3291,7 @@
     TEST_LIST+=("Release, c++17")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++17 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3188,7 +3324,7 @@
     TEST_LIST+=("Debug, gnu++17")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=gnu++17 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3216,7 +3352,7 @@
     TEST_LIST+=("Release, gnu++17")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=gnu++17 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3249,7 +3385,7 @@
     TEST_LIST+=("Debug, c++20")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=c++20 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3277,7 +3413,7 @@
     TEST_LIST+=("Release, c++20")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++20 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3310,7 +3446,7 @@
     TEST_LIST+=("Debug, gnu++20")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=gnu++20 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3338,7 +3474,7 @@
     TEST_LIST+=("Release, gnu++20")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=gnu++20 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3371,7 +3507,7 @@
     TEST_LIST+=("Debug, X32")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -mx32 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3399,7 +3535,7 @@
     TEST_LIST+=("Release, X32")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -mx32 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3432,7 +3568,7 @@
     TEST_LIST+=("Debug, INIT_PRIORITY (0)")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -DCRYPTOPP_INIT_PRIORITY=0 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3460,7 +3596,7 @@
     TEST_LIST+=("Release, INIT_PRIORITY (0)")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -DCRYPTOPP_INIT_PRIORITY=0 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3493,7 +3629,7 @@
     TEST_LIST+=("Debug, NO_OS_DEPENDENCE")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -DNO_OS_DEPENDENCE $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3521,7 +3657,7 @@
     TEST_LIST+=("Release, NO_OS_DEPENDENCE")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -DNO_OS_DEPENDENCE $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3554,7 +3690,7 @@
     TEST_LIST+=("Debug, ld-gold linker")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" LD="ld.gold" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3582,7 +3718,7 @@
     TEST_LIST+=("Release, ld-gold linker")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" LD="ld.gold" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3615,7 +3751,7 @@
     TEST_LIST+=("Debug, -O2 optimizations")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="-DDEBUG $OPT_O2 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3643,7 +3779,7 @@
     TEST_LIST+=("Release, -O2 optimizations")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="-DNDEBUG $OPT_O2 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3676,7 +3812,7 @@
     TEST_LIST+=("Debug, -O3 optimizations")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="-DDEBUG $OPT_O3 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3704,7 +3840,7 @@
     TEST_LIST+=("Release, -O3 optimizations")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="-DNDEBUG $OPT_O3 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3737,7 +3873,7 @@
     TEST_LIST+=("Debug, -Os optimizations")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="-DDEBUG $OPT_OS $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3765,7 +3901,7 @@
     TEST_LIST+=("Release, -Os optimizations")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="-DNDEBUG $OPT_OS $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3785,6 +3921,67 @@
 fi
 
 ############################################
+# Build at -Oz
+if [[ "$HAVE_OZ" -ne 0 ]]; then
+
+    ############################################
+    # Debug build
+    echo
+    echo "************************************" | tee -a "$TEST_RESULTS"
+    echo "Testing: Debug, -Oz optimizations" | tee -a "$TEST_RESULTS"
+    echo
+
+    TEST_LIST+=("Debug, -Oz optimizations")
+
+    "$MAKE" clean &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
+
+    CXXFLAGS="-DDEBUG $OPT_OZ $USER_CXXFLAGS"
+    CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
+
+    if [[ ("${PIPESTATUS[0]}" -ne 0) ]]; then
+        echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS"
+    else
+        ./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
+        if [[ ("${PIPESTATUS[0]}" -ne 0) ]]; then
+            echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS"
+        fi
+        ./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
+        if [[ ("${PIPESTATUS[0]}" -ne 0) ]]; then
+            echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS"
+        fi
+    fi
+
+    ############################################
+    # Release build
+    echo
+    echo "************************************" | tee -a "$TEST_RESULTS"
+    echo "Testing: Release, -Oz optimizations" | tee -a "$TEST_RESULTS"
+    echo
+
+    TEST_LIST+=("Release, -Oz optimizations")
+
+    "$MAKE" clean &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
+
+    CXXFLAGS="-DNDEBUG $OPT_OZ $USER_CXXFLAGS"
+    CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
+
+    if [[ ("${PIPESTATUS[0]}" -ne 0) ]]; then
+        echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS"
+    else
+        ./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
+        if [[ ("${PIPESTATUS[0]}" -ne 0) ]]; then
+            echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS"
+        fi
+        ./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
+        if [[ ("${PIPESTATUS[0]}" -ne 0) ]]; then
+            echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS"
+        fi
+    fi
+fi
+
+############################################
 # Build at -Ofast
 if [[ "$HAVE_OFAST" -ne 0 ]]; then
 
@@ -3798,7 +3995,7 @@
     TEST_LIST+=("Debug, -Ofast optimizations")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="-DDEBUG $OPT_OFAST $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3826,7 +4023,7 @@
     TEST_LIST+=("Release, -Ofast optimizations")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="-DNDEBUG $OPT_OFAST $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -3859,7 +4056,7 @@
     TEST_LIST+=("Debug, dead code strip")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" lean 2>&1 | tee -a "$TEST_RESULTS"
@@ -3887,7 +4084,7 @@
     TEST_LIST+=("Release, dead code strip")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" lean 2>&1 | tee -a "$TEST_RESULTS"
@@ -3920,7 +4117,7 @@
     TEST_LIST+=("Debug, OpenMP")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="-DDEBUG ${OMP_FLAGS[*]} $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" | tee -a "$TEST_RESULTS"
@@ -3948,7 +4145,7 @@
     TEST_LIST+=("Release, OpenMP")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="-DNDEBUG ${OMP_FLAGS[*]} $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" | tee -a "$TEST_RESULTS"
@@ -3981,7 +4178,7 @@
     TEST_LIST+=("Debug, c++03, UBsan")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=c++03 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" ubsan | tee -a "$TEST_RESULTS"
@@ -4009,7 +4206,7 @@
     TEST_LIST+=("Release, c++03, UBsan")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++03 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" ubsan | tee -a "$TEST_RESULTS"
@@ -4042,7 +4239,7 @@
     TEST_LIST+=("Debug, c++03, Asan")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=c++03 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" asan | tee -a "$TEST_RESULTS"
@@ -4082,7 +4279,7 @@
     TEST_LIST+=("Release, c++03, Asan")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++03 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" asan | tee -a "$TEST_RESULTS"
@@ -4126,7 +4323,7 @@
     TEST_LIST+=("Debug, c++03, Bounds Sanitizer")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=c++03 -fsanitize=bounds-strict $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" | tee -a "$TEST_RESULTS"
@@ -4166,7 +4363,7 @@
     TEST_LIST+=("Release, c++03, Bounds Sanitizer")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++03 -fsanitize=bounds-strict $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" | tee -a "$TEST_RESULTS"
@@ -4198,7 +4395,7 @@
 
 ############################################
 # Control-flow Enforcement Technology (CET), c++03
-if [[ ("$HAVE_CXX11" -ne 0 && "$HAVE_CET" -ne 0) ]]; then
+if [[ ("$HAVE_CXX03" -ne 0 && "$HAVE_CET" -ne 0) ]]; then
 
     ############################################
     # Debug build, CET, c++03
@@ -4210,7 +4407,7 @@
     TEST_LIST+=("Debug, c++03, CET")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=c++03 -fcf-protection=full -mcet $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" | tee -a "$TEST_RESULTS"
@@ -4238,7 +4435,7 @@
     TEST_LIST+=("Release, c++03, CET")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++03 -fcf-protection=full -mcet $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" | tee -a "$TEST_RESULTS"
@@ -4259,7 +4456,7 @@
 
 ############################################
 # Specter, c++03
-if [[ ("$HAVE_CXX11" -ne 0 && "$HAVE_REPTOLINE" -ne 0) ]]; then
+if [[ ("$HAVE_CXX03" -ne 0 && "$HAVE_REPTOLINE" -ne 0) ]]; then
 
     ############################################
     # Debug build, Specter, c++03
@@ -4271,7 +4468,7 @@
     TEST_LIST+=("Debug, c++03, Specter")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=c++03 -mfunction-return=thunk -mindirect-branch=thunk $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" | tee -a "$TEST_RESULTS"
@@ -4299,7 +4496,7 @@
     TEST_LIST+=("Release, c++03, Specter")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++03 -mfunction-return=thunk -mindirect-branch=thunk $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" | tee -a "$TEST_RESULTS"
@@ -4332,7 +4529,7 @@
     TEST_LIST+=("Debug, c++11, UBsan")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=c++11 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" ubsan | tee -a "$TEST_RESULTS"
@@ -4360,7 +4557,7 @@
     TEST_LIST+=("Release, c++11, UBsan")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++11 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" ubsan | tee -a "$TEST_RESULTS"
@@ -4393,7 +4590,7 @@
     TEST_LIST+=("Debug, c++11, Asan")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=c++11 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" asan | tee -a "$TEST_RESULTS"
@@ -4433,7 +4630,7 @@
     TEST_LIST+=("Release, c++11, Asan")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++11 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" asan | tee -a "$TEST_RESULTS"
@@ -4477,7 +4674,7 @@
     TEST_LIST+=("Debug, c++11, Bounds Sanitizer")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=c++11 -fsanitize=bounds-strict $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" | tee -a "$TEST_RESULTS"
@@ -4517,7 +4714,7 @@
     TEST_LIST+=("Release, c++11, Bounds Sanitizer")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++11 -fsanitize=bounds-strict $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" | tee -a "$TEST_RESULTS"
@@ -4561,7 +4758,7 @@
     TEST_LIST+=("Debug, c++11, CET")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=c++11 -fcf-protection=full -mcet $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" | tee -a "$TEST_RESULTS"
@@ -4589,7 +4786,7 @@
     TEST_LIST+=("Release, c++11, CET")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++11 -fcf-protection=full -mcet $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" | tee -a "$TEST_RESULTS"
@@ -4622,7 +4819,7 @@
     TEST_LIST+=("Debug, c++11, Specter")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=c++11 -mfunction-return=thunk -mindirect-branch=thunk $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" | tee -a "$TEST_RESULTS"
@@ -4650,7 +4847,7 @@
     TEST_LIST+=("Release, c++11, Specter")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++11 -mfunction-return=thunk -mindirect-branch=thunk $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" | tee -a "$TEST_RESULTS"
@@ -4680,7 +4877,7 @@
     TEST_LIST+=("Release, c++14, UBsan")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++14 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" ubsan | tee -a "$TEST_RESULTS"
@@ -4710,7 +4907,7 @@
     TEST_LIST+=("Release, c++14, Asan")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++14 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" asan | tee -a "$TEST_RESULTS"
@@ -4751,7 +4948,7 @@
     TEST_LIST+=("Release, c++14, Bounds Sanitizer")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++14 -fsanitize=bounds-strict $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" | tee -a "$TEST_RESULTS"
@@ -4781,7 +4978,7 @@
     TEST_LIST+=("Release, c++14, CET")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++14 -fcf-protection=full -mcet $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" | tee -a "$TEST_RESULTS"
@@ -4811,7 +5008,7 @@
     TEST_LIST+=("Release, c++14, Specter")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++14 -mfunction-return=thunk -mindirect-branch=thunk $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" | tee -a "$TEST_RESULTS"
@@ -4841,7 +5038,7 @@
     TEST_LIST+=("Release, c++17, UBsan")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++17 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" ubsan | tee -a "$TEST_RESULTS"
@@ -4871,7 +5068,7 @@
     TEST_LIST+=("Release, c++17, Asan")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++17 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" asan | tee -a "$TEST_RESULTS"
@@ -4912,7 +5109,7 @@
     TEST_LIST+=("Release, c++17, Bounds Sanitizer")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++17 -fsanitize=bounds-strict $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" | tee -a "$TEST_RESULTS"
@@ -4942,7 +5139,7 @@
     TEST_LIST+=("Release, c++17, CET")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++17 -fcf-protection=full -mcet $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" | tee -a "$TEST_RESULTS"
@@ -4972,7 +5169,7 @@
     TEST_LIST+=("Release, c++17, Specter")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++17 -mfunction-return=thunk -mindirect-branch=thunk $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" | tee -a "$TEST_RESULTS"
@@ -5002,7 +5199,7 @@
     TEST_LIST+=("Release, c++20, UBsan")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++20 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" ubsan | tee -a "$TEST_RESULTS"
@@ -5032,7 +5229,7 @@
     TEST_LIST+=("Release, c++20, Asan")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++20 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" asan | tee -a "$TEST_RESULTS"
@@ -5073,7 +5270,7 @@
     TEST_LIST+=("Release, c++20, Bounds Sanitizer")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++20 -fsanitize=bounds-strict $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" | tee -a "$TEST_RESULTS"
@@ -5103,7 +5300,7 @@
     TEST_LIST+=("Release, c++20, CET")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++20 -fcf-protection=full -mcet $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" | tee -a "$TEST_RESULTS"
@@ -5133,7 +5330,7 @@
     TEST_LIST+=("Release, c++20, Specter")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++20 -mfunction-return=thunk -mindirect-branch=thunk $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" | tee -a "$TEST_RESULTS"
@@ -5166,7 +5363,7 @@
     TEST_LIST+=("Debug, Analyze")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -fanalyzer $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5194,7 +5391,7 @@
     TEST_LIST+=("Release, Analyze")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -fanalyzer $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5231,7 +5428,7 @@
         TEST_LIST+=("Sun Studio 12.2, debug, platform CXXFLAGS")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="-DDEBUG -g -xO0"
         CXX="/opt/solstudio12.2/bin/CC" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5259,7 +5456,7 @@
         TEST_LIST+=("Testing: Sun Studio 12.2, release, platform CXXFLAGS")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="-DNDEBUG -g -xO2"
         CXX="/opt/solstudio12.2/bin/CC" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5292,7 +5489,7 @@
         TEST_LIST+=("Sun Studio 12.3, debug, platform CXXFLAGS")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="-DDEBUG -g3 -xO0"
         CXX=/opt/solarisstudio12.3/bin/CC CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5320,7 +5517,7 @@
         TEST_LIST+=("Sun Studio 12.3, release, platform CXXFLAGS")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="-DNDEBUG -g3 -xO2"
         CXX=/opt/solarisstudio12.3/bin/CC CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5353,7 +5550,7 @@
         TEST_LIST+=("Sun Studio 12.4, debug, platform CXXFLAGS")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="-DDEBUG -g3 -xO0"
         CXX=/opt/solarisstudio12.4/bin/CC CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5381,7 +5578,7 @@
         TEST_LIST+=("Sun Studio 12.4, release, platform CXXFLAGS")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="-DNDEBUG -g2 -xO2"
         CXX=/opt/solarisstudio12.4/bin/CC CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5414,7 +5611,7 @@
         TEST_LIST+=("Sun Studio 12.5, debug, platform CXXFLAGS")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="-DDEBUG -g3 -xO1"
         CXX=/opt/developerstudio12.5/bin/CC CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5442,7 +5639,7 @@
         TEST_LIST+=("Sun Studio 12.5, release, platform CXXFLAGS")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="-DNDEBUG -g2 -xO2"
         CXX=/opt/developerstudio12.5/bin/CC CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5475,7 +5672,7 @@
         TEST_LIST+=("Sun Studio 12.6, debug, platform CXXFLAGS")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="-DDEBUG -g3 -xO1"
         CXX=/opt/developerstudio12.6/bin/CC CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5503,7 +5700,7 @@
         TEST_LIST+=("Sun Studio 12.6, release, platform CXXFLAGS")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="-DNDEBUG -g2 -xO2"
         CXX=/opt/developerstudio12.6/bin/CC CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5536,7 +5733,7 @@
         TEST_LIST+=("Solaris GCC, debug, default CXXFLAGS")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="-DDEBUG -g3 -O0"
         CXX="/bin/g++" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5564,7 +5761,7 @@
         TEST_LIST+=("Soalris GCC, release, default CXXFLAGS")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="-DNDEBUG -g2 -O3"
         CXX="/bin/g++" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5598,7 +5795,7 @@
     TEST_LIST+=("Darwin, c++03, libc++ (LLVM)")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++03 -stdlib=libc++ $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5619,7 +5816,7 @@
 
 ############################################
 # Darwin, c++03, libstdc++
-if [[ ("$IS_DARWIN" -ne 0 && "$HAVE_CXX03" -ne 0) ]]; then
+if [[ ("$IS_DARWIN" -ne 0 && "$HAVE_CXX03" -ne 0) && ("$HAVE_LIBSTDCXX" -ne 0) ]]; then
     echo
     echo "************************************" | tee -a "$TEST_RESULTS"
     echo "Testing: Darwin, c++03, libstdc++ (GNU)" | tee -a "$TEST_RESULTS"
@@ -5628,7 +5825,7 @@
     TEST_LIST+=("Darwin, c++03, libstdc++ (GNU)")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++03 -stdlib=libstdc++ $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5658,7 +5855,7 @@
     TEST_LIST+=("Darwin, c++11, libc++ (LLVM)")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++11 -stdlib=libc++ $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5679,7 +5876,7 @@
 
 ############################################
 # Darwin, c++11, libstdc++
-if [[ ("$IS_DARWIN" -ne 0 && "$HAVE_CXX11" -ne 0) ]]; then
+if [[ ("$IS_DARWIN" -ne 0 && "$HAVE_CXX11" -ne 0) && ("$HAVE_LIBSTDCXX" -ne 0) ]]; then
     echo
     echo "************************************" | tee -a "$TEST_RESULTS"
     echo "Testing: Darwin, c++11, libstdc++ (GNU)" | tee -a "$TEST_RESULTS"
@@ -5688,7 +5885,7 @@
     TEST_LIST+=("Darwin, c++11, libstdc++ (GNU)")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++11 -stdlib=libstdc++ $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5718,7 +5915,7 @@
     TEST_LIST+=("Darwin, c++14, libc++ (LLVM)")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++14 -stdlib=libc++ $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5739,7 +5936,7 @@
 
 ############################################
 # Darwin, c++14, libstdc++
-if [[ ("$IS_DARWIN" -ne 0 && "$HAVE_CXX14" -ne 0) ]]; then
+if [[ ("$IS_DARWIN" -ne 0 && "$HAVE_CXX14" -ne 0) && ("$HAVE_LIBSTDCXX" -ne 0) ]]; then
     echo
     echo "************************************" | tee -a "$TEST_RESULTS"
     echo "Testing: Darwin, c++14, libstdc++ (GNU)" | tee -a "$TEST_RESULTS"
@@ -5748,7 +5945,7 @@
     TEST_LIST+=("Darwin, c++14, libstdc++ (GNU)")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++14 -stdlib=libstdc++ $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5778,7 +5975,7 @@
     TEST_LIST+=("Darwin, c++17, libc++ (LLVM)")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++17 -stdlib=libc++ $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5799,7 +5996,7 @@
 
 ############################################
 # Darwin, c++17, libstdc++
-if [[ ("$IS_DARWIN" -ne 0 && "$HAVE_CXX17" -ne 0) ]]; then
+if [[ ("$IS_DARWIN" -ne 0 && "$HAVE_CXX17" -ne 0) && ("$HAVE_LIBSTDCXX" -ne 0) ]]; then
     echo
     echo "************************************" | tee -a "$TEST_RESULTS"
     echo "Testing: Darwin, c++17, libstdc++ (GNU)" | tee -a "$TEST_RESULTS"
@@ -5808,7 +6005,7 @@
     TEST_LIST+=("Darwin, c++17, libstdc++ (GNU)")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++17 -stdlib=libstdc++ $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5838,7 +6035,7 @@
     TEST_LIST+=("Darwin, Intel multiarch, c++03")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -arch i386 -arch x86_64 -std=c++03 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5879,7 +6076,7 @@
     TEST_LIST+=("Darwin, Intel multiarch, c++11")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -arch i386 -arch x86_64 -std=c++11 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5920,7 +6117,7 @@
     TEST_LIST+=("Darwin, Intel multiarch, c++14")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -arch i386 -arch x86_64 -std=c++14 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -5961,7 +6158,7 @@
     TEST_LIST+=("Darwin, Intel multiarch, c++17")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -arch i386 -arch x86_64 -std=c++17 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -6002,7 +6199,7 @@
     TEST_LIST+=("Darwin, PowerPC multiarch")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -arch ppc -arch ppc64 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -6043,7 +6240,7 @@
     TEST_LIST+=("Darwin, c++03, Malloc Guards")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++03 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -6079,7 +6276,7 @@
     TEST_LIST+=("Darwin, c++11, Malloc Guards")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++11 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -6115,7 +6312,7 @@
     TEST_LIST+=("Darwin, c++14, Malloc Guards")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++14 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -6151,7 +6348,7 @@
     TEST_LIST+=("Darwin, c++17, Malloc Guards")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++17 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -6191,7 +6388,7 @@
         TEST_LIST+=("Testing: Benchmarks, c++03")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="$RELEASE_CXXFLAGS -std=c++03 $USER_CXXFLAGS"
         CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -6218,7 +6415,7 @@
         TEST_LIST+=("Testing: Benchmarks, c++11")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="$RELEASE_CXXFLAGS -std=c++11 $USER_CXXFLAGS"
         CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -6245,7 +6442,7 @@
         TEST_LIST+=("Benchmarks, c++14")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="$RELEASE_CXXFLAGS -std=c++14 $USER_CXXFLAGS"
         CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -6276,7 +6473,7 @@
     TEST_LIST+=("MinGW, PREFER_BERKELEY_STYLE_SOCKETS")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -DPREFER_BERKELEY_STYLE_SOCKETS -DNO_WINDOWS_STYLE_SOCKETS $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -6306,7 +6503,7 @@
     TEST_LIST+=("MinGW, PREFER_WINDOWS_STYLE_SOCKETS")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -DPREFER_WINDOWS_STYLE_SOCKETS -DNO_BERKELEY_STYLE_SOCKETS $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -6336,7 +6533,7 @@
     TEST_LIST+=("Valgrind, c++03")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$VALGRIND_CXXFLAGS -std=c++03 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -6360,7 +6557,7 @@
     TEST_LIST+=("Valgrind, c++11")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$VALGRIND_CXXFLAGS -std=c++11 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -6384,7 +6581,7 @@
     TEST_LIST+=("Valgrind, c++14")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$VALGRIND_CXXFLAGS -std=c++14 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -6408,7 +6605,7 @@
     TEST_LIST+=("Valgrind, c++17")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$VALGRIND_CXXFLAGS -std=c++17 $USER_CXXFLAGS"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -6435,7 +6632,7 @@
     TEST_LIST+=("Debug, c++03, elevated warnings")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=c++03 ${WARNING_CXXFLAGS[*]}"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$WARN_RESULTS"
@@ -6454,7 +6651,7 @@
     TEST_LIST+=("Release, c++03, elevated warnings")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++03 ${WARNING_CXXFLAGS[*]}"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$WARN_RESULTS"
@@ -6477,7 +6674,7 @@
     TEST_LIST+=("Debug, c++11, elevated warnings")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=c++11 ${WARNING_CXXFLAGS[*]}"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$WARN_RESULTS"
@@ -6496,7 +6693,7 @@
     TEST_LIST+=("Release, c++11, elevated warnings")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++11 ${WARNING_CXXFLAGS[*]}"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$WARN_RESULTS"
@@ -6519,7 +6716,7 @@
     TEST_LIST+=("Debug, c++14, elevated warnings")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=c++14 ${WARNING_CXXFLAGS[*]}"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$WARN_RESULTS"
@@ -6538,7 +6735,7 @@
     TEST_LIST+=("Release, c++14, elevated warnings")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++14 ${WARNING_CXXFLAGS[*]}"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$WARN_RESULTS"
@@ -6561,7 +6758,7 @@
     TEST_LIST+=("Debug, c++17, elevated warnings")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=c++17 ${WARNING_CXXFLAGS[*]}"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$WARN_RESULTS"
@@ -6580,7 +6777,7 @@
     TEST_LIST+=("Release, c++17, elevated warnings")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++17 ${WARNING_CXXFLAGS[*]}"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$WARN_RESULTS"
@@ -6604,7 +6801,7 @@
     TEST_LIST+=("Debug, c++20, elevated warnings")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$DEBUG_CXXFLAGS -std=c++20 ${WARNING_CXXFLAGS[*]}"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$WARN_RESULTS"
@@ -6623,7 +6820,7 @@
     TEST_LIST+=("Release, c++20, elevated warnings")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -std=c++20 ${WARNING_CXXFLAGS[*]}"
     CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$WARN_RESULTS"
@@ -6639,7 +6836,7 @@
 if [[ ("$CLANG_COMPILER" -eq 0) ]]; then
 
     CLANG_CXX=$(command -v clang++ 2>/dev/null)
-    "$CLANG_CXX" -x c++ -DCRYPTOPP_ADHOC_MAIN "$test_prog".proto -o "$TMPDIR/test.exe" &>/dev/null
+    "$CLANG_CXX" -x c++ -DCRYPTOPP_ADHOC_MAIN "$test_prog".proto -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
 
         ############################################
@@ -6652,7 +6849,7 @@
         TEST_LIST+=("Clang compiler")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="-DNDEBUG -g2 -O3"
         CXX="$CLANG_CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -6676,7 +6873,7 @@
 if [[ ("$GCC_COMPILER" -eq 0) ]]; then
 
     GCC_CXX=$(command -v g++ 2>/dev/null)
-    "$GCC_CXX" -x c++ -DCRYPTOPP_ADHOC_MAIN "$test_prog".proto -o "$TMPDIR/test.exe" &>/dev/null
+    "$GCC_CXX" -x c++ -DCRYPTOPP_ADHOC_MAIN "$test_prog".proto -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
 
         ############################################
@@ -6689,7 +6886,7 @@
         TEST_LIST+=("GCC compiler")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="-DNDEBUG -g2 -O3"
         CXX="$GCC_CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -6716,7 +6913,7 @@
     if [[ (-z "$INTEL_CXX") ]]; then
         INTEL_CXX=$(find /opt/intel -name icpc 2>/dev/null | "$GREP" -iv composer | head -1)
     fi
-    "$INTEL_CXX" -x c++ -DCRYPTOPP_ADHOC_MAIN "$test_prog".proto -o "$TMPDIR/test.exe" &>/dev/null
+    "$INTEL_CXX" -x c++ -DCRYPTOPP_ADHOC_MAIN "$test_prog".proto -o "${TMPDIR}/test.exe" &>/dev/null
     if [[ "$?" -eq 0 ]]; then
 
         ############################################
@@ -6729,7 +6926,7 @@
         TEST_LIST+=("Intel compiler")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="-DNDEBUG -g2 -O3"
         CXX="$INTEL_CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -6754,7 +6951,7 @@
 
     MACPORTS_CXX=$(find /opt/local/bin -name 'g++-mp-4*' 2>/dev/null | head -1)
     if [[ (-n "$MACPORTS_CXX") ]]; then
-        "$MACPORTS_CXX" -x c++ -std=c++11 -DCRYPTOPP_ADHOC_MAIN "$test_prog".proto -o "$TMPDIR/test.exe" &>/dev/null
+        "$MACPORTS_CXX" -x c++ -std=c++11 -DCRYPTOPP_ADHOC_MAIN "$test_prog".proto -o "${TMPDIR}/test.exe" &>/dev/null
         if [[ "$?" -eq 0 ]]; then
 
             ############################################
@@ -6767,7 +6964,7 @@
             TEST_LIST+=("MacPorts 4.x GCC compiler")
 
             "$MAKE" clean &>/dev/null
-            rm -f "$TMPDIR/test.exe" &>/dev/null
+            rm -f "${TMPDIR}/test.exe" &>/dev/null
 
             # We want to use -stdlib=libstdc++ below, but it causes a compile error. Maybe MacPorts hardwired libc++.
             CXXFLAGS="-DNDEBUG -g2 -O3 -std=c++11"
@@ -6789,7 +6986,7 @@
 
     MACPORTS_CXX=$(find /opt/local/bin -name 'g++-mp-5*' 2>/dev/null | head -1)
     if [[ (-n "$MACPORTS_CXX") ]]; then
-        "$MACPORTS_CXX" -x c++ -std=c++11 -DCRYPTOPP_ADHOC_MAIN "$test_prog".proto -o "$TMPDIR/test.exe" &>/dev/null
+        "$MACPORTS_CXX" -x c++ -std=c++11 -DCRYPTOPP_ADHOC_MAIN "$test_prog".proto -o "${TMPDIR}/test.exe" &>/dev/null
         if [[ "$?" -eq 0 ]]; then
 
             ############################################
@@ -6802,7 +6999,7 @@
             TEST_LIST+=("MacPorts 5.x GCC compiler")
 
             "$MAKE" clean &>/dev/null
-            rm -f "$TMPDIR/test.exe" &>/dev/null
+            rm -f "${TMPDIR}/test.exe" &>/dev/null
 
             # We want to use -stdlib=libstdc++ below, but it causes a compile error. Maybe MacPorts hardwired libc++.
             CXXFLAGS="-DNDEBUG -g2 -O3 -std=c++11"
@@ -6824,7 +7021,7 @@
 
     MACPORTS_CXX=$(find /opt/local/bin -name 'g++-mp-6*' 2>/dev/null | head -1)
     if [[ (-n "$MACPORTS_CXX") ]]; then
-        "$MACPORTS_CXX" -x c++ -std=c++11 -DCRYPTOPP_ADHOC_MAIN "$test_prog".proto -o "$TMPDIR/test.exe" &>/dev/null
+        "$MACPORTS_CXX" -x c++ -std=c++11 -DCRYPTOPP_ADHOC_MAIN "$test_prog".proto -o "${TMPDIR}/test.exe" &>/dev/null
         if [[ "$?" -eq 0 ]]; then
 
             ############################################
@@ -6837,7 +7034,7 @@
             TEST_LIST+=("MacPorts 6.x GCC compiler")
 
             "$MAKE" clean &>/dev/null
-            rm -f "$TMPDIR/test.exe" &>/dev/null
+            rm -f "${TMPDIR}/test.exe" &>/dev/null
 
             # We want to use -stdlib=libstdc++ below, but it causes a compile error. Maybe MacPorts hardwired libc++.
             CXXFLAGS="-DNDEBUG -g2 -O3 -std=c++11"
@@ -6859,7 +7056,7 @@
 
     MACPORTS_CXX=$(find /opt/local/bin -name 'g++-mp-7*' 2>/dev/null | head -1)
     if [[ (-n "$MACPORTS_CXX") ]]; then
-        "$MACPORTS_CXX" -x c++ -std=c++11 -DCRYPTOPP_ADHOC_MAIN "$test_prog".proto -o "$TMPDIR/test.exe" &>/dev/null
+        "$MACPORTS_CXX" -x c++ -std=c++11 -DCRYPTOPP_ADHOC_MAIN "$test_prog".proto -o "${TMPDIR}/test.exe" &>/dev/null
         if [[ "$?" -eq 0 ]]; then
 
             ############################################
@@ -6872,7 +7069,7 @@
             TEST_LIST+=("MacPorts 7.x GCC compiler")
 
             "$MAKE" clean &>/dev/null
-            rm -f "$TMPDIR/test.exe" &>/dev/null
+            rm -f "${TMPDIR}/test.exe" &>/dev/null
 
             # We want to use -stdlib=libstdc++ below, but it causes a compile error. Maybe MacPorts hardwired libc++.
             CXXFLAGS="-DNDEBUG -g2 -O3 -std=c++11"
@@ -6894,7 +7091,7 @@
 
     MACPORTS_CXX=$(find /opt/local/bin -name 'clang++-mp-3.7*' 2>/dev/null | head -1)
     if [[ (-n "$MACPORTS_CXX") ]]; then
-        "$MACPORTS_CXX" -x c++ -std=c++11 -DCRYPTOPP_ADHOC_MAIN "$test_prog".proto -o "$TMPDIR/test.exe" &>/dev/null
+        "$MACPORTS_CXX" -x c++ -std=c++11 -DCRYPTOPP_ADHOC_MAIN "$test_prog".proto -o "${TMPDIR}/test.exe" &>/dev/null
         if [[ "$?" -eq 0 ]]; then
 
             ############################################
@@ -6907,7 +7104,7 @@
             TEST_LIST+=("MacPorts 3.7 Clang compiler")
 
             "$MAKE" clean &>/dev/null
-            rm -f "$TMPDIR/test.exe" &>/dev/null
+            rm -f "${TMPDIR}/test.exe" &>/dev/null
 
             CXXFLAGS="-DNDEBUG -g2 -O3 -std=c++11 -stdlib=libc++"
             CXX="$MACPORTS_CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -6928,7 +7125,7 @@
 
     MACPORTS_CXX=$(find /opt/local/bin -name 'clang++-mp-3.8*' 2>/dev/null | head -1)
     if [[ (-n "$MACPORTS_CXX") ]]; then
-        "$MACPORTS_CXX" -x c++ -std=c++11 -DCRYPTOPP_ADHOC_MAIN "$test_prog".proto -o "$TMPDIR/test.exe" &>/dev/null
+        "$MACPORTS_CXX" -x c++ -std=c++11 -DCRYPTOPP_ADHOC_MAIN "$test_prog".proto -o "${TMPDIR}/test.exe" &>/dev/null
         if [[ "$?" -eq 0 ]]; then
 
             ############################################
@@ -6941,7 +7138,7 @@
             TEST_LIST+=("MacPorts 3.8 Clang compiler")
 
             "$MAKE" clean &>/dev/null
-            rm -f "$TMPDIR/test.exe" &>/dev/null
+            rm -f "${TMPDIR}/test.exe" &>/dev/null
 
             CXXFLAGS="-DNDEBUG -g2 -O3 -std=c++11 -stdlib=libc++"
             CXX="$MACPORTS_CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -6962,7 +7159,7 @@
 
     MACPORTS_CXX=$(find /opt/local/bin -name 'clang++-mp-3.9*' 2>/dev/null | head -1)
     if [[ (-n "$MACPORTS_CXX") ]]; then
-        "$MACPORTS_CXX" -x c++ -std=c++11 -DCRYPTOPP_ADHOC_MAIN "$test_prog".proto -o "$TMPDIR/test.exe" &>/dev/null
+        "$MACPORTS_CXX" -x c++ -std=c++11 -DCRYPTOPP_ADHOC_MAIN "$test_prog".proto -o "${TMPDIR}/test.exe" &>/dev/null
         if [[ "$?" -eq 0 ]]; then
 
             ############################################
@@ -6975,7 +7172,7 @@
             TEST_LIST+=("MacPorts 3.9 Clang compiler")
 
             "$MAKE" clean &>/dev/null
-            rm -f "$TMPDIR/test.exe" &>/dev/null
+            rm -f "${TMPDIR}/test.exe" &>/dev/null
 
             CXXFLAGS="-DNDEBUG -g2 -O3 -std=c++11 -stdlib=libc++"
             CXX="$MACPORTS_CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -6996,7 +7193,7 @@
 
     MACPORTS_CXX=$(find /opt/local/bin -name 'clang++-mp-4*' 2>/dev/null | head -1)
     if [[ (-n "$MACPORTS_CXX") ]]; then
-        "$MACPORTS_CXX" -x c++ -std=c++11 -DCRYPTOPP_ADHOC_MAIN "$test_prog".proto -o "$TMPDIR/test.exe" &>/dev/null
+        "$MACPORTS_CXX" -x c++ -std=c++11 -DCRYPTOPP_ADHOC_MAIN "$test_prog".proto -o "${TMPDIR}/test.exe" &>/dev/null
         if [[ "$?" -eq 0 ]]; then
 
             ############################################
@@ -7009,7 +7206,7 @@
             TEST_LIST+=("MacPorts 4.x Clang compiler")
 
             "$MAKE" clean &>/dev/null
-            rm -f "$TMPDIR/test.exe" &>/dev/null
+            rm -f "${TMPDIR}/test.exe" &>/dev/null
 
             CXXFLAGS="-DNDEBUG -g2 -O3 -std=c++11 -stdlib=libc++"
             CXX="$MACPORTS_CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -7046,7 +7243,7 @@
         TEST_LIST+=("Xcode Clang compiler")
 
         "$MAKE" clean &>/dev/null
-        rm -f "$TMPDIR/test.exe" &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
 
         CXXFLAGS="-DNDEBUG -g2 -O3"
         CXX="$XCODE_CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
@@ -7078,9 +7275,9 @@
     TEST_LIST+=("Install with data directory")
 
     "$MAKE" clean &>/dev/null
-    rm -f "$TMPDIR/test.exe" &>/dev/null
+    rm -f "${TMPDIR}/test.exe" &>/dev/null
 
-    INSTALL_DIR="$TMPDIR/cryptopp_test"
+    INSTALL_DIR="${TMPDIR}/cryptopp_test"
     rm -rf "$INSTALL_DIR" &>/dev/null
 
     CXXFLAGS="$RELEASE_CXXFLAGS -DCRYPTOPP_DATA_DIR='\"$INSTALL_DIR/share/cryptopp/\"' $USER_CXXFLAGS"
@@ -7091,7 +7288,7 @@
     else
         OLD_DIR=$(pwd)
         "$MAKE" "${MAKEARGS[@]}" install PREFIX="$INSTALL_DIR" 2>&1 | tee -a "$TEST_RESULTS" "$INSTALL_RESULTS"
-        cd "$INSTALL_DIR/bin"
+        cd "$INSTALL_DIR/bin" || exit
 
         echo
         echo "************************************" | tee -a "$TEST_RESULTS" "$INSTALL_RESULTS"
@@ -7132,7 +7329,7 @@
         fi
 
         # Restore original PWD
-        cd "$OLD_DIR"
+        cd "$OLD_DIR" || exit
     fi
 fi
 
@@ -7178,6 +7375,83 @@
     fi
 fi
 
+############################################
+# Test latest zip with unzip -a
+if true; then
+
+    major=8; minor=5; rev=0
+    base="cryptopp${major}${minor}${rev}"
+    filename="${base}.zip"
+    url="https://cryptopp.com/${filename}"
+
+    rm -rf "${base}" 2>/dev/null
+    if wget -q -O ${filename} "${url}";
+    then
+        unzip -aoq "${filename}" -d "${base}"
+        cd "${base}" || exit 1
+
+        ############################################
+        # Debug build
+        echo
+        echo "************************************" | tee -a "$TEST_RESULTS"
+        echo "Testing: Latest zip, unzip -a, Debug" | tee -a "$TEST_RESULTS"
+        echo
+
+        TEST_LIST+=("Latest zip, unzip -a, Debug CXXFLAGS")
+
+        "$MAKE" clean &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
+
+        CXXFLAGS="$DEBUG_CXXFLAGS"
+        CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
+
+        if [[ ("${PIPESTATUS[0]}" -ne 0) ]]; then
+            echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS"
+        else
+            ./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
+            if [[ ("${PIPESTATUS[0]}" -ne 0) ]]; then
+                echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS"
+            fi
+            ./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
+            if [[ ("${PIPESTATUS[0]}" -ne 0) ]]; then
+                echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS"
+            fi
+        fi
+
+        ############################################
+        # Release build
+        echo
+        echo "************************************" | tee -a "$TEST_RESULTS"
+        echo "Testing: Latest zip, unzip -a, Release" | tee -a "$TEST_RESULTS"
+        echo
+
+        TEST_LIST+=("Latest zip, unzip -a, Release CXXFLAGS")
+
+        "$MAKE" clean &>/dev/null
+        rm -f "${TMPDIR}/test.exe" &>/dev/null
+
+        CXXFLAGS="$RELEASE_CXXFLAGS"
+        CXX="$CXX" CXXFLAGS="$CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" static dynamic cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
+
+        if [[ ("${PIPESTATUS[0]}" -ne 0) ]]; then
+            echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS"
+        else
+            ./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
+            if [[ ("${PIPESTATUS[0]}" -ne 0) ]]; then
+                echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS"
+            fi
+            ./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
+            if [[ ("${PIPESTATUS[0]}" -ne 0) ]]; then
+                echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS"
+            fi
+            echo
+        fi
+
+        cd ../ || exit 1
+        rm -rf "${base}"
+    fi
+fi
+
 #############################################
 #############################################
 ################ END TESTING ################
@@ -7189,7 +7463,7 @@
 ############################################
 # Cleanup, but leave output files
 "$MAKE" clean &>/dev/null
-rm -f "$TMPDIR/test.exe" &>/dev/null
+rm -f "${TMPDIR}/test.exe" &>/dev/null
 
 ############################################
 # Report tests performed
@@ -7197,7 +7471,7 @@
 echo
 echo "************************************************" | tee -a "$TEST_RESULTS"
 echo "************************************************" | tee -a "$TEST_RESULTS"
-echo | tee -a "$TEST_RESULTS"
+echo "" | tee -a "$TEST_RESULTS"
 
 COUNT="${#TEST_LIST[@]}"
 if (( "$COUNT" == "0" )); then
@@ -7209,14 +7483,14 @@
       echo "  - $TEST" | tee -a "$TEST_RESULTS"
     done
 fi
-echo | tee -a "$TEST_RESULTS"
+echo "" | tee -a "$TEST_RESULTS"
 
 ############################################
 # Report errors
 
 echo
 echo "************************************************" | tee -a "$TEST_RESULTS"
-echo | tee -a "$TEST_RESULTS"
+echo "" | tee -a "$TEST_RESULTS"
 
 # "FAILED" and "Exception" are from Crypto++
 # "ERROR" is from this script
@@ -7238,7 +7512,7 @@
 
 echo
 echo "************************************************" | tee -a "$TEST_RESULTS" "$WARN_RESULTS"
-echo | tee -a "$TEST_RESULTS" "$WARN_RESULTS"
+echo "" | tee -a "$TEST_RESULTS" "$WARN_RESULTS"
 
 WCOUNT=$("$GREP" -E '(warning:)' $WARN_RESULTS | wc -l | "$AWK" '{print $1}')
 if (( "$WCOUNT" == "0" )); then
@@ -7253,7 +7527,7 @@
 
 echo
 echo "************************************************" | tee -a "$TEST_RESULTS" "$WARN_RESULTS"
-echo | tee -a "$TEST_RESULTS" "$WARN_RESULTS"
+echo "" | tee -a "$TEST_RESULTS" "$WARN_RESULTS"
 
 echo "Testing started: $TEST_BEGIN" | tee -a "$TEST_RESULTS" "$WARN_RESULTS"
 echo "Testing finished: $TEST_END" | tee -a "$TEST_RESULTS" "$WARN_RESULTS"
diff -Nru libcrypto++-8.4.0/TestScripts/cryptest-symbols.sh libcrypto++-8.6.0/TestScripts/cryptest-symbols.sh
--- libcrypto++-8.4.0/TestScripts/cryptest-symbols.sh	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestScripts/cryptest-symbols.sh	2021-09-24 11:48:47.000000000 +0000
@@ -1,30 +1,27 @@
 #!/usr/bin/env bash
 
-# cryptest.sh - written and placed in public domain by Jeffrey Walton and Uri
-#               Blumenthal.
-
+#############################################################################
+#
 # This is a test script that can be used on some Linux/Unix/Apple machines to
 # automate testing of the shared object to ensure linking and symbols don't go
 # missing from release to release.
+#
+# Written and placed in public domain by Jeffrey Walton and Uri Blumenthal.
+#
+# Crypto++ Library is copyrighted as a compilation and (as of version 5.6.2)
+# licensed under the Boost Software License 1.0, while the individual files
+# in the compilation are all public domain.
+#
+#############################################################################
 
-############################################
-# Cleanup
-
-PWD_DIR=$(pwd)
-function cleanup {
-    rm -f adhoc.cpp *\.a *\.o *\.so* *\.dylib*
-    cd "$PWD_DIR"
-}
-trap cleanup EXIT
-
-############################################
+#############################################################################
 # Tags to test
 
 OLD_VERSION_TAG=CRYPTOPP_8_3_0
 NEW_VERSION_TAG=master
 
-############################################
-# If local repo is dirty, then promt first
+#############################################################################
+# If local repo is dirty, then prompt first
 
 DIRTY=$(git diff --shortstat 2> /dev/null | tail -1)
 if [[ ! -z "$DIRTY" ]]; then
@@ -41,14 +38,14 @@
 	echo "The local repo is clean. Proceeding..."
 fi
 
-############################################
+#############################################################################
 
 echo
 echo "****************************************************************"
 echo "Testing '$NEW_VERSION_TAG' against '$OLD_VERSION_TAG'"
 echo "****************************************************************"
 
-############################################
+#############################################################################
 # Setup tools and platforms
 
 GREP=grep
@@ -106,11 +103,11 @@
 MACPORTS_COMPILER=$("${CXX}" --version 2>&1 | "${GREP}" -i -c "MacPorts")
 CLANG_COMPILER=$("${CXX}" --version 2>&1 | "${GREP}" -i -c "clang")
 
-############################################
+#############################################################################
 
 # CPU is logical count, memory is in MiB. Low resource boards have
-#   fewer than 4 cores and 1GB or less memory. We use this to
-#   determine if we can build in parallel without an OOM kill.
+#  fewer than 4 cores and 1GB or less memory. We use this to
+#  determine if we can build in parallel without an OOM kill.
 CPU_COUNT=1
 MEM_SIZE=512
 
@@ -128,7 +125,7 @@
 fi
 
 # Some ARM devboards cannot use 'make -j N', even with multiple cores and RAM
-#  An 8-core Cubietruck Plus with 2GB RAM experiences OOM kills with '-j 2'.
+# An 8-core Cubietruck Plus with 2GB RAM experiences OOM kills with '-j 2'.
 HAVE_SWAP=1
 if [[ "$IS_LINUX" -ne "0" ]]; then
 	if [[ -e "/proc/meminfo" ]]; then
@@ -145,8 +142,8 @@
 	MAKEARGS=(-j "$CPU_COUNT")
 fi
 
-###############################################################################
-###############################################################################
+#############################################################################
+#############################################################################
 
 "${MAKE}" distclean &>/dev/null && cleanup &>/dev/null
 git checkout master -f &>/dev/null
diff -Nru libcrypto++-8.4.0/TestScripts/cryptest-tidy.sh libcrypto++-8.6.0/TestScripts/cryptest-tidy.sh
--- libcrypto++-8.4.0/TestScripts/cryptest-tidy.sh	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestScripts/cryptest-tidy.sh	2021-09-24 11:48:47.000000000 +0000
@@ -1,5 +1,17 @@
 #!/usr/bin/env bash
 
+#############################################################################
+#
+# This script invokes clang-tidy on source files.
+#
+# Written and placed in public domain by Jeffrey Walton.
+#
+# Crypto++ Library is copyrighted as a compilation and (as of version 5.6.2)
+# licensed under the Boost Software License 1.0, while the individual files
+# in the compilation are all public domain.
+#
+#############################################################################
+
 for file in $(find . -maxdepth 1 -type f -name '*.cpp'); do
     echo "Tidying $file"
     clang-tidy $file -checks=-clang-analyzer-optin.cplusplus.VirtualCall -- -std=c++03
diff -Nru libcrypto++-8.4.0/TestScripts/governor.sh libcrypto++-8.6.0/TestScripts/governor.sh
--- libcrypto++-8.4.0/TestScripts/governor.sh	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestScripts/governor.sh	2021-09-24 11:48:47.000000000 +0000
@@ -1,10 +1,22 @@
 #!/usr/bin/env bash
 
+#############################################################################
+#
 # This scripts queries and modifies CPU scaling frequencies to produce more
-# accurate benchmark results. To move from a low energy state to a higher
+# accurate benchmark results. To move from a low power state to a higher
 # one, run 'governor.sh performance'. To move back to a low power state
-# run 'governor.sh powersave' or 'governor.sh ondemand' or reboot. The script
-# based on code by Andy Polyakov, http://www.openssl.org/~appro/cryptogams/.
+# run 'governor.sh powersave' or 'governor.sh ondemand' or reboot.
+#
+# Written and placed in public domain by Jeffrey Walton. The script based on
+# code by Andy Polyakov, http://www.openssl.org/~appro/cryptogams/.
+#
+# Crypto++ Library is copyrighted as a compilation and (as of version 5.6.2)
+# licensed under the Boost Software License 1.0, while the individual files
+# in the compilation are all public domain.
+#
+# See https://www.cryptopp.com/wiki/Benchmarks for more details
+#
+#############################################################################
 
 # Fixup ancient Bash
 # https://unix.stackexchange.com/q/468579/56041
diff -Nru libcrypto++-8.4.0/TestScripts/install-ndk.sh libcrypto++-8.6.0/TestScripts/install-ndk.sh
--- libcrypto++-8.4.0/TestScripts/install-ndk.sh	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestScripts/install-ndk.sh	2021-09-24 11:48:47.000000000 +0000
@@ -1,12 +1,18 @@
 #!/usr/bin/env bash
 
-# ====================================================================
+#############################################################################
 # Tests Android cross-compiles
 #
 # This script installs a SDK and NDK to test Android cross-compiles.
 #
+# Written and placed in public domain by Jeffrey Walton
+#
+# Crypto++ Library is copyrighted as a compilation and (as of version 5.6.2)
+# licensed under the Boost Software License 1.0, while the individual files
+# in the compilation are all public domain.
+#
 # See http://www.cryptopp.com/wiki/Android_(Command_Line) for more details
-# ====================================================================
+#############################################################################
 
 # NDK-r19: https://dl.google.com/android/repository/android-ndk-r19c-linux-x86_64.zip
 # SDK for r19: https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip
@@ -20,79 +26,182 @@
 # SDK for r21: https://dl.google.com/android/repository/commandlinetools-linux-6200805_latest.zip
 # SDK for Mac: https://dl.google.com/android/repository/commandlinetools-mac-6200805_latest.zip
 
-if [ -z "$ANDROID_SDK_ROOT" ]; then
-    echo "ERROR: ANDROID_SDK_ROOT is not set. Please set it."
-    echo "SDK root is $ANDROID_SDK_ROOT"
-    exit 1
-fi
-
-if [ -z "$ANDROID_NDK_ROOT" ]; then
-    echo "ERROR: ANDROID_NDK_ROOT is not set. Please set it."
-    echo "NDK root is $ANDROID_NDK_ROOT"
-    exit 1
-fi
+# NDK-r22: https://dl.google.com/android/repository/android-ndk-r22-linux-x86_64.zip
+# SDK for r22: https://dl.google.com/android/repository/commandlinetools-linux-6858069_latest.zip
+# SDK for Mac: https://dl.google.com/android/repository/commandlinetools-mac-6858069_latest.zip
+
+# Platform tools
+# Linux: https://dl.google.com/android/repository/platform-tools-latest-linux.zip
+# Mac: https://dl.google.com/android/repository/platform-tools-latest-darwin.zip
+# Windows: https://dl.google.com/android/repository/platform-tools-latest-windows.zip
+
+function cleanup {
+    # Cleanup downloads
+    rm -f android-sdk.zip android-ndk.zip platform-tools.zip
+}
+trap cleanup EXIT
+
+if [ -z "${ANDROID_SDK_ROOT}" ]; then
+    echo "ERROR: ANDROID_SDK_ROOT is not set for ${USER}. Please set it."
+    exit 1
+fi
+
+if [ -z "${ANDROID_NDK_ROOT}" ]; then
+    echo "ERROR: ANDROID_NDK_ROOT is not set for ${USER}. Please set it."
+    exit 1
+fi
+
+# Temp directory
+if [[ -z "${TMPDIR}" ]]; then
+    TMPDIR="$HOME/tmp"
+    mkdir -p "${TMPDIR}"
+    if [ -n "${SUDO_USER}" ]; then
+        chown -R "${SUDO_USER}" "${TMPDIR}"
+    fi
+fi
+
+# Install Android deps
+if [[ -z "$(command -v java 2>/dev/null)" && -n "$(command -v apt-get 2>/dev/null)" ]]; then
+    apt-get -qq update 2>/dev/null || true
+    apt-get -qq install --no-install-recommends unzip curl wget 2>/dev/null || true
+
+    if [[ -n "$(apt-cache search openjdk-13-jdk 2>/dev/null | head -n 1)" ]]; then
+        apt-get -qq install --no-install-recommends openjdk-13-jdk 2>/dev/null || true
+    elif [[ -n "$(apt-cache search openjdk-8-jdk 2>/dev/null | head -n 1)" ]]; then
+        apt-get -qq install --no-install-recommends openjdk-8-jdk 2>/dev/null || true
+    fi
+elif [[ -z "$(command -v java 2>/dev/null)" && -n "$(command -v dnf 2>/dev/null)" ]]; then
+    dnf update 2>/dev/null || true
+    dnf install unzip curl wget 2>/dev/null || true
+
+    if [[ -n "$(dnf search java-latest-openjdk-devel 2>/dev/null | head -n 1)" ]]; then
+        dnf install java-latest-openjdk-devel 2>/dev/null || true
+    elif [[ -n "$(dnf search java-11-openjdk-devel 2>/dev/null | head -n 1)" ]]; then
+        dnf install java-11-openjdk-devel 2>/dev/null || true
+    fi
+elif [[ -z "$(command -v java 2>/dev/null)" && -n "$(command -v yum 2>/dev/null)" ]]; then
+    yum update 2>/dev/null || true
+    yum install unzip curl wget 2>/dev/null || true
+
+    if [[ -n "$(yum search java-latest-openjdk-devel 2>/dev/null | head -n 1)" ]]; then
+        yum install java-latest-openjdk-devel 2>/dev/null || true
+    elif [[ -n "$(yum search java-11-openjdk-devel 2>/dev/null | head -n 1)" ]]; then
+        yum install java-11-openjdk-devel 2>/dev/null || true
+    fi
+fi
+
+# User feedback
+#echo "ANDROID_NDK_ROOT is '${ANDROID_NDK_ROOT}'"
+#echo "ANDROID_SDK_ROOT is '${ANDROID_SDK_ROOT}'"
 
 IS_DARWIN=$(uname -s 2>/dev/null | grep -i -c darwin)
 IS_LINUX=$(uname -s 2>/dev/null | grep -i -c linux)
 
+# Change NDK_NAME as required
+NDK_NAME=android-ndk-r20b
+NDK_TOP=$(dirname "${ANDROID_NDK_ROOT}")
+
 # Keep this in sync with the move at the end.
 if [ "$IS_LINUX" -eq 1 ]; then
+    NDK_URL=https://dl.google.com/android/repository/${NDK_NAME}-linux-x86_64.zip
     SDK_URL=https://dl.google.com/android/repository/commandlinetools-linux-6200805_latest.zip
-    NDK_URL=https://dl.google.com/android/repository/android-ndk-r20b-linux-x86_64.zip
+    TOOLS_URL=https://dl.google.com/android/repository/platform-tools-latest-linux.zip
 elif [ "$IS_DARWIN" -eq 1 ]; then
+    NDK_URL=https://dl.google.com/android/repository/${NDK_NAME}-darwin-x86_64.zip
     SDK_URL=https://dl.google.com/android/repository/commandlinetools-mac-6200805_latest.zip
-    NDK_URL=https://dl.google.com/android/repository/android-ndk-r20b-darwin-x86_64.zip
+    TOOLS_URL=https://dl.google.com/android/repository/platform-tools-latest-darwin.zip
 else
     echo "Unknown platform: \"$(uname -s 2>/dev/null)\". Please fix this script."
 fi
 
-# install android deps
-if [ -n "$(command -v apt-get)" ]; then
-    apt-get -qq update 2>/dev/null
-    apt-get -qq install --no-install-recommends openjdk-8-jdk unzip curl 2>/dev/null
-fi
-
 echo "Downloading SDK"
-if ! curl -k -s -o android-sdk.zip "$SDK_URL";
+if ! curl -L -s -o android-sdk.zip "${SDK_URL}";
 then
     echo "Failed to download SDK"
     exit 1
 fi
 
 echo "Downloading NDK"
-if ! curl -k -s -o android-ndk.zip "$NDK_URL";
+if ! curl -L -s -o android-ndk.zip "${NDK_URL}";
 then
     echo "Failed to download NDK"
     exit 1
 fi
 
-echo "Unpacking SDK to $ANDROID_SDK_ROOT"
-if ! unzip -qq android-sdk.zip -d "$ANDROID_SDK_ROOT";
+echo "Downloading Platform Tools"
+if ! curl -L -s -o platform-tools.zip "${TOOLS_URL}";
+then
+    echo "Failed to download Platform Tools"
+    exit 1
+fi
+
+# Android SDK does not include a top level directory
+echo "Unpacking SDK to ${ANDROID_SDK_ROOT}"
+if ! unzip -u -qq android-sdk.zip -d "${ANDROID_SDK_ROOT}";
 then
     echo "Failed to unpack SDK"
     exit 1
 fi
 
-echo "Unpacking NDK to $ANDROID_NDK_ROOT"
-if ! unzip -qq android-ndk.zip -d "$HOME";
+# Android NDK includes top level NDK_NAME directory
+echo "Unpacking NDK to ${NDK_TOP}/${NDK_NAME}"
+if ! unzip -u -qq android-ndk.zip -d "${NDK_TOP}";
 then
     echo "Failed to unpack NDK"
     exit 1
 fi
 
-if ! mv "$HOME/android-ndk-r20b" "$ANDROID_NDK_ROOT";
+echo "Unpacking Platform Tools to ${ANDROID_SDK_ROOT}"
+if ! unzip -u -qq platform-tools.zip -d "${ANDROID_SDK_ROOT}";
 then
-    echo "Failed to move $HOME/android-ndk-r20b to $ANDROID_NDK_ROOT"
+    echo "Failed to unpack Platform Tools"
     exit 1
 fi
 
-rm -f android-sdk.zip
-rm -f android-ndk.zip
+# Unlink as needed
+if [[ -e "${ANDROID_NDK_ROOT}" ]]; then
+    ls_output=$(ls -l "${ANDROID_NDK_ROOT}" 2>/dev/null | head -n 1)
+    # Only remove soft links
+    if [[ ${ls_output:0:1} == "l" ]]; then
+        unlink "${ANDROID_NDK_ROOT}"
+    fi
+fi
+
+# Create softlink
+(
+    echo "Symlinking ${NDK_NAME} to android-ndk"
+    cd ${NDK_TOP} || exit 1
+    if ! ln -s "${NDK_NAME}" android-ndk; then
+        echo "Failed to link ${NDK_NAME} to android-ndk"
+    fi
+)
 
 # We don't set ANDROID_HOME to ANDROID_SDK_ROOT.
 # https://stackoverflow.com/a/47028911/608639
-touch "$ANDROID_SDK_ROOT/repositories.cfg"
+touch "${ANDROID_SDK_ROOT}/repositories.cfg"
+
+# And https://stackoverflow.com/q/43433542
+mkdir -p "${HOME}/.android"
+touch "${HOME}/.android/repositories.cfg"
+
+if [[ -n "${SUDO_USER}" ]]; then
+    chown -R "${SUDO_USER}" "${HOME}/.android"
+fi
+
+count=$(ls -1 "${ANDROID_SDK_ROOT}" 2>/dev/null | wc -l)
+if [[ "${count}" -lt 2 ]]; then
+    echo "ANDROID_SDK_ROOT appears empty. The contents are listed."
+    echo "$(ls "${ANDROID_SDK_ROOT}")"
+    exit 1
+fi
+
+count=$(ls -1 "${ANDROID_NDK_ROOT}" 2>/dev/null | wc -l)
+if [[ "${count}" -lt 2 ]]; then
+    echo "ANDROID_NDK_ROOT appears empty. The contents are listed."
+    echo "$(ls "${ANDROID_NDK_ROOT}")"
+    exit 1
+fi
 
-echo "Finished preparing SDK and NDK"
+echo "Finished installing SDK and NDK"
 
 exit 0
diff -Nru libcrypto++-8.4.0/TestScripts/make-benchmarks.sh libcrypto++-8.6.0/TestScripts/make-benchmarks.sh
--- libcrypto++-8.4.0/TestScripts/make-benchmarks.sh	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestScripts/make-benchmarks.sh	2021-09-24 11:48:47.000000000 +0000
@@ -1,14 +1,21 @@
 #!/usr/bin/env bash
 
-# make-benchmarks - Scan build submission instructions for Unix and Linux.
-#                   Written and placed in public domain by Jeffrey Walton and Uri Blumenthal.
-#                   Copyright assigned to Crypto++ project.
+#############################################################################
 #
-# The following builds the benchmarks under 5.6.2, 5.6.4 and Master. The results can then be
-#  compared to ensure an speed penalty is not inadvertently taken. Crypto++ 5.6.2 is significant
-#  because its the last version Wei worked on before turning the library over to the community.
-
-###############################################################################
+# The following builds the benchmarks under 5.6.2, 5.6.4 and Master. The
+# results can then be compared to ensure an speed penalty is not inadvertently
+# taken. Crypto++ 5.6.2 is significant because its the last version Wei worked
+# on before turning the library over to the community.
+#
+# Written and placed in public domain by Jeffrey Walton.
+#
+# Crypto++ Library is copyrighted as a compilation and (as of version 5.6.2)
+# licensed under the Boost Software License 1.0, while the individual files
+# in the compilation are all public domain.
+#
+# See https://www.cryptopp.com/wiki/Benchmarks for more details
+#
+#############################################################################
 
 # Set to suite your taste. Speed is in GiHz
 
@@ -25,16 +32,16 @@
 echo "Please modify this script if its not correct"
 echo
 
-###############################################################################
+#############################################################################
 
 current=$(git rev-parse --abbrev-ref HEAD 2>/dev/null)
 git fetch --all &>/dev/null &>/dev/null
 if [[ "$?" -ne "0" ]]; then
 	echo "$PWD does not appear to be a Git repository"
-	[[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1
+	exit 1
 fi
 
-###############################################################################
+#############################################################################
 # Try to find a fast option
 
 OPT=
@@ -79,7 +86,7 @@
 	fi
 fi
 
-##################################################################
+#############################################################################
 
 echo "***************************************************"
 echo "**************** Crypto++ 5.6.2 *******************"
@@ -105,7 +112,7 @@
 	fi
 fi
 
-##################################################################
+#############################################################################
 
 echo "***************************************************"
 echo "**************** Crypto++ 5.6.4 *******************"
@@ -131,7 +138,7 @@
 	fi
 fi
 
-##################################################################
+#############################################################################
 
 echo "***************************************************"
 echo "*************** Crypto++ Master *******************"
@@ -157,10 +164,10 @@
 	fi
 fi
 
-##################################################################
+#############################################################################
 
 if [[ ! -z "$current" ]]; then
 	git checkout -f "$current"
 fi
 
-[[ "$0" = "$BASH_SOURCE" ]] && exit 0 || return 0
+exit 0
diff -Nru libcrypto++-8.4.0/TestScripts/reset-fork.sh libcrypto++-8.6.0/TestScripts/reset-fork.sh
--- libcrypto++-8.4.0/TestScripts/reset-fork.sh	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestScripts/reset-fork.sh	2021-09-24 11:48:47.000000000 +0000
@@ -2,6 +2,13 @@
 
 # Use this script to reset a fork to Wei Dai's master
 # https://stackoverflow.com/questions/9646167/clean-up-a-fork-and-restart-it-from-the-upstream
+#
+# Written and placed in public domain by Jeffrey Walton
+#
+# Crypto++ Library is copyrighted as a compilation and (as of version 5.6.2)
+# licensed under the Boost Software License 1.0, while the individual files
+# in the compilation are all public domain.
+#
 
 git remote add upstream https://github.com/weidai11/cryptopp 2>/dev/null
 git fetch upstream
diff -Nru libcrypto++-8.4.0/TestScripts/setenv-android.sh libcrypto++-8.6.0/TestScripts/setenv-android.sh
--- libcrypto++-8.4.0/TestScripts/setenv-android.sh	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestScripts/setenv-android.sh	2021-09-24 11:48:47.000000000 +0000
@@ -1,11 +1,13 @@
 #!/usr/bin/env bash
 
-# ====================================================================
-# Sets the cross compile environment for Android
+#############################################################################
+#
+# This script sets the cross-compile environment for Android.
 #
 # Based upon OpenSSL's setenv-android.sh by TH, JW, and SM.
 # Heavily modified by JWW for Crypto++.
 # Modified by Skycoder42 Android NDK-r19 and above.
+# Modified some more by JW and UB.
 #
 # Crypto++ Library is copyrighted as a compilation and (as of version 5.6.2)
 # licensed under the Boost Software License 1.0, while the individual files
@@ -14,9 +16,11 @@
 # Also see:
 #   https://android.googlesource.com/platform/ndk.git/+/HEAD/docs/UnifiedHeaders.md
 #   https://android.googlesource.com/platform/ndk/+/master/docs/PlatformApis.md
+#   https://developer.android.com/ndk/guides/abis.html and
+#   https://developer.android.com/ndk/guides/cpp-support.
 #
 # See http://www.cryptopp.com/wiki/Android_(Command_Line) for more details
-# ====================================================================
+#############################################################################
 
 #########################################
 #####        Some validation        #####
@@ -27,40 +31,91 @@
     echo "setenv-android.sh is usually sourced, but not this time."
 fi
 
-# This supports 'source setenv-android.sh 23 arm64' and friends
-if [[ -z "$ANDROID_API" && -n "$1" ]]; then
-    printf "Using positional arg, ANDROID_API=%s\n" "$1"
-    ANDROID_API="$1"
+# This supports both 'source setenv-android.sh 21 arm64' and
+# 'source setenv-android.sh ANDROID_API=21 ANDROID_CPU=arm64'
+if [[ -n "$1" ]]
+then
+    arg1=$(echo "$1" | cut -f 1 -d '=')
+    arg2=$(echo "$1" | cut -f 2 -d '=')
+    if [[ -n "${arg2}" ]]; then
+        ANDROID_API="${arg2}"
+    else
+        ANDROID_API="${arg1}"
+    fi
+    printf "Using positional arg, ANDROID_API=%s\n" "${ANDROID_API}"
 fi
 
-# This supports 'source setenv-android.sh 23 arm64' and friends
-if [[ -z "$ANDROID_CPU" && -n "$2" ]]; then
-    printf "Using positional arg, ANDROID_CPU=%s\n" "$2"
-    ANDROID_CPU="$2"
+# This supports both 'source setenv-android.sh 21 arm64' and
+# 'source setenv-android.sh ANDROID_API=21 ANDROID_CPU=arm64'
+if [[ -n "$2" ]]
+then
+    arg1=$(echo "$2" | cut -f 1 -d '=')
+    arg2=$(echo "$2" | cut -f 2 -d '=')
+    if [[ -n "${arg2}" ]]; then
+        ANDROID_CPU="${arg2}"
+    else
+        ANDROID_CPU="${arg1}"
+    fi
+    printf "Using positional arg, ANDROID_CPU=%s\n" "${ANDROID_CPU}"
 fi
 
-if [ -z "$ANDROID_API" ]; then
+if [ -z "${ANDROID_API}" ]; then
     echo "ANDROID_API is not set. Please set it"
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
 
-if [ -z "$ANDROID_CPU" ]; then
+if [ -z "${ANDROID_CPU}" ]; then
     echo "ANDROID_CPU is not set. Please set it"
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
 
+DEF_CPPFLAGS="-DNDEBUG"
+DEF_CFLAGS="-Wall -g2 -O3 -fPIC"
+DEF_CXXFLAGS="-Wall -g2 -O3 -fPIC"
+DEF_LDFLAGS=""
+
 #########################################
 #####       Clear old options       #####
 #########################################
 
 unset IS_IOS
+unset IS_MACOS
 unset IS_ANDROID
 unset IS_ARM_EMBEDDED
 
+unset ANDROID_CPPFLAGS
+unset ANDROID_CFLAGS
 unset ANDROID_CXXFLAGS
+unset ANDROID_LDFLAGS
 unset ANDROID_SYSROOT
 
-#####################################################################
+#########################################
+#####    Small Fixups, if needed    #####
+#########################################
+
+ANDROID_CPU=$(tr '[:upper:]' '[:lower:]' <<< "${ANDROID_CPU}")
+
+if [[ "$ANDROID_CPU" == "amd64" || "$ANDROID_CPU" == "x86_64" ]] ; then
+    ANDROID_CPU=x86_64
+fi
+
+if [[ "$ANDROID_CPU" == "i386" || "$ANDROID_CPU" == "i686" ]] ; then
+    ANDROID_CPU=i686
+fi
+
+if [[ "$ANDROID_CPU" == "armv7"* || "$ANDROID_CPU" == "armeabi"* ]] ; then
+    ANDROID_CPU=armeabi-v7a
+fi
+
+if [[ "$ANDROID_CPU" == "aarch64" || "$ANDROID_CPU" == "arm64"* || "$ANDROID_CPU" == "armv8"* ]] ; then
+    ANDROID_CPU=arm64-v8a
+fi
+
+echo "Configuring for $ANDROID_SDK ($ANDROID_CPU)"
+
+########################################
+#####         Environment          #####
+########################################
 
 # ANDROID_NDK_ROOT should always be set by the user (even when not running this script)
 # http://groups.google.com/group/android-ndk/browse_thread/thread/a998e139aca71d77.
@@ -68,15 +123,15 @@
 # ANDROID_NDK_ROOT=/opt/android-ndk-r19c or ANDROID_NDK_ROOT=/usr/local/android-ndk-r20.
 
 if [ -n "${ANDROID_NDK_ROOT}" ]; then
-    echo "ANDROID_NDK_ROOT is $ANDROID_NDK_ROOT"
+    echo "ANDROID_NDK_ROOT is ${ANDROID_NDK_ROOT}"
 else
     echo "ANDROID_NDK_ROOT is empty. Searching for the NDK"
     ANDROID_NDK_ROOT=$(find /opt -maxdepth 1 -type d -name "android-ndk*" 2>/dev/null | tail -n -1)
 
-    if [ -z "$ANDROID_NDK_ROOT" ]; then
+    if [ -z "${ANDROID_NDK_ROOT}" ]; then
         ANDROID_NDK_ROOT=$(find /usr/local -maxdepth 1 -type d -name "android-ndk*" 2>/dev/null | tail -n -1)
     fi
-    if [ -z "$ANDROID_NDK_ROOT" ]; then
+    if [ -z "${ANDROID_NDK_ROOT}" ]; then
         ANDROID_NDK_ROOT=$(find "$HOME" -maxdepth 1 -type d -name "android-ndk*" 2>/dev/null | tail -n -1)
     fi
     if [ -d "$HOME/Library/Android/sdk/ndk-bundle" ]; then
@@ -85,12 +140,23 @@
 fi
 
 # Error checking
-if [ ! -d "$ANDROID_NDK_ROOT" ]; then
-    echo "ERROR: ANDROID_NDK_ROOT is not a valid path. Please set it."
-    echo "Root is $ANDROID_NDK_ROOT"
+if [ ! -d "${ANDROID_NDK_ROOT}" ]; then
+    echo "ERROR: ANDROID_NDK_ROOT is not a valid path for ${USER}. Please set it."
+    echo "ANDROID_NDK_ROOT is '${ANDROID_NDK_ROOT}'"
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
 
+# Error checking
+if [ ! -d "${ANDROID_SDK_ROOT}" ]; then
+    echo "ERROR: ANDROID_SDK_ROOT is not a valid path for ${USER}. Please set it."
+    echo "ANDROID_SDK_ROOT is '${ANDROID_SDK_ROOT}'"
+    [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
+fi
+
+# User feedback
+#echo "ANDROID_NDK_ROOT is '${ANDROID_NDK_ROOT}'"
+#echo "ANDROID_SDK_ROOT is '${ANDROID_SDK_ROOT}'"
+
 #####################################################################
 
 # Need to set HOST_TAG to darwin-x86_64, linux-x86_64,
@@ -105,125 +171,187 @@
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
 
-ANDROID_TOOLCHAIN="$ANDROID_NDK_ROOT/toolchains/llvm/prebuilt/$HOST_TAG/bin"
-ANDROID_SYSROOT="$ANDROID_NDK_ROOT/toolchains/llvm/prebuilt/$HOST_TAG/sysroot"
+ANDROID_TOOLCHAIN="${ANDROID_NDK_ROOT}/toolchains/llvm/prebuilt/${HOST_TAG}/bin"
+ANDROID_SYSROOT="${ANDROID_NDK_ROOT}/toolchains/llvm/prebuilt/${HOST_TAG}/sysroot"
 
 # Error checking
-if [ ! -d "$ANDROID_TOOLCHAIN" ]; then
+if [ ! -d "${ANDROID_TOOLCHAIN}" ]; then
     echo "ERROR: ANDROID_TOOLCHAIN is not a valid path. Please set it."
-    echo "Path is $ANDROID_TOOLCHAIN"
+    echo "ANDROID_TOOLCHAIN is '${ANDROID_TOOLCHAIN}'"
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
 
 # Error checking
-if [ ! -d "$ANDROID_SYSROOT" ]; then
+if [ ! -d "${ANDROID_SYSROOT}" ]; then
     echo "ERROR: ANDROID_SYSROOT is not a valid path. Please set it."
-    echo "Path is $ANDROID_SYSROOT"
+    echo "ANDROID_SYSROOT is '${ANDROID_SYSROOT}'"
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
 
 #####################################################################
 
-THE_ARCH=$(tr '[:upper:]' '[:lower:]' <<< "$ANDROID_CPU")
+# https://developer.android.com/ndk/guides/abis.html and
+# https://developer.android.com/ndk/guides/cpp-support.
+# Since NDK r16 the only STL available is libc++, so we
+# add -std=c++11 -stdlib=libc++ to CXXFLAGS. This is
+# consistent with Android.mk and 'APP_STL := c++_shared'.
 
-# https://developer.android.com/ndk/guides/abis.html
-case "$THE_ARCH" in
+case "$ANDROID_CPU" in
   armv7*|armeabi*)
-    CC="armv7a-linux-androideabi$ANDROID_API-clang"
-    CXX="armv7a-linux-androideabi$ANDROID_API-clang++"
+    CC="armv7a-linux-androideabi${ANDROID_API}-clang"
+    CXX="armv7a-linux-androideabi${ANDROID_API}-clang++"
     LD="arm-linux-androideabi-ld"
     AS="arm-linux-androideabi-as"
     AR="arm-linux-androideabi-ar"
     RANLIB="arm-linux-androideabi-ranlib"
     STRIP="arm-linux-androideabi-strip"
+    OBJDUMP="arm-linux-androideabi-objdump"
 
-    ANDROID_CXXFLAGS="-march=armv7-a -mthumb -mfloat-abi=softfp -funwind-tables -fexceptions -frtti"
+    # You may need this on older NDKs
+    # ANDROID_CPPFLAGS="-D__ANDROID__=${ANDROID_API}"
+
+    # Android NDK r19 and r20 no longer use -mfloat-abi=softfp. Add it as required.
+    ANDROID_CFLAGS="-target armv7-none-linux-androideabi${ANDROID_API}"
+    ANDROID_CFLAGS="${ANDROID_CFLAGS} -march=armv7-a -mthumb"
+    ANDROID_CFLAGS="${ANDROID_CFLAGS} -fstack-protector-strong -funwind-tables -fexceptions -frtti"
+    ANDROID_CFLAGS="${ANDROID_CFLAGS} -fno-addrsig -fno-experimental-isel"
+
+    ANDROID_CXXFLAGS="-target armv7-none-linux-androideabi${ANDROID_API}"
+    ANDROID_CXXFLAGS="${ANDROID_CXXFLAGS} -march=armv7-a -mthumb"
+    ANDROID_CXXFLAGS="${ANDROID_CXXFLAGS} -std=c++11 -stdlib=libc++"
+    ANDROID_CXXFLAGS="${ANDROID_CXXFLAGS} -fstack-protector-strong -funwind-tables -fexceptions -frtti"
+    ANDROID_CXXFLAGS="${ANDROID_CXXFLAGS} -fno-addrsig -fno-experimental-isel"
     ;;
+
   armv8*|aarch64|arm64*)
-    CC="aarch64-linux-android$ANDROID_API-clang"
-    CXX="aarch64-linux-android$ANDROID_API-clang++"
+    CC="aarch64-linux-android${ANDROID_API}-clang"
+    CXX="aarch64-linux-android${ANDROID_API}-clang++"
     LD="aarch64-linux-android-ld"
     AS="aarch64-linux-android-as"
     AR="aarch64-linux-android-ar"
     RANLIB="aarch64-linux-android-ranlib"
     STRIP="aarch64-linux-android-strip"
+    OBJDUMP="aarch64-linux-android-objdump"
+
+    # You may need this on older NDKs
+    # ANDROID_CPPFLAGS="-D__ANDROID__=${ANDROID_API}"
 
-    ANDROID_CXXFLAGS="-funwind-tables -fexceptions -frtti"
+    ANDROID_CFLAGS="-target aarch64-none-linux-android${ANDROID_API}"
+    ANDROID_CFLAGS="${ANDROID_CFLAGS} -fstack-protector-strong -funwind-tables -fexceptions -frtti"
+    ANDROID_CFLAGS="${ANDROID_CFLAGS} -fno-addrsig -fno-experimental-isel"
+
+    ANDROID_CXXFLAGS="-target aarch64-none-linux-android${ANDROID_API}"
+    ANDROID_CXXFLAGS="${ANDROID_CXXFLAGS} -std=c++11 -stdlib=libc++"
+    ANDROID_CXXFLAGS="${ANDROID_CXXFLAGS} -fstack-protector-strong -funwind-tables -fexceptions -frtti"
+    ANDROID_CXXFLAGS="${ANDROID_CXXFLAGS} -fno-addrsig -fno-experimental-isel"
     ;;
+
   i686|x86)
-    CC="i686-linux-android$ANDROID_API-clang"
-    CXX="i686-linux-android$ANDROID_API-clang++"
+    CC="i686-linux-android${ANDROID_API}-clang"
+    CXX="i686-linux-android${ANDROID_API}-clang++"
     LD="i686-linux-android-ld"
     AS="i686-linux-android-as"
     AR="i686-linux-android-ar"
     RANLIB="i686-linux-android-ranlib"
     STRIP="i686-linux-android-strip"
+    OBJDUMP="i686-linux-android-objdump"
+
+    # You may need this on older NDKs
+    # ANDROID_CPPFLAGS="-D__ANDROID__=${ANDROID_API}"
 
-    ANDROID_CXXFLAGS="-mtune=intel -mssse3 -mfpmath=sse -funwind-tables -fexceptions -frtti"
+    ANDROID_CFLAGS="-target i686-none-linux-android${ANDROID_API}"
+    ANDROID_CFLAGS="${ANDROID_CFLAGS} -mtune=intel -mssse3 -mfpmath=sse"
+    ANDROID_CFLAGS="${ANDROID_CFLAGS} -fstack-protector-strong -funwind-tables -fexceptions -frtti"
+    ANDROID_CFLAGS="${ANDROID_CFLAGS} -fno-addrsig -fno-experimental-isel"
+
+    ANDROID_CXXFLAGS="-target i686-none-linux-android${ANDROID_API}"
+    ANDROID_CXXFLAGS="${ANDROID_CXXFLAGS} -mtune=intel -mssse3 -mfpmath=sse"
+    ANDROID_CXXFLAGS="${ANDROID_CXXFLAGS} -std=c++11 -stdlib=libc++"
+    ANDROID_CXXFLAGS="${ANDROID_CXXFLAGS} -fstack-protector-strong -funwind-tables -fexceptions -frtti"
+    ANDROID_CXXFLAGS="${ANDROID_CXXFLAGS} -fno-addrsig -fno-experimental-isel"
     ;;
+
   x86_64|x64)
-    CC="x86_64-linux-android$ANDROID_API-clang"
-    CXX="x86_64-linux-android$ANDROID_API-clang++"
+    CC="x86_64-linux-android${ANDROID_API}-clang"
+    CXX="x86_64-linux-android${ANDROID_API}-clang++"
     LD="x86_64-linux-android-ld"
     AS="x86_64-linux-android-as"
     AR="x86_64-linux-android-ar"
     RANLIB="x86_64-linux-android-ranlib"
     STRIP="x86_64-linux-android-strip"
+    OBJDUMP="x86_64-linux-android-objdump"
+
+    # You may need this on older NDKs
+    # ANDROID_CPPFLAGS="-D__ANDROID__=${ANDROID_API}"
 
-    ANDROID_CXXFLAGS="-march=x86-64 -msse4.2 -mpopcnt -mtune=intel -funwind-tables -fexceptions -frtti"
+    ANDROID_CFLAGS="-target x86_64-none-linux-android${ANDROID_API}"
+    ANDROID_CFLAGS="${ANDROID_CFLAGS} -march=x86-64 -msse4.2 -mpopcnt -mtune=intel"
+    ANDROID_CFLAGS="${ANDROID_CFLAGS} -fstack-protector-strong -funwind-tables -fexceptions -frtti"
+    ANDROID_CFLAGS="${ANDROID_CFLAGS} -fno-addrsig -fno-experimental-isel"
+
+    ANDROID_CXXFLAGS="-target x86_64-none-linux-android${ANDROID_API}"
+    ANDROID_CXXFLAGS="${ANDROID_CXXFLAGS} -march=x86-64 -msse4.2 -mpopcnt -mtune=intel"
+    ANDROID_CXXFLAGS="${ANDROID_CXXFLAGS} -std=c++11 -stdlib=libc++"
+    ANDROID_CXXFLAGS="${ANDROID_CXXFLAGS} -fstack-protector-strong -funwind-tables -fexceptions -frtti"
+    ANDROID_CXXFLAGS="${ANDROID_CXXFLAGS} -fno-addrsig -fno-experimental-isel"
     ;;
   *)
-    echo "ERROR: Unknown architecture $ANDROID_CPU"
+    echo "ERROR: Unknown architecture ${ANDROID_CPU}"
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
     ;;
 esac
 
-#####################################################################
+echo "Configuring for Android API ${ANDROID_API} ($ANDROID_CPU)"
 
-# GNUmakefile-cross and Autotools expect these to be set.
-# They are also used in the tests below.
-export IS_ANDROID=1
+#####################################################################
 
-export CPP CC CXX LD AS AR RANLIB STRIP
-export ANDROID_CXXFLAGS ANDROID_API ANDROID_CPU ANDROID_SYSROOT
+# Common to all builds
 
-# Do NOT use ANDROID_SYSROOT_INC or ANDROID_SYSROOT_LD
-# https://github.com/android/ndk/issues/894#issuecomment-470837964
+ANDROID_CPPFLAGS="${DEF_CPPFLAGS} ${ANDROID_CPPFLAGS} -DANDROID"
+ANDROID_CFLAGS="${DEF_CFLAGS} ${ANDROID_CFLAGS} -Wa,--noexecstack"
+ANDROID_CXXFLAGS="${DEF_CXXFLAGS} ${ANDROID_CXXFLAGS} -Wa,--noexecstack"
+ANDROID_LDFLAGS="${DEF_LDFLAGS}"
+
+# Aarch64 ld does not understand --warn-execstack
+ANDROID_LDFLAGS="${ANDROID_LDFLAGS} -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now"
+ANDROID_LDFLAGS="${ANDROID_LDFLAGS} -Wl,--warn-shared-textrel -Wl,--warn-common"
+ANDROID_LDFLAGS="${ANDROID_LDFLAGS} -Wl,--warn-unresolved-symbols"
+ANDROID_LDFLAGS="${ANDROID_LDFLAGS} -Wl,--gc-sections -Wl,--fatal-warnings"
 
 #####################################################################
 
 # Error checking
-if [ ! -e "$ANDROID_TOOLCHAIN/$CC" ]; then
+if [ ! -e "${ANDROID_TOOLCHAIN}/$CC" ]; then
     echo "ERROR: Failed to find Android clang. Please edit this script."
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
 
 # Error checking
-if [ ! -e "$ANDROID_TOOLCHAIN/$CXX" ]; then
+if [ ! -e "${ANDROID_TOOLCHAIN}/$CXX" ]; then
     echo "ERROR: Failed to find Android clang++. Please edit this script."
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
 
 # Error checking
-if [ ! -e "$ANDROID_TOOLCHAIN/$RANLIB" ]; then
+if [ ! -e "${ANDROID_TOOLCHAIN}/$RANLIB" ]; then
     echo "ERROR: Failed to find Android ranlib. Please edit this script."
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
 
 # Error checking
-if [ ! -e "$ANDROID_TOOLCHAIN/$AR" ]; then
+if [ ! -e "${ANDROID_TOOLCHAIN}/$AR" ]; then
     echo "ERROR: Failed to find Android ar. Please edit this script."
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
 
 # Error checking
-if [ ! -e "$ANDROID_TOOLCHAIN/$AS" ]; then
+if [ ! -e "${ANDROID_TOOLCHAIN}/$AS" ]; then
     echo "ERROR: Failed to find Android as. Please edit this script."
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
 
 # Error checking
-if [ ! -e "$ANDROID_TOOLCHAIN/$LD" ]; then
+if [ ! -e "${ANDROID_TOOLCHAIN}/$LD" ]; then
     echo "ERROR: Failed to find Android ld. Please edit this script."
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
@@ -233,52 +361,57 @@
 # Add tools to head of path, if not present already
 LENGTH=${#ANDROID_TOOLCHAIN}
 SUBSTR=${PATH:0:$LENGTH}
-if [ "$SUBSTR" != "$ANDROID_TOOLCHAIN" ]; then
-    export PATH="$ANDROID_TOOLCHAIN:$PATH"
+if [ "$SUBSTR" != "${ANDROID_TOOLCHAIN}" ]; then
+    export PATH="${ANDROID_TOOLCHAIN}:$PATH"
 fi
 
 #####################################################################
 
-# Now that we are using cpu-features from Android rather than CPU probing, we
-# need to copy cpu-features.h and cpu-features.c from the NDK into our source
-# directory and then build it.
+# Now that we are using cpu-features from Android rather than
+# CPU probing, we need to copy cpu-features.h and cpu-features.c
+# from the NDK into our source directory and then build it.
 
-if [[ ! -e "$ANDROID_NDK_ROOT/sources/android/cpufeatures/cpu-features.h" ]]; then
+if [[ ! -e "${ANDROID_NDK_ROOT}/sources/android/cpufeatures/cpu-features.h" ]]; then
     echo "ERROR: Unable to locate cpu-features.h"
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
-cp "$ANDROID_NDK_ROOT/sources/android/cpufeatures/cpu-features.h" .
 
-if [[ ! -e "$ANDROID_NDK_ROOT/sources/android/cpufeatures/cpu-features.c" ]]; then
+if [[ ! -e "${ANDROID_NDK_ROOT}/sources/android/cpufeatures/cpu-features.c" ]]; then
     echo "ERROR: Unable to locate cpu-features.c"
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
-cp "$ANDROID_NDK_ROOT/sources/android/cpufeatures/cpu-features.c" .
+
+cp "${ANDROID_NDK_ROOT}/sources/android/cpufeatures/cpu-features.h" .
+cp "${ANDROID_NDK_ROOT}/sources/android/cpufeatures/cpu-features.c" .
 
 # Cleanup the sources for the C++ compiler
 # https://github.com/weidai11/cryptopp/issues/926
 
-sed -e 's/p = memmem/p = (const char*)memmem/g' \
-    -e 's/p  = memmem/p  = (const char*)memmem/g' \
-    -e 's/p = memchr/p = (const char*)memchr/g' \
-    -e 's/p  = memchr/p  = (const char*)memchr/g' \
-    -e 's/q = memmem/q = (const char*)memmem/g' \
-    -e 's/q  = memmem/q  = (const char*)memmem/g' \
-    -e 's/q = memchr/q = (const char*)memchr/g' \
-    -e 's/q  = memchr/q  = (const char*)memchr/g' \
-    -e 's/cpuinfo = malloc/cpuinfo = (char*)malloc/g' \
+sed -e 's/= memmem/= (const char*)memmem/g' \
+    -e 's/= memchr/= (const char*)memchr/g' \
+    -e 's/= malloc/= (char*)malloc/g' \
     cpu-features.c > cpu-features.c.fixed
 mv cpu-features.c.fixed cpu-features.c
 
+# Fix permissions. For some reason cpu-features.h is +x.
+chmod u=rw,go=r cpu-features.h cpu-features.c
+
 #####################################################################
 
 VERBOSE=${VERBOSE:-1}
 if [ "$VERBOSE" -gt 0 ]; then
-  echo "ANDROID_TOOLCHAIN: $ANDROID_TOOLCHAIN"
-  echo "ANDROID_API: $ANDROID_API"
-  echo "ANDROID_CPU: $ANDROID_CPU"
-  echo "ANDROID_SYSROOT: $ANDROID_SYSROOT"
-  echo "ANDROID_CXXFLAGS: $ANDROID_CXXFLAGS"
+  echo "ANDROID_TOOLCHAIN: ${ANDROID_TOOLCHAIN}"
+  echo "ANDROID_API: ${ANDROID_API}"
+  echo "ANDROID_CPU: ${ANDROID_CPU}"
+  if [ -n "${ANDROID_CPPFLAGS}" ]; then
+    echo "ANDROID_CPPFLAGS: ${ANDROID_CPPFLAGS}"
+  fi
+  echo "ANDROID_CFLAGS: ${ANDROID_CFLAGS}"
+  echo "ANDROID_CXXFLAGS: ${ANDROID_CXXFLAGS}"
+  if [ -n "${ANDROID_LDFLAGS}" ]; then
+    echo "ANDROID_LDFLAGS: ${ANDROID_LDFLAGS}"
+  fi
+  echo "ANDROID_SYSROOT: ${ANDROID_SYSROOT}"
   if [ -e "cpu-features.h" ] && [ -e "cpu-features.c" ]; then
     echo "CPU FEATURES: cpu-features.h and cpu-features.c are present"
   fi
@@ -286,11 +419,35 @@
 
 #####################################################################
 
+# GNUmakefile-cross and Autotools expect these to be set.
+# Note: prior to Crypto++ 8.6, CPPFLAGS, CXXFLAGS and LDFLAGS were not
+# exported. At Crypto++ 8.6 CPPFLAGS, CXXFLAGS and LDFLAGS were exported.
+
+export IS_ANDROID=1
+export CPP CC CXX LD AS AR RANLIB STRIP OBJDUMP
+
+# Do NOT use ANDROID_SYSROOT_INC or ANDROID_SYSROOT_LD
+# https://github.com/android/ndk/issues/894#issuecomment-470837964
+
+CPPFLAGS="${ANDROID_CPPFLAGS} -isysroot ${ANDROID_SYSROOT}"
+CFLAGS="${ANDROID_CFLAGS}"
+CXXFLAGS="${ANDROID_CXXFLAGS}"
+LDFLAGS="${ANDROID_LDFLAGS} --sysroot ${ANDROID_SYSROOT}"
+
+# Trim whitespace as needed
+CPPFLAGS=$(echo "${CPPFLAGS}" | awk '{$1=$1;print}')
+CFLAGS=$(echo "${CFLAGS}" | awk '{$1=$1;print}')
+CXXFLAGS=$(echo "${CXXFLAGS}" | awk '{$1=$1;print}')
+LDFLAGS=$(echo "${LDFLAGS}" | awk '{$1=$1;print}')
+
+export CPPFLAGS CFLAGS CXXFLAGS LDFLAGS
+
+#####################################################################
+
 echo
 echo "*******************************************************************************"
 echo "It looks the the environment is set correctly. Your next step is build"
-echo "the library with 'make -f GNUmakefile-cross'. You can create a versioned"
-echo "shared object using 'HAS_SOLIB_VERSION=1 make -f GNUmakefile-cross'"
+echo "the library with 'make -f GNUmakefile-cross'."
 echo "*******************************************************************************"
 echo
 
diff -Nru libcrypto++-8.4.0/TestScripts/setenv-embedded.sh libcrypto++-8.6.0/TestScripts/setenv-embedded.sh
--- libcrypto++-8.4.0/TestScripts/setenv-embedded.sh	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestScripts/setenv-embedded.sh	2021-09-24 11:48:47.000000000 +0000
@@ -1,36 +1,55 @@
 #!/usr/bin/env bash
 
-# ====================================================================
-# Sets the cross compile environment for ARM Embedded
+#############################################################################
 #
-# Written by Jeffrey Walton, noloader gmail account
+# This script sets the cross-compile environment for ARM embedded.
+#
+# Based upon OpenSSL's setenv-android.sh by TH, JW, and SM.
+# Heavily modified by JWW for Crypto++.
 #
 # Crypto++ Library is copyrighted as a compilation and (as of version 5.6.2)
 # licensed under the Boost Software License 1.0, while the individual files
 # in the compilation are all public domain.
 #
-# This script only supports Ubuntu at the moment. It does not support Fedora.
 # See http://www.cryptopp.com/wiki/ARM_Embedded_(Command_Line) for details.
-# ====================================================================
+#############################################################################
 
 # cryptest-embedded.sh may run this script without sourcing.
 if [ "$0" = "${BASH_SOURCE[0]}" ]; then
     echo "setenv-embedded.sh is usually sourced, but not this time."
 fi
 
-# Unset old options
-
-unset IS_CROSS_COMPILE
+DEF_CPPFLAGS="-DNDEBUG"
+DEF_CFLAGS="-Wall -g2 -O3 -fPIC"
+DEF_CXXFLAGS="-Wall -g2 -O3 -fPIC"
+DEF_LDFLAGS=""
+
+#########################################
+#####       Clear old options       #####
+#########################################
 
 unset IS_IOS
+unset IS_MACOS
 unset IS_ANDROID
 unset IS_ARM_EMBEDDED
 
+unset ARM_EMBEDDED_CPPFLAGS
+unset ARM_EMBEDDED_CFLAGS
+unset ARM_EMBEDDED_HEADERS
+unset ARM_EMBEDDED_CXX_HEADERS
+unset ARM_EMBEDDED_CXXFLAGS
+unset ARM_EMBEDDED_LDFLAGS
+unset ARM_EMBEDDED_SYSROOT
+
+########################################
+#####         Environment          #####
+########################################
+
 if [ -z "${ARM_EMBEDDED_TOOLCHAIN-}" ]; then
     ARM_EMBEDDED_TOOLCHAIN="/usr/bin"
 fi
 
-if [ ! -d "$ARM_EMBEDDED_TOOLCHAIN" ]; then
+if [ ! -d "${ARM_EMBEDDED_TOOLCHAIN}" ]; then
     echo "ARM_EMBEDDED_TOOLCHAIN is not valid"
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
@@ -41,14 +60,14 @@
 # Ubuntu
 TOOL_PREFIX="arm-linux-gnueabi"
 
-export CPP="$ARM_EMBEDDED_TOOLCHAIN/$TOOL_PREFIX-cpp"
-export CC="$ARM_EMBEDDED_TOOLCHAIN/$TOOL_PREFIX-gcc"
-export CXX="$ARM_EMBEDDED_TOOLCHAIN/$TOOL_PREFIX-g++"
-export LD="$ARM_EMBEDDED_TOOLCHAIN/$TOOL_PREFIX-ld"
-export AR="$ARM_EMBEDDED_TOOLCHAIN/$TOOL_PREFIX-ar"
-export AS="$ARM_EMBEDDED_TOOLCHAIN/$TOOL_PREFIX-as"
-export RANLIB="$ARM_EMBEDDED_TOOLCHAIN/$TOOL_PREFIX-ranlib"
-# export RANLIB="$ARM_EMBEDDED_TOOLCHAIN/$TOOL_PREFIX-gcc-ranlib-4.7"
+CPP="${ARM_EMBEDDED_TOOLCHAIN}/${TOOL_PREFIX}-cpp"
+CC="${ARM_EMBEDDED_TOOLCHAIN}/${TOOL_PREFIX}-gcc"
+CXX="${ARM_EMBEDDED_TOOLCHAIN}/${TOOL_PREFIX}-g++"
+LD="${ARM_EMBEDDED_TOOLCHAIN}/${TOOL_PREFIX}-ld"
+AR="${ARM_EMBEDDED_TOOLCHAIN}/${TOOL_PREFIX}-ar"
+AS="${ARM_EMBEDDED_TOOLCHAIN}/${TOOL_PREFIX}-as"
+RANLIB="${ARM_EMBEDDED_TOOLCHAIN}/${TOOL_PREFIX}-ranlib"
+OBJDUMP="${ARM_EMBEDDED_TOOLCHAIN}/${TOOL_PREFIX}-objdump"
 
 # Test a few of the tools
 if [ ! -e "$CPP" ]; then
@@ -86,16 +105,11 @@
   [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
 
-# The Crypto++ Makefile uses these to disable host settings like
-#   IS_LINUX or IS_DARWIN, and incorporate settings for ARM_EMBEDDED
-export IS_ARM_EMBEDDED=1
-
-# GNUmakefile-cross uses these to to set CXXFLAGS for ARM_EMBEDDED
-if [ -z "$ARM_EMBEDDED_SYSROOT" ]; then
-  export ARM_EMBEDDED_SYSROOT="/usr/arm-linux-gnueabi"
+if [ -z "${ARM_EMBEDDED_SYSROOT}" ]; then
+  ARM_EMBEDDED_SYSROOT="/usr/arm-linux-gnueabi"
 fi
 
-if [ ! -d "$ARM_EMBEDDED_SYSROOT" ]; then
+if [ ! -d "${ARM_EMBEDDED_SYSROOT}" ]; then
   echo "ERROR: ARM_EMBEDDED_SYSROOT is not valid"
   [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
@@ -103,45 +117,67 @@
 # Fix C++ header paths for Ubuntu
 # ARM_EMBEDDED_TOOLCHAIN_VERSION="4.7.3"
 ARM_EMBEDDED_TOOLCHAIN_VERSION="5.4.0"
-ARM_EMBEDDED_CXX_HEADERS="$ARM_EMBEDDED_SYSROOT/include/c++/$ARM_EMBEDDED_TOOLCHAIN_VERSION"
+ARM_EMBEDDED_CXX_HEADERS="${ARM_EMBEDDED_SYSROOT}/include/c++/${ARM_EMBEDDED_TOOLCHAIN_VERSION}"
 
-if [ ! -d "$ARM_EMBEDDED_CXX_HEADERS" ]; then
+if [ ! -d "${ARM_EMBEDDED_CXX_HEADERS}" ]; then
   echo "ERROR: ARM_EMBEDDED_CXX_HEADERS is not valid"
   [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
 
-if [ ! -d "$ARM_EMBEDDED_CXX_HEADERS/arm-linux-gnueabi" ]; then
+if [ ! -d "${ARM_EMBEDDED_CXX_HEADERS}/arm-linux-gnueabi" ]; then
   echo "ERROR: ARM_EMBEDDED_CXX_HEADERS is not valid"
   [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
 
-# Finally, the flags...
-# export ARM_EMBEDDED_FLAGS="-march=armv7-a -mfloat-abi=softfp -mfpu=vfpv3-d16 -Wl,--fix-cortex-a8 -I$ARM_EMBEDDED_CXX_HEADERS -I$ARM_EMBEDDED_CXX_HEADERS/arm-linux-gnueabi"
-
 # Add additional flags below, like -mcpu=cortex-m3.
-if [ -z "$ARM_EMBEDDED_FLAGS" ]; then
-  export ARM_EMBEDDED_FLAGS="-I$ARM_EMBEDDED_CXX_HEADERS -I$ARM_EMBEDDED_CXX_HEADERS/arm-linux-gnueabi"
+if [ -z "${ARM_EMBEDDED_HEADERS}" ]; then
+  ARM_EMBEDDED_HEADERS="-I\"${ARM_EMBEDDED_CXX_HEADERS}\" -I\"${ARM_EMBEDDED_CXX_HEADERS}/arm-linux-gnueabi\""
 fi
 
-# And print stuff to wow the user...
+#####################################################################
+
 VERBOSE=${VERBOSE:-1}
 if [ "$VERBOSE" -gt 0 ]; then
-  echo "CPP: $CPP"
-  echo "CXX: $CXX"
-  echo "AR: $AR"
-  echo "LD: $LD"
-  echo "RANLIB: $RANLIB"
-  echo "ARM_EMBEDDED_TOOLCHAIN: $ARM_EMBEDDED_TOOLCHAIN"
-  echo "ARM_EMBEDDED_CXX_HEADERS: $ARM_EMBEDDED_CXX_HEADERS"
-  echo "ARM_EMBEDDED_FLAGS: $ARM_EMBEDDED_FLAGS"
-  echo "ARM_EMBEDDED_SYSROOT: $ARM_EMBEDDED_SYSROOT"
-fi
+  echo "ARM_EMBEDDED_TOOLCHAIN: ${ARM_EMBEDDED_TOOLCHAIN}"
+  if [[ -n "${ARM_EMBEDDED_CPPFLAGS}" ]]; then
+    echo "ARM_EMBEDDED_CPPFLAGS: ${ARM_EMBEDDED_CPPFLAGS}"
+  fi
+  echo "ARM_EMBEDDED_CFLAGS: ${ARM_EMBEDDED_CFLAGS}"
+  echo "ARM_EMBEDDED_CXXFLAGS: ${ARM_EMBEDDED_CXXFLAGS}"
+  if [[ -n "${ARM_EMBEDDED_LDFLAGS}" ]]; then
+    echo "ARM_EMBEDDED_LDFLAGS: ${ARM_EMBEDDED_LDFLAGS}"
+  fi
+  echo "ARM_EMBEDDED_SYSROOT: ${ARM_EMBEDDED_SYSROOT}"
+fi
+
+#####################################################################
+
+# GNUmakefile-cross and Autotools expect these to be set.
+# Note: prior to Crypto++ 8.6, CPPFLAGS, CXXFLAGS and LDFLAGS were not
+# exported. At Crypto++ 8.6 CPPFLAGS, CXXFLAGS and LDFLAGS were exported.
+
+export IS_ARM_EMBEDDED=1
+export CPP CC CXX LD AS AR RANLIB STRIP OBJDUMP
+
+CPPFLAGS="${DEF_CPPFLAGS} ${ARM_EMBEDDED_CPPFLAGS} ${ARM_EMBEDDED_HEADERS} -isysroot ${ARM_EMBEDDED_SYSROOT}"
+CFLAGS="${DEF_CFLAGS} ${ARM_EMBEDDED_CFLAGS}"
+CXXFLAGS="${DEF_CXXFLAGS} ${ARM_EMBEDDED_CXXFLAGS}"
+LDFLAGS="${DEF_LDFLAGS} ${ARM_EMBEDDED_LDFLAGS} --sysroot ${ARM_EMBEDDED_SYSROOT}"
+
+# Trim whitespace as needed
+CPPFLAGS=$(echo "${CPPFLAGS}" | awk '{$1=$1;print}')
+CFLAGS=$(echo "${CFLAGS}" | awk '{$1=$1;print}')
+CXXFLAGS=$(echo "${CXXFLAGS}" | awk '{$1=$1;print}')
+LDFLAGS=$(echo "${LDFLAGS}" | awk '{$1=$1;print}')
+
+export CPPFLAGS CFLAGS CXXFLAGS LDFLAGS
+
+#####################################################################
 
 echo
 echo "*******************************************************************************"
 echo "It looks the the environment is set correctly. Your next step is build"
-echo "the library with 'make -f GNUmakefile-cross'. You can create a versioned"
-echo "shared object using 'HAS_SOLIB_VERSION=1 make -f GNUmakefile-cross'"
+echo "the library with 'make -f GNUmakefile-cross'."
 echo "*******************************************************************************"
 echo
 
diff -Nru libcrypto++-8.4.0/TestScripts/setenv-ios.sh libcrypto++-8.6.0/TestScripts/setenv-ios.sh
--- libcrypto++-8.4.0/TestScripts/setenv-ios.sh	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestScripts/setenv-ios.sh	2021-09-24 11:48:47.000000000 +0000
@@ -1,17 +1,25 @@
 #!/usr/bin/env bash
 
-# ====================================================================
-# Sets the cross compile environment for Xcode/iOS
+#############################################################################
 #
-# Based upon OpenSSL's setenv-ios.sh  by TH, JW, and SM.
+# This script sets the cross-compile environment for Xcode/iOS.
+#
+# Based upon OpenSSL's setenv-android.sh by TH, JW, and SM.
 # Heavily modified by JWW for Crypto++.
+# Modified some more by JW and UB.
 #
 # Crypto++ Library is copyrighted as a compilation and (as of version 5.6.2)
 # licensed under the Boost Software License 1.0, while the individual files
 # in the compilation are all public domain.
 #
+# cpp is set to Apple's cpp. Actually, cpp is merely on-path so Apple's cpp
+# is used. But Apple's cpp is sufficiently different from GNU's cpp and causes
+# Autotools a lot of trouble because Autotools tests are predicated on GNU cpp.
+# If your Autotools project results in "configure:6560: error: C preprocessor
+# cpp fails sanity check", then file a bug report with Autotools.
+#
 # See http://www.cryptopp.com/wiki/iOS_(Command_Line) for more details
-# ====================================================================
+#############################################################################
 
 #########################################
 #####        Some validation        #####
@@ -26,63 +34,109 @@
     echo "setenv-ios.sh is usually sourced, but not this time."
 fi
 
-# This supports 'source setenv-ios.sh iPhone arm64' and friends
-if [[ -z "$IOS_SDK" && -n "$1" ]]; then
-    printf "Using positional arg, IOS_SDK=%s\n" "$1"
-    IOS_SDK="$1"
+# This supports 'source setenv-ios.sh iPhone arm64' and
+# 'source setenv-ios.sh IOS_SDK=iPhone IOS_CPU=arm64'
+if [[ -n "$1" ]]
+then
+    arg1=$(echo "$1" | cut -f 1 -d '=')
+    arg2=$(echo "$1" | cut -f 2 -d '=')
+    if [[ -n "${arg2}" ]]; then
+        IOS_SDK="${arg2}"
+    else
+        IOS_SDK="${arg1}"
+    fi
+    printf "Using positional arg, IOS_SDK=%s\n" "${IOS_SDK}"
 fi
 
-# This supports 'source setenv-ios.sh iPhone arm64' and friends
-if [[ -z "$IOS_CPU" && -n "$2" ]]; then
-    printf "Using positional arg, IOS_CPU=%s\n" "$2"
-    IOS_CPU="$2"
+# This supports 'source setenv-ios.sh iPhone arm64' and
+# 'source setenv-ios.sh IOS_SDK=iPhone IOS_CPU=arm64'
+if [[ -n "$2" ]]
+then
+    arg1=$(echo "$2" | cut -f 1 -d '=')
+    arg2=$(echo "$2" | cut -f 2 -d '=')
+    if [[ -n "${arg2}" ]]; then
+        IOS_CPU="${arg2}"
+    else
+        IOS_CPU="${arg1}"
+    fi
+    printf "Using positional arg, IOS_CPU=%s\n" "${IOS_CPU}"
 fi
 
-if [ -z "$IOS_SDK" ]; then
+if [ -z "${IOS_SDK}" ]; then
     echo "IOS_SDK is not set. Please set it"
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
 
-if [ -z "$IOS_CPU" ]; then
+if [ -z "${IOS_CPU}" ]; then
     echo "IOS_CPU is not set. Please set it"
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
 
+DEF_CPPFLAGS="-DNDEBUG"
+DEF_CFLAGS="-Wall -g2 -O3 -fPIC"
+DEF_CXXFLAGS="-Wall -g2 -O3 -fPIC"
+DEF_LDFLAGS=""
+
 #########################################
 #####       Clear old options       #####
 #########################################
 
 unset IS_IOS
+unset IS_MACOS
 unset IS_ANDROID
 unset IS_ARM_EMBEDDED
 
+unset IOS_CPPFLAGS
+unset IOS_CFLAGS
 unset IOS_CXXFLAGS
+unset IOS_LDFLAGS
 unset IOS_SYSROOT
 
 #########################################
 #####    Small Fixups, if needed    #####
 #########################################
 
-if [[ "$IOS_SDK" == "iPhone" ]]; then
+IOS_CPU=$(tr '[:upper:]' '[:lower:]' <<< "${IOS_CPU}")
+ALT_SDK=$(tr '[:upper:]' '[:lower:]' <<< "${IOS_SDK}")
+
+if [[ "${IOS_SDK}" == "iPhone" ]]; then
+    IOS_SDK=iPhoneOS
+elif [[ "$ALT_SDK" == "iphone" || "$ALT_SDK" == "iphoneos" ]]; then
     IOS_SDK=iPhoneOS
 fi
 
-if [[ "$IOS_SDK" == "iPhoneOSSimulator" ]]; then
+if [[ "${IOS_SDK}" == "iPhoneSimulator" || "${IOS_SDK}" == "iPhoneOSSimulator" ]]; then
+    IOS_SDK=iPhoneSimulator
+elif [[ "$ALT_SDK" == "iphonesimulator" || "$ALT_SDK" == "iphoneossimulator" ]]; then
     IOS_SDK=iPhoneSimulator
 fi
 
-if [[ "$IOS_SDK" == "TV" || "$IOS_SDK" == "AppleTV" ]]; then
+if [[ "${IOS_SDK}" == "TV" || "${IOS_SDK}" == "AppleTV" ]]; then
+    IOS_SDK=AppleTVOS
+elif [[ "$ALT_SDK" == "tv" || "$ALT_SDK" == "appletv" || "$ALT_SDK" == "appletvos" ]]; then
     IOS_SDK=AppleTVOS
 fi
 
-if [[ "$IOS_SDK" == "Watch" || "$IOS_SDK" == "AppleWatch" ]]; then
+if [[ "${IOS_SDK}" == "Watch" || "${IOS_SDK}" == "AppleWatch" ]]; then
     IOS_SDK=WatchOS
+elif [[ "$ALT_SDK" == "watch" || "$ALT_SDK" == "applewatch" || "$ALT_SDK" == "applewatchos" ]]; then
+    IOS_SDK=WatchOS
+fi
+
+if [[ "${IOS_CPU}" == "amd64" || "${IOS_CPU}" == "x86_64" ]] ; then
+    IOS_CPU=x86_64
+fi
+
+if [[ "${IOS_CPU}" == "i386" || "${IOS_CPU}" == "i586" || "${IOS_CPU}" == "i686" ]] ; then
+    IOS_CPU=i386
 fi
 
-if [[ "$IOS_CPU" == "aarch64" || "$IOS_CPU" == "arm64"* || "$IOS_CPU" == "armv8"* ]] ; then
+if [[ "${IOS_CPU}" == "aarch64" || "${IOS_CPU}" == "arm64"* || "${IOS_CPU}" == "armv8"* ]] ; then
     IOS_CPU=arm64
 fi
 
+echo "Configuring for ${IOS_SDK} (${IOS_CPU})"
+
 ########################################
 #####         Environment          #####
 ########################################
@@ -93,54 +147,57 @@
 # -miphoneos-version-min=5. However, Xcode 7 lacks
 # AppleTVOS and WatchOS support.
 
+# Also see https://github.com/rust-lang/rust/issues/48862
+# and https://developer.apple.com/documentation/bundleresources/information_property_list/minimumosversion
+
 # iPhones can be either 32-bit or 64-bit
-if [[ "$IOS_SDK" == "iPhoneOS" && "$IOS_CPU" == "armv7"* ]]; then
+if [[ "${IOS_SDK}" == "iPhoneOS" && "${IOS_CPU}" == "armv7"* ]]; then
     MIN_VER=-miphoneos-version-min=6
-elif [[ "$IOS_SDK" == "iPhoneOS" && "$IOS_CPU" == "arm64" ]]; then
+elif [[ "${IOS_SDK}" == "iPhoneOS" && "${IOS_CPU}" == "arm64" ]]; then
     MIN_VER=-miphoneos-version-min=6
 
 # Fixups for convenience
-elif [[ "$IOS_SDK" == "iPhoneOS" && "$IOS_CPU" == "i386" ]]; then
+elif [[ "${IOS_SDK}" == "iPhoneOS" && "${IOS_CPU}" == "i386" ]]; then
     IOS_SDK=iPhoneSimulator
     # MIN_VER=-miphoneos-version-min=6
     MIN_VER=-miphonesimulator-version-min=6
-elif [[ "$IOS_SDK" == "iPhoneOS" && "$IOS_CPU" == "x86_64" ]]; then
+elif [[ "${IOS_SDK}" == "iPhoneOS" && "${IOS_CPU}" == "x86_64" ]]; then
     IOS_SDK=iPhoneSimulator
     # MIN_VER=-miphoneos-version-min=6
     MIN_VER=-miphonesimulator-version-min=6
 
 # Simulator builds
-elif [[ "$IOS_SDK" == "iPhoneSimulator" && "$IOS_CPU" == "i386" ]]; then
+elif [[ "${IOS_SDK}" == "iPhoneSimulator" && "${IOS_CPU}" == "i386" ]]; then
     MIN_VER=-miphonesimulator-version-min=6
-elif [[ "$IOS_SDK" == "iPhoneSimulator" && "$IOS_CPU" == "x86_64" ]]; then
+elif [[ "${IOS_SDK}" == "iPhoneSimulator" && "${IOS_CPU}" == "x86_64" ]]; then
     MIN_VER=-miphonesimulator-version-min=6
 
 # Apple TV can be 32-bit Intel (1st gen), 32-bit ARM (2nd, 3rd gen) or 64-bit ARM (4th gen)
-elif [[ "$IOS_SDK" == "AppleTVOS" && "$IOS_CPU" == "i386" ]]; then
+elif [[ "${IOS_SDK}" == "AppleTVOS" && "${IOS_CPU}" == "i386" ]]; then
     MIN_VER=-mappletvos-version-min=6
-elif [[ "$IOS_SDK" == "AppleTVOS" && "$IOS_CPU" == "armv7"* ]]; then
+elif [[ "${IOS_SDK}" == "AppleTVOS" && "${IOS_CPU}" == "armv7"* ]]; then
     MIN_VER=-mappletvos-version-min=6
-elif [[ "$IOS_SDK" == "AppleTVOS" && "$IOS_CPU" == "arm64" ]]; then
+elif [[ "${IOS_SDK}" == "AppleTVOS" && "${IOS_CPU}" == "arm64" ]]; then
     MIN_VER=-mappletvos-version-min=6
 
 # Simulator builds
-elif [[ "$IOS_SDK" == "AppleTVSimulator" && "$IOS_CPU" == "i386" ]]; then
+elif [[ "${IOS_SDK}" == "AppleTVSimulator" && "${IOS_CPU}" == "i386" ]]; then
     MIN_VER=-mappletvsimulator-version-min=6
-elif [[ "$IOS_SDK" == "AppleTVSimulator" && "$IOS_CPU" == "x86_64" ]]; then
+elif [[ "${IOS_SDK}" == "AppleTVSimulator" && "${IOS_CPU}" == "x86_64" ]]; then
     MIN_VER=-mappletvsimulator-version-min=6
 
 # Watch can be either 32-bit or 64-bit ARM. TODO: figure out which
 # -mwatchos-version-min=n is needed for arm64. 9 is not enough.
-elif [[ "$IOS_SDK" == "WatchOS" && "$IOS_CPU" == "armv7"* ]]; then
+elif [[ "${IOS_SDK}" == "WatchOS" && "${IOS_CPU}" == "armv7"* ]]; then
+    MIN_VER=-mwatchos-version-min=6
+elif [[ "${IOS_SDK}" == "WatchOS" && "${IOS_CPU}" == "arm64" ]]; then
     MIN_VER=-mwatchos-version-min=6
-elif [[ "$IOS_SDK" == "WatchOS" && "$IOS_CPU" == "arm64" ]]; then
-    MIN_VER=-mwatchos-version-min=10
 
 # Simulator builds. TODO: figure out which -watchos-version-min=n
 # is needed for arm64. 6 compiles and links, but is it correct?
-elif [[ "$IOS_SDK" == "WatchSimulator" && "$IOS_CPU" == "i386" ]]; then
+elif [[ "${IOS_SDK}" == "WatchSimulator" && "${IOS_CPU}" == "i386" ]]; then
     MIN_VER=-mwatchsimulator-version-min=6
-elif [[ "$IOS_SDK" == "WatchSimulator" && "$IOS_CPU" == "x86_64" ]]; then
+elif [[ "${IOS_SDK}" == "WatchSimulator" && "${IOS_CPU}" == "x86_64" ]]; then
     MIN_VER=-mwatchsimulator-version-min=6
 
 # And the final catch-all
@@ -158,10 +215,10 @@
 if [ -n "$(command -v xcodebuild 2>/dev/null)" ]; then
     # Output of xcodebuild is similar to "Xcode 6.2". The first cut gets
     # the dotted decimal value. The second cut gets the major version.
-    XCODE_VERSION=$(xcodebuild -version 2>/dev/null | head -n 1 | cut -f2 -d" " | cut -f1 -d".")
-    if [ -z "$XCODE_VERSION" ]; then XCODE_VERSION=100; fi
+    XCODE_VERSION=$(xcodebuild -version 2>/dev/null | head -n 1 | cut -f 2 -d ' ' | cut -f 1 -d '.')
+    if [ -z "${XCODE_VERSION}" ]; then XCODE_VERSION=100; fi
 
-    if [ "$XCODE_VERSION" -le 6 ]; then
+    if [ "${XCODE_VERSION}" -le 6 ]; then
         MIN_VER="${MIN_VER//iphonesimulator/iphoneos}"
     fi
 fi
@@ -174,28 +231,28 @@
   XCODE_DEVELOPER=$(xcode-select -print-path 2>/dev/null)
 fi
 
-if [ ! -d "$XCODE_DEVELOPER" ]; then
+if [ ! -d "${XCODE_DEVELOPER}" ]; then
   echo "ERROR: unable to find XCODE_DEVELOPER directory."
   [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
 
 # XCODE_DEVELOPER_SDK is the SDK location.
-XCODE_DEVELOPER_SDK="$XCODE_DEVELOPER/Platforms/$IOS_SDK.platform"
+XCODE_DEVELOPER_SDK="${XCODE_DEVELOPER}/Platforms/$IOS_SDK.platform/Developer/SDKs"
 
-if [ ! -d "$XCODE_DEVELOPER_SDK" ]; then
+if [ ! -d "${XCODE_DEVELOPER_SDK}" ]; then
   echo "ERROR: unable to find XCODE_DEVELOPER_SDK directory."
   echo "       Is the SDK supported by Xcode and installed?"
   [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
 
 # XCODE_TOOLCHAIN is the location of the actual compiler tools.
-if [ -d "$XCODE_DEVELOPER/Toolchains/XcodeDefault.xctoolchain/usr/bin/" ]; then
-  XCODE_TOOLCHAIN="$XCODE_DEVELOPER/Toolchains/XcodeDefault.xctoolchain/usr/bin/"
-elif [ -d "$XCODE_DEVELOPER_SDK/Developer/usr/bin/" ]; then
-  XCODE_TOOLCHAIN="$XCODE_DEVELOPER_SDK/Developer/usr/bin/"
+if [ -d "${XCODE_DEVELOPER}/Toolchains/XcodeDefault.xctoolchain/usr/bin/" ]; then
+  XCODE_TOOLCHAIN="${XCODE_DEVELOPER}/Toolchains/XcodeDefault.xctoolchain/usr/bin/"
+elif [ -d "${XCODE_DEVELOPER_SDK}/Developer/usr/bin/" ]; then
+  XCODE_TOOLCHAIN="${XCODE_DEVELOPER_SDK}/Developer/usr/bin/"
 fi
 
-if [ -z "$XCODE_TOOLCHAIN" ] || [ ! -d "$XCODE_TOOLCHAIN" ]; then
+if [ ! -d "${XCODE_TOOLCHAIN}" ]; then
   echo "ERROR: unable to find Xcode cross-compiler tools."
   [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
@@ -204,70 +261,77 @@
 # For example, remove 4.3, 6.2, and 6.1 if they are not installed. We go back to
 # the 1.0 SDKs because Apple WatchOS uses low numbers, like 2.0 and 2.1.
 XCODE_SDK=""
-for i in $(seq -f "%.1f" 30.0 -0.1 1.0)
+for i in $(seq 30 -1 5)  # SDK major
 do
-    if [ -d "$XCODE_DEVELOPER_SDK/Developer/SDKs/$IOS_SDK$i.sdk" ]; then
-        XCODE_SDK="$IOS_SDK$i.sdk"
-        break
-    fi
+    for j in $(seq 20 -1 0)  # SDK minor
+    do
+        SDK_VER="$i.$j"
+        if [ -d "${XCODE_DEVELOPER_SDK}/${IOS_SDK}${SDK_VER}.sdk" ]; then
+            XCODE_SDK="${IOS_SDK}${SDK_VER}.sdk"
+            break 2
+        fi
+    done
 done
 
 # Error checking
-if [ -z "$XCODE_SDK" ]; then
+if [ -z "${XCODE_SDK}" ]; then
     echo "ERROR: unable to find a SDK."
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
 
-IOS_CXXFLAGS="-arch $IOS_CPU $MIN_VER"
+IOS_CFLAGS="-arch ${IOS_CPU} ${MIN_VER} -fno-common"
+IOS_CXXFLAGS="-arch ${IOS_CPU} ${MIN_VER} -stdlib=libc++ -fno-common"
+IOS_SYSROOT="${XCODE_DEVELOPER_SDK}/${XCODE_SDK}"
+
+if [ ! -d "${IOS_SYSROOT}" ]; then
+  echo "ERROR: unable to find Xcode sysroot."
+  [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
+fi
 
 # The simulators need to disable ASM. They don't receive arch flags.
 # https://github.com/weidai11/cryptopp/issues/635
-if [[ "$IOS_SDK" == "iPhoneSimulator" || "$IOS_SDK" == "AppleTVSimulator" || "$IOS_SDK" == "WatchSimulator" ]]; then
-    IOS_CXXFLAGS="$IOS_CXXFLAGS -DCRYPTOPP_DISABLE_ASM"
+if [[ "${IOS_SDK}" == *"Simulator" ]]; then
+    IOS_CPPFLAGS="$IOS_CPPFLAGS -DCRYPTOPP_DISABLE_ASM"
 fi
 
-echo "Configuring for $IOS_SDK ($IOS_CPU)"
-
-IS_IOS=1
-IOS_SYSROOT="$XCODE_DEVELOPER_SDK/Developer/SDKs/$XCODE_SDK"
-
 #####################################################################
 
-CPP=cpp; CC=clang; CXX=clang++; LD=ld
-AS=as; AR=libtool; RANLIB=ranlib; STRIP=strip
+CPP="cpp"; CC="clang"; CXX="clang++"; LD="ld"
+AS="as"; AR="libtool"; RANLIB="ranlib"
+STRIP="strip"; OBJDUMP="objdump"
 
 # Error checking
-if [ ! -e "$XCODE_TOOLCHAIN/$CC" ]; then
+if [ ! -e "${XCODE_TOOLCHAIN}/$CC" ]; then
     echo "ERROR: Failed to find iOS clang. Please edit this script."
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
 
 # Error checking
-if [ ! -e "$XCODE_TOOLCHAIN/$CXX" ]; then
+if [ ! -e "${XCODE_TOOLCHAIN}/$CXX" ]; then
     echo "ERROR: Failed to find iOS clang++. Please edit this script."
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
 
 # Error checking
-if [ ! -e "$XCODE_TOOLCHAIN/$RANLIB" ]; then
+if [ ! -e "${XCODE_TOOLCHAIN}/$RANLIB" ]; then
     echo "ERROR: Failed to find iOS ranlib. Please edit this script."
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
 
 # Error checking
-if [ ! -e "$XCODE_TOOLCHAIN/$AR" ]; then
+if [ ! -e "${XCODE_TOOLCHAIN}/$AR" ]; then
     echo "ERROR: Failed to find iOS ar. Please edit this script."
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
 
 # Error checking
-if [ ! -e "$XCODE_TOOLCHAIN/$AS" ]; then
+if [ ! -e "${XCODE_TOOLCHAIN}/$AS" ]; then
     echo "ERROR: Failed to find iOS as. Please edit this script."
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
 
 # Error checking
-if [ ! -e "$XCODE_TOOLCHAIN/$LD" ]; then
+if [ ! -e "${XCODE_TOOLCHAIN}/$LD" ]; then
     echo "ERROR: Failed to find iOS ld. Please edit this script."
     [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
 fi
@@ -277,37 +341,56 @@
 # Add tools to head of path, if not present already
 LENGTH=${#XCODE_TOOLCHAIN}
 SUBSTR=${PATH:0:$LENGTH}
-if [ "$SUBSTR" != "$XCODE_TOOLCHAIN" ]; then
-    export PATH="$XCODE_TOOLCHAIN:$PATH"
+if [ "${SUBSTR}" != "${XCODE_TOOLCHAIN}" ]; then
+    export PATH="${XCODE_TOOLCHAIN}:${PATH}"
+fi
+
+#####################################################################
+
+VERBOSE=${VERBOSE:-1}
+if [ "$VERBOSE" -gt 0 ]; then
+  echo "XCODE_TOOLCHAIN: ${XCODE_TOOLCHAIN}"
+  echo "IOS_SDK: ${IOS_SDK}"
+  echo "IOS_CPU: ${IOS_CPU}"
+  if [ -n "${IOS_CPPFLAGS}" ]; then
+    echo "IOS_CPPFLAGS: ${IOS_CPPFLAGS}"
+  fi
+  echo "IOS_CFLAGS: ${IOS_CFLAGS}"
+  echo "IOS_CXXFLAGS: ${IOS_CXXFLAGS}"
+  if [ -n "${IOS_LDFLAGS}" ]; then
+    echo "IOS_LDFLAGS: ${IOS_LDFLAGS}"
+  fi
+  echo "IOS_SYSROOT: ${IOS_SYSROOT}"
 fi
 
 #####################################################################
 
 # GNUmakefile-cross and Autotools expect these to be set.
-# They are also used in the tests below.
-export IS_IOS=1
+# Note: prior to Crypto++ 8.6, CPPFLAGS, CXXFLAGS and LDFLAGS were not
+# exported. At Crypto++ 8.6 CPPFLAGS, CXXFLAGS and LDFLAGS were exported.
 
-export CPP CC CXX LD AS AR RANLIB STRIP
-export IOS_CXXFLAGS IOS_SDK IOS_CPU IOS_SYSROOT
+export IS_IOS=1
+export CPP CC CXX LD AS AR RANLIB STRIP OBJDUMP
 
-#####################################################################
+CPPFLAGS="${DEF_CPPFLAGS} ${IOS_CPPFLAGS} -isysroot ${IOS_SYSROOT}"
+CFLAGS="${DEF_CFLAGS} ${IOS_CFLAGS}"
+CXXFLAGS="${DEF_CXXFLAGS} ${IOS_CXXFLAGS}"
+LDFLAGS="${DEF_LDFLAGS} ${IOS_LDFLAGS} --sysroot ${IOS_SYSROOT}"
+
+# Trim whitespace as needed
+CPPFLAGS=$(echo "${CPPFLAGS}" | awk '{$1=$1;print}')
+CFLAGS=$(echo "${CFLAGS}" | awk '{$1=$1;print}')
+CXXFLAGS=$(echo "${CXXFLAGS}" | awk '{$1=$1;print}')
+LDFLAGS=$(echo "${LDFLAGS}" | awk '{$1=$1;print}')
 
-VERBOSE=${VERBOSE:-1}
-if [ "$VERBOSE" -gt 0 ]; then
-  echo "XCODE_TOOLCHAIN: $XCODE_TOOLCHAIN"
-  echo "IOS_SDK: $IOS_SDK"
-  echo "IOS_CPU: $IOS_CPU"
-  echo "IOS_SYSROOT: $IOS_SYSROOT"
-  echo "IOS_CXXFLAGS: $IOS_CXXFLAGS"
-fi
+export CPPFLAGS CFLAGS CXXFLAGS LDFLAGS
 
 #####################################################################
 
 echo
 echo "*******************************************************************************"
 echo "It looks the the environment is set correctly. Your next step is build"
-echo "the library with 'make -f GNUmakefile-cross'. You can create a versioned"
-echo "shared object using 'HAS_SOLIB_VERSION=1 make -f GNUmakefile-cross'"
+echo "the library with 'make -f GNUmakefile-cross'."
 echo "*******************************************************************************"
 echo
 
diff -Nru libcrypto++-8.4.0/TestScripts/setenv-macos.sh libcrypto++-8.6.0/TestScripts/setenv-macos.sh
--- libcrypto++-8.4.0/TestScripts/setenv-macos.sh	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestScripts/setenv-macos.sh	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,422 @@
+#!/usr/bin/env bash
+
+#############################################################################
+#
+# This script sets the cross-compile environment for Xcode/MacOS.
+#
+# Based upon OpenSSL's setenv-android.sh by TH, JW, and SM.
+# Heavily modified by JWW for Crypto++.
+# Modified some more by JW and UB.
+#
+# Crypto++ Library is copyrighted as a compilation and (as of version 5.6.2)
+# licensed under the Boost Software License 1.0, while the individual files
+# in the compilation are all public domain.
+#
+# cpp is set to Apple's cpp. Actually, cpp is merely on-path so Apple's cpp
+# is used. But Apple's cpp is sufficiently different from GNU's cpp and causes
+# Autotools a lot of trouble because Autotools tests are predicated on GNU cpp.
+# If your Autotools project results in "configure:6560: error: C preprocessor
+# cpp fails sanity check", then file a bug report with Autotools.
+#
+# See http://www.cryptopp.com/wiki/MacOS_(Command_Line) for more details
+#############################################################################
+
+#########################################
+#####        Some validation        #####
+#########################################
+
+# In the past we could mostly infer arch or cpu from the SDK (and mostly
+# vice-versa). Nowadays we need the user to set it for us because Apple
+# platforms have both 32-bit or 64-bit variations.
+
+# cryptest-macos.sh may run this script without sourcing.
+if [ "$0" = "${BASH_SOURCE[0]}" ]; then
+    echo "setenv-macos.sh is usually sourced, but not this time."
+fi
+
+# This is fixed since we are building for MacOS
+MACOS_SDK=MacOSX
+
+# This supports 'source setenv-macos.sh x86_64' and
+# 'source setenv-macos.sh MACOS_CPU=arm64'
+if [[ -n "$1" ]]
+then
+    arg1=$(echo "$1" | cut -f 1 -d '=')
+    arg2=$(echo "$1" | cut -f 2 -d '=')
+    if [[ -n "${arg2}" ]]; then
+        MACOS_CPU="${arg2}"
+    else
+        MACOS_CPU="${arg1}"
+    fi
+    printf "Using positional arg, MACOS_CPU=%s\n" "${MACOS_CPU}"
+fi
+
+# Sane default. Use current machine.
+if [ -z "$MACOS_CPU" ]; then
+    MACOS_CPU="$(uname -m 2>/dev/null)"
+    if [[ "$MACOS_CPU" == "Power"* ]] ; then
+        if sysctl -a 2>/dev/null | grep -q 'hw.cpu64bit_capable: 1'; then
+            MACOS_CPU="ppc64"
+        else
+            MACOS_CPU="ppc"
+        fi
+    fi
+fi
+
+if [ -z "$MACOS_CPU" ]; then
+    echo "MACOS_CPU is not set. Please set it"
+    [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
+fi
+
+DEF_CPPFLAGS="-DNDEBUG"
+DEF_CFLAGS="-Wall -g2 -O3 -fPIC"
+DEF_CXXFLAGS="-Wall -g2 -O3 -fPIC"
+DEF_LDFLAGS=""
+
+#########################################
+#####       Clear old options       #####
+#########################################
+
+unset IS_IOS
+unset IS_MACOS
+unset IS_ANDROID
+unset IS_ARM_EMBEDDED
+
+unset MACOS_CPPFLAGS
+unset MACOS_CFLAGS
+unset MACOS_CXXFLAGS
+unset MACOS_LDFLAGS
+unset MACOS_SYSROOT
+
+#########################################
+#####    Small Fixups, if needed    #####
+#########################################
+
+MACOS_CPU=$(tr '[:upper:]' '[:lower:]' <<< "${MACOS_CPU}")
+
+# Old world Macs
+if [[ "$MACOS_CPU" == "power macintosh" || "$MACOS_CPU" == "powerpc" ]] ; then
+    MACOS_CPU=ppc
+fi
+
+if [[ "$MACOS_CPU" == "ppc64" || "$MACOS_CPU" == "powerpc64" ]] ; then
+    MACOS_CPU=ppc64
+fi
+
+if [[ "$MACOS_CPU" == "386" || "$MACOS_CPU" == "i686" || "$MACOS_CPU" == "686" ]] ; then
+    MACOS_CPU=i386
+fi
+
+if [[ "$MACOS_CPU" == "amd64" || "$MACOS_CPU" == "x86_64" ]] ; then
+    MACOS_CPU=x86_64
+fi
+
+if [[ "$MACOS_CPU" == "aarch64" || "$MACOS_CPU" == "arm64"* || "$MACOS_CPU" == "armv8"* ]] ; then
+    MACOS_CPU=arm64
+fi
+
+echo "Configuring for $MACOS_SDK ($MACOS_CPU)"
+
+########################################
+#####         Environment          #####
+########################################
+
+# The flags below were tested with Xcode 8 on Travis. If
+# you use downlevel versions of Xcode, then you can push
+# xxx-version-min=n lower. For example, Xcode 7 can use
+# -mmacosx-version-min=5. However, you cannot link
+# against LLVM's libc++.
+
+# Also see https://github.com/rust-lang/rust/issues/48862
+# and https://developer.apple.com/documentation/bundleresources/information_property_list/minimumosversion
+
+# PowerMacs and Intels can be either 32-bit or 64-bit
+if [[ "$MACOS_CPU" == "ppc" ]]; then
+    MIN_VER="-mmacosx-version-min=10.4"
+
+elif [[ "$MACOS_CPU" == "ppc64" ]]; then
+    MIN_VER="-mmacosx-version-min=10.4"
+
+elif [[ "$MACOS_CPU" == "i386" ]]; then
+    MIN_VER="-mmacosx-version-min=10.7"
+
+elif [[ "$MACOS_CPU" == "x86_64" ]]; then
+    MIN_VER="-mmacosx-version-min=10.7"
+
+elif [[ "$MACOS_CPU" == "arm64" ]]; then
+    MIN_VER="-mmacosx-version-min=11.0"
+
+# And the final catch-all
+else
+    echo "MACOS_CPU is not valid. Please fix it"
+    [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
+fi
+
+# The first cut if MIN_VER gets the full version, like 10.7. The
+# second cut gets the major or minor version
+if echo "${MIN_VER}" | grep -q '.'; then
+    MAJOR_VER=$(echo "${MIN_VER}" | head -n 1 | cut -f 2 -d '=' | cut -f 1 -d '.')
+    MINOR_VER=$(echo "${MIN_VER}" | head -n 1 | cut -f 2 -d '=' | cut -f 2 -d '.')
+else
+    MAJOR_VER=$(echo "${MIN_VER}" | head -n 1 | cut -f 2 -d '=' | cut -f 1 -d '.')
+    MINOR_VER=0
+fi
+
+# OS X 10.7 minimum required for LLVM and -stdlib=libc++
+if [[ "${MAJOR_VER}" -eq 10 && "${MINOR_VER}" -ge 7 ]]; then
+     MACOS_STDLIB="-stdlib=libc++"
+elif [[ "${MAJOR_VER}" -ge 11 ]]; then
+     MACOS_STDLIB="-stdlib=libc++"
+fi
+
+# Allow a user override? I think we should be doing this. The use case is:
+# move /Applications/Xcode somewhere else for a side-by-side installation.
+if [ -z "${XCODE_DEVELOPER-}" ]; then
+  XCODE_DEVELOPER=$(xcode-select -print-path 2>/dev/null)
+fi
+
+if [ ! -d "${XCODE_DEVELOPER}" ]; then
+  echo "ERROR: unable to find XCODE_DEVELOPER directory."
+  [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
+fi
+
+if [[ "${XCODE_DEVELOPER}" == "/Developer"* ]]; then
+   ANTIQUE_XCODE=1
+   DEF_CFLAGS=$(echo "$DEF_CFLAGS" | sed 's/-Wall //g')
+   DEF_CXXFLAGS=$(echo "$DEF_CXXFLAGS" | sed 's/-Wall //g')
+fi
+
+# Command Line Tools show up here on a Mac-mini M1
+if [[ "${XCODE_DEVELOPER}" == "/Library"* ]]; then
+   CLT_XCODE=1
+fi
+
+# XCODE_DEVELOPER_SDK is the SDK location.
+if [[ "${ANTIQUE_XCODE}" == "1" ]]
+then
+    if [[ -d "${XCODE_DEVELOPER}/SDKs" ]]; then
+        XCODE_DEVELOPER_SDK="${XCODE_DEVELOPER}/SDKs"
+    fi
+
+    if [ ! -d "${XCODE_DEVELOPER_SDK}" ]; then
+      echo "ERROR: unable to find XCODE_DEVELOPER_SDK directory."
+      echo "       Is the SDK supported by Xcode and installed?"
+      [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
+    fi
+
+elif [[ "${CLT_XCODE}" == "1" ]]
+then
+    if [[ -d "${XCODE_DEVELOPER}/SDKs" ]]; then
+        XCODE_DEVELOPER_SDK="${XCODE_DEVELOPER}/SDKs"
+    fi
+
+    if [ ! -d "${XCODE_DEVELOPER_SDK}" ]; then
+      echo "ERROR: unable to find XCODE_DEVELOPER_SDK directory."
+      echo "       Is the SDK supported by Xcode and installed?"
+      [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
+    fi
+
+else
+    if [[ -d "${XCODE_DEVELOPER}/Platforms/${MACOS_SDK}.platform" ]]; then
+        XCODE_DEVELOPER_SDK="${XCODE_DEVELOPER}/Platforms/${MACOS_SDK}.platform/Developer/SDKs"
+    fi
+fi
+
+# XCODE_SDK is the SDK name/version being used - adjust the list as appropriate.
+# For example, remove 4.3, 6.2, and 6.1 if they are not installed. We go back to
+# the 1.0 SDKs because Apple WatchOS uses low numbers, like 2.0 and 2.1.
+XCODE_SDK=""
+if [[ "${ANTIQUE_XCODE}" == "1" ]]
+then
+    for i in 10.7 10.6 10.5 10.4 10.3 10.2 10.0
+    do
+        if [ -d "${XCODE_DEVELOPER_SDK}/${MACOS_SDK}$i.sdk" ]; then
+            XCODE_SDK="${MACOS_SDK}$i.sdk"
+            break
+        fi
+    done
+else
+    for i in $(seq 30 -1 5)  # SDK major
+    do
+        for j in $(seq 20 -1 0)  # SDK minor
+        do
+            SDK_VER="$i.$j"
+            if [ -d "${XCODE_DEVELOPER_SDK}/${MACOS_SDK}${SDK_VER}.sdk" ]; then
+                XCODE_SDK="${MACOS_SDK}${SDK_VER}.sdk"
+                break 2
+            fi
+        done
+    done
+fi
+
+# Error checking
+if [ -z "${XCODE_SDK}" ]; then
+    echo "ERROR: unable to find a SDK."
+    [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
+fi
+
+# XCODE_DEVELOPER_SDK is the SDK location.
+if [[ "${ANTIQUE_XCODE}" == "1" ]]
+then
+    # XCODE_DEVELOPER_SDK for old Xcode is above
+    :
+else
+    if [ ! -d "${XCODE_DEVELOPER_SDK}" ]; then
+      echo "ERROR: unable to find XCODE_DEVELOPER_SDK directory."
+      echo "       Is the SDK supported by Xcode and installed?"
+      [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
+    fi
+fi
+
+# XCODE_TOOLCHAIN is the location of the actual compiler tools.
+if [[ "${ANTIQUE_XCODE}" == "1" ]]
+then
+    if [ -d "${XCODE_DEVELOPER}/usr/bin" ]; then
+      XCODE_TOOLCHAIN="${XCODE_DEVELOPER}/usr/bin"
+    fi
+
+elif [[ "${CLT_XCODE}" == "1" ]]
+then
+    if [ -d "${XCODE_DEVELOPER}/usr/bin" ]; then
+      XCODE_TOOLCHAIN="${XCODE_DEVELOPER}/usr/bin"
+    fi
+
+else
+    if [ -d "${XCODE_DEVELOPER}/Toolchains/XcodeDefault.xctoolchain/usr/bin/" ]; then
+      XCODE_TOOLCHAIN="${XCODE_DEVELOPER}/Toolchains/XcodeDefault.xctoolchain/usr/bin/"
+    elif [ -d "${XCODE_DEVELOPER_SDK}/Developer/usr/bin/" ]; then
+      XCODE_TOOLCHAIN="${XCODE_DEVELOPER_SDK}/Developer/usr/bin/"
+    elif [ -d "${XCODE_DEVELOPER_SDK}/usr/bin/" ]; then
+      XCODE_TOOLCHAIN="${XCODE_DEVELOPER_SDK}/usr/bin/"
+    fi
+fi
+
+if [ ! -d "${XCODE_TOOLCHAIN}" ]; then
+  echo "ERROR: unable to find Xcode cross-compiler tools."
+  [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
+fi
+
+MACOS_CFLAGS="-arch $MACOS_CPU $MIN_VER -fno-common"
+MACOS_CXXFLAGS="-arch $MACOS_CPU $MIN_VER ${MACOS_STDLIB} -fno-common"
+MACOS_SYSROOT="${XCODE_DEVELOPER_SDK}/${XCODE_SDK}"
+
+if [ ! -d "${MACOS_SYSROOT}" ]; then
+  echo "ERROR: unable to find Xcode sysroot."
+  [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
+fi
+
+#####################################################################
+
+CPP="cpp"; CC="clang"; CXX="clang++"; LD="ld"
+AS="as"; AR="libtool"; RANLIB="ranlib"
+STRIP="strip"; OBJDUMP="objdump"
+
+if [[ "${ANTIQUE_XCODE}" == "1" ]]
+then
+    CC="gcc"; CXX="g++";
+fi
+
+# Error checking
+if [ ! -e "${XCODE_TOOLCHAIN}/$CC" ]; then
+    echo "ERROR: Failed to find MacOS clang. Please edit this script."
+    [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
+fi
+
+# Error checking
+if [ ! -e "${XCODE_TOOLCHAIN}/$CXX" ]; then
+    echo "ERROR: Failed to find MacOS clang++. Please edit this script."
+    [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
+fi
+
+# Error checking
+if [ ! -e "${XCODE_TOOLCHAIN}/$RANLIB" ]; then
+    echo "ERROR: Failed to find MacOS ranlib. Please edit this script."
+    [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
+fi
+
+# Error checking
+if [ ! -e "${XCODE_TOOLCHAIN}/$AR" ]; then
+    echo "ERROR: Failed to find MacOS ar. Please edit this script."
+    [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
+fi
+
+# Error checking
+if [ ! -e "${XCODE_TOOLCHAIN}/$AS" ]; then
+    echo "ERROR: Failed to find MacOS as. Please edit this script."
+    [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
+fi
+
+# Error checking
+if [ ! -e "${XCODE_TOOLCHAIN}/$LD" ]; then
+    echo "ERROR: Failed to find MacOS ld. Please edit this script."
+    [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
+fi
+
+#####################################################################
+
+# Add tools to head of path, if not present already
+LENGTH=${#XCODE_TOOLCHAIN}
+SUBSTR=${PATH:0:$LENGTH}
+if [ "${SUBSTR}" != "${XCODE_TOOLCHAIN}" ]; then
+    PATH="${XCODE_TOOLCHAIN}:$PATH"
+    export PATH
+fi
+
+#####################################################################
+
+VERBOSE=${VERBOSE:-1}
+if [ "$VERBOSE" -gt 0 ]; then
+  echo "XCODE_TOOLCHAIN: ${XCODE_TOOLCHAIN}"
+  echo "MACOS_SDK: ${MACOS_SDK}"
+  echo "MACOS_CPU: ${MACOS_CPU}"
+  if [ -n "${MACOS_CPPFLAGS}" ]; then
+    echo "MACOS_CPPFLAGS: ${MACOS_CPPFLAGS}"
+  fi
+  echo "MACOS_CFLAGS: ${MACOS_CFLAGS}"
+  echo "MACOS_CXXFLAGS: ${MACOS_CXXFLAGS}"
+  if [ -n "${MACOS_LDFLAGS}" ]; then
+    echo "MACOS_LDFLAGS: ${MACOS_LDFLAGS}"
+  fi
+  echo "MACOS_SYSROOT: ${MACOS_SYSROOT}"
+fi
+
+#####################################################################
+
+# GNUmakefile-cross and Autotools expect these to be set.
+# Note: prior to Crypto++ 8.6, CPPFLAGS, CXXFLAGS and LDFLAGS were not
+# exported. At Crypto++ 8.6 CPPFLAGS, CXXFLAGS and LDFLAGS were exported.
+
+export IS_MACOS=1
+export CPP CC CXX LD AS AR RANLIB STRIP OBJDUMP
+
+if [[ "${ANTIQUE_XCODE}" == "1" ]]
+then
+    CPPFLAGS="${DEF_CPPFLAGS} ${MACOS_CPPFLAGS} -isysroot ${MACOS_SYSROOT}"
+    CFLAGS="${DEF_CFLAGS} ${MACOS_CFLAGS}"
+    CXXFLAGS="${DEF_CXXFLAGS} ${MACOS_CXXFLAGS}"
+    LDFLAGS="${DEF_LDFLAGS} ${MACOS_LDFLAGS} -sysroot=${MACOS_SYSROOT}"
+else
+    CPPFLAGS="${DEF_CPPFLAGS} ${MACOS_CPPFLAGS} -isysroot ${MACOS_SYSROOT}"
+    CFLAGS="${DEF_CFLAGS} ${MACOS_CFLAGS}"
+    CXXFLAGS="${DEF_CXXFLAGS} ${MACOS_CXXFLAGS}"
+    LDFLAGS="${DEF_LDFLAGS} ${MACOS_LDFLAGS} --sysroot ${MACOS_SYSROOT}"
+fi
+
+# Trim whitespace as needed
+CPPFLAGS=$(echo "${CPPFLAGS}" | awk '{$1=$1;print}')
+CFLAGS=$(echo "${CFLAGS}" | awk '{$1=$1;print}')
+CXXFLAGS=$(echo "${CXXFLAGS}" | awk '{$1=$1;print}')
+LDFLAGS=$(echo "${LDFLAGS}" | awk '{$1=$1;print}')
+
+export CPPFLAGS CFLAGS CXXFLAGS LDFLAGS
+
+#####################################################################
+
+echo
+echo "*******************************************************************************"
+echo "It looks the the environment is set correctly. Your next step is build"
+echo "the library with 'make -f GNUmakefile-cross'."
+echo "*******************************************************************************"
+echo
+
+[ "$0" = "${BASH_SOURCE[0]}" ] && exit 0 || return 0
diff -Nru libcrypto++-8.4.0/TestScripts/tweetnacl.sh libcrypto++-8.6.0/TestScripts/tweetnacl.sh
--- libcrypto++-8.4.0/TestScripts/tweetnacl.sh	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestScripts/tweetnacl.sh	1970-01-01 00:00:00.000000000 +0000
@@ -1,47 +0,0 @@
-#!/usr/bin/env bash
-
-# Written and placed in public domain by Jeffrey Walton
-#
-# This script fetches TweetNaCl from Bernstein's site, and then
-# prepares it for use in Crypto++ by applying tweetnacl.patch.
-# The script should be run from the Crypto++ root directory on a
-# Unix machine because of the use of Unix tools like wget.
-
-curl https://tweetnacl.cr.yp.to/20140427/tweetnacl.h > tweetnacl.h
-curl https://tweetnacl.cr.yp.to/20140427/tweetnacl.c > tweetnacl.c
-
-# Fix whitespace
-sed -e 's/[[:space:]]*$//' tweetnacl.h > tweetnacl.h.fixed
-mv tweetnacl.h.fixed tweetnacl.h
-sed -e 's/[[:space:]]*$//' tweetnacl.c > tweetnacl.c.fixed
-mv tweetnacl.c.fixed tweetnacl.c
-
-if [[ -e "TestScripts/tweetnacl.patch" ]]; then
-    cp "TestScripts/tweetnacl.patch" .
-fi
-
-if [[ ! -e "tweetnacl.patch" ]]; then
-    echo "Cannot find tweetnacl.patch. Please make sure it exists in the root directory."
-	echo "It can be created with 'diff -u tweetnacl.c tweetnacl.cpp > tweetnacl.patch'"
-	[[ "$0" = "$BASH_SOURCE" ]] && exit 0 || return 0
-fi
-
-# Normalize line endings
-dos2unix tweetnacl.h tweetnacl.cpp tweetnacl.patch
-
-# Apply patch
-patch --unified --binary -p0 < tweetnacl.patch
-mv tweetnacl.c tweetnacl.cpp
-
-# Place things where they belong in source control
-cp tweetnacl.sh TestScripts/
-cp tweetnacl.patch TestScripts/
-
-# Fix whitespace
-sed -e 's/[[:space:]]*$//' tweetnacl.h > tweetnacl.h.fixed
-mv tweetnacl.h.fixed tweetnacl.h
-sed -e 's/[[:space:]]*$//' tweetnacl.cpp > tweetnacl.cpp.fixed
-mv tweetnacl.cpp.fixed tweetnacl.cpp
-
-# Convert to MS DOS for source control
-unix2dos tweetnacl.h tweetnacl.cpp
diff -Nru libcrypto++-8.4.0/TestVectors/all.txt libcrypto++-8.6.0/TestVectors/all.txt
--- libcrypto++-8.4.0/TestVectors/all.txt	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestVectors/all.txt	2021-09-24 11:48:47.000000000 +0000
@@ -27,6 +27,8 @@
 Test: TestVectors/kalyna.txt
 Test: TestVectors/keccak.txt
 Test: TestVectors/lea.txt
+Test: TestVectors/lsh256.txt
+Test: TestVectors/lsh512.txt
 Test: TestVectors/mars.txt
 Test: TestVectors/nr.txt
 Test: TestVectors/panama.txt
@@ -61,4 +63,3 @@
 Test: TestVectors/wake.txt
 Test: TestVectors/whrlpool.txt
 Test: TestVectors/xts.txt
-
diff -Nru libcrypto++-8.4.0/TestVectors/hight.txt libcrypto++-8.6.0/TestVectors/hight.txt
--- libcrypto++-8.4.0/TestVectors/hight.txt	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/TestVectors/hight.txt	2021-09-24 11:48:47.000000000 +0000
@@ -1,107 +1,522 @@
 AlgorithmType: SymmetricCipher
 Name: HIGHT/ECB
-#
 Source: HIGHT reference zip file, file KISA_HIGHT_ECB.c
+#
 Comment: HIGHT/ECB, 128-bit key
 Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
 Plaintext: D7 6D 0D 18 32 7E C5 62
 Ciphertext: E4 BC 2E 31 22 77 E4 DD
 Test: Encrypt
 #
-Source: HIGHT reference implementation
 Comment: HIGHT/ECB, 128-bit key
 Key: 29 23 BE 84 E1 6C D6 AE 52 90 49 F1 F1 BB E9 EB
 Plaintext: B3 A6 DB 3C 87 0C 3E 99
 Ciphertext: 23 CA D1 A3 CD DF 7E AB
 Test: Encrypt
 #
-Source: HIGHT reference implementation
 Comment: HIGHT/ECB, 128-bit key
 Key: 24 5E 0D 1C 06 B7 47 DE B3 12 4D C8 43 BB 8B A6
 Plaintext: 1F 03 5A 7D 09 38 25 1F
 Ciphertext: 52 BD 91 BB 26 F8 ED 99
 Test: Encrypt
 #
-Source: HIGHT reference implementation
 Comment: HIGHT/ECB, 128-bit key
 Key: 5D D4 CB FC 96 F5 45 3B 13 0D 89 0A 1C DB AE 32
 Plaintext: 20 9A 50 EE 40 78 36 FD
 Ciphertext: 95 02 B4 6D 87 B4 41 67
 Test: Encrypt
 #
-Source: HIGHT reference implementation
 Comment: HIGHT/ECB, 128-bit key
 Key: 12 49 32 F6 9E 7D 49 DC AD 4F 14 F2 44 40 66 D0
 Plaintext: 6B C4 30 B7 32 3B A1 22
 Ciphertext: 20 CB CF 41 65 24 E5 A6
 Test: Encrypt
 #
-Source: HIGHT reference implementation
 Comment: HIGHT/ECB, 128-bit key
 Key: F6 22 91 9D E1 8B 1F DA B0 CA 99 02 B9 72 9D 49
 Plaintext: 2C 80 7E C5 99 D5 E9 80
 Ciphertext: F3 1C 89 E6 6C 4F 5A 6F
 Test: Encrypt
 #
-Source: HIGHT reference implementation
 Comment: HIGHT/ECB, 128-bit key
 Key: B2 EA C9 CC 53 BF 67 D6 BF 14 D6 7E 2D DC 8E 66
 Plaintext: 83 EF 57 49 61 FF 69 8F
 Ciphertext: 39 21 C8 3B FE 5E 59 6E
 Test: Encrypt
 #
-Source: HIGHT reference implementation
 Comment: HIGHT/ECB, 128-bit key
 Key: 61 CD D1 1E 9D 9C 16 72 72 E6 1D F0 84 4F 4A 77
 Plaintext: 02 D7 E8 39 2C 53 CB C9
 Ciphertext: 98 2F D7 56 17 44 97 BF
 Test: Encrypt
 #
-Source: HIGHT reference implementation
 Comment: HIGHT/ECB, 128-bit key
 Key: 12 1E 33 74 9E 0C F4 D5 D4 9F D4 A4 59 7E 35 CF
 Plaintext: 32 22 F4 CC CF D3 90 2D
 Ciphertext: BB 80 F5 0B 35 11 5B A8
 Test: Encrypt
 #
-Source: HIGHT reference implementation
 Comment: HIGHT/ECB, 128-bit key
 Key: 5D D4 CB FC 96 F5 45 3B 13 0D 89 0A 1C DB AE 32
 Plaintext  : 20 9A 50 EE 40 78 36 FD
 Ciphertext : 95 02 B4 6D 87 B4 41 67
 Test: Encrypt
 #
-Source: HIGHT reference implementation
 Comment: HIGHT/ECB, 128-bit key
 Key: 12 49 32 F6 9E 7D 49 DC AD 4F 14 F2 44 40 66 D0
 Plaintext  : 6B C4 30 B7 32 3B A1 22
 Ciphertext : 20 CB CF 41 65 24 E5 A6
 Test: Encrypt
 #
-Source: HIGHT reference implementation
 Comment: HIGHT/ECB, 128-bit key
 Key: F6 22 91 9D E1 8B 1F DA B0 CA 99 02 B9 72 9D 49
 Plaintext  : 2C 80 7E C5 99 D5 E9 80
 Ciphertext : F3 1C 89 E6 6C 4F 5A 6F
 Test: Encrypt
 #
-Source: HIGHT reference implementation
 Comment: HIGHT/ECB, 128-bit key
 Key: B2 EA C9 CC 53 BF 67 D6 BF 14 D6 7E 2D DC 8E 66
 Plaintext  : 83 EF 57 49 61 FF 69 8F
 Ciphertext : 39 21 C8 3B FE 5E 59 6E
 Test: Encrypt
 #
-Source: HIGHT reference implementation
 Comment: HIGHT/ECB, 128-bit key
 Key: 61 CD D1 1E 9D 9C 16 72 72 E6 1D F0 84 4F 4A 77
 Plaintext  : 02 D7 E8 39 2C 53 CB C9
 Ciphertext : 98 2F D7 56 17 44 97 BF
 Test: Encrypt
 #
-Source: HIGHT reference implementation
 Comment: HIGHT/ECB, 128-bit key
 Key: 12 1E 33 74 9E 0C F4 D5 D4 9F D4 A4 59 7E 35 CF
 Plaintext  : 32 22 F4 CC CF D3 90 2D
 Ciphertext : BB 80 F5 0B 35 11 5B A8
 Test: Encrypt
+
+AlgorithmType: SymmetricCipher
+Name: HIGHT/CBC
+Source: HIGHT reference zip file, file KISA_HIGHT_CBC.c
+#
+Comment: HIGHT/CBC, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 26 8D 66 A7 35 A8 1A 81
+Plaintext: 00 01 02 03 04 05 06 07
+Ciphertext: CE 15 95 08 5A 18 8C 28
+Test: Encrypt
+#
+Comment: HIGHT/CBC, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 26 8D 66 A7 35 A8 1A 81
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
+Ciphertext: CE 15 95 08 5A 18 8C 28 C1 8D 77 08 D9 C1 25 86
+Test: Encrypt
+#
+Comment: HIGHT/CBC, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 26 8D 66 A7 35 A8 1A 81
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07
+Ciphertext: CE 15 95 08 5A 18 8C 28 C1 8D 77 08 D9 C1 25 86 4B 3D AF 2B F2 0D 52 47
+Test: Encrypt
+#
+Comment: HIGHT/CBC, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 26 8D 66 A7 35 A8 1A 81
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
+Ciphertext: CE 15 95 08 5A 18 8C 28 C1 8D 77 08 D9 C1 25 86 4B 3D AF 2B F2 0D 52 47 63 4A 00 01 2F A0 E9 F0
+Test: Encrypt
+#
+Comment: HIGHT/CBC, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 26 8D 66 A7 35 A8 1A 81
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07
+Ciphertext: CE 15 95 08 5A 18 8C 28 C1 8D 77 08 D9 C1 25 86 4B 3D AF 2B F2 0D 52 47 63 4A 00 01 2F A0 E9 F0 44 9D E2 BC C1 68 51 6C
+Test: Encrypt
+#
+Comment: HIGHT/CBC, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 26 8D 66 A7 35 A8 1A 81
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
+Ciphertext: CE 15 95 08 5A 18 8C 28 C1 8D 77 08 D9 C1 25 86 4B 3D AF 2B F2 0D 52 47 63 4A 00 01 2F A0 E9 F0 44 9D E2 BC C1 68 51 6C 0E 27 45 AC 37 C1 A6 74
+Test: Encrypt
+#
+Comment: HIGHT/CBC, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 26 8D 66 A7 35 A8 1A 81
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07
+Ciphertext: CE 15 95 08 5A 18 8C 28 C1 8D 77 08 D9 C1 25 86 4B 3D AF 2B F2 0D 52 47 63 4A 00 01 2F A0 E9 F0 44 9D E2 BC C1 68 51 6C 0E 27 45 AC 37 C1 A6 74 3A 1E A5 1E B4 07 D1 4E
+Test: Encrypt
+#
+Comment: HIGHT/CBC, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 26 8D 66 A7 35 A8 1A 81
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
+Ciphertext: CE 15 95 08 5A 18 8C 28 C1 8D 77 08 D9 C1 25 86 4B 3D AF 2B F2 0D 52 47 63 4A 00 01 2F A0 E9 F0 44 9D E2 BC C1 68 51 6C 0E 27 45 AC 37 C1 A6 74 3A 1E A5 1E B4 07 D1 4E C8 C4 B4 35 CA 05 CC 62
+Test: Encrypt
+
+AlgorithmType: SymmetricCipher
+Name: HIGHT/CTR
+Source: HIGHT reference zip file, file KISA_HIGHT_CTR.c
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00
+Ciphertext: B3
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01
+Ciphertext: B3 D1
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02
+Ciphertext: B3 D1 FF
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03
+Ciphertext: B3 D1 FF FC
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04
+Ciphertext: B3 D1 FF FC C2
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05
+Ciphertext: B3 D1 FF FC C2 A1
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06
+Ciphertext: B3 D1 FF FC C2 A1 9B
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07
+Ciphertext: B3 D1 FF FC C2 A1 9B C0
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF 09
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF 09 B6
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF 09 B6 A1 9C
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF 09 B6 A1 9C
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF 09 B6 A1 9C A3
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF 09 B6 A1 9C A3 D7
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF 09 B6 A1 9C A3 D7 6A 45 3B F7 0B 0B
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF 09 B6 A1 9C A3 D7 6A 45 3B F7 0B 0B 6C
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF 09 B6 A1 9C A3 D7 6A 45 3B F7 0B 0B 6C 78
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF 09 B6 A1 9C A3 D7 6A 45 3B F7 0B 0B 6C 78 4E 51 B7 68 D3 1C
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF 09 B6 A1 9C A3 D7 6A 45 3B F7 0B 0B 6C 78 4E 51 B7 68 D3 1C EF
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF 09 B6 A1 9C A3 D7 6A 45 3B F7 0B 0B 6C 78 4E 51 B7 68 D3 1C EF B3
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF 09 B6 A1 9C A3 D7 6A 45 3B F7 0B 0B 6C 78 4E 51 B7 68 D3 1C
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF 09 B6 A1 9C A3 D7 6A 45 3B F7 0B 0B 6C 78 4E 51 B7 68 D3 1C EF
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF 09 B6 A1 9C A3 D7 6A 45 3B F7 0B 0B 6C 78 4E 51 B7 68 D3 1C EF B3
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF 09 B6 A1 9C A3 D7 6A 45 3B F7 0B 0B 6C 78 4E 51 B7 68 D3 1C EF B3 5E F7 FA 5F 07 5B
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF 09 B6 A1 9C A3 D7 6A 45 3B F7 0B 0B 6C 78 4E 51 B7 68 D3 1C EF B3 5E F7 FA 5F 07 5B 09
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF 09 B6 A1 9C A3 D7 6A 45 3B F7 0B 0B 6C 78 4E 51 B7 68 D3 1C EF B3 5E F7 FA 5F 07 5B 09 9F
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF 09 B6 A1 9C A3 D7 6A 45 3B F7 0B 0B 6C 78 4E 51 B7 68 D3 1C EF B3 5E F7 FA 5F 07 5B
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF 09 B6 A1 9C A3 D7 6A 45 3B F7 0B 0B 6C 78 4E 51 B7 68 D3 1C EF B3 5E F7 FA 5F 07 5B 09
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF 09 B6 A1 9C A3 D7 6A 45 3B F7 0B 0B 6C 78 4E 51 B7 68 D3 1C EF B3 5E F7 FA 5F 07 5B 09 9F
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF 09 B6 A1 9C A3 D7 6A 45 3B F7 0B 0B 6C 78 4E 51 B7 68 D3 1C EF B3 5E F7 FA 5F 07 5B 09 9F 60 49 1E 60 9F C2
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF 09 B6 A1 9C A3 D7 6A 45 3B F7 0B 0B 6C 78 4E 51 B7 68 D3 1C EF B3 5E F7 FA 5F 07 5B 09 9F 60 49 1E 60 9F C2 13
+Test: Encrypt
+#
+Comment: HIGHT/CTR, 128-bit key
+Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89
+IV: 00 00 00 00 00 00 00 FE
+Plaintext: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00
+Ciphertext: B3 D1 FF FC C2 A1 9B C0 13 0D C1 62 1C 58 39 98 8A D7 C5 9B 40 A2 D5 B9 57 7A DF 09 B6 A1 9C A3 D7 6A 45 3B F7 0B 0B 6C 78 4E 51 B7 68 D3 1C EF B3 5E F7 FA 5F 07 5B 09 9F 60 49 1E 60 9F C2 13 F2
+Test: Encrypt
+
diff -Nru libcrypto++-8.4.0/TestVectors/lsh256.txt libcrypto++-8.6.0/TestVectors/lsh256.txt
--- libcrypto++-8.4.0/TestVectors/lsh256.txt	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestVectors/lsh256.txt	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,1477 @@
+AlgorithmType: MessageDigest
+Name: LSH-224
+Source: gen_lsh256.cpp, https://github.com/noloader/cryptopp-test/lsh
+#
+Comment: random test vector, size 0
+Message:
+Digest: 48a0d55b 2b3d91f2 6e06f711 0fe9ce8e a0e2656b be344cb1 c5930653
+Test: Verify
+#
+Comment: random test vector, size 1
+Message: ca
+Digest: 4253e6e9 1b3c37f7 5c231d53 ca6dc846 4885250d 2058c41d 495bd08f
+Test: Verify
+#
+Comment: random test vector, size 2
+Message: 40ea
+Digest: 11302cc1 282f57a8 b107cbf1 e495e0e8 1cae7561 803c039d 60e48720
+Test: Verify
+#
+Comment: random test vector, size 3
+Message: 6a1fa9
+Digest: 0db70687 3fbe7630 318c784c d0e26dc1 af4fe0bf 3a7da316 d41b65a1
+Test: Verify
+#
+Comment: random test vector, size 4
+Message: 8f62d29f
+Digest: 81959fa3 3ebfab68 af7522d0 aa87b51d 7c15894a 538dd6b9 e78666ef
+Test: Verify
+#
+Comment: random test vector, size 5
+Message: 170ad1d9 b7
+Digest: 88b5aab4 98d67881 0cae003a 79990631 f7f7f333 1877cb8c 44865b04
+Test: Verify
+#
+Comment: random test vector, size 6
+Message: 6e7e743d b030
+Digest: fa046565 07ae869b d9249817 9030d286 26100d94 c603e8cf af8ca042
+Test: Verify
+#
+Comment: random test vector, size 7
+Message: 49ecc368 48b0ec
+Digest: 4ca618ac a3a3d547 3c33f8a4 a43bbf00 9a14e061 6015b74f 1b2488d6
+Test: Verify
+#
+Comment: random test vector, size 8
+Message: 532ca55e d3081cde
+Digest: 524c8c5b 9394c5a6 fc6fc0f6 3744a9dc a4ca2ff8 c138dab8 74655877
+Test: Verify
+#
+Comment: random test vector, size 9
+Message: 3a4c851d 64bd20ac d1
+Digest: 0e4e6359 647ba278 5d5aa6f0 f65f5428 72461bfe 78ca1f49 97b0e836
+Test: Verify
+#
+Comment: random test vector, size 10
+Message: 5b1b759c b33b649b adae
+Digest: 02a599d1 3643c3a2 0eb291bc 4202ce01 2a3091dc 373c1aca e237dc45
+Test: Verify
+#
+Comment: random test vector, size 11
+Message: 6525db5c 8727ce71 2a909a
+Digest: a11d3212 b189c6b2 5e19c26f ef194163 8b6e0bc0 711b14cc 824bf05c
+Test: Verify
+#
+Comment: random test vector, size 12
+Message: 822f5def 435e3541 bfe4e0a8
+Digest: ab4e4b13 dfbf29d6 31e64408 78edc70e 15f6d049 b39929f0 569cd315
+Test: Verify
+#
+Comment: random test vector, size 13
+Message: 56e21d61 95cb8930 a9348043 2f
+Digest: a7e25e2a 80a9194d 01061364 70ae1bf6 0da048ee 8ca81053 69e37de7
+Test: Verify
+#
+Comment: random test vector, size 14
+Message: d1fa9fc9 8b29b631 b17da415 1718
+Digest: 60a7499a 76a210e9 e6cd89c3 1c25cbfe 43e5e947 055202eb 0512fc17
+Test: Verify
+#
+Comment: random test vector, size 15
+Message: 31b17b9c 8a765e70 045aac15 b345b9
+Digest: 324acb4d 58885b25 cf7a9afb 2a6309cb 040a4a92 94e91135 e7f393f8
+Test: Verify
+#
+Comment: random test vector, size 16
+Message: b131c348 3dcb2662 a7948f3a b8eae1ed
+Digest: 185cabed 9648e13b b02eaf86 80586d79 d9167e32 bdd6c022 8f5e9610
+Test: Verify
+#
+Comment: random test vector, size 17
+Message: a98e60b3 8502337e 3dc8c013 e142b28d cd
+Digest: d37cc34f b4a86b6f f411e080 93dc4527 f98ad4e4 f6437d2b b5654052
+Test: Verify
+#
+Comment: random test vector, size 18
+Message: f94469a3 f025f3b4 b5a72923 8e9093ad ab09
+Digest: 40a1e6b9 a7fea159 e44683cf e7ef0aca 9e8dfbe4 fda14df9 6ffe2662
+Test: Verify
+#
+Comment: random test vector, size 19
+Message: 843d549f 0289b498 06cc179b 214380c9 4fc20d
+Digest: 43477d21 90ba8995 7c9f70af 1a0dcea3 90fdb6af 8e1d0aba e9570dc7
+Test: Verify
+#
+Comment: random test vector, size 20
+Message: 83008916 a75f71c6 95e68672 224d0446 0d0aa5ca
+Digest: 1950c32b 676ac0ed d7f840e6 d7088a67 7260ff7f 754c322e 476a691d
+Test: Verify
+#
+Comment: random test vector, size 21
+Message: cf330f56 b6af9e89 34d706c9 9f5a8be7 26775993 f3
+Digest: e6d7d222 59549e2a af1c02cc 7a87f13c 615434f2 8e6ca88c 0e9508a1
+Test: Verify
+#
+Comment: random test vector, size 22
+Message: 8147b91a 587e201e 558d89ab 8ec4b137 4ee58859 0d4c
+Digest: e437ff6b 41061480 506ff407 90665ae6 b97c04e2 6c784f93 2b66d94c
+Test: Verify
+#
+Comment: random test vector, size 23
+Message: 20333501 592ad52b d16f253f 4b86cfca db451dfa cde47d
+Digest: 59937870 6607aa5f eb8afac1 36cdcf7f a5a8fd13 dcadcedc 60e6a6e7
+Test: Verify
+#
+Comment: random test vector, size 24
+Message: 83435f27 57229f4f 798d641a b7826013 ab62d70f ab767305
+Digest: c00470e9 ca10de2b d49dd1c0 622a1f70 9df3170e f00bb0ea faaaff46
+Test: Verify
+#
+Comment: random test vector, size 25
+Message: b73e6a01 c441f26a 747d3f14 ca25c66e a3b76b9d 3b784375 88
+Digest: 46442280 baec72f2 ad129e10 fb16d053 6696fd5e 36c8ce75 7e16600b
+Test: Verify
+#
+Comment: random test vector, size 26
+Message: 955af124 4d21d93e 6c2183bd 1b8980be 8b5ff658 649f24be 797d
+Digest: b6e2c4a5 ff1dae21 02ece4b1 8c7335ec 4b170668 6a8a438e 9f23a79d
+Test: Verify
+#
+Comment: random test vector, size 27
+Message: f3dfeab8 c98dde65 5bef6335 19fa08eb fa593f93 d050aedc fe71a6
+Digest: dfc96cb2 62a35116 c6f5eea0 93ac672d c253f3db 2e42436c a1f9c2f6
+Test: Verify
+#
+Comment: random test vector, size 28
+Message: 5fbca5a0 9999334a 51a5315b 8d7775db 3e9c316f 36c8a384 b8e4f83c
+Digest: ea2f4dec 3f05a5a0 d028e131 43e02c95 e982f9c0 069f3b6c 91cff85d
+Test: Verify
+#
+Comment: random test vector, size 29
+Message: cc29f8a3 11d34575 eb234f2e 3d596e24 55a5bdb5 4f3c0272 14ecd380 23
+Digest: ccd630c8 3583f348 224f621b 19c4f904 35ca9f09 493a3f5e 7571d029
+Test: Verify
+#
+Comment: random test vector, size 30
+Message: 522e5d52 4d319345 a27d5ad6 efe0d9b3 e2900860 16338f3d 7d649f8b 4f3f
+Digest: 008acf7f 872d3672 0e702523 918b6aa2 ebb7ca3f 3c0dfeb1 81eacfd8
+Test: Verify
+#
+Comment: random test vector, size 31
+Message: 7d9b0489 a578fd65 ba3cfcb1 c6f2529b 84b7be12 26b0faee 77e8eb55 356663
+Digest: 81dc0f2b 2ed33b44 2b5ffab0 f2b3cce6 915ec017 b140f3cc 468eb3cc
+Test: Verify
+#
+Comment: random test vector, size 32
+Message: 916e07d3 3634c23e 5c534d1b e4aed93d f0158f41 b6b5db48 6a140765 b02fa421
+Digest: 77d2167b 38608cf8 bfbe73a3 83cc26ab ed1bde96 1368a539 ccee3a08
+Test: Verify
+#
+Comment: random test vector, size 33
+Message: 296ac5b6 fe394378 4682145a 3be4c296 d33aa4a5 17928eb4 5414e206 06784e4b 10
+Digest: eddd9a84 7655d847 0040aeae a173a31d 25f32ace 687317b0 3284216a
+Test: Verify
+#
+Comment: random test vector, size 34
+Message: b472acc7 267582ef 7d66ed13 06d3b7f9 8d50ed82 c32ef4e3 ac9ada35 edf0e129 4fe4
+Digest: 6434e5f5 0acc7abe 3052b9b9 5fb8a402 ac2eedbb 6d03eda6 36a31c92
+Test: Verify
+#
+Comment: random test vector, size 35
+Message: 1d8de0f7 6c5eb6c1 1b50b7fd 10f69670 ff9db1fe 83a624ce a2e02025 493d28e4 26f44f
+Digest: ae0538de 7ca06a11 5c44c56c cfe43687 93d0d100 f94b7da6 ac84a4e7
+Test: Verify
+#
+Comment: random test vector, size 36
+Message: df388c7c 5d0c8663 acb08cf9 7e8bce9f c8e54603 c8a432f7 2da88c46 7b239622 857a3e52
+Digest: dddbcca7 c8d4648a 019faf06 2c4a7bca 984a24cf eac25d97 d8f8ada7
+Test: Verify
+#
+Comment: random test vector, size 37
+Message: 2e86a1be 0ac37f7b 8ab97e03 b3c012cb 7f94d24a 0d6ec04d 16d899b5 e9539750 903eb6c8 4b
+Digest: f05f755a b49644a1 8ef82396 7817e488 04e19964 6e212e6c cf96790b
+Test: Verify
+#
+Comment: random test vector, size 38
+Message: d0105013 7994c8d1 b0c228be 0d077bc8 8e9404a5 6c39e4a2 0f1d2eb3 3caa7074 dd9440a9 6b15
+Digest: fa49521d ae251791 1fe3f3f1 42848776 d3ae7e9c f06a4bd1 01869073
+Test: Verify
+#
+Comment: random test vector, size 39
+Message: 2092298b 6a23b6e1 58544a7e 32b95c74 52ed5bb7 a995ee7e 20c3d4f5 f9a5aa06 e96c3aff fb2db5
+Digest: 5d68fa4e 11799892 152d904d 207f38dd 9decef49 7197202b e98260ff
+Test: Verify
+#
+Comment: random test vector, size 40
+Message: 83f72c86 e3a571fa 592c9655 39fb39a5 c5010ce8 6073f2aa 778d8156 c3abd958 6d6c20e1 06f845d6
+Digest: 0333ac93 ecce6b95 f0e26e21 34f5e1e8 597cb484 bb70ddca a43415b3
+Test: Verify
+#
+Comment: random test vector, size 41
+Message: e41cfa5d f34d284f a5c4de2e 3631f10d 36603d6a ec1ce91a 60ead423 df436b7f a1525bb6 4a731508 3f
+Digest: 75fbd11f 6e798c28 d2c2866e d6738c49 67903b43 0271bc44 ae2c972d
+Test: Verify
+#
+Comment: random test vector, size 42
+Message: 9968af6f 6e2616b0 616d080e 5b23d115 5609f010 4890aee8 4763edcf 770e9791 d0dfa13b 491baedc 47b4
+Digest: 293ef717 c99eb32f 66269137 5ff61ebd 00b3afc8 18538642 819dfde4
+Test: Verify
+#
+Comment: random test vector, size 43
+Message: f0b24f74 1f3679b6 64193544 e40f17ce a01431d8 f7226224 bcbf9e2f baf092c2 3e5304c0 fcc50433 757e07
+Digest: d1c57fde 71118dbf e1059048 32171a78 6ed4f386 0499a552 fa30a2e7
+Test: Verify
+#
+Comment: random test vector, size 44
+Message: cb2542cd 89740f6a 80eebe5a 6de17322 2a55e622 bb801918 5330aeb8 19196d63 b83db1b0 65ceadbe 533b7de5
+Digest: b5f3ddaa fc1464b7 726525f2 cd69c921 f73e0a2c 0951de41 25da8000
+Test: Verify
+#
+Comment: random test vector, size 45
+Message: 2f41b271 46ab4898 4a1bca75 4529dc48 e8d9efc0 9af6908c 0276af12 f7fda0b9 c78a7324 7740d742 08bf8573 f5
+Digest: 9ce630ca 17345cde afe71bd4 356617a7 9f49efe1 e1422905 8a4bf8e4
+Test: Verify
+#
+Comment: random test vector, size 46
+Message: 089c29d2 aa088396 3a24705a 5217c7f9 07d4dbc3 87317e94 c157f194 6746fa3e 7a9358e4 907731c5 163ef2d3 4b81
+Digest: bf90ebeb d128948e d2503a46 04cc44d6 389f5bf4 a58b8615 8db9f72a
+Test: Verify
+#
+Comment: random test vector, size 47
+Message: cc2fd010 6c4671c4 67cd34c8 8739eb91 d0217a1e 8a0ce0d9 5b020928 3769ee60 06044089 5f70c977 37a2f826 03eb7f
+Digest: caafa372 e6e5c813 b0a472aa a64dd6f4 b1932bd6 bf746e4a 9393fce7
+Test: Verify
+#
+Comment: random test vector, size 48
+Message: 86dfbd8f 94b85188 9ecf31ad deb13092 8eda5ce4 b79cbe37 1b007466 a4ebf155 361b3d04 0b6a8711 a65fa2cd ec88d583
+Digest: c3bbe10f dcec43b2 5b933bad c6e0f5f0 ed703441 78785b1d b7eabafc
+Test: Verify
+#
+Comment: random test vector, size 49
+Message: 9776a7fd 3a693c2f 77bc1224 4a3b4e4d 3712d369 8f9adcff 699272df 24a684c2 ed4b3da2 1ce72826 0c88d056 c801249c 9f
+Digest: 848dd948 6daa15aa 387ca8a2 ff814ed1 2e287dde 238b5498 217a0b9c
+Test: Verify
+#
+Comment: random test vector, size 50
+Message: 1e497506 211153cc e7d0baad fa4e7441 443cd627 ba224d0a 0231dbd1 6217693d 541e6754 c93e9bd1 c492b734 3ecb81b7 4940
+Digest: 299cacbc b8e96bf2 d0755ddd f03bb750 fadb9e7e 18d8932f 68fd88af
+Test: Verify
+#
+Comment: random test vector, size 51
+Message: f4f06348 2d0903d4 cdfed8e0 fd89e4f8 b7e38cc5 e9b8766d 65b14f50 7c7e53a9 6dd309c7 877287a6 16970148 8d7e3651 69140a
+Digest: 93a43b09 b8239f55 7159caaf 6d9024cb ba868c18 c5a5123a 588738a1
+Test: Verify
+#
+Comment: random test vector, size 52
+Message: e9ccecb8 e6cfec1e 0aa3fdd3 d0222b94 c1541214 ac4edbcf af0d16c2 24a62c4e d50b36dc ce5a7aee 98f1cd93 cd70a7b2 ab09bb13
+Digest: a8ae179c eeff90b6 5017c22a a6a3ce64 50d9aac0 3acabee5 4dbe28bc
+Test: Verify
+#
+Comment: random test vector, size 53
+Message: f718ef48 b184daa6 88e5187d 85c52665 d37e2305 b7c5d8a6 731e17db b0e28d9c 3530fb9d d5701ad0 911c7ab8 eb2d9247 d937022c db
+Digest: 49f6568d 1b83d588 3d2c08c6 b402a3ae 66ba6120 fa9baf53 738cc592
+Test: Verify
+#
+Comment: random test vector, size 54
+Message: 37c8500d db89165d c243ed89 06e16285 4cfedb03 830b8fe9 413063b1 b96bbfe2 95da7d37 f6c5a53d a42b703c 43bb9b7e 2c3b869f fdfe
+Digest: f698692e 3955087a 9e3faac2 608838e7 97024ad5 501af452 2c57cd77
+Test: Verify
+#
+Comment: random test vector, size 55
+Message: 9a6b98d9 3cfc91a3 18025a00 428b317d 9d44ca00 8754759e a9d12ff8 2be32b94 270f4c51 e0a25210 9727a7a7 b5cf35d7 62b54e5a 03dc71
+Digest: e6361054 2bc977e2 9cc8e50b 1e0e9a8c 0a27958a f6fdb19e d88d3246
+Test: Verify
+#
+Comment: random test vector, size 56
+Message: c739ecbd 4d27c929 2d8dc7b7 5a9a8906 c3cc6dae b4e4b06d ab648df1 c09a0c73 c94b4b31 3e2f6179 10d39293 d5a509a3 98088e95 8d4a8784
+Digest: 5920c983 aa67fc88 1894c2a0 ce4d1b38 6791f7ea c86b8c5d e1a6291e
+Test: Verify
+#
+Comment: random test vector, size 57
+Message: 055627bb 44c5701f cf4071ad b5af4dc3 859419db b7e8b82d 7c8cd3ae da6b6aef 73d50aaf a1ab9f43 26f63faf a454f41c 05f55a0e 7a6a6a0e 3c
+Digest: 807dcfc3 2ebe6544 52b8c438 a87c0166 7c4529cf 143ad673 c7121b6f
+Test: Verify
+#
+Comment: random test vector, size 58
+Message: 0e42d43a eda6eeaa 7b1d96b8 18176257 fb1db009 6824f3e9 6d8321db 54e991c0 c3990d4e 0428bd64 4529a13d 56d057b6 d0e792b7 fad3bc5b 22f7
+Digest: 7f360768 696667de 4a6da208 672e46e7 411fd73b 48bec8b1 0a45dc01
+Test: Verify
+#
+Comment: random test vector, size 59
+Message: 218833f8 47ba29ee b3b671ce d2bf547a a6f65d63 972b9cac 3ae87a31 65aed53a a75aa558 410795f4 4c765e97 b2ed5da3 292f6935 4a26040b ee0879
+Digest: 5af88604 75a7880b a5eca859 30e23631 29763b69 1a725c03 a78a7020
+Test: Verify
+#
+Comment: random test vector, size 60
+Message: 88d41837 545ad481 0d1779fd 677c8e62 db675458 1dca5b76 77325c3a d9c1de43 c5fd8d6b 922bb447 baa4774b bb16e0dd 22030b66 0182d148 66d406a1
+Digest: bf869f10 932379f5 bb0e93b6 a4a807bb 45a5a599 96f54639 21985c42
+Test: Verify
+#
+Comment: random test vector, size 61
+Message: 0652c29e 7fdaa352 2391e2a4 384e0cf2 27e46d9c 9b27df66 59b61f98 bae99370 0cd32d62 b7a4c37e 4cab64b9 0c395220 19eea6a0 965a892a d2ca3cb3 bf
+Digest: 6e1ffc22 76dad85d 9af24a0d cd6d3be2 9e0d4a02 4e8c604a 1b651377
+Test: Verify
+#
+Comment: random test vector, size 62
+Message: 133ec74a 17e24e57 1307f8c8 d6eb76d9 46dd9889 e90f3222 439dedf9 22a4f5c6 2ed02bc0 b7d7400d c7f55fdc bf9edf1d f341c50e eb14ea76 4f61f6e8 d307
+Digest: d67f2eba 130de514 0f2e35c5 72d3ef49 73c85d61 24d2b884 341392c9
+Test: Verify
+#
+Comment: random test vector, size 63
+Message: 201789aa 02b6d72a fba336eb f268a7be b4ad9f8d c36739e5 cea05cd4 48a051e5 62a23897 98e8c69d 93cb6d9b 289d5779 d3f7c4ef 92976387 3c132fd4 419653
+Digest: 00874916 1f5b93f8 e484eb67 aed07375 ea3786e7 b1e33fa2 eb775cfb
+Test: Verify
+#
+Comment: random test vector, size 64
+Message: b7082a49 f71185dd c2f1a276 857ef8db 5abd3fc9 3d7c39f6 5de14764 ebfdd19d 6a9dfb8b 8a7abe7d 0502bd22 be0b9c38 1bd95aa7 e3c96920 b148f3d3 5c58bbee
+Digest: 32451b7d 1382d7a3 9953746d ee539392 d6d603d7 7a4ff364 1496e2be
+Test: Verify
+#
+Comment: random test vector, size 65
+Message: a4f3315c 74f91ccb 230cce52 cdd1468a e54f55f3 acc6e38a 1b41ff20 1e631e31 14ae989a 937cb9b0 88e9e627 7e854ea7 87223e36 e9210573 b75bd63b 6981f738 a9
+Digest: 8fefd333 77904f34 6d8ce4c7 a350e1b1 5602ed68 15ad86f3 1bdeeea5
+Test: Verify
+#
+Comment: random test vector, size 66
+Message: d9e22173 0a62b415 02c5bd28 12142c40 1828925a f9397890 f7359acf 68fe495e 455edbda 338eac27 32e13957 55990640 34510558 fba287e4 22074794 67965acf 26d9
+Digest: 2614e995 2c6bcea5 b7359499 449c1740 f4163738 2ea65dce 3fb945bf
+Test: Verify
+#
+Comment: random test vector, size 67
+Message: 9f532610 46a8c14d 001b8b32 31da1803 e7edf7b9 63389da9 4a4f4aca 62cceb76 d155e692 43b22eaa 845f4184 75654161 72c48cc0 832ac707 e21f7085 1ae9dcd7 b56429
+Digest: 0e4774e4 ad00311c 0b60ac4f 53f9af0c 6dea44c5 32882593 92c0e6d8
+Test: Verify
+#
+Comment: random test vector, size 68
+Message: 9bdb6e64 5e22f2ff b6acdb15 0a309847 9d96c60a d8d87faa ea33c185 ffe4693a 572fe942 74045eb8 4856ee57 dc0e9ade 3562ebd0 c2a752bc 4a05bd39 b7f23686 214cd437
+Digest: 84cf6518 c57b023c 7a08aea6 10f5a84b c62edda1 e3fb9323 3df15976
+Test: Verify
+#
+Comment: random test vector, size 69
+Message: 9fcc0815 d288666b 49b078bb 71a23ce4 88d396bb e6bb44c3 be689d28 35b8db02 a6ddad39 d3a6f725 714b10da d639e290 4b4a602a 1469d972 393496aa b03afee8 84c4eaa3 aa
+Digest: 857d1f09 2ad0d887 ad879cde ab810ff2 7986f56b 87d24142 a293d021
+Test: Verify
+#
+Comment: random test vector, size 70
+Message: ea252a17 abb160f6 3233a60c 1ee873af 53079172 3f000ef2 bf5c52bd e95c567f dd9dbc67 099ee0b0 1d312ea5 bb6077c7 249654bf a2552144 d016b9e3 4f30d1c6 3421a8d1 ef40
+Digest: f6ca92a0 5d418863 c27fdf8d bb4022f3 0feaa6b1 f3e47bd8 34d9fec9
+Test: Verify
+#
+Comment: random test vector, size 71
+Message: 6569b118 23ce52f6 8872c679 2e001de7 e6da8b32 21fa4b4a 2db4bace c4f028bf 6397eac5 7e99b664 7165f391 9726d8bf 206a4ed2 c84f46bc ee3bf9dc a96d2abc ec5daae0 f8013a
+Digest: 7beb938b 5054c7bb 119df8fb 069b31ac d4686ced 4dd760c7 34472c0f
+Test: Verify
+#
+Comment: random test vector, size 72
+Message: f45b35f6 055e248e c4ea1a22 c79a5637 3e4b2820 29e11e58 41effa78 b74554f9 54f979c6 89bb45e7 a84fefac b0c9eea2 7527ea8e 61f1da13 2ea67a78 b09b4110 9d663226 1437bc94
+Digest: c335e127 68ae0c98 074acb0a 8824a285 98b3a32a cf9c58eb 85d05173
+Test: Verify
+#
+Comment: random test vector, size 73
+Message: ca0d2d2a 380230ad 0760ff85 a7d26c00 7cdfee32 d7aaf933 2b25b947 aa9018f6 47fabfd8 813eadd7 16e74063 8915ba93 463e709c 629d6282 b945e4d6 ed6a30ba 810ef5a9 cd122f41 c6
+Digest: 225a7f8f 0d1213b9 4376c1dc 5bb90de8 53ecb6e3 7e2180c1 e6e12aae
+Test: Verify
+#
+Comment: random test vector, size 74
+Message: 97006aef bb0d39d3 cad4ffcb 0f2379d5 ffcce2ce fba0dd61 7cb80095 6f7afaed 6df297f7 83190eb2 b72e7376 e7fddd54 a089efd3 3f3cd868 67591982 56cd53d0 b8498bf6 24cf2519 ec1a
+Digest: ed81a9b1 60b5c425 0947168a 452e64db 4d3ce728 21334638 22736c25
+Test: Verify
+#
+Comment: random test vector, size 75
+Message: 4592de03 1c1e896c f434ede4 8d19e587 4ef7f27d e12731d0 626b9e2e 699b53cd ddbfee9c 350edc99 1d7f12f6 159afae9 f7c149f8 d2ac9667 42075641 f8d36a95 41a7ccad 25f53ac3 4d2cba
+Digest: b8df2f01 bcfe3bb2 ea7881f6 10697d82 7a2aca91 092c65dc bd5e75cc
+Test: Verify
+#
+Comment: random test vector, size 76
+Message: 33e8b0f0 7119872e a23b05f1 f6d73fe7 e8d9ff19 de95a831 8405926b b1a6caa1 5f4a1ef7 7b3d6cb4 2750f51d a9c066a6 73e2411b d6168126 de06e0ac a92e14ce b5d504ce 3b19d87a 2fdd4c6e
+Digest: 52c6b1d2 0d67b82f 61f201cb 07017a82 e311a65a 70edd1d6 0e9f94b9
+Test: Verify
+#
+Comment: random test vector, size 77
+Message: 0d2d3594 7f83d54a edb07980 da05b11b a70328b0 0c68dcb0 7243a5d7 024d244f 7f099e9b fca50e60 c0345314 7e1871ca 68c4fc5a 40750929 aeeb6c86 0c34f92d 78351e65 8b414560 4d77397c 14
+Digest: 8c3f1c79 bd68750a 1c1ca1e9 65854482 ed652148 4c8338da acd2f21a
+Test: Verify
+#
+Comment: random test vector, size 78
+Message: 1ef1c599 a8bb5189 039eae5c 7d9a8e1e 4e923efa 3ff08971 e6db94c2 15f044fc 30b0684d 12d3c920 9439dcbb 6024c7f4 c7fb308a bc8d6b09 94bcd3ac d20a4e3e 00963ff3 d33ad8be 92e4b9f5 420a
+Digest: 278f21e2 d7a8b2fb ebc11ad8 2e1c9134 c820a61e 32f25012 cf584803
+Test: Verify
+#
+Comment: random test vector, size 79
+Message: f6183760 4fb5a778 88ff88e6 184df842 49e9239d 4f0ec94e b1f9ac31 3235fb29 0bfcf51e 2985b333 6df0daa7 09673ab6 bc28df3c 5a5e982a ff246112 131c6e2a 01ad5b06 58d05771 7be31839 28b3bd
+Digest: 85e91ad2 b0f9b799 6548ee11 dc6798fe 4fd67256 90ca40a9 0ff8d9e4
+Test: Verify
+#
+Comment: random test vector, size 80
+Message: 1546a3c1 85b1fe0d 82848bd0 a0c3ce34 eecd40c2 af941494 d30315c1 9916c44d 99008f7c a170d9eb 9320d6bb df98acff 55dcaa88 5777708d 57fb8725 299617d1 c78acaba f45f40f9 0ee988bb aee5392f
+Digest: 1a10b26d 08da4c54 8116aa3e 1c199c35 533214b9 1d0c8e8c 439503ed
+Test: Verify
+#
+Comment: random test vector, size 81
+Message: 8e5dfd77 141a8116 a19e74b9 8f2964ad f27d0720 27cbfc15 919031fe c63ff432 105ef8bb 878a3d60 7e56e07b 93f4b4b4 5142fc8c 7d8b6e31 36b9476a 66b4bd01 36004b1b d4c8ee58 7c3c12ce d6ab5858 6a
+Digest: 3647e928 af697d56 f592fffe 60099f36 5c648aa5 1323e401 f0c245de
+Test: Verify
+#
+Comment: random test vector, size 82
+Message: b0e2a6a6 1b2b0c26 088d692b b0f325ab ae495f02 63a6d4ee 3e26bd7b af37c862 e320c4a5 0d27ee41 a2a56f99 fc75335d b0e29488 79a73fb4 7063d143 8b3fa70f 2828fbaa 5efa067c 30a2e01e aadefcf2 caad
+Digest: d8fb54d0 76552f70 f3fd7934 cf061f8e 20494112 aee160b7 7f740d8f
+Test: Verify
+#
+Comment: random test vector, size 83
+Message: e3699601 fa66b283 44b9161b 51038085 f15f575d e8ebb21e 8d0a6d3c 76740f22 9bb9e01c 6be99c90 cbf86b2c cdb61d04 67c285b5 83551abf 4de68a9b 55592e03 c4146480 cc5da7a5 61703237 28b49bb9 833257
+Digest: 2f0e5bbb 9160b49f db1e22ec 87d08794 b42a9ff4 db1ff2f8 76d7c96b
+Test: Verify
+#
+Comment: random test vector, size 84
+Message: 20387037 c67a9ed6 69cb476e 13cac453 05b85bbb 283dcba8 ca845809 f62a5bdc 9da61af1 6da492db 9083628c 301f172c de7f2c9c 268b53ef 6128e36e 73c96840 dae75d11 26c56ed9 bd75a1a7 13c9a350 ec59e789
+Digest: 5a966c23 1584736c d623c44e dbbf05cd 66a2ca23 37de5f50 f10e45a8
+Test: Verify
+#
+Comment: random test vector, size 85
+Message: d9a59d9b 7b71114f 270140a0 6cafed73 ebef4964 9e8c16df f0bafca7 2fbf16dc b2f65e58 d0c37078 6056c82c 51e7dede a2248aac f2e76371 8de54281 c1cdc019 bb1ae35b 21c9063a 1b58c1b7 f00ac010 28232f4a 0a
+Digest: cc51a0aa 1e6a8788 89c2ee50 aea22bfa 391fa98f 2b5cb21c d6cbaa1c
+Test: Verify
+#
+Comment: random test vector, size 86
+Message: 945b634e db12533a 3f5ef181 317e62fb e78d8e21 961aa436 37d2e44d f545e1aa 1c20e9b9 44efcb33 1913ac67 7feadb5f 6c39af09 d24b4d76 898cea28 28377f21 13771f63 82fad8dd dfb3b8ec 8cc3354e ffde9589 21ae
+Digest: 33b9d3ae 854cab83 3c18d8a6 be07c699 0e1d1441 9676965f 9d891c80
+Test: Verify
+#
+Comment: random test vector, size 87
+Message: 8ec2e176 014c8445 edf301e9 a8e72114 50ea9d4b b4caa5f6 1291b4e1 a061adaa fb888120 8e674b81 9982b7f4 c7da1d85 bc2f0f3c 011d8232 01a058af b316c871 c6272f67 346486f6 a6a2363e 0cd1de1e 20422cd1 afbfce
+Digest: e6bf0606 72b639d2 0fdf0779 c8bedc92 5f2702c9 108317b4 19cc0ab9
+Test: Verify
+#
+Comment: random test vector, size 88
+Message: f89a7201 29fb9057 1dc42cb3 0be9de06 18083199 b5a9eb66 11c70810 c620205c 2c9bc2ea 4fa9d9de b322bb22 19a2cb3b fcd881be abfe1356 292ea775 597bdffc bc3db22b c1eeb775 d9f4742d 3ef1a9cc 3163147b f255c281
+Digest: 22438311 83bc5fbf 37595f84 4ea5128d e5fc9c29 433c27e7 d897c1c2
+Test: Verify
+#
+Comment: random test vector, size 89
+Message: 3aca451d c3997599 0ba96b0b 6b0f517f 364f7876 b9d6442c 908d1804 2249520f 7fdec4f1 266e3837 7e370281 f1be35c2 ff12c86d 4e89612d 9896aa50 cab48248 1b7c9180 e28a2094 cc712a17 0363a8a5 965e70a9 1f2dbf8e 26
+Digest: 5f4e8ce1 2ef4ae7f 2340c48b d589b77c 78071e33 408eaffa 57d993be
+Test: Verify
+#
+Comment: random test vector, size 90
+Message: 6d72c373 bfc36c66 230059ea ba14825c 39a758c6 ace8aac1 a2867eaa ba9cf3cc c0f6c6ce 8603f706 f862233a 35a28158 535d0017 4963661d 4c5876c3 dfdbf6f0 875cb4b1 d467c05b 3f71544d 80043291 27e8b178 9eaa41a3 b8d4
+Digest: 8e75b17d 543d0482 ac96d5a2 a3f6205a 41df8590 9d744fa0 d6214040
+Test: Verify
+#
+Comment: random test vector, size 91
+Message: cdd59e7e 8c2a05cb 2e0a91b1 a6f4fefc cbc60c8c f3b8f898 aba4520f 46e45f0e 180aae3e 0b8f7025 6a77efd6 9ca1bacf d1de14ac d3259d51 514d3a71 f5805f5e cc0d363d 06e9fec9 904f3334 02b71147 90aea9fd 65bb55be eaf87d
+Digest: 6056d502 c4c75075 033f5e20 5b716374 82edfb3d b7063eda ef16e05a
+Test: Verify
+#
+Comment: random test vector, size 92
+Message: 8565f11b c120579c 3306357f 2066e92c e1505a87 a9c7461f dd66f63f d589ec80 7548c63f d3182363 42d4ba34 616d6cc1 bc068827 75c492f6 4404b52b 82514ac9 d37653ab 3d1bc6e1 8c05cf33 fca174fc 52f6772e 0b9858a1 f2ab6f59
+Digest: 8457f494 8a45e444 2038f28c 0b706509 11e7c225 bf50dc03 7720731f
+Test: Verify
+#
+Comment: random test vector, size 93
+Message: 7b2679a1 94b85029 e73d7111 ca43874b cb11c55b 6ed5cfc6 17eee7e6 fdd75b38 ba002e46 7b8cdac0 bfb886c1 f18f8316 53926a3d 54dda035 05eddd05 286cc043 56edb1f6 cc268204 ccc9d191 6d6aeb72 6ba99e7d b9f5386b 7c485c64 d2
+Digest: 5a6c3540 43280501 25be968b a789545e b8175137 fc97d2e6 1b2c9c5b
+Test: Verify
+#
+Comment: random test vector, size 94
+Message: bac66dc6 3227373b 3d7e92f1 bef74f23 fc0677cf cf1d22cc 4a363370 57b8aa6f 4d0cf58c afe2edaf 865a39f2 1c58720b e48af263 de8ae648 b1d12ebe 20c9276d ad11301f a2d8b1ac 4705e9f9 b9f3c0ed 5d3dcd47 70416fd7 d34dee63 dcc1
+Digest: f6c42068 b2c19154 01af0990 56dff61f 996edeb1 d6e6a5bf 1a007dcd
+Test: Verify
+#
+Comment: random test vector, size 95
+Message: 3b83bcb9 59c6f8b8 d0fd5c0b f69db400 102d4039 a0b678f9 315bb1df 89a81ba8 bf13405f b203adf4 4abdd16a ad3073e8 5f86dc9c 1b0a9d18 62e8d49d d7766592 e4956a5e 8f881277 1eedb9ec 3366f1bb 62b5134a ad265f2d 2e2a3699 910461
+Digest: 2b5b1a8f 6d47adae 86096fb2 fb569950 dc5e8566 e09e32c0 e1944616
+Test: Verify
+#
+Comment: random test vector, size 96
+Message: e31389f5 abc45e94 91bb38c9 6ab4847a 81a427f6 cff08700 53e04aab d7daf91c 07736b9a b79054bb 336b506f c5272bbb 4e2736bf dec0039f a3b7c943 8046e360 30054f64 20add5fd fab74a70 2eb9e584 8bdba1d3 a8c11674 9e809afc 68ef6e88
+Digest: 6598770e ca79e298 78316fcf 1f5171e5 7e24da59 bce5fe06 4463aa5d
+Test: Verify
+#
+Comment: random test vector, size 97
+Message: d7c57e51 d646bb6e 7a8e12d4 9002d7f0 6a1e0873 a8d0edc1 3437fe5a 4359d6cc 0084d996 f68eb198 6624faa0 818a5b09 07886c11 a9f8c405 d51c203f c1b1c9d3 f1396caf e79ca406 47e070c0 73d931b5 b3b306f6 f13ae486 7b66e33f bee98743 68
+Digest: c839177e f4070ca8 86f81ece ff76ba64 f5a6109f ea174970 272275f5
+Test: Verify
+#
+Comment: random test vector, size 98
+Message: 2dbe10af cd911b0b 6c395f1b 640e24ec f5754af3 21f512e9 bd0ba1ac 6c491e20 dda0d9eb a28ec10b 63e87066 b715ec9b 4ba2e83c ae9dd945 3ec702cc 2c002156 43f86350 679907c8 9f3b9564 054e4a53 375d1496 2caa7204 8e0fed10 a1177689 b7aa
+Digest: 0c535535 7084f8f7 794556fc 9422364a d7a16e31 71a3d3de 2631f238
+Test: Verify
+#
+Comment: random test vector, size 99
+Message: e4f62853 e996600f ce3e035c 25a9100b 113e13c2 c081a18a 2f318e26 a16d51e1 539756ce 723fc333 41d43ddd 1dab2d3a 2489cac8 e7b1c9d1 fb1552c3 7611260b f7e7a256 a68431f8 124d62a7 af07b34e 6a448f75 85543337 673dd7f7 ce921319 c9ace8
+Digest: 6849a150 99578f35 b2a5fe1e da4875ef 64a6bcad 8cef96ce b2aa7252
+Test: Verify
+#
+Comment: random test vector, size 100
+Message: 67e35470 d4ee4059 8a55d778 036afaea 1d28c4e5 a3de088b 44cecf72 a2455dc8 dd73788b 458e8021 4eea7c22 c7364a5c f29c6142 83dcda9f d75a1bbd c00199d1 42a3ae48 85676b1e 124541d9 0c6b8259 8d1cfb63 1a79924b fc0a511e df737a3b 5512c3a9
+Digest: 4946de9b d3a10d66 f62606db 1df5a157 7debbc6d f2d8be5d 3d502084
+Test: Verify
+#
+Comment: random test vector, size 101
+Message: 69b0ebbb 2e99a8dd 6bd8e8bd 2055bae9 5fda79c7 68daf137 9b0ac15a 91cb635a 3adc6d60 7a9ede8f c787d31b d0c734dd d5bc6291 4461cc76 c0306c3c 1cf4b52b 1ec1ab8d 5fc76d83 09c0732a 67ae2a6f 0ab9cd14 d5854cd0 9a55a2bb b7421ee7 1655523a 4c
+Digest: 4557dea5 c3912c6e 58e184cd d9556749 41fefb66 a211b696 41139352
+Test: Verify
+#
+Comment: random test vector, size 102
+Message: ec7a4e95 527fc66e dbc22bf9 d9918691 286bf2b7 7a04ef0a 514cab80 60338a78 860828ae 611a4e61 3bc5c694 bca22a91 064b6d52 5fa5d14c 1a9a1058 7dc7a21f 8e02580e c219757a b08d0966 35ba1595 f11bd4fc 315f287c c3ce9d8c ebaa0626 48eddb54 d8cc
+Digest: ff519d1b d659ff71 7d228050 578d4a06 e7ba1771 4ac99321 70f8f6eb
+Test: Verify
+#
+Comment: random test vector, size 103
+Message: 136f5ac6 6b76d139 659d2720 119b356e 772e843d 897aacd0 886ed36b ec6bc235 a8079385 d6ef2cfa b32362db a9d71bd2 f22fb7c3 244ca567 60aca90b 29d11bc1 c4175e4e d861e668 43de0409 a9fbd7b9 a769f51f fadd4574 6852d7f5 6e80f058 17da7384 152703
+Digest: fd78bd93 75a8bec3 1a86f8da 97a5e08f 3e58793b 7c833b6a 8ebe056f
+Test: Verify
+#
+Comment: random test vector, size 104
+Message: ca714a76 55ea4fa5 f95045a6 a3794fa0 b0f60c68 f340409f f1f65072 ac424aab a144efac 41594d53 b7ed7375 1bdd51c5 839ac09d 0f447407 23894ba2 e32601cf f6f41867 7bc89534 193032c3 172f9193 3576b715 efe52c00 5d55ea6b 33fd62b2 efaf3609 b2cc22df
+Digest: f9af5ba8 9ad3280e 8bfac458 67e957fe 3245e39b 7a49d787 64d7c2cb
+Test: Verify
+#
+Comment: random test vector, size 105
+Message: 3a4df688 3885afb1 d6306687 596871f0 36bf2559 b9c0f8aa fdd2f708 ccf47e1c 016246b7 f526ba01 2e4365ef a023c026 72128b53 8956072d 59172b5a aee952aa 490fafec ee360384 38f099bd 38ab8f19 3d4e2a6d f99d4c2e 05477d15 56d2617e f27244cf c1c85d17 5c
+Digest: 77d27ff1 18d22056 8c5074fb 12a2852e 5b5ee940 c9023250 8fcf90b7
+Test: Verify
+#
+Comment: random test vector, size 106
+Message: 2ad07fbc 66fd7633 c54013b0 d0aa099e b732fa9f c97f31df 656d5e84 69ab2224 cc4cea24 aa0faab1 61f8161a cdfcb03d d49ac578 04b08473 8a8b676d 8dc5e410 38f88d72 61b1e02b 53741491 8b49eb63 871515b0 24a59a75 1ec21af4 7b54f596 9455e32a fbcd149f 133f
+Digest: 0b75b28c e26898fe 036c4f5b 0cb4e4cb 143ca137 57ae2897 d5ab8b7b
+Test: Verify
+#
+Comment: random test vector, size 107
+Message: 8bd0610c ed529c51 886f1e4e 88af4b0b ba0df746 874f5668 1332fd24 c2811eed f9fd54ff 5eca709e c6bab9b9 b31f60d0 088ebcc3 94559db5 237b93ce 4435a945 fadccb9d e1a5673a 78a7d515 f5093dc9 c63a1241 278c8665 dc49ee3d 6536c9ab a17efef6 68d0e353 822776
+Digest: ee2c6ff4 2fe7cbf9 9e01fbeb e126f3a3 5da87623 9de63f08 e0b3484f
+Test: Verify
+#
+Comment: random test vector, size 108
+Message: 795967be 83c65b47 d274b0ee 39ec7c32 0952ed4c 647fa63e e67e3dee 55fe8152 fad13183 9f87dff1 dd3e7789 d508bacb e1108240 301ffc14 cf89e1eb 79c9c336 334dd4cc 2ea4875a 1fa72515 5563b48e 2305b917 1ce4f098 fa856d9b 86de36ca df83f6de 0b53275d 47e2a57e
+Digest: 296ba65c fcd70c55 7dd5682c 403ddd45 f08d2392 0a5fa01d b69d73cc
+Test: Verify
+#
+Comment: random test vector, size 109
+Message: 9f6e1bcd 108e8a51 64c9d5dc de6fb120 49b678c8 2c3abe61 bb7d2193 e93a4098 be528dbe af617c36 0cb91b4c c5033bfe f9c3abfb 34acfe97 e89d0951 a7582de7 20992929 3cf9acf2 76512281 8c984384 b200e756 c52494f6 9959530e 4526b39b bca5bb4e ff4c623b 43717978 44
+Digest: dd9d38b6 c60a365c cc1bc10c 9384790f c1b770c8 f7989678 c00ac275
+Test: Verify
+#
+Comment: random test vector, size 110
+Message: fe25a02b e0f1ff36 a8eb7919 2a5c9f9f c5c8e201 914113fb d67f97df 51a9d385 ab874f39 7207c9eb a02ec216 6c6550a9 ab4c53d9 69a15ba9 5a04bf03 df702ca1 9317985c 32c60b71 db97c0ec 946663b2 b187c232 62f73f4a f126f093 bfe99492 9d1afd9c 4f46a599 d20ad114 bc10
+Digest: f6ccf240 ea20a4e1 68f6137e b27c0dac f8c1732e b99085b0 c29848e8
+Test: Verify
+#
+Comment: random test vector, size 111
+Message: 78dba6d1 14c2ed1f 9e4177dc 03d36787 ff9c4ede 27632275 c3338edd 1f139b0d feea9a4d fe62cb7b 216c4aa3 54f961a4 959c85ef ddea1753 7a158799 10b7a876 df48aeb0 318dec31 e95d5ab2 fe1b0a79 c298f41d 78568b3d aaede7b6 942dc025 567694d6 9108765a 57dfc8b0 16d61f
+Digest: 86dbc035 6b26fabf 86a9dca0 396f9e22 9d210129 44c6da72 cf3f6410
+Test: Verify
+#
+Comment: random test vector, size 112
+Message: 8f3ff998 6e2c6816 bb5380d6 06217372 42f1496b d5fb052c 9d2ba5bc 91477db0 4c5c1b81 a56c6974 2c58e4c6 f86caac2 a08a3148 caa3c4af b84b01dc 533e6697 15bb5f57 fdebea7c 01715044 44eb7daa 70cb34ec 3732448d 34355bec 77ce7574 3696e6b5 a5504c94 3353ed00 d8cd0bb2
+Digest: 1978a64d 2d1da65c 0700897c 6da596b1 0a317511 a89d2637 376563fe
+Test: Verify
+#
+Comment: random test vector, size 113
+Message: 74ccdce9 64b6305e c554c406 39caae30 ec80a903 6a09ca94 58690e3e 5966c975 9051ec13 692fc061 33c4146d a343d90b b09ae3dd 6f16274b 95040ef0 6092a713 1a39693b e83ecb33 61cfc56e b6e2b776 b57c9a53 85a9f62b 27785e18 15c80907 0ed193a6 015ee11e 4598b18e 4c8cb728 3c
+Digest: 8065f31b bf110499 8a42bcef de6cd542 555cb8bc 9788c0c8 85f4511c
+Test: Verify
+#
+Comment: random test vector, size 114
+Message: 3ba16864 8c0d342a 66285cc7 0a2481c7 732f54bc 595e516f 2ce6e8af 7b1d9865 b68e47bd 16396e67 b4ec0d2f 71c492bc 64c6b9ff 73f0167c 4d298a75 f3bfb0f3 7196f7eb 71c52209 108756c2 8be313a1 fe96a362 bdd012d3 fcca4bc3 7e7aa7b6 4eddcefa 0fcfdd9f 5b98b0b2 91901763 18aa
+Digest: f523d227 69f656fb 4bf8b670 72360528 f9406f78 42b33832 54fe433f
+Test: Verify
+#
+Comment: random test vector, size 115
+Message: dbd15392 151ce855 dcc047dc 3ffe811b 125a75cf ada30667 fb5e7bd2 1ff3a243 f3713c72 54a21f8d 3e280b26 69c05c2a 885ddf6a 10e0d07e 1e97c300 49ae6c9e de48b0b1 df457bbe 519cfbf6 faa648e7 a61782ec 7deaaa2c bdd1da95 60d9d8c0 93782f7f a10f948d 0f2457c1 61ab0b10 618164
+Digest: 736e9ffc e5c2765e e4ef606e 03d86096 96d7f39b 2b81a4d7 b1e10bd2
+Test: Verify
+#
+Comment: random test vector, size 116
+Message: 11f864ca 23334558 c70e7e9b 8210740e feb5ab7c 0c123898 73dfeeeb 4f0c330a a2a81ac2 7e41d792 7398ef7d 07a9d70d 5f2dd18d 0b8f7c0d 4b268841 f2876a16 ea17f6c1 d9eb7a8c fdae748d b4599dd7 6b7a2eb9 ea968bf2 04f1caf7 bbb1aa8d cdea36d0 770ae657 7fdd02be ce0e1722 92ff8bb8
+Digest: c5a1db85 c2b13fe2 03d65292 cd84c540 29c9e555 beab79f3 95982775
+Test: Verify
+#
+Comment: random test vector, size 117
+Message: 257c5201 0e7e2bbb f676772e 19f25778 45a94204 9a89798b 9b489957 f47d9ad1 fa3f24a7 5a5d8eaf f22cb897 18d7dd3e bad44b10 68a73d80 739ccfb9 396f4bda f3455304 c8e22c4a 511ae7ed 6c30a610 8ca4fd24 a382fbc2 c3341ef5 62b8c445 62e3c4c9 ef6c9ca0 8f07063f d558321c 067444d6 f1
+Digest: 643441c6 ee211432 526c80a6 b8255de1 c10a6733 d8189d61 579202d7
+Test: Verify
+#
+Comment: random test vector, size 118
+Message: 0ee54994 6c97d516 546818d3 14e5125c eb53456c 5a030872 270910a7 1f5fb591 346973d7 ee6d4b06 70d292d6 0e7ade25 bbf70a77 708b168b a8374d75 ab92a3b3 83a2b63e e1928cad 15351cf0 201e026a 3c8a3d3c 15377979 c0f67a34 ae7192c3 504a491d 61923680 7a473503 4e41aa46 c34c9559 c479
+Digest: b29b5363 b3c7d73e 0059c136 4c5a0534 1bc101e0 206eb57e 8c235d19
+Test: Verify
+#
+Comment: random test vector, size 119
+Message: 3741f880 938d201a 8cd71edd 91ecc26b 2a77d2f9 60cf2a10 2cf7ebbd 23104e5c 1a73c2b4 ee42dad0 f5f79390 433becbb e7e462e5 dd2c6072 7fafe85e 82c92058 df2127f1 fcbda5bf dbbae601 76820db1 6535abe3 f101516f b2bc0086 f6c3c9ab cb801881 94cfe1df 234de6c4 af091892 64073a79 404c50
+Digest: a9642ce0 dae7a00b a84da359 69409399 5b814159 ee8cbf96 54db9d2c
+Test: Verify
+#
+Comment: random test vector, size 120
+Message: 0e12d2ec 89e4bc40 078ba7b6 b72ab6de 10e91bf9 3893540c 5a211437 fbadd82c 96085430 b83a37e2 86bbd3e3 9a78d2ba 2b90508e 660f0061 f8414ff7 885197f4 a8beb6b4 e827153b 92f3d3a5 9704b711 5634dc5f d43a2948 025c04e8 07a5ee17 4f22b989 c0aeb947 b9b7487d a2b1dcb0 a9fa0e85 747a15c0
+Digest: fb230ceb b15a1709 2cfe3a53 46cef9cb f66cd665 00f10f81 ff589004
+Test: Verify
+#
+Comment: random test vector, size 121
+Message: a8bd268b 3fa74381 4c109be3 5791fba7 0f947fc3 15b9c8d5 b26de3af 31184170 d3b36b22 12a1ef76 6b934af2 c995c631 403ad23f 4d8da6f0 ddfdbc1e 37c1f201 631389dd 2b750c9f a14c36aa 5c1ec551 55e11e26 4e2b3156 35afa643 10e31266 c6a42c66 69887227 0764c053 02c8c7aa 8dbc8c81 50552463 be
+Digest: 7a9c32ac af11051a b4915cff 96a8aa19 1b1f2301 aa2d4d91 47507fd5
+Test: Verify
+#
+Comment: random test vector, size 122
+Message: 103177a7 382c61a2 cafc3121 2cd5fd69 dbdccddd 5b70f530 26bb739a 89aeb92b bc1a1917 f633b32f 7cde4d38 71e4be07 46148115 b3ab548a 7700256a 4f12b370 0e167a7b 00b72e2f 39a7cda4 cb55e01b 3790d05c b45436b4 ac431038 a28655f6 fab680dd 08e41693 cc37adfa 7d01d089 715ed744 2a94f633 3faf
+Digest: 15ecffb9 3115aca1 ca657c54 6b828ab2 2b976912 bef1f044 61cc04bf
+Test: Verify
+#
+Comment: random test vector, size 123
+Message: 702e6290 4c26ba59 1dd64c5d 64bfbfe2 3cdb4841 ee9fe550 cb5c041f 7aa34e28 63317325 709fc9eb d607fe0a 9b1a4d1d 170a45bc 4dd9968e 37020769 54b6597e fb8403e8 1266ad08 a2665e91 f5c06d66 15c46101 5937df9b 87e96923 c9e123be 8c85d35c d19755e7 1401423e c4be5143 75c750a3 2416e8cb 320728
+Digest: d84a8900 23292a17 c7d7c696 5737f7ef 18e7a28b 0f3f1d2e 9533f2aa
+Test: Verify
+#
+Comment: random test vector, size 124
+Message: c7b2f91a c4caae1a c84c7d93 a4372244 bd33b9ba af942ae3 846fbee9 e7ebc30b 7eb6b896 165827b1 c90c7be7 ad6d73e8 4b8653a3 4547a0c7 0c04291a 1dfa8a72 f7aaacae f5fdeae2 b0ea417a 9913cd7f f10244d1 aa8c1d8d 38fd19ca 572491aa 412c6dd4 8c22c75c 492acc1c cc6a03ee e783327c c8239d8a 6edb6486
+Digest: 2c562a68 0d92ab62 bd440e52 d0aae0ce 7322fa0e d614d1ab b3ae5446
+Test: Verify
+#
+Comment: random test vector, size 125
+Message: af42e497 e5e7e1c5 87dad92a a147bc3e 325597d7 783344b6 3c8b6a06 35428371 2ae30ba5 b6f78f7d 84115a3e 72410547 12ad8a0b e8231150 5020fcfc ef0720e4 4868c152 ee30fb5e 40fcf749 6f6142d6 7043946a 2604bab1 e37f980d 2d78b338 8562f379 2d4b485d eaa58b87 46294f9d 01724963 6ca639d6 2076ed72 58
+Digest: c2969e99 b8c07a16 467320c2 ee6b730f 797be60b 78eda163 53be3904
+Test: Verify
+#
+Comment: random test vector, size 126
+Message: 7e0b4066 c2132e9f f98adb83 9e3f5a46 d5b7d854 5dd036ec f24082b2 2359e77c abfbdc9b 2a43157d 58df3e90 ea38549c 8fa80206 8763c94d 2fc0cfb5 bbdc20fe e1a4b2e8 6a060ee0 0f0674b9 af1cff94 f4413f4f 69aebd95 82920155 61b6604b a27ad1ea 914192a4 cf18db00 ace6d039 00e1c5d6 fe5a4c25 0dbfc5b6 cac0
+Digest: 9a235fa3 c4d15e58 454aa81f dcad646d dde58450 d603f6f3 68c149e2
+Test: Verify
+#
+Comment: random test vector, size 127
+Message: e2e75606 2d770e30 0ff1dfe3 a92d16c4 f4be063f 10f2e949 cd0590df c7cb2127 630826b6 e1b2d40b e40c3b81 57edb398 79e26205 f119836a e820f483 17b23c38 681a04ed 2e2f7fc2 551c6d50 3f3822a4 ca58b821 eeff46a8 60458e7a 8279fabb 5e7154bf 74840af8 352646b9 560fa433 f0fc4d91 842372dc eeb79528 549626
+Digest: 3395f4d2 8a08a9d8 30d83241 cb53ad71 f218b8bd 3bec2b7b 0c234381
+Test: Verify
+#
+Comment: All 0's test vector, size 1
+Message: r1 00
+Digest: 589404d5 eacc84fa a08d7fd9 7467da8c a5804627 37e8e983 869a1a54
+Test: Verify
+#
+Comment: All 0's test vector, size 2
+Message: r2 00
+Digest: dfcc2969 bab847cd 5163e2b6 ca796d67 e56edc6c c3765078 1fe651c0
+Test: Verify
+#
+Comment: All 0's test vector, size 4
+Message: r4 00
+Digest: 039ac293 82341e48 2c83908f 6b7eee42 5ea039e3 5014c505 0aab38c9
+Test: Verify
+#
+Comment: All 0's test vector, size 8
+Message: r8 00
+Digest: 24f6d00f 2233b8d2 ac4bed31 7df6187c 56c2609e 892f28c9 3d8ec7ac
+Test: Verify
+#
+Comment: All 0's test vector, size 16
+Message: r16 00
+Digest: 072890c8 c2afdd82 fabe9a7b 621367bd e6e4551e 1aff0fd4 6fb47ff7
+Test: Verify
+#
+Comment: All 0's test vector, size 32
+Message: r32 00
+Digest: 1b062276 8d12d1fb 8225d257 930edab1 bf4a5e15 effbd9ec 01d5033f
+Test: Verify
+#
+Comment: All 0's test vector, size 64
+Message: r64 00
+Digest: 17fd6dd4 ff5686d7 697f8b44 d3535668 93894381 4eeb2d06 b562cb70
+Test: Verify
+#
+Comment: All 0's test vector, size 128
+Message: r128 00
+Digest: ba4793d0 03dc5d4d e44ebfbe cb1430a1 3a69f416 64d04436 984e4cf3
+Test: Verify
+#
+Comment: All 0's test vector, size 256
+Message: r256 00
+Digest: 779b665f a8c90583 6c928218 02ad9b83 170d978d 3e424532 1963631a
+Test: Verify
+#
+Comment: All 0's test vector, size 384
+Message: r384 00
+Digest: ea79cca2 aa02223d 91d965fd 275e07a1 3bf0aeb9 a9c47903 35fd4b50
+Test: Verify
+#
+Comment: All 0's test vector, size 512
+Message: r512 00
+Digest: 80ff3f52 6f5a5b27 3abdbb6b 14b296b6 3563b488 834c58b8 02cff38b
+Test: Verify
+#
+Comment: All 0's test vector, size 768
+Message: r768 00
+Digest: c9763c40 b42158e2 f383edbc a8c07183 ee3101d9 ad7fd26b 8b6760ad
+Test: Verify
+#
+Comment: All 0's test vector, size 1024
+Message: r1024 00
+Digest: 9845dd09 c5cb5bc2 99734da7 18e81c5c a7294c5d edfdd7a1 d73e6b31
+Test: Verify
+#
+Comment: All 0's test vector, size 2048
+Message: r2048 00
+Digest: 30d14d80 8c5e93e6 7422f36d a83b302e 6801ce8a 71716d51 7d7447f4
+Test: Verify
+#
+Comment: All 0's test vector, size 4096
+Message: r4096 00
+Digest: e0faa50f f025ad0d 92a2cd07 209a1b35 6b23a8cd 7f718c7c 75cdd7e9
+Test: Verify
+#
+Comment: All 0's test vector, size 8192
+Message: r8192 00
+Digest: 609f02c3 66987155 5eea4113 0fe659cb a9e7740d 89f4f855 e13d0cd5
+Test: Verify
+#
+Comment: All 0's test vector, size 16384
+Message: r16384 00
+Digest: 077f8a5a 7d58be43 7126046e 38d4f06b 3dc8ce16 7519be99 c4331700
+Test: Verify
+#
+Comment: All 0's test vector, size 32768
+Message: r32768 00
+Digest: 9f8bcc9f 0ebb1f68 da207914 8fbc2d4b 3c1efa90 c7715b7e 4d538477
+Test: Verify
+#
+Comment: All 0's test vector, size 65536
+Message: r65536 00
+Digest: b8d7b5cb 26377eb2 f25a522e 9eb38d1d 85a5fb5c 833173b4 b7d03a83
+Test: Verify
+
+AlgorithmType: MessageDigest
+Name: LSH-256
+Source: gen_lsh256.cpp, https://github.com/noloader/cryptopp-test
+#
+Comment: random test vector, size 0
+Message:
+Digest: f3cd416a 03818217 726cb47f 4e4d2881 c9c29fd4 45c18b66 fb19dea1 a81007c1
+Test: Verify
+#
+Comment: random test vector, size 1
+Message: ce
+Digest: 862f86db 65409484 0d86df78 81732fd6 9b7227ee 4f794386 8162feb7 33a9ca5b
+Test: Verify
+#
+Comment: random test vector, size 2
+Message: 8b6c
+Digest: da96b213 14cfd129 fdbaa620 dc3d0e2b 5b3e087e 90e6c147 cc6b9950 fde4b40e
+Test: Verify
+#
+Comment: random test vector, size 3
+Message: 0ec74d
+Digest: 7f232e4c bc796be2 27ede018 bd769221 3312a2c6 54013f5d 068cd083 650ad88a
+Test: Verify
+#
+Comment: random test vector, size 4
+Message: a546a625
+Digest: 48da0960 d72bab0f 52f7f33f 063f6b4f b9b6c73e 15d08f86 5bb62e22 fb7eaa8a
+Test: Verify
+#
+Comment: random test vector, size 5
+Message: dacd45f9 16
+Digest: 96d2b678 5f9f4075 d80b0f21 db75ae19 7349216d 6c3d2411 9daadbc2 77e52a78
+Test: Verify
+#
+Comment: random test vector, size 6
+Message: 7f079712 a8a7
+Digest: 9826a934 e18f39a2 176bad6b aa813a39 09247a9f 72d62644 a4bcd6c3 c721976b
+Test: Verify
+#
+Comment: random test vector, size 7
+Message: 2de0f725 fb8074
+Digest: 81fe9576 6ebecc0f 94903b5c d6f17db5 ff8f504b 2d7162bb 5a6e010c 58c71531
+Test: Verify
+#
+Comment: random test vector, size 8
+Message: 8f101f11 fc32bb21
+Digest: fc6c51fa 819f15c1 7d138c0b 5af3c4fa dd8f2fcf bd0681a3 5fcd5354 a5165057
+Test: Verify
+#
+Comment: random test vector, size 9
+Message: 2fc342dc a768d547 aa
+Digest: 746a6652 b0994b59 d5305e7a 347a0e63 e00c7835 3978595d 39183a53 8610999d
+Test: Verify
+#
+Comment: random test vector, size 10
+Message: 5307a6ec b486c355 ed9e
+Digest: a99f0c29 c4c668e7 d64d7d7b f75e3ece b722b278 7f334a3b df733040 9b7fd35d
+Test: Verify
+#
+Comment: random test vector, size 11
+Message: d58f6b9a 2d571a38 849d86
+Digest: 8905fbca ec708c3b 2fecaf19 bd781b81 d529b879 514d3bca f44a6510 90f47c5b
+Test: Verify
+#
+Comment: random test vector, size 12
+Message: c6230a64 9c645da5 7ac33ecb
+Digest: 67b37a1d 2e0ca28d 932fbfb8 c356708c 25187d67 319e2722 1b5fe2ec 92f925f9
+Test: Verify
+#
+Comment: random test vector, size 13
+Message: be7c4712 e003190c 82813d13 c3
+Digest: 332e0f7e fc68f84e e2c75847 c7445fc3 0fa52ac9 e156a385 03e1c0bd 0eb57ca1
+Test: Verify
+#
+Comment: random test vector, size 14
+Message: 18f5b722 c89e9922 d29e9d79 9cd3
+Digest: 91596dd7 a22aa60f 2175ed40 5df102bd 1621a28c db648f13 19047577 55e0a956
+Test: Verify
+#
+Comment: random test vector, size 15
+Message: 61aeef33 aec9a92e 8c260227 d0b660
+Digest: dc3291c2 a3675264 29d59eb1 2c37d48b 2799b293 bd11a9c5 cdc2ebcd 4c342b0b
+Test: Verify
+#
+Comment: random test vector, size 16
+Message: 12ce3791 8f989534 f66221b8 128c58ba
+Digest: fd919c89 9fd5e707 3ff968fb 72182220 f6e6493e 96d7dbcd b89b0cc2 7debf5af
+Test: Verify
+#
+Comment: random test vector, size 17
+Message: 73b2fbf9 f4effd2d 5ba1c7ed c4bd75c1 91
+Digest: fb845508 fab7c8dc 3c9f055f ad5d7cc6 0e626713 2838d028 71e8ab74 bdd65a1e
+Test: Verify
+#
+Comment: random test vector, size 18
+Message: 27ccae84 73641cf6 1dbff785 05314f33 7761
+Digest: 806d79a7 ab9829ba c8aaabd6 2bb5feef d15c8ccb 3cfcc71f c4bd1118 ee6810a3
+Test: Verify
+#
+Comment: random test vector, size 19
+Message: b29e1ed4 cb2dc563 44293cae f76084b1 f40749
+Digest: f81c8e4c 38f42027 b96a71f6 6f21a2cc fd8296a3 b49c5808 fed8d998 41ab16a0
+Test: Verify
+#
+Comment: random test vector, size 20
+Message: 78a81b67 9f7cdf16 5e74b1fd 53447af9 44a2999c
+Digest: 3845ac8d 84831dbf 7510f717 9e54c1a3 28d6a772 0524f337 69386182 f0daca7b
+Test: Verify
+#
+Comment: random test vector, size 21
+Message: 7b7bacd5 c94b4f71 b04f93ac 7261ef63 8e4538c2 d7
+Digest: 74b73188 cae5aa09 9dfcaf15 4b05cfb0 f83f277c 073160b4 a104ac66 702b91a1
+Test: Verify
+#
+Comment: random test vector, size 22
+Message: 3ef7f176 3df79676 6f2e0d82 e6760ad7 b4e2c763 94b9
+Digest: 39f1d12f 70c7ae48 f682011d 133cbf86 e356ffc0 ea1c4a78 a4d8fdd8 491def56
+Test: Verify
+#
+Comment: random test vector, size 23
+Message: b4364569 5bccfde7 99439ce1 bba99a2a 337979ce 043e5b
+Digest: 6b79030a 05e26cae 1d1d7513 e96aa79f 672dd887 60e9de3f 419c568f c1b88b55
+Test: Verify
+#
+Comment: random test vector, size 24
+Message: 8f3b65d9 304ab972 a8c57c0f 1afc6e4f 572d7222 d38a8d8b
+Digest: dc1448b4 c066a2e0 6c689025 4c59acc2 6af1bdab e6972459 7b955235 c209def6
+Test: Verify
+#
+Comment: random test vector, size 25
+Message: d89c6842 70d40816 e4f3089d 6328b19a e7016088 60970d45 b4
+Digest: 65a3e175 ae22e4f3 ac2192b3 8546b2d2 5cc9503e 5794596d be59b307 69e17c21
+Test: Verify
+#
+Comment: random test vector, size 26
+Message: 1c2d7eba 938fddba 5f8f71af 26dd104a 41ffb5df 44ab4930 e69a
+Digest: d49dc599 267fb885 eea9c032 e8ebbf26 62b8caa9 81784a6f 907a35d4 60b1e94d
+Test: Verify
+#
+Comment: random test vector, size 27
+Message: 92bffe22 bb4cf1b1 b45020f0 c63e1c41 cd1e18fd f57cdd7f 291c9d
+Digest: 028dc1e4 9c5694a6 22cdd7a6 f01f23b1 abe566ae 1ef64967 ab24a7a0 0b636834
+Test: Verify
+#
+Comment: random test vector, size 28
+Message: b37e606c 16440921 ed66d37f 03954f40 a5751322 c5836fd1 ed625646
+Digest: a82a60e6 cc36ed5b 6b24912b 4491abbe 5db1bfc1 e82acfab 010f8098 261f6c93
+Test: Verify
+#
+Comment: random test vector, size 29
+Message: f9d48c15 f7dc962b e676f381 d03803e6 775728de 94509553 9a7e25e5 ed
+Digest: ea42fe4a b2d627b6 35f7a125 dbe3a0ee 1cc67bdc ec0e20e5 deaab09f 49ee0375
+Test: Verify
+#
+Comment: random test vector, size 30
+Message: 33805da5 fe085850 684127c5 4277d8bb e6eaf42a 52fd78ab 84ddcf04 53c1
+Digest: 4230371f 5da273a7 33f1294c a0e1929e 73e1f5af 6437736b 6a71faf1 570c3655
+Test: Verify
+#
+Comment: random test vector, size 31
+Message: 8aa26722 97084d7b e3a9c9cb 4674bd2d 64add743 19f6f696 bcfd8985 cee4fa
+Digest: 22c6deeb e7a9e576 903f3739 dd8e6be5 4db5a3a5 b64c2ba8 09ee39be 3d8363e0
+Test: Verify
+#
+Comment: random test vector, size 32
+Message: fbf2d02f a6051c27 6a46387e 6dfda646 5a097cac 9412a4c0 eccb7c6b 96c97e9a
+Digest: 22ea5159 82917091 8ad4aa96 405504c3 66938472 cbecfd23 73ae094d 2a6fed6b
+Test: Verify
+#
+Comment: random test vector, size 33
+Message: 9b195fec 722ecf2b 63c5b2a4 ac3a79d0 6115a4be a4c549d0 e123d0e1 0636f094 51
+Digest: 30adb670 bb1dccd9 7e91ed45 e5e0cd07 2e9ec90e 654319dd 93e58240 5a9b487a
+Test: Verify
+#
+Comment: random test vector, size 34
+Message: 101c0ce0 5bf7147c 74c83007 af1581c1 0dcdb727 b6f16c4b 22e596d3 680e5e55 db0b
+Digest: da373aff cdbc99aa 639ece12 18368ad0 1dcde335 fd947675 af8085a9 2fe4a359
+Test: Verify
+#
+Comment: random test vector, size 35
+Message: 0096cf86 fe5be74d 8c4cbb33 c8c9df2c 7aa38ab1 c8025a17 554d826b 60ea61de 49869d
+Digest: b3ba0fbe cfc6bad9 89945b55 2236746e 5d2566bf 437f2f2d c74adbc4 8852c7b6
+Test: Verify
+#
+Comment: random test vector, size 36
+Message: e813c51c 917a25c9 045101ce c66d4727 7d753f08 d42828c2 ab7f888a 85388d7f 73199c1e
+Digest: b62c43f6 6284588d cea6a6f5 0f399f0b 09280467 ef794e9b f96fe7ea 4506cb1c
+Test: Verify
+#
+Comment: random test vector, size 37
+Message: 6f6e7880 6d32aa38 06a0348d cf57ecba e5004e04 6b912219 8e2195f6 ce49c7a3 4414d130 c8
+Digest: 059ddc66 2ee3a13c 84848843 3c993193 bf4cca57 504833c2 6956e40b 5ec65c95
+Test: Verify
+#
+Comment: random test vector, size 38
+Message: 3c4e0a3b b9360f1e 6faa1d09 36759c06 6ed54fc8 db2a3a2c 7185d65b 4f317234 b83758d0 c6b2
+Digest: b1def753 e7068591 7df6ed50 d87fa9f5 c8e81e15 7404d8d7 89676de7 8e397df4
+Test: Verify
+#
+Comment: random test vector, size 39
+Message: dcfbd305 e7872a58 94bdd618 032d841f 1128a155 99520fba 3ef0e3de 74b2220d fbb143ae f72ffa
+Digest: 6f4a1ec3 67fd94b5 efcd6783 b7d677d8 b4d02083 b6606965 ebbc5478 088fc3cd
+Test: Verify
+#
+Comment: random test vector, size 40
+Message: c6a2fc52 250a1fb8 985f663a b2c0afe4 60e2b7b4 4365bb67 1c6ab317 b24c0468 95d4a0a3 a7f35252
+Digest: 44e8864c ce137497 8abe9da2 0e720689 94247753 034ce991 cb4560c8 9b1a3f42
+Test: Verify
+#
+Comment: random test vector, size 41
+Message: 7a269918 a2ba2b6a a8b80418 19e9c6f6 9ea5a3bf 3d39a992 c9d8fd88 2cae790a 24ba8849 a6965619 08
+Digest: 0f154224 203d9534 03aff26a 2c506e5f 7f9a766e c5662177 62859484 76b0cf17
+Test: Verify
+#
+Comment: random test vector, size 42
+Message: a5fe4f8a 80339168 a3f27602 87d26c17 f092755a a8b7f6eb d0aa992b a715ae15 4637b5f0 2156a1f7 3e2a
+Digest: 9853f047 233f3a95 2de45c71 7880f0cd 0fb913c5 e7b4c78e 96eee6a9 bb41ce26
+Test: Verify
+#
+Comment: random test vector, size 43
+Message: b595ea45 2d5ee3b1 81b45b81 da69e941 5f4079f2 7bba8fde da0d71f2 6680bfe5 36618d58 7c72f0eb 234232
+Digest: 1e730db9 3e2063ef 3d1b6913 d80a04e3 bb439d8f 53db8dfa bcae5e95 72ecb196
+Test: Verify
+#
+Comment: random test vector, size 44
+Message: 47867fa8 6a03c12c 679f0ea9 9cc8d195 2fc5c89d 7b579d79 cd7a08b8 71e58598 3a37295a bc8515f9 b069afb0
+Digest: 0358c1d2 fecef569 43deee57 0831892b f6c424f4 28257272 21b4e4b5 0079fc6c
+Test: Verify
+#
+Comment: random test vector, size 45
+Message: e03a08bd c28900b0 5fade2d4 355c22f1 5c91af36 c141d847 2b7ca5e6 8cd6f0ff 0ba29e48 57d2b14e 29ff4617 15
+Digest: a15233f8 4ae67714 6c300814 24c035f9 05534ee3 d5582525 8ae909a4 0e3c0e9e
+Test: Verify
+#
+Comment: random test vector, size 46
+Message: 43ce3a7d 4a7005ea 5145ab05 f24b3224 5ff93a6b 5b6ce53e 2c716cd4 bc0288fa c0b1013c 424399d6 a630c9e9 669b
+Digest: c3a0de70 fba2134e 7a270599 4513a405 5b67e1a2 b68c41b8 d60ff508 d98a9997
+Test: Verify
+#
+Comment: random test vector, size 47
+Message: 5962955a 1886533d c7aa9cb2 632a5d83 8c4c5797 f38b26f6 b28c901f a7e1094e 0848a1af 7b13aff6 0f8e794a 01e4be
+Digest: 8b5a4ad9 a2a29249 08e63f08 25994655 2a6e59a6 1b6e26e8 28432b24 5fff2e12
+Test: Verify
+#
+Comment: random test vector, size 48
+Message: 1a483cd6 8b575d11 328ed3dd ee0b74e8 b5351de1 3b93f4f4 171e7164 0ece883e b9ebb6f8 6ad79ebf 081c3657 828ad3b5
+Digest: ea53b20e 6bfacffd 7708947a 6463d950 aa8c79cd 4980e6bb 562fd40f ad8be18a
+Test: Verify
+#
+Comment: random test vector, size 49
+Message: 3bba9fcb a95e5d26 102a458b 5c5f642b e503ff99 73921148 05883e72 65122e2a 54508618 c8d7e344 5c2f3a65 ee4a7d59 88
+Digest: 927513d9 77bf11fb a943da9a 9b276873 0186c599 d5fa60ce 65d038ca 4efc44c6
+Test: Verify
+#
+Comment: random test vector, size 50
+Message: 9fc144cb 8b834579 05cdfcbd 8fda1acb 8309162e e83ad295 eaea6f28 c1a62428 125f88ec aed59e4d 6aabe9f9 2d04a98a 36d0
+Digest: 1ba762ad 8147cb29 b2c0f6e6 81eb02b8 33b5586d 48a23eeb 7d051c32 3a054c63
+Test: Verify
+#
+Comment: random test vector, size 51
+Message: 39b24185 b4e0bb2d 319ca3b8 9714757a 9938b062 043e315f c83bbd10 8f4af331 1afec1dc 8b6af7cf 596a73fb 5b8fcf02 99a164
+Digest: 0cb342a8 a0e94853 d663b739 12a34b4c dbc1fdad 8829242e 11dfea6c 849a14a0
+Test: Verify
+#
+Comment: random test vector, size 52
+Message: 26b822fc 151268e7 da469c41 84639989 5811eb17 f59baf67 6a09309d 3b71873e a1cc9ced e7efe4af 649ade57 90cd2104 d012f152
+Digest: 8fc4b2c5 83c74822 a9050906 d1e033b0 4b061fd0 a8769494 7adfef6b 26eb782e
+Test: Verify
+#
+Comment: random test vector, size 53
+Message: 1bfbb37b 0e73f3d9 996084e7 a38e5ae2 63ea26a3 bf85c940 923f350e cbaad108 9588ca7d b97eb22b 0dce1c25 2ec96d47 f8c4a000 ba
+Digest: 714eb03d 42f5c057 4eafd829 1f0493c3 84d27c73 821b3188 55d5acf3 14b0c812
+Test: Verify
+#
+Comment: random test vector, size 54
+Message: 904cc691 62ab94b8 db549a2d ba7ad560 7753f637 af747397 0f1ff3a5 1dfaa50e 15e103a2 b3f1346b 8a6fa0b2 af68797c 15270514 c2d9
+Digest: ac77d56f 76ad2f2b e07e6f33 a91fb256 f3fbd8c3 c6f41a03 91c925b8 d4b26f3f
+Test: Verify
+#
+Comment: random test vector, size 55
+Message: 480f99f5 3ffab963 d3cd4e69 20983f33 2e462786 3e43e72a f3b686a5 f25bfdf1 f0ba9cb8 c455ffd0 2ee560de 75596d9f 1710e259 fd48f3
+Digest: 6bb780c4 e86d534a f76fc134 2b7079f8 365963f3 cd148e6a 2a9becd2 5cb40ee5
+Test: Verify
+#
+Comment: random test vector, size 56
+Message: 271e99e6 d939bb27 e99b6196 05dd3835 19538f25 3c2f2328 7fdf1173 46679b59 50dfac14 eab3f833 b907b17f 8c20c00b 73f699ce 43199ced
+Digest: 9826fb19 15a2dbae 2a33657e 0f1f5f6d 22da8751 055e6ac1 4d976083 244358fc
+Test: Verify
+#
+Comment: random test vector, size 57
+Message: 7d8428e9 34ef0159 b24ea4c9 5e7ec00b 63378485 964ce56a f8198307 aaf2d789 4133773b f76423a7 14ec863b 564466ec 3bb3ad7a 22823149 6e
+Digest: 46e14842 bf7e7dbe 97a91d30 bb995e8a c1a0d7b2 b32c78f5 dfd8d7ea e4749f05
+Test: Verify
+#
+Comment: random test vector, size 58
+Message: ca491beb 142e49d7 3a141d00 06599356 bcb7b192 bc3901b9 325341a3 1dd94aaf 51e84bc3 05a10244 6292fa0f 4c98993b c39a5436 a4e4dd8e 16a1
+Digest: cdfa3a03 c2ae73da 94e01c65 cc49a4ed d6f46e28 72c0f4e6 db416a97 4d2df89d
+Test: Verify
+#
+Comment: random test vector, size 59
+Message: 66c75685 6f82bd6c 02ca36ae 92b00a6e bbf75ace 50b4009d 24fda633 29d28b24 9a208875 8e8bc62c dc81d463 131f48d1 67e9ddad 2cdc422c 5a541b
+Digest: 4ffe9675 1521cdef 810eff05 5bcfed1a 791afa0a 31b59bf7 89002949 fe55e257
+Test: Verify
+#
+Comment: random test vector, size 60
+Message: d45bd677 a6d79bcf c4259708 c08d0ba4 5971c966 58bf1cf1 07619f18 5e1dc241 ecaf636d 6d2068f2 48704991 b52ec97a 77d07add 35980532 78e0edc0
+Digest: 07826a01 676a11b7 1e788687 d7d62320 9f8819da 7ce5445a e707a6ff 4e7d0964
+Test: Verify
+#
+Comment: random test vector, size 61
+Message: ca7fd900 17eefacf 46229a2e b5e6aa79 9239a858 91c769de 3048a5d3 9bab27ce 28c698e1 f273235a faf3cb2d e835c426 454d0514 5b3b6218 d63d272e f9
+Digest: 265bcfc5 aeaecb5b 6645e785 abef4b58 8514fd0f 8207736e d95c7409 6e944a8e
+Test: Verify
+#
+Comment: random test vector, size 62
+Message: 72dc7578 f2b4e1ce 76315b9e 29034834 da395e6e cf7ebe59 b3849fe3 79cdcf5b 47b57474 74f71e2a 575496a3 9a30b651 bfb9e05d 36cb8fac d7091e41 b573
+Digest: c83d8622 9f95533e 0ad0127c fb765c86 9d7696f8 1315674d b575a1e2 01b3c231
+Test: Verify
+#
+Comment: random test vector, size 63
+Message: 389e6dbd f95656b9 ab9d3c65 12ac6542 2d7aa790 c985e378 311dcf3a f6780a62 7159c7a6 9279e3d3 bcdd7514 ad98ea56 8cd866d8 43a27bd3 309b2a76 322a2c
+Digest: e8556f90 79b3df41 3125c40a b2b68034 3c10dece 104fbdb9 4abc5a49 1a3bd0a0
+Test: Verify
+#
+Comment: random test vector, size 64
+Message: 5a967351 0f198ef2 7141026e 35b6de4a fcd71f50 968810e6 865f37b7 d83ba663 2edb2e95 7575cb51 9f8e6495 00ce2bf4 ca5ed8f5 ac800cda e9f33e18 0c30472b
+Digest: e9017f8c 1f450fda d3f4671b 302db512 5d026a1e e2335a20 6e0f730e bddd2960
+Test: Verify
+#
+Comment: random test vector, size 65
+Message: 1eb888f7 fdc9c3f7 525cf37f 89962920 de3a3f1a 4681a607 4462705d b208cb89 65c5a2a2 c5d388bf 8f62352d 8a5b21bb 51189c8c 4d4a9dfa 61b54c35 3aa9543c 94
+Digest: ba658846 4dc8e598 db041bae e589980a c2dcb5f1 7d8cf950 aa135bd6 48fecd68
+Test: Verify
+#
+Comment: random test vector, size 66
+Message: 19c7c550 6976d8cc a4800993 b864cc3c c6825405 02f45a94 3abcc3e5 82d072ac 6f094992 e40f50ea c98c5377 083e8471 3f676787 fd21e52f 2ef1ea8a da475904 df9b
+Digest: c865ba2c 12d5b208 e0ec3ac8 bf956293 5c799fc2 943564b5 cae089aa 4aef5d62
+Test: Verify
+#
+Comment: random test vector, size 67
+Message: 0f4710a7 4809702d a00a48af c1a88a05 d4be3efe 08e757de 6699e84c b1adcac5 c284afc1 68ccf82e ffca8209 08f8c039 6a6b0e6d 2f2f2ba5 45e023ea 84008535 502d98
+Digest: d0b2052a 68258e65 2d0d6e9f 76e80b5d 3f3efac0 1fa4dd97 3d352297 dec3c076
+Test: Verify
+#
+Comment: random test vector, size 68
+Message: 811fddfb 0170a7db 80c719f5 f28f0cc0 edadb35a 697a04e7 c2f7d415 34b81462 0cba49c4 4f21edee f11d280d 029e3253 5f0d428a 7903a2e2 60859c67 2ef2728a a90b2052
+Digest: 43bca87a 725a2cb3 6a0e3a26 81fa3401 cab50582 b28c077c a076c306 62459980
+Test: Verify
+#
+Comment: random test vector, size 69
+Message: 6bef0677 8927796a 657704d3 8854dff5 3d60e658 17b95322 4627c9a9 51d7b952 edc87bcc d811576b 366cc086 b86277f1 face2ea9 35fb9f0d b9667cef fa2befc9 6fd54829 8b
+Digest: 734ebd8f 2a8a92a9 b3c9dbea 8794516c 6e780c94 ddaf6a66 ef55dd61 6116cd78
+Test: Verify
+#
+Comment: random test vector, size 70
+Message: 6691f36c ee109249 f19bab7c 14f8a9e6 ff0a2b79 bdb9e40b e8ac65ee 9c2b35a2 d3642789 4d62376d caf5d5e3 7019b1cf b709d7e5 81932963 50f6d92b 8f0efdd6 4eb0d33f b00e
+Digest: cb7f9675 87222463 1b83734b 9a918159 c03949e0 e00cbc5c 96df7bab 97b58437
+Test: Verify
+#
+Comment: random test vector, size 71
+Message: 97e1d288 683020de 9d005726 f54baacb 2ba76ba5 f578abf6 a0c2e305 e491d116 96e2db8a e436b5eb 15d1d271 3649ddb0 6b1abeff cb4c8f9c 799b4455 9c6606db 9c2c4480 006b14
+Digest: cdae7ca4 03e53328 192b1f06 d750c646 aaf18fc7 c4dc3c1a 076961fb 8d8bc632
+Test: Verify
+#
+Comment: random test vector, size 72
+Message: 2677fcf6 17aa69bc 6e472c7f 3e629f35 4efb9ffa 5976cdba 879693f3 16501539 a8df175e 82f10853 86b36faa df60883b fda3831d 9aa2e8bf 76a0bac5 0614890b f61d82ab 4f9d1ca2
+Digest: c97ce3a0 b5ffe7d3 603b9922 31ed9b72 0601961c 55e7babf 7c006f08 fac537fe
+Test: Verify
+#
+Comment: random test vector, size 73
+Message: 5d9b062a dbaed078 663d7ef6 80a658cc bb839382 241ce36b e5e59ef7 e140bcad 95d9eda2 de06eec0 bc482c4d 6ff1cbc2 35026e62 e61a4dc2 c9ff5a4e 176512f3 8efe2cce 099a29d2 4f
+Digest: 74174909 77f69dcc cfb14784 77ef70b2 e9005304 9a45795b ffb04f39 8d512288
+Test: Verify
+#
+Comment: random test vector, size 74
+Message: 4bbc18c7 21a2ebdb 7bc1e8cb 51e28efb b7abf744 f8fffdb5 05b0ff56 1d190f7d c8cec252 c085735c e834d8d5 154e3eff 830476d7 8b43396b e3f6c505 34a29e5e 7562deae 56c29b17 2939
+Digest: 20338252 388d5ddc 4299d8cd 4f752a2c f11c8a5b 9b116584 efcd77bc 2b9ad166
+Test: Verify
+#
+Comment: random test vector, size 75
+Message: 0633b7d5 b8e43db5 ade85083 20e41fba 2328eea0 6ecb7a1a c2c4972f 4f16d169 e6914af3 fde3a456 890217f5 490c5cfc 6c3cddf4 d1cf296f a238fdf5 2045dd74 a05a216d ba042c63 35dbbe
+Digest: 5af515be 4895265b bb7681b8 428e11e1 7a381a7a 34be5647 29359ced 80a1e4ae
+Test: Verify
+#
+Comment: random test vector, size 76
+Message: 2df3804b cab48452 d2a9b459 2c539966 a6fdb970 63d629a2 e53b1861 e1d03c5c aa077586 981b127a a6cf1063 466bb667 d3557d7c 5e552dae d202fa04 2ff7d284 7b64305c e0c84693 efba7147
+Digest: 77cfedb0 5eab0f60 0d238425 1a69762f 26b75734 80137a7e a7599092 86b80b53
+Test: Verify
+#
+Comment: random test vector, size 77
+Message: 26c44426 2c5aed7f 5fa89043 e90e27bc fa8b54f7 b294c7ff 77c3497a fff53463 2c7c9118 a351f81f f15f5a1e 4da2e8b5 2f214f3a 6f917fac 1cec5234 f765a7f6 18a0d1b4 42484863 63901e3e 16
+Digest: 44b94203 c66015b0 66f5d5db 0e279435 77ac86c0 e88639dd cd1fb5fb e9c72b4c
+Test: Verify
+#
+Comment: random test vector, size 78
+Message: 13d16747 bdfd8388 d8e5d804 6d858c52 9d0f8219 234538f9 7ab159d1 7abca34f 2103c3a5 91274405 29cb3302 c9ed8209 14a690ba c63b4d09 b2bb5402 05cac33f 827d0cb0 fe3fd6f6 073d89c9 6a0f
+Digest: 9dc36238 d24179f7 57bcbb0e 9b80713b 7e0b34f0 a65281bb 25430114 ca7fc7e4
+Test: Verify
+#
+Comment: random test vector, size 79
+Message: 0d5e686b 096e1030 0c961b29 bf7a5c35 0c0e9a58 f51d86f4 a975c88f aea81b54 66fabf04 fd3bc99c b3e25b10 daf0d651 1ce60506 4bae6cfb c8b49705 91088024 b1dc1e16 36e55250 83730efd 93d063
+Digest: e2b227cf 55348693 94354980 f76352cf 82ca569c 4223db55 25a7118e ebaa4407
+Test: Verify
+#
+Comment: random test vector, size 80
+Message: 117483e6 9c0b6832 70ef3fe4 2bd7b3d2 b1f4ab96 6d286620 bb62b9d5 92326bfb 6ef01746 902ff74e 9397f4a8 07d327d9 cac69d87 870f7185 c4cd0481 55bf4278 94116f97 8ca2be36 4c6b8b42 c9893c36
+Digest: 108bf9f6 e1f4d545 a96fe5fc dc697a5c d3603177 a26c8738 6e0a0d50 34f8c8ef
+Test: Verify
+#
+Comment: random test vector, size 81
+Message: 9e8ddb8e add2f09d a046d608 373635bc da2f5600 c3635534 d05b9b00 2eaaf402 4c22baf7 1c83fe36 3e325b91 4ecd65da 8b246ff7 e7a2f436 edc69441 aba8f126 79fa03fb 1964127d db977d6e 089cdabe 44
+Digest: 6db47123 a681a1b3 b6a7d1d8 ebcd1aea 7614a791 6e33dbbf ddc76cc7 85000af5
+Test: Verify
+#
+Comment: random test vector, size 82
+Message: e66384a3 d0a77c84 c320c300 0ca75857 a3a81bbd 0c02cd04 48490323 661d7c83 7550fd3a a086dadc 40868b4f b0049d98 b1feaf31 6a2a0155 3c3ccbe0 7c7d7553 e8696793 0b45063d 070e6a74 342bdd1e 2b2b
+Digest: 362126c3 83ab2487 c9e61ada a9421f9b 0e62db36 158ad824 90f3031a e09df63c
+Test: Verify
+#
+Comment: random test vector, size 83
+Message: 7d2e313e 60a44ee2 b5032cc9 abb804ca b41c4b99 2314b8d3 c46ea2d0 340987f3 de23edca d8328c6b 8117425f c3bdd827 7c59010c 47c5eed8 a88eefa0 5c87961d 1ff36d6d cee20763 0265ed78 9e78561a 37e655
+Digest: f53ddc95 58d92679 bc3087d8 6480e828 e841ef59 b34da007 e43dde1f 7a80cc55
+Test: Verify
+#
+Comment: random test vector, size 84
+Message: 1d47a36f 2918a310 2a8a2955 41db046d e8395c24 22166968 1539a94e 34322f95 40d0437d 295f3fa8 20100e90 b673d33e 6b1549c6 b385289c a9634b34 5e424d00 53964fc7 7f5449ac 2d921344 d5654837 99658670
+Digest: 48b9a787 c511c1ed 3db454d3 33b733d4 34c0a14d eb170c4a 1eaf662c 714b1eb2
+Test: Verify
+#
+Comment: random test vector, size 85
+Message: c30493d2 7e6f46a0 4f31ecb8 ba591475 283c1bc7 ddbbc886 3fed3a21 05912f73 f4a42c19 65c01bd4 109733fa 535aeb6f f23dc6e8 f19b3e4d 6ec1e68b 84295cff fa64f65d 0e3db79b 6fbd7963 f380979e 86680b91 d4
+Digest: 9dcf21b7 f7cf7487 8d837a8e 4b02bce1 2cc2e628 32fb2edd c08d5058 6b1dec5c
+Test: Verify
+#
+Comment: random test vector, size 86
+Message: 7ba2e19f ff4bc3b4 8e415160 d6b208cb 5909b355 83b9e662 f1d2b234 1d3d929d 104379ac 9a1153ad 8769cb87 c2eefcfe 81512b3c b5504384 445114cc 99f1f0d5 8d7d7782 d2fe9cd2 4be61202 9082fa64 3c5a0031 1872
+Digest: d617a899 e373c2cf 11476d36 813df9b4 95a811cf 6fe0fbe6 caecaa14 9dc58db3
+Test: Verify
+#
+Comment: random test vector, size 87
+Message: 6b5f8dea 5bbedec1 b758cbfa e2866c73 e5809c81 f6dd6f78 abe65723 c725dc64 f1610677 1778549e 33593142 fc49b9f8 713ace99 f69b5ef6 b0586f09 ad6493cd 5157b013 84e75759 fd76809e f3613a4f b058c542 2d63c4
+Digest: 3dfe3616 4108737b 12c1a9ff 5a9d95cc fa090fcd ed62de64 9bb054a6 f5911c91
+Test: Verify
+#
+Comment: random test vector, size 88
+Message: cf25ac3b 697b2540 303207f4 1e41d0b3 92d2b794 e13574a4 09c852d8 cf8bba85 3658b91f 5aae6700 6f4a3dd2 2a075baf 59366042 b25c4d42 ca3f39e0 d3e3ecab 548560cf 3580e693 b0d0c6cb 4ca3f4e7 57bf1d7f 435c869c
+Digest: 7c2868f4 dfc70861 35c9eb96 335fd84c d1f3d98c cc6d7027 cf3e4cd6 1d0ff152
+Test: Verify
+#
+Comment: random test vector, size 89
+Message: 8e770de9 b35a3a76 ecff5868 c26a2769 0c768d79 2c31c014 acd6300a db00214e 93146070 211b09db 3c97bf24 bd27a196 127b8aba b5965eaf f8fb5759 1e402d5e fd2ff844 dedb0ae1 ab6a6f96 941b2c03 65124474 aaa4dcae ca
+Digest: 64ffec95 fae471b4 25d98fb6 0a4617cf fe958564 98e0c105 316a41d7 d6e61959
+Test: Verify
+#
+Comment: random test vector, size 90
+Message: 7a398859 385a74c7 f81a8f08 0d9233f6 f877e351 0775a152 56ed5463 bf7adff9 3395bcbe 9764aabf 96310b78 91ce2537 514e93f4 e6397181 93f73e9a 6d6a8506 6d805d5e 656f9046 0868ac38 4cecc932 8b9096ba 2f03173c 1378
+Digest: 6053cb5c 1e82f239 50dc69db 499d0aaf df753aec c1963219 959e2511 372a9e20
+Test: Verify
+#
+Comment: random test vector, size 91
+Message: 44dc935a 478ca716 cea30527 2109b75d 653c5ea7 7fa7bb31 27659a9a 6aee9985 e182e536 09fe1304 df504171 e202987f d59385ef 426faee8 44229408 c69d650b 7c21c3a6 a6ce2b4f 702395e3 d86fc0c2 cd5fbd6c 3f2c4916 b88ca1
+Digest: 678f900f 8855e7a3 87d70c19 6683bae9 49c2ec84 8a24b130 073b21ba 41062d4d
+Test: Verify
+#
+Comment: random test vector, size 92
+Message: f35b1ee2 b518b382 9f5f9edf 8cda8ea2 304f218b c7258785 d2adecd6 16ee8f00 b0b953a8 4d9c245f d9ac4186 1ec63bc7 e2707909 b4fc0f9c 16a0bcf5 2ac63b80 8280df8b fe1a22aa 97586b68 d7fb621a 35fdb635 949d30ab 41be1555
+Digest: 6979d916 2df648e1 36d715b5 0f5e103a 15104334 14e7cd80 702f417d a7a9c615
+Test: Verify
+#
+Comment: random test vector, size 93
+Message: 5ff145fc 97849a26 b090a599 c08019ab 6cc3f308 552adf77 58f24e51 83dba628 c4c2f48c 9eb1c82b 30b607d2 b73f10fe 9d2a1fc5 62c37ced 2a964cf5 3defa2b1 ba42ab10 d4a1427e 2330ee5f b44c17a7 676343c4 e01ff05c 8ba9f4f8 fa
+Digest: cd481422 b86cdc0f aca17052 2ca66e32 9371c0ae 24016e5a 25f60209 dcf91ac8
+Test: Verify
+#
+Comment: random test vector, size 94
+Message: fa9fe805 4d976a8e ae5e37a2 aede900b 6fcc8b9d 77d2ab67 117aa26a b0e126cb a0c00d71 4091d293 ca1632f3 08859413 d00f126e ed2dd1ec 5183340a a6d79ad8 39801ca6 6236ef89 e540cb3a 19b78c51 112fc480 613a6632 b1a3fd82 41d7
+Digest: ebfebb05 c90546fb f6149658 0935c313 aa4aa8ee 4edc8dbb 7839350f 6d5629a6
+Test: Verify
+#
+Comment: random test vector, size 95
+Message: 03e13c74 37e9b383 de091d83 dd131da0 a29b9e72 7aefb0fa 1b8c8807 06b60ceb b558e089 b3038d9f 382d6863 7a0fee69 2030942a 9513fc01 4d78cd17 52a62c1d ed60e4e6 dfd1931c 8de5d886 c7b40d6b 542707d9 9e62505e ab860a10 ce33a3
+Digest: bd6282f2 eacb5fb3 a0d230fb db3e414b b45e842f 381c5f2a 03bc44c8 762d8c19
+Test: Verify
+#
+Comment: random test vector, size 96
+Message: 8db7287f c03b96e4 8420a673 c89c8299 9a17d29e 7e77568b 3fd919cf 3ba844ee 530c0487 c18f4314 c5f7a5b8 414e1abc de6ea622 307e8710 5eecd31e 8634e113 f538c32e 090cf6c5 ebb99413 86baca28 88cf2c75 43c7b847 ad162812 7ff18455
+Digest: 8867b5d0 f58145c5 90a78464 fddaaf66 96f4560c c37e23e7 cc1e04c7 ca748814
+Test: Verify
+#
+Comment: random test vector, size 97
+Message: 253557c5 7a76b5f0 12e02822 2172e06e 718701d3 2e274e01 d1e01d67 60fe5b1f 7de5a091 7e480624 569b2de7 38a06a53 4b8fb008 427a7edc c315ad58 be44fb9f d2fbe466 c6541d5c 37565f64 cd419bba cd32eb89 184ed03e 796edf43 3dc08fd8 22
+Digest: 122fe45f 4689c873 b0161abe 95dbbff9 66bee374 9137e1a6 f5df4135 21184846
+Test: Verify
+#
+Comment: random test vector, size 98
+Message: 470522b5 24fa9869 f816de39 b5005488 d2cd7cfe c703fad1 a8c94bd2 d5aa8429 6e7d5476 fd37b691 c9b53b0b 8a6c1fa2 74dc84c8 fefa60b1 99461e17 33f403ba 2da6ba7b 45e7db9e aca91288 2ef9e1aa fccd3b15 6a39ad43 a78d73d1 5474465b ff95
+Digest: aee98063 18dfbecc eda3ec32 8e95dbfa 8776e182 9b31ee30 dfef05f9 c60803b7
+Test: Verify
+#
+Comment: random test vector, size 99
+Message: 8f49084d 8e7e97c9 efacaaaa 63981891 83b84302 e886d187 d748ceb6 83a7dc38 90319ac4 77bdaf99 66c4b007 8b5e5ff5 58754028 49dd51ad 084f43bf 36de77cd ae7a094c 798645db b7b47b79 6061f41c 5c871d1d f4076bc7 33bc5c4f 401c98cd 106804
+Digest: 3426bdfc 461960c1 8e34915d 0afead23 2d1d28f0 edbb48a1 b3147abf 473fe23c
+Test: Verify
+#
+Comment: random test vector, size 100
+Message: b5e8bb70 838c7cd1 efe52e92 d68fc1aa 6028969b 14355f2d bc65ad62 0acba031 71e1e4f2 bcbd7417 a6583448 cac977c4 6bb1c710 43ca0eb4 f5146dc4 7ce6a0f1 8c7847ed d75aacff 730e118a 7779381e b7f8a5f9 eb54ee5f e855b85f 93a24c57 b0f89063
+Digest: 13d8abc0 1fff660b 602b9bfa dd83020e b00d5dd0 f9f98af3 a634a1af 0a5319af
+Test: Verify
+#
+Comment: random test vector, size 101
+Message: 1ec0ce73 d6dc8b51 d81a1998 7e96b2c6 1932fdcc 7c1dcd93 dbddfeae eb23d0ed 381ec25b a76ef319 a4e12e92 983f13b4 dafbd4c8 02b0cad0 e38736fe 695a9d8a 70c186c7 f6d00cfa 54db16f6 ca1ff4a4 6a549183 038c3dea 9850d091 9e5da855 95494ab0 a2
+Digest: f43f1832 44c6d7e3 35e90735 7ad94b4e 70440e68 1bf53d33 ca2e1835 a74a5599
+Test: Verify
+#
+Comment: random test vector, size 102
+Message: 21386e49 a99c1c96 e65043bf 0aa72fbb 82629f23 7e921d61 b1610012 39bc1d46 5ac80a02 0692a36b f83c0cfa 8edbb7d4 658a11fd bf8378b7 c1199758 bdee29c6 16fa1587 5b94fe1b 312ef6f9 e42670b6 4c5eed93 6643babd e2e80e69 52f92a8f 074509c4 0001
+Digest: 3414f09f 94794401 4798e6f7 c3878ea9 85c89620 628a61cc 62bd6f80 5fb5dbb0
+Test: Verify
+#
+Comment: random test vector, size 103
+Message: 833a1d8b ea89766d ded59479 9e85c349 ba3e98d9 1838793d 4cbff957 70c43eb0 1f2781da c6ed29bc 94324324 4dd99153 011072ea a69dce17 dd47c21e 2d15841d da79cf74 f56b5518 8b728439 1fdbe209 94fb42ec 1252367c bcc4fe0a ed42c50d 766091f2 066c00
+Digest: fd403435 c525934f 706dbefa 3cd0c499 641eba17 5e352435 45ba792e 5b62cf48
+Test: Verify
+#
+Comment: random test vector, size 104
+Message: 6f9b8108 f8fecc04 89ab698e 287e6d4b 9cb94141 acfe8a5f 46ff6143 49c83025 d66efd57 bff31ddf 388caee2 e2211dea da6a9f75 a9fe317d 25b74d5d 3d7253a4 6c5760ac 2c9739fc 49708ea1 16af94d3 0c46f04d 64b96eb7 47bf3321 4e4e1cee efda993e ac06a339
+Digest: c380cc32 04b1231e 87ecde35 ffdf5482 e13650e1 a546fd5d f74d30ee d4e30e9e
+Test: Verify
+#
+Comment: random test vector, size 105
+Message: 46ea40b0 a2157057 20e8c758 11541aa0 0622219d 6c2da1f7 9b7c5c78 26232c85 e5481947 edc2370f 37a8bee2 7ff95bd0 92e067b4 0b60b43e 11f0a3ac d59e1576 a29e82a7 5f7789ec 3253840f 9883c8e7 1e893130 51292490 76c1c81b 7578bdae a1a1c008 030896e2 c6
+Digest: 1945d773 2451c9f0 73cfcd52 4b77d35b 82fdfd6e 8172cb3c 52643668 e1c8d2bc
+Test: Verify
+#
+Comment: random test vector, size 106
+Message: 1dd3243c eaf24ef7 b320d206 a9a2a079 5e5c1664 4021e73e 0f168166 5a5e69f0 04d2c065 edeb07f4 5050c6e6 b0f82a2d 509cb120 23bb8eec bd0b8d78 2253fef0 8f99a130 8252b468 17f9a9de 36c680b9 2c62ea51 7a40bf11 b33997e7 31061d39 1add8e6e d8762893 0fc2
+Digest: 0fce80d3 a1f4086f f5539cb7 cffb0013 65a21c90 e37f7806 66ede353 51e8ccaf
+Test: Verify
+#
+Comment: random test vector, size 107
+Message: c5ea57f2 5a69e21a ab0f656c 0cf4ee46 7888a66b f989a528 46090388 402b8d00 e1e5418f 3730de58 f80f39d5 42ab8049 db815166 119ee0c2 3470e8fa 68796d62 6d698f32 a610620a 2d065820 972a2f8a 8895607c b70a1784 194c7aec b874d35c 327fdd52 818e6609 1f321e
+Digest: efde49f4 dabeeb3f 7042b34d 24433c7b 5f319e77 997a54ac f88f9f16 89fda540
+Test: Verify
+#
+Comment: random test vector, size 108
+Message: 08d19450 ef423656 ed349649 c68afd77 d85615c3 145b7a9f 5eba4679 a6f11f44 7de5e6a4 1ce49639 3f35bdc6 d026dc07 b5098990 76e31b1b c9c8a7b6 fc367f2a 24aa6584 150d4478 f5b152e1 10166f52 9143af4c 63218d8d e54be1b1 c836cc8e 05724681 0ca4cbbd b59f07ad
+Digest: c32540e4 6f9fa4d0 a0e9a455 5d78ac6e fba5133d b75c8fed 3fa7bfcb 1194248b
+Test: Verify
+#
+Comment: random test vector, size 109
+Message: 24f068b3 54120220 ce28d9f2 bd92ec59 82a78b67 80894a92 f2830480 2859eed5 c902e2c3 19903bd3 568b23da 5cb19586 29fff18b ae04aec3 6dea17a6 30741abe 009f87a6 7b3db6e4 af44b47c d4225c92 4e62e8f8 faff1ac3 a445b132 50c3abed fab4bc0e b11f0998 723c60a3 d9
+Digest: be6c8bcb ab88710c 3d026c30 77fda589 79d95987 5591410c 843025ee 390de0cc
+Test: Verify
+#
+Comment: random test vector, size 110
+Message: 406d0995 c041191f bc575ca8 230a465a 0a051638 7e86bd4e fcad1b96 1d123945 295f2719 6f5feb2c 2c6413ab c1f8544e 810a1cf2 07cd05cd 264c6b18 d09f0ab5 60608c5d 20950ba5 018a7681 d1b3328c 744670f2 452b6743 8cbef068 5bb2ea74 5a4bc819 c2060f22 89aa34f6 5044
+Digest: aec89bf1 d73f4f3f bd0d0d08 1baba6b3 a7c5d12a 42a9a31c 1014e770 e69f7206
+Test: Verify
+#
+Comment: random test vector, size 111
+Message: b03e1ad2 bf66f306 e1f6c486 b55ab471 f21487b8 4120dfdc 0c2f0c44 0cc36148 45baa15f a2ad50b6 a19062f1 c362ce54 7cc5d4a0 374e444f d7764fa3 77ee3e01 25eaddbb a024ddc2 0b4b745e 4d5bbc52 bf519fa6 9e771d1b ce232eb7 c2bfb4b8 d559fabf 493382d9 e2f0f01e cbacb7
+Digest: a3e68d60 fbccc374 d6c073d5 57e4937d 27891e98 371fb59b 7f005914 d541bc6b
+Test: Verify
+#
+Comment: random test vector, size 112
+Message: 06abf7ef 50bc61fa a3bd0663 1f973826 9415baf0 06b2f867 1cf2e264 e08f6579 ddab4654 a0ec87bf 15be0cb9 456c9d70 7ba83941 dc5c15e2 85cab68a f33745b7 24b96dd7 83674232 9879806b 2bd772ee da156b49 8b88a468 53917419 cd5e6870 c61d48e0 36ce5f08 a8c349e0 87948be2
+Digest: a696b285 f442b4aa dc308d35 de270951 df48a7a6 107d3450 0a9a8e47 59bf3c72
+Test: Verify
+#
+Comment: random test vector, size 113
+Message: 2a93e8ea 0bd9bd9d 266c30fa 4cd5c252 99fda719 ab8e0b6e 36cb7ced e744942f 9ad4e37f 4f643d58 d1a03a94 871a4d77 e9cd1d3f fb40a875 62eb8eb7 68bd9aa8 4c78afac 0084e5de b971801f 20c00377 0a9091b3 fb3b4365 6c5953b2 790d3217 c1df44c1 50878306 de37d294 6316e3d3 f5
+Digest: 3af98fa1 51bfbab4 76e76a17 6f26d361 477b6c6c 1247cafa ee13b8c9 23782a20
+Test: Verify
+#
+Comment: random test vector, size 114
+Message: 19e5eada 6948f21a 6177ebb6 c8a57d59 031503a0 fe311f90 56081d95 f6436df6 bb775bb5 048057b7 d4db23e7 e95dea3d f8838de9 b544a92e e83532b5 c0be18d1 e769a1ea fe67bcfd e2819758 759a87f2 99614e7f 9b20741b 1a7933bd cc293290 e7be954b 8f2179e0 640db179 4bbe4509 1622
+Digest: 125c19ca 16429e67 34ed84c1 c73b8956 4fb9536f 20eb3c2b 8908ae48 80c61f23
+Test: Verify
+#
+Comment: random test vector, size 115
+Message: 71166355 d1f81214 dd3d4605 2898c0ba dbc5b411 52a7f032 a9b8b1d0 07bc6f14 61c62d22 8b735164 0e652b69 38da5717 e6b9b31a 2a15c6d4 bc4b5e58 ddfdd6ce ba89b715 7dba7cdd 34ee20f8 8b3b8c45 af808ec6 9ab29027 b076f3fe df223162 6bdcc533 37593a6d 7bc4c917 8d59b6d6 8de159
+Digest: 865f8287 d8877ecf eca57417 59ad5d70 1cdda56d 07dde19f a1e8b5ca c864a160
+Test: Verify
+#
+Comment: random test vector, size 116
+Message: 074ee62f aa9bc727 406fe5c9 9ec7c34e 87a04948 96ecbef9 b3a5b395 5e5915b6 6c13537a 981d48ab e48aaea0 bb2283fc 64ed7c0e 562e9d3f 6a683e89 ecd089c7 4ffb5906 864aa28c 5c43c75e 57b57ce7 89c50568 794b6ccc 593a465e e7f0dc5b 6606cb60 6fe5eda7 ca05f5d4 906892eb 800c4535
+Digest: ae8aff84 26ddce00 8f9ddbf7 d8e9c07e 66fdd181 ee6b0d1c 554993af 301b7b58
+Test: Verify
+#
+Comment: random test vector, size 117
+Message: d482f1a5 454c2d40 2a521592 0f36429b 02baf2f9 6a894bfe 4ae007d6 f756e14f 311810ec c0d0be41 9dca4e2f 7e78dd01 f3d4a841 2a0ea3c1 0177a6d3 d61c4615 f39fb42d 59eb8df3 a88177dd 5ce89c72 6b9ba19c 0739d3b9 67c3c50a 30ef16ff 8ae50ab1 20b84c52 b8f52a3e cc5889ce 51e6b510 29
+Digest: 6119862f 1bfaaaad e8478442 caaa52c8 74dd6d1a 15108ac4 b01f16e5 e728bc0a
+Test: Verify
+#
+Comment: random test vector, size 118
+Message: 274fa3a6 6fb18fca b2bf6212 5384dc59 ab07de3a c5d837b4 b0bab9bf 71edc4b3 00f5722c 99fa0e4e 80f83144 640f5d9d d1e0c782 ad784137 fbada80c cf67006e 499c5cec 129379b8 c77a23cc c16e11fd 365a5d76 481c80f2 c4e76678 224d84ec e1cd5d8c 5045e264 24bb7a89 b1c6d66c c6721c51 7c7b
+Digest: b3291877 30b2fe99 c8a9dd13 54b3f532 1091bc96 25d27c20 86da965a 0ac1ada8
+Test: Verify
+#
+Comment: random test vector, size 119
+Message: dbf1cea3 52718624 22528231 f1d1e48b 67fa525f 89e241a0 6492c367 d433dfbf 406455b6 bac8898e 170b8734 085afb50 8d17ed1a 05c59a3e 09b83345 3f8c8f64 7854b1d5 d6990da7 38597036 fa9089b8 1da7ebee c18cbced 0504931e 20ec7df9 a15c8dce c3a7b4f3 48544c4b 2e99fb0b 56030e38 5735a7
+Digest: f6067c19 4c530edc ac2acce4 6775cfb7 d3603fbd 6bc2a82d 095d7e92 359004b6
+Test: Verify
+#
+Comment: random test vector, size 120
+Message: 19ee41d5 a698da3e 0f08a269 2e9a01e4 f9da4503 4c704b93 a7d858c3 174e7c3c de1ca232 a68818d2 3580f81e 18ccc85c 4419be12 114a32f2 5ed8e919 ea32acca 3bd3dbae 7307cbaa 38e8a227 a6bd6c40 13fa2d1d b545ca23 9d7d4fb6 6b5cda96 68ece2e3 08622e64 cb157067 558a23b1 1ec5ce71 73d20480
+Digest: 871b168b 7968495c 69ccbb96 cd6b4daf ac19b48b c98ac089 bd73e88f 265221ec
+Test: Verify
+#
+Comment: random test vector, size 121
+Message: cee1b802 dddef5f4 4763be2c 1859f324 f8765a04 baec6d85 bb3842c2 10789a9d 02ea001b bbb865f1 d2f55b88 5a607058 f1a41fe7 76c35ec7 b6ef2ddd 37274ef8 0d5bec2a 504c871b 73dff4ce 9913c1d6 450ae88d 6303f714 9dffcf35 5573e7e6 b1c3dcf1 25fa1cc0 f49427fb ffd7d962 a72313f9 481c557b 01
+Digest: 78eecaaf cbe37169 0111aa16 22ad3f98 df397a14 44a524e6 425a3f1f 396029cc
+Test: Verify
+#
+Comment: random test vector, size 122
+Message: 8a94009a 823f5c33 10f75dd6 92f8f0a5 01d59848 0046fe81 bb30eee3 4df0f49f f230a5a8 792f2163 9871579d c9563cf1 49f638e2 3eb5f46d 001fad86 15a88fa0 7a875ba4 12ec7fa4 3453525e b4ce3d20 947c613c a2e3460f cd27f810 c2a92871 5e2aecf1 eb6c7279 9b3cf30b dbe3624a 02345468 8f5dcdcd fdf3
+Digest: 3b7ff596 03226687 19d8d7a9 7c05f1a9 7d28f023 14088130 8c3e91b3 23b7cc7f
+Test: Verify
+#
+Comment: random test vector, size 123
+Message: fb1cd866 ea14d569 a87eb258 af402e4e f883da58 9b57184f 16e6d05d bf6209ba de69c54b a93e99b7 c4f184e0 0bc65716 d56544a7 7478613e d6fa13d7 601da542 0c2c87d9 e319dbac 0848e76e 427fd0f9 7e820344 99fe18e6 d23f8a4b ce326fc5 949ff27f 5254a631 70b2af03 e1ae32c0 2ede9af2 1291d773 865488
+Digest: f790fc1c 339c0f45 3d440302 d82690cd 3987d835 9bb917ea d4124250 bc2b2e14
+Test: Verify
+#
+Comment: random test vector, size 124
+Message: 22eb809b ee7bf46a cfdf1fc7 04ddd0b4 b08c88e1 9c7f7e8d b674c3d6 57efb8cf 05fb8085 7b2e2f9c f9c32dfa 726c5c72 2240df35 56d82d05 40fd1f12 6efaa38e a5b02ed4 0f4bd264 57b5275f aa15229c 34e10872 2c41ae16 9d8a4ad3 b6cfb93c 59b0f627 6fe14d9e f7504c54 c77471eb cbbf0a6b ace24352 12d2db4c
+Digest: 7b4d691a 34b7ad27 20e42e78 ac6fa857 803acb4c 2302c7df abd28af0 21d58acb
+Test: Verify
+#
+Comment: random test vector, size 125
+Message: b3448013 d99e191a 5e91cdea 778897bd 01ccda3e e233989d 6c6215f9 dbe2bc8e aabccac9 f346b2af b8b32236 208834c9 43ca683c 76adfd35 c4c210d2 6dd2f0b7 b0d766d5 ce5b570b a3b95ed7 6a58980c 222b23b1 ed9b52c6 14452a48 1a2eeeb9 96247fa8 5a14d466 d901ffb0 766f9abe cad62171 7db12d05 a45b49c2 36
+Digest: 2e6f081f 13fd2c69 79ee1439 9021fa73 98d2786b 59b962c0 65a367ca 20c09d7a
+Test: Verify
+#
+Comment: random test vector, size 126
+Message: affb18ac 86ebd62b 51445ecf 82de5714 c0a93bab 0845cce7 07dd90cb be248ceb e2f0886e 7fd316b4 a4b894d9 30837625 f5e90cbb b68c875d c8300857 b507ea9a d89b1233 c8b85d4a 48050820 5194f3e5 cf825e4a fdd0cced d44320f6 c33fe42e b6339bab e0481da2 1b883504 a06c3043 b4504d37 97087abd b7e378c1 cd8e
+Digest: 7e506d59 ad69d5b9 4807c4fb 1979455a a7c93fff c3808f0e f0a2ff6d 9b3db4da
+Test: Verify
+#
+Comment: random test vector, size 127
+Message: 4736cec0 425fa500 d7371008 11587619 e431b753 f3886333 d65d2be1 0b1643b3 0b0156fc 7257df99 33c35d48 af2fa7ea 4337ac3b a6605f45 0aadea9e 5369631a 835aa2a5 9260563a 2788e145 9faf3f12 e92b683f 0d714b15 8e2e63a5 8d6c842d a058ff23 cfd6e878 7572cd11 47c55859 fbeaabcf 592641df 5d316732 1e8f70
+Digest: 82c7c18f 22f75272 5ce8c293 64e5f87c 4be0294c 484dc363 474885ba 8aab38dd
+Test: Verify
+#
+Comment: All 0's test vector, size 1
+Message: r1 00
+Digest: cf25c47e b1efa77d 2f7a1dfc c09f4d3a cfe97dc7 7c317b43 976e7b23 8da3dc71
+Test: Verify
+#
+Comment: All 0's test vector, size 2
+Message: r2 00
+Digest: f867b551 3ed6844e f4bc72a4 660fed49 898552da 71ee2e4b 34eea2f9 49e80d41
+Test: Verify
+#
+Comment: All 0's test vector, size 4
+Message: r4 00
+Digest: 14783d02 c7e189cb 1470224d 9f2605e3 d0d05f16 593b14d4 90c177cb 30d0736b
+Test: Verify
+#
+Comment: All 0's test vector, size 8
+Message: r8 00
+Digest: ce190964 faaa4ca8 3cf7b1fb 3bfbb935 66690642 e4035551 963dba4a 64c71066
+Test: Verify
+#
+Comment: All 0's test vector, size 16
+Message: r16 00
+Digest: 63d9f885 c5233eda 4f83351b 70bb4292 7c2efcdf 319cbe62 d7ff63cb eb70620b
+Test: Verify
+#
+Comment: All 0's test vector, size 32
+Message: r32 00
+Digest: 7f88ec8b 06a28773 13005dba d9e37873 3a768f32 b4494c55 7d81e232 da93822e
+Test: Verify
+#
+Comment: All 0's test vector, size 64
+Message: r64 00
+Digest: b2cb7d71 9f71ff3c 3847d19f 5d378694 2748f45d 0ae53b4d 40757417 1762c657
+Test: Verify
+#
+Comment: All 0's test vector, size 128
+Message: r128 00
+Digest: d44fdd8a 41c88053 f3409a7c 298fb6f5 1ab8e3ad d1f34124 40313cde f54005a4
+Test: Verify
+#
+Comment: All 0's test vector, size 256
+Message: r256 00
+Digest: 2e860802 5f4f89b9 39317393 3d232b4c 2ee8300a 6442c7f6 53c601df 01f62f81
+Test: Verify
+#
+Comment: All 0's test vector, size 384
+Message: r384 00
+Digest: 242c96d5 4d672959 339a977f e543cb07 a856a50d 9f3bce26 4746a03d da7021e7
+Test: Verify
+#
+Comment: All 0's test vector, size 512
+Message: r512 00
+Digest: 10d3cc85 aee4fe6b f90abdce 49457769 02f857e3 4c1d1ea3 a043ca5f a16eb1d1
+Test: Verify
+#
+Comment: All 0's test vector, size 768
+Message: r768 00
+Digest: deec7c89 725b1538 aa5e297b 6a4bf2e9 d8926c68 8cc7a651 df947a1d a2e822fa
+Test: Verify
+#
+Comment: All 0's test vector, size 1024
+Message: r1024 00
+Digest: c129b50e 5cb3c397 c0021182 6f8da22e 718ff2c5 cff2140c 0f3b7ed4 16889497
+Test: Verify
+#
+Comment: All 0's test vector, size 2048
+Message: r2048 00
+Digest: 75b7a1cd 2f864b97 089ccb59 80b3f73d 945fb0cc 4fc8bcc6 ee1b488a 1abf77a6
+Test: Verify
+#
+Comment: All 0's test vector, size 4096
+Message: r4096 00
+Digest: f771bdaa 4b8bd777 e520b94c 03fd3909 79c1a884 2b855e57 bd9c2845 de75b21a
+Test: Verify
+#
+Comment: All 0's test vector, size 8192
+Message: r8192 00
+Digest: b15babcb 76df5e0c 6a7db83b 91c512cb 748c863f 7eb9145c 881a8bdf f675e689
+Test: Verify
+#
+Comment: All 0's test vector, size 16384
+Message: r16384 00
+Digest: 4f837425 5f98a661 556ba24c b14dc9ec 07fc0024 7d9d7df5 ad35af7c 12b95673
+Test: Verify
+#
+Comment: All 0's test vector, size 32768
+Message: r32768 00
+Digest: f6050345 012f318a d333ca3f ba0e8758 dfc58780 313e62ae b6723fc6 93ad23c6
+Test: Verify
+#
+Comment: All 0's test vector, size 65536
+Message: r65536 00
+Digest: 0ed1053c 9363b25c c554cab6 7114c14b 14de7a4c 8cef341d 8cb9a135 7e33e55f
+Test: Verify
diff -Nru libcrypto++-8.4.0/TestVectors/lsh512_256.txt libcrypto++-8.6.0/TestVectors/lsh512_256.txt
--- libcrypto++-8.4.0/TestVectors/lsh512_256.txt	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestVectors/lsh512_256.txt	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,738 @@
+AlgorithmType: MessageDigest
+Name: LSH-512-256
+Source: gen_lsh512.cpp, https://github.com/noloader/cryptopp-test/lsh
+#
+Comment: random test vector, size 0
+Message:
+Digest: 706df4eb f100f06d 5cc9f6c7 9be5297c 3f6f5158 01dd10fb c1b665a2 d7bdb653
+Test: Verify
+#
+Comment: random test vector, size 1
+Message: 1a
+Digest: 41538236 32396658 72545914 061d19df 20e803c7 446ed603 df0b1614 2fbcc731
+Test: Verify
+#
+Comment: random test vector, size 2
+Message: efca
+Digest: 2bf860b8 1103b1b8 5e117dfe 1d436170 f4b4dd32 d5471cfc 6a210ba3 05901e8e
+Test: Verify
+#
+Comment: random test vector, size 3
+Message: 082f78
+Digest: 4112d19e 66e222f3 ed565f68 23583120 424287b1 d09276f6 9b61d4eb fbb72f91
+Test: Verify
+#
+Comment: random test vector, size 4
+Message: ce16ec5d
+Digest: 8df75820 3a31ad1c d2ac4c1a 52826c37 1986e09c d0444bcd 498cbcc8 4452397e
+Test: Verify
+#
+Comment: random test vector, size 5
+Message: 6c74abdb d1
+Digest: fd243738 b9090a3e 97bd6041 611cbb64 7c050671 4b71358e 286c2a71 fb93184c
+Test: Verify
+#
+Comment: random test vector, size 6
+Message: a84e445e 06f3
+Digest: 25c739db f740442a 6a34642b 7a075aaa bc4518c9 28fa20f7 28dca917 56534065
+Test: Verify
+#
+Comment: random test vector, size 7
+Message: 17c65010 d8b121
+Digest: da0686b2 fa9a7947 07ae2221 7c3486f4 29002cd7 7eae4eaa 597df08e 816721c2
+Test: Verify
+#
+Comment: random test vector, size 8
+Message: 959b71c6 884be7fd
+Digest: 5ee437c4 712a0543 635ea600 96f9cd22 551fb335 c7bbcafa 0343109b cdce07b2
+Test: Verify
+#
+Comment: random test vector, size 9
+Message: a8a892e2 a798a106 c9
+Digest: 5ea30b76 415982f3 96adc686 0cb2666e b4e73ac9 5c1dbebd d1883be5 8122c857
+Test: Verify
+#
+Comment: random test vector, size 10
+Message: 35ec7869 c23202e5 db37
+Digest: d33fc315 4c079fd7 5ff74324 67fa0aa5 89d57017 b55c3649 9b860cc3 5f88d565
+Test: Verify
+#
+Comment: random test vector, size 11
+Message: 49e6d05b f9d480a4 49e85f
+Digest: f7ccac9f 60a72028 330c8b68 963297c4 2be99456 5c1fead6 c9d91cc5 88906d06
+Test: Verify
+#
+Comment: random test vector, size 12
+Message: d3ca2055 a81e08fc 34147e43
+Digest: 19da6546 c52a6be9 518e8a69 dfcd0145 67343ab3 b799d881 e206cdec 12453dd1
+Test: Verify
+#
+Comment: random test vector, size 13
+Message: 8dfc4f5f ff7cc16a ff760156 c1
+Digest: c9903c4f d2136d01 e7520e89 e9175754 7dbd2c63 81c6ec35 e567b704 afa9821a
+Test: Verify
+#
+Comment: random test vector, size 14
+Message: 880ac712 0ecc7ea1 3d3e57c3 f3d9
+Digest: fc2d214e f7f7745f 2b04e3e0 f30ef409 6408840a 6111430a 7f834b81 0429315c
+Test: Verify
+#
+Comment: random test vector, size 15
+Message: 5c0daa41 8454c00a 7cfa0b57 8ffa71
+Digest: 67243123 9df116c1 c64d504a c23901b9 d1862e2d 77cbd37c 8feb3f20 4a2de296
+Test: Verify
+#
+Comment: random test vector, size 16
+Message: fa852490 949b831f bb7a7676 62c74037
+Digest: 3f466dfc c2b8cd90 d9844dd8 84db3f1d aa55002f 353027d1 6002f61f 07c3782b
+Test: Verify
+#
+Comment: random test vector, size 17
+Message: b0a79749 1697d6a5 7fe53e75 1610eca5 ca
+Digest: 74f99f08 0af4075d fca877ac 9bb6ad57 ff08d09a 5d1c6c1e 35d00b27 822fe3ba
+Test: Verify
+#
+Comment: random test vector, size 18
+Message: 28d722a6 c0b6f73b e7410449 8dce320c 3087
+Digest: 65602c59 537d951f bbfc3e6a 26c85936 6750422c 39987d44 a9c03631 0ca9d714
+Test: Verify
+#
+Comment: random test vector, size 19
+Message: 02ee96d7 b88f2117 85a53bf6 be27f164 80cadc
+Digest: 7c4a4b82 b0582458 506f4db7 5b64e6b5 1730ee20 c7f2b49d a3277e96 cca37633
+Test: Verify
+#
+Comment: random test vector, size 20
+Message: 1419946b 6562d79a 0705ad8b 484b6836 5bff33fd
+Digest: 3e4552be d7ef3832 85f2cc84 568f6780 49203e63 d316c26d 5ddd17d7 dbbd4227
+Test: Verify
+#
+Comment: random test vector, size 21
+Message: 29d4d251 ceb43302 a816a781 13bed540 be67688f 59
+Digest: 94e1f9b9 7331465e a00d9070 547293d9 88d31e1b 7fde6e7e daed5ab5 985ad7d2
+Test: Verify
+#
+Comment: random test vector, size 22
+Message: 17ee7dd9 ae9a2cfe 541e678b 75502d84 78255bea 7fee
+Digest: 50824da3 6858f192 7504527d d1c9dccd 59103a11 2341f007 b107b98b f764015a
+Test: Verify
+#
+Comment: random test vector, size 23
+Message: 29bd30b3 efdcbd77 fa549f31 74b23f4b 52d48a3b 8c9429
+Digest: cb37e195 7dacf5d2 93efde4b bd317800 6bdd8892 54c29d6d f5c3677b fc044710
+Test: Verify
+#
+Comment: random test vector, size 24
+Message: 213defe2 31d38849 21149cfa 02b3a1fb 35650d87 442780cb
+Digest: 430097b3 85ace713 2bfb4ada 2358db4f 2791798f d52b8532 9a0a115d a363859e
+Test: Verify
+#
+Comment: random test vector, size 25
+Message: 4ba5bb7d 72068696 15ad1602 6f56b643 2a7400b2 95efc824 b5
+Digest: db28b4c0 70d19439 2ffe04b7 ed4373f8 b3060a75 5b673a56 aab81fa9 a7cca270
+Test: Verify
+#
+Comment: random test vector, size 26
+Message: 31cd4306 84428160 4275ec8a f7a9628c 5ae0a381 32953af8 74aa
+Digest: a22624ab bcae41f1 1f89b0c1 7353e939 bdd518a3 862aab45 8a7c12f6 ea14e29c
+Test: Verify
+#
+Comment: random test vector, size 27
+Message: 96853051 471570c1 39d08a88 34990a43 b70b64e3 1cf72018 63d99e
+Digest: 0e673331 53f5ec58 2e8ac216 e743c73d 84e9203d eb67f0ed 7a90d0af 0da17aeb
+Test: Verify
+#
+Comment: random test vector, size 28
+Message: 122eaa36 980f51b1 7697d22c 713dd9b9 d3c6c8f1 6413943b cadb693d
+Digest: ad475497 e0346122 ffdfec59 b11b04fe 6551e279 feb7df78 36cc48da 5d039497
+Test: Verify
+#
+Comment: random test vector, size 29
+Message: 0863b98e 4ca7015c ba1b289d 74d98953 87140b6f d3bd4b70 f36202ff dd
+Digest: 86978363 86322c86 27a0b7a5 9aa287ea 5feffa83 46ed0182 256676fe 97a6b208
+Test: Verify
+#
+Comment: random test vector, size 30
+Message: 655ee977 38488901 4706f4b5 edc1d5ff a99d3789 fdeddd8d 1915b678 4084
+Digest: 2d5552d9 52bf1edc 49d80e0d 62e62b26 a7f34ecc a2215570 627d38f1 8ef479c4
+Test: Verify
+#
+Comment: random test vector, size 31
+Message: 3ea22ab5 91fd3a7a 362313ea be54c361 801fa62b 043819d1 0e66cdf5 b7e7be
+Digest: 43ca9213 02cd4121 2e5a101e bcc05ab3 bfc7a819 c47aef83 e1cb47f4 7c4926b0
+Test: Verify
+#
+Comment: random test vector, size 32
+Message: 90b48d7e 8941ef01 7db644b1 ec083dfd 2a5af4be 70e30915 ea439016 401365ce
+Digest: 86b13a8e e3d91378 1d4030ef eae721b2 87879b4f 1b4c3e81 356aad75 74a6a508
+Test: Verify
+#
+Comment: random test vector, size 33
+Message: 6837f8ef ea077bad 0401ce1c d4914b99 f84e137d be9d15ef cea7ec77 59196d90 64
+Digest: 8355f775 8b3f4669 3b4eb2e7 097df1b8 5708aa96 43bf0664 4bb0378c 75e8dbda
+Test: Verify
+#
+Comment: random test vector, size 34
+Message: 37e01843 b0a75fe5 ec6022d6 878b5014 f88eb8e7 8ba73096 225a7594 18db19b2 f23e
+Digest: de3b71a0 c9be4d4f dd8e044a 41070fdf b153a78f d0f1b322 ed5d3bb0 c6266ed9
+Test: Verify
+#
+Comment: random test vector, size 35
+Message: 87e4ac59 8bb014d6 f6183094 594a0781 db6740b6 a24a92a2 e2030d94 bc961ea4 f16c66
+Digest: 22559b97 d99d6ae7 8e817889 c85925df c782a415 25073eda 4993f627 f9e7aa1b
+Test: Verify
+#
+Comment: random test vector, size 36
+Message: a807060e c0eb7584 a3d38b34 c3c6db8d b241afd5 e77f74bf c06ed14b 3edb2203 6f265edb
+Digest: 38ddcf1b 678c6032 c64a102b fe6e2028 4fea37d0 905e7ab5 76ea9445 f54a3d8a
+Test: Verify
+#
+Comment: random test vector, size 37
+Message: 862a6217 1911bbf9 c79166d8 df5f0029 802ca10e df357a7f 48cf1761 220803ea 456b112e d1
+Digest: 83abd6a0 a2c60eed b257b702 fb4ba847 3c42cd29 90b73142 5bc693f0 ab454070
+Test: Verify
+#
+Comment: random test vector, size 38
+Message: 59f5f78e 5f2aee4b 604945b2 aa171c97 e53440d0 685c2314 71496a6c bb76cd1a 813f4877 f60f
+Digest: a1b8d9fe 4d340156 5a4f032d c9579c3d ad03fef6 77a13ed6 d1b7629a aa36ce34
+Test: Verify
+#
+Comment: random test vector, size 39
+Message: 8eac0c69 97485301 1dcaa8f7 466fff15 77889aa1 3857ac55 49099ec6 6d538531 a2a82931 7f1c35
+Digest: 047e9757 d9fc64ea 881366fd b0ceda35 d7664bd4 5e80d72c a2f755d7 7d18dec4
+Test: Verify
+#
+Comment: random test vector, size 40
+Message: d8c9f317 2cd14bd6 45db6733 f29fbd00 c961a158 1cfbd580 4a4350a3 9e398c45 b16518d1 8aa4629a
+Digest: bedd3c82 96a944ee 22851acf eb258073 26d2ffe0 95d200ea 3b01ceb3 75b441df
+Test: Verify
+#
+Comment: random test vector, size 41
+Message: 7164db81 a34ae505 8af1bdad f36b127c 34e5ce31 65d85154 ad965585 62eb2f06 a893a93c dd808fe8 9b
+Digest: 5a849f50 0cfd67f4 ee2dc3bd 0557db49 d9049d62 dec94ee8 e78bed21 40a33bc7
+Test: Verify
+#
+Comment: random test vector, size 42
+Message: 6eb58bf4 7c072458 53c21275 25a849a0 861dd8c8 f3065f7a 77b5f18e 7b0b1a7d aa5b641a 324bcebe 1e94
+Digest: 406c14fd cb4c4a01 9de86b7c 18f90874 8ac5f126 a9b363e5 f797032b b453b8fc
+Test: Verify
+#
+Comment: random test vector, size 43
+Message: aed81945 89513c18 f6e38d0d 4a15a52c d0fcdf79 0698b1fe a4dabb42 72e4e35c 1b6af9d3 c4ddc19f 1dcee4
+Digest: 9d69c6af 8e9bbfdb 87a301cc ecfd0053 489f662a 112e483a 48c89064 a9998071
+Test: Verify
+#
+Comment: random test vector, size 44
+Message: b77f7413 ee201599 ee2f758b 1d08ea3c f1363b0b 828797da e80ff6b1 ef4be209 520340c2 f5859531 04d74098
+Digest: 78845ef1 18aa9cc1 3ff1a9bc ce89b23b 3c8d42af 46f80ffc 3525b21a 68d5ee5d
+Test: Verify
+#
+Comment: random test vector, size 45
+Message: 29b18f30 0f6ae44a 24df643b 59b60870 be8ea6a6 b8654634 08b77f32 4102d174 e64fd2a1 1261a0ef c959f5b7 89
+Digest: 915e0956 661c9a89 69210c0a 2bb92ca0 166c25bf 857df846 bb08bcb1 f0dc4f24
+Test: Verify
+#
+Comment: random test vector, size 46
+Message: e064c9fa 7be03ac5 5a0a865d c92c82d5 c8ec4fff 384ffe7e c1ac7236 7b9b0c9d d914087a 69f27265 0b78177c 3303
+Digest: 1feedfea 88786cbc 8452e92a cba4e21f af737d88 fe0f259f f8320aa4 076a57ab
+Test: Verify
+#
+Comment: random test vector, size 47
+Message: 113f5113 fc22263e 66dfdd85 7fbacf6d b3d198e6 7f0a0f22 23f349e7 74267a28 b87edaf5 3af43735 243754f4 6ace78
+Digest: 0cd9a53f 34117de0 fe8ce1dc a64410c1 5b58ccf8 d3734518 1318c53d 5203d046
+Test: Verify
+#
+Comment: random test vector, size 48
+Message: cca8374e 6e85dec3 26054497 6159f8af 0c987127 91628780 41257d09 a0c2d5ea 867a0ea6 181622a3 461bb84d c1cc5d95
+Digest: f65bbdbc e5fb7a21 64a4f56c fc2a8fa1 4ae0ebde a9ac26ab 5a2250b9 875c8676
+Test: Verify
+#
+Comment: random test vector, size 49
+Message: 1e988d80 33225b6b 0eb897f3 a6ed163e 3df3ef3d 5fe4fc40 8f68e855 e36bbed4 f5809b2d ea6d1bf6 6db4beb5 ad1fa07b e3
+Digest: 3ff068ff 9d852a6d 93c58b93 117ee49d dde705f4 74f66e0c fb54f64c 0aef0434
+Test: Verify
+#
+Comment: random test vector, size 50
+Message: a4668b5d fc1b6805 45ffa793 15b9ed4c 3b1dc54c 8c428523 ab61c9a9 0d527821 a658a3ec 63128e1e 986c2804 106de221 5d09
+Digest: d3880e26 55844508 d26cae4f 9597431b 8ccd9e83 cfeaaf28 0cb4ad68 dfd185fb
+Test: Verify
+#
+Comment: random test vector, size 51
+Message: be10ce4a a09cacad ce1f728f b94d752b aaddff3b 1bfe1c1d be44ba35 7b2276ab 163659e6 015f850e 2216e3fa f56dbba9 df93b1
+Digest: dfa2cd9b de0d6afb dfa70152 9bb0f169 1bc9204b b7dcf3b4 56900bc5 b9d46461
+Test: Verify
+#
+Comment: random test vector, size 52
+Message: 140a058e 3ef9197e db818116 86da357c 9cf0843a 61c1a94e eab581c8 78a63784 f709f64a d8b9a7ff 9c5f2170 24845f1d 7782a1e8
+Digest: c527573a d38c60ce 6553871f 4841caf4 50ebbd5a 753b373b 720081ae 764858b4
+Test: Verify
+#
+Comment: random test vector, size 53
+Message: 4874d4cf 8a6f4ddd 2058086c 24afd2c6 21f47fe1 330d5f9f 5e47dd01 235ef7aa 39a5344e 2fa4ec05 29f9c0c1 11e3c58f e51cb722 7b
+Digest: a011cbee 947f4611 5ca6dbbd cd22b1e1 316ac5d8 b79c7819 f9457f21 2fc5c6c6
+Test: Verify
+#
+Comment: random test vector, size 54
+Message: 81d3b8e8 0c2b2c6f 0deb6b33 312be001 d2e2571c 4384d5a9 5e399a67 d9a355ba 154962fd fe45163c 618ea852 17758eaf b21369ae 87af
+Digest: 04bf76dd 0f4696e6 7533e74d cec27dde e65c3ede 47753177 3cc00209 65100a5d
+Test: Verify
+#
+Comment: random test vector, size 55
+Message: edd519de ff76fd82 82d67269 f165308e a820082c ba52f9de cce3e344 3d73c7a6 cfc072f7 743efe60 4d4e14b7 8b5e50c9 d85d07aa e3691c
+Digest: 05d9acd9 191aeebb 77ada0a8 3866390f 87776921 929cda0d 53b4f48c 963f73b7
+Test: Verify
+#
+Comment: random test vector, size 56
+Message: 497e9774 09724c7e 62f5097b e4720123 e99dc1c9 497b08d7 20fb78dd c220bbd7 a475546a 7d9e1213 5cc04025 649db8df 293f5f0c da53371f
+Digest: 354e3bdf d1556c6f 72f56ea8 8cddc9a0 346e1330 63f6751d b88ee8ac 0650021b
+Test: Verify
+#
+Comment: random test vector, size 57
+Message: 2c5e1dbb 122a9b46 27e51928 3d652aa8 a90b6914 a7bb9f10 19464499 2d736d16 4e3b5c06 5375c481 4c827e4c 7992a218 ecd132d5 d42edc84 45
+Digest: bed0024f db98418f dad67a2e 87770885 f318882c 2e0e9962 a7714afc 633c0e4b
+Test: Verify
+#
+Comment: random test vector, size 58
+Message: 02afe3fe 7ae5784c d4258399 6a23e43d 42d19446 464bb3a6 38f3f831 3df865a5 917b9039 7d45c466 748d3960 1818e6f0 885428a5 1eb0dfa9 e3d8
+Digest: 941a49eb 0b7f4a07 ad1949da a4a7edd8 410a221a d49207a5 9cffd635 b62ca448
+Test: Verify
+#
+Comment: random test vector, size 59
+Message: bba19a76 8b6d18bc 0fb842ab 456823c7 249470e3 dda63807 e3f210f3 5d9a7f12 abf1eba0 906e68ec 79fc67cb f30d8dd2 249b43b6 34d65c81 0ffe05
+Digest: 59b0e3f2 2176ebda b10a0166 2b86c596 a4c8c842 0a4d0eb0 ed1e3219 4f3c6856
+Test: Verify
+#
+Comment: random test vector, size 60
+Message: b3c2ed24 0d61cc30 d27db448 59b9ca3f 1fe2821c d0251bfb d1b6372f 16abe40c 90707031 7e3e5c07 374e0d0e d37e20a3 8052ea4a ca3ab443 5bc737bc
+Digest: 231eb876 0ddbe5ba 9975f139 2777e1a3 3e04a57e 1ee92194 bd472085 43ddd9f8
+Test: Verify
+#
+Comment: random test vector, size 61
+Message: babb0acc 60e63cc0 32d27401 c40f5e8b caf69333 b680d964 b04cf55b 4bab4816 eeeceb3c 7b5e2aa7 b6c27bf3 3dd7cacf 6aa4d01d 9497a77e 8fc66302 1c
+Digest: a1f404c2 02cfe94e 6128661d 63db979f b2be7962 2dce9220 6c6adb02 ee143da5
+Test: Verify
+#
+Comment: random test vector, size 62
+Message: 99e58e78 fa8f6013 d1b96982 98625a7a d23eeb59 7d63fab1 53280cdd c4bbf003 0fbdc23d 15547fb0 4c6c9465 48cf403e 50c884e0 afcb5cf9 a12936fa daf8
+Digest: 4f3713e4 42162cc5 17919b1c ae955385 bbe45a61 97170d49 ffff1b8e 4ee3ac8f
+Test: Verify
+#
+Comment: random test vector, size 63
+Message: 029a4eb3 e53cce25 bc380110 a094c068 adf05953 78499fbb d99a2ff3 000f93b6 83641f4b 533f7af2 16be9f85 21dc8833 ed2a7b38 8420b3f2 4360953e 5579e2
+Digest: 6fcdfcec 7b70cdd2 76778e6b 949f67a2 5405f391 cadecb74 560ec979 c6877d1a
+Test: Verify
+#
+Comment: random test vector, size 64
+Message: 5df92a47 6a31c52a 0f2f02ae 14fa1920 62e2a6aa 7a2855eb 0bcfedcc 28f3de2c 460fae0f 472829ed 3c1fd7b8 92c526f7 43ac2f71 44864752 1deaa39a 5eb693ab
+Digest: 34ed7411 ffe9a8df 0d9d1ba7 189efa37 2dc6ac70 41c4ebab c16974a4 1c5d43d8
+Test: Verify
+#
+Comment: random test vector, size 65
+Message: e4877ce0 da5e622c 77bdbe98 a8b6be1b a62c5c0c 83982fdc 2fae2b8f 0c657cf7 5f819a01 5f6c1e11 344ea215 77fb9529 9e315f0c 45e692d5 f7e3f6b4 c012c05d 67
+Digest: 0ef2f460 5f729be3 024cd166 44d263e7 bcea69f6 9ea00ff8 2028ace6 834c626e
+Test: Verify
+#
+Comment: random test vector, size 66
+Message: afa3be29 d5bd6683 4f7fec68 d8e82716 af3eb0b8 734178bc 3f887e18 ad4f0478 595b6371 93475778 432c610d 940dcb32 70381b44 eae4f1fa 95d61392 b9dc730c 938d
+Digest: 8c549191 a233c307 0ba772c0 16495cce 4470a6fb 5d7c99b5 09fc3b46 2dcf5fb4
+Test: Verify
+#
+Comment: random test vector, size 67
+Message: 567b5ca2 ffbc3fe3 68d25a9c 8143eb11 cd6b2627 e9052792 023d9b4a 97ac3c41 503ea1eb 312a41c6 247d8ab3 0ff97c8c 00021066 6ee1205a e45b7a10 f41d45b4 27ffe9
+Digest: 2e6da445 17f6bf0c 9b38075a 5952ff70 f8a27e0d c7e7ce15 fb4ad780 6e223cc7
+Test: Verify
+#
+Comment: random test vector, size 68
+Message: eb55a08c 424bb9f3 42e3d837 d1d3f0f5 35924116 550cdc8a 95eccc7e a303abde a81fb64b 5d2fbde8 77f2a5eb baf6fc81 b74874cf 437b055b c3d0bc90 a1a74a21 792386ce
+Digest: bada8fbf c2066ee1 519bd94d da261d2d aa4d5dac adf974f2 a90b4e33 2296cc31
+Test: Verify
+#
+Comment: random test vector, size 69
+Message: 0d99a3c0 a789a257 6bd8796b cb860bea a99d640d 7a6a8a6e 3aa014e1 2aeb8e0c 20d2ac26 8ab1fc08 d3737f97 ce1afbe3 a4c29f5d 06c6078f b8f43e42 9985fafc 8fed9bf6 27
+Digest: d372de4a 36c18f18 b4ef9a22 f4b6e0cc e09c4b4d f2793398 0578ff0a fb4204ed
+Test: Verify
+#
+Comment: random test vector, size 70
+Message: 4b0d572b e9c0b27e 93e45d2d 9c413a94 86f68264 186cb944 62fb09a6 79764fab 4f86106a f8ef165b 7a433e66 3cc34b03 5598e706 a3910829 8b1a4509 9773e791 5dabf0c6 f755
+Digest: 92372385 aa9cb6c0 914d9369 709d2a82 cd2564e3 1161d0a3 4201bbca 9c6f4111
+Test: Verify
+#
+Comment: random test vector, size 71
+Message: 2229d93e 15f1a89e b5f88873 347c59d1 da405729 7c5ba763 551a7206 596884fd 35384ed3 c56e298c 45d4162d 7ee3e7aa 1e3a64ba 9e093a2e a6ad2bda 7d1830c7 fecfe4aa 8c083b
+Digest: e9dd369c 5fb32727 8091d0d0 fd4b4a86 b32bd5f8 261628c7 3cfa430d 06bb9636
+Test: Verify
+#
+Comment: random test vector, size 72
+Message: 2a318cb3 c621d57c ac55cae9 19ddd2bb efa74392 0a2c6d8e 6343557e e7e7d2b8 1dd68946 4b504ec4 d536a3c4 2a5f654c 33049dce 2a275ee1 89e53b0e a5de66f7 844c0b1d 2c2a2296
+Digest: 7cbfb433 3d07c9a5 606b55d6 137b6c27 f0df4b45 d79eb5d7 40d4cb16 0cfc34b3
+Test: Verify
+#
+Comment: random test vector, size 73
+Message: d7fd6b14 6c57f6fd 20bbc8b3 7005843e b5bc2bc8 61611e8b 4fbb1725 c74fab09 32f59349 fa9bac7c 9d1b6061 51cfecd0 5872c0bb 20b26a47 b48bafef 12a0e813 f4ee9011 2e6f562c e4
+Digest: 30a9ea74 8ed5893b 8926d785 b066305b 9ec820b1 6a20533e ac7afe94 2d4000d3
+Test: Verify
+#
+Comment: random test vector, size 74
+Message: 0b1af505 9b1be1d4 bab8a79f 12fe263e 803ea4d6 9fa28a74 5f663f6e 78179e82 839168d8 1f3ecf27 23f6e28d 746405dc 83f4002f 86cce0e3 eb59629f a7af0e21 0cb81e8e 71b34186 424e
+Digest: a7adc07f f4f6fb7a d28209dc 6c79af9d acc1400b 1d5b3cb5 a46ff989 9062ce1f
+Test: Verify
+#
+Comment: random test vector, size 75
+Message: 1216ec40 f518ce97 2d774f88 0bbe5f3e d13a7df0 0f15b600 cc8d3cc7 88e073fe 36b2bbad 2d222c1d 58049d94 b22ae7b4 cc05f959 8061d853 b74ca5d8 778e7aa9 a0f513ef a53b927b 76ba17
+Digest: 39dd882b 4d0c9c0d 52aebf8f 3a40ec61 57e8f583 2a89e156 d528d83c 210dc42a
+Test: Verify
+#
+Comment: random test vector, size 76
+Message: 5e95cfd9 3092a09a 72c32e74 8ff240d8 487815fb 081565f1 71f5038c 1edc218a 6499d788 a4239faa a182f4fb 5e6630c4 1c59dfdf e8dd1ec4 48c9f439 6579b73f 9337f29e bd63988f 2eb09df2
+Digest: b06a0aa8 d955667f bc81d702 060d1b0d a615a57d 7afb976b da0a8ea9 3155090d
+Test: Verify
+#
+Comment: random test vector, size 77
+Message: 1bed27f5 93efa38f 313e0991 338a92ac fd49d68b 5bcb3300 24e88dc0 338775e8 6387f7f1 5788f499 89853854 37192277 92500db1 57d28aff 6e6e7c40 520d0711 f6276fd2 fc0b2501 4a91a795 71
+Digest: 406667b3 c8744733 372e545c dda96564 5ae3ce32 7bcbb0d1 7a8555b9 57fb1717
+Test: Verify
+#
+Comment: random test vector, size 78
+Message: 8f97a6f7 3aabcf97 f6010593 83e88e38 d77cc373 5c26898b 7fdb6f8c 4a96388b df9434d4 dd5cc914 93097dd0 9092242c a5fd6204 34da9791 ffeb712c f4a8d124 ff0fa981 08b317dc a0a13cdc 9b02
+Digest: 41ba5588 fc9092a4 1cd86da7 da5632d7 9df74518 bcb41932 f73a7abc 4e4b69c9
+Test: Verify
+#
+Comment: random test vector, size 79
+Message: 41869c86 b567f86d 716db13d 3b566783 9a613308 9b6395c7 6c02fb2b 4a463ac5 3fa64d24 ec989acd 45071016 2c1ae0fa 34a11f3a 31f7a80b 568af161 c6dbdc70 de76412f 6f221212 52ddd537 2ab69f
+Digest: f75488d1 faf3a596 ac6c3f1f 1f3e168b 9623fd24 e096227b 9572fb99 c7ec5350
+Test: Verify
+#
+Comment: random test vector, size 80
+Message: fa3288a5 35bbb2a3 8db4fa8c 0720bd5d bd041580 721a538a 55fe0bfe 670aab59 db8bb03a 61cf8eeb 92fdf7ae 627a09dd 5f2ebc55 a98833f4 a066e8d5 e26e584f f981461d f14bd37b 6cdd4ead c012bc69
+Digest: 49f8a0f5 3fc98a34 2befda3a 455f561d 61a48866 a42900ad 87c6d551 171784b0
+Test: Verify
+#
+Comment: random test vector, size 81
+Message: 58e9da47 417a2b96 8a4dfdb8 285c3909 60e216b2 b81fe4a2 19611d79 6ad07562 6ae45657 ff849b8e 8ea058a9 8d2ba6f8 ce60ba02 9748b1e3 35777040 b89616e0 0a230614 ee9e7a38 f1528299 59dbcaa5 76
+Digest: 8eb9d9ca fb8833e9 5d185d02 8f9d9cfb 615178d3 29e94094 c7863343 0507258c
+Test: Verify
+#
+Comment: random test vector, size 82
+Message: 5f376d4e bd190a04 d56739ea c0d15be2 fac63855 98ab8666 89e644b0 ca951efa 518b25e2 bd83f08b 20ea5e87 43adfc1f 9e5da6cf f7179b5f e2afa25f dcf1a98e 7242aa9d ceffb114 81b4ad82 2c05a90f c81c
+Digest: 9375876a d6bc7634 89ef2cc3 a9a5c811 d07b26cd f90b5126 f4f8e73d 69c251a9
+Test: Verify
+#
+Comment: random test vector, size 83
+Message: 110ba1d3 38ab2da9 c6e553c3 2399982c 32e3a5e0 f23ceb8f 2ea25992 9a3bea08 a976a83e 113996fc 6a9d7dc1 64eaa0bb 097ddfe1 2a69cef3 67125230 b7324f47 85b076c2 1f5de74a db289e8b cffba73e 5d9192
+Digest: 9d3c67e1 0d1d6bd9 48f2f381 26c84cc3 c100e3f7 22c7782d 3384bc81 a3ed36fb
+Test: Verify
+#
+Comment: random test vector, size 84
+Message: 3300b3c6 d286ab72 cd1adc8d d496aa03 0214f1ab 0bbbd217 0fcb8187 fadc8bc8 47dbff68 89cc5042 afc8ef6d 73f3e3fc 5ed16d3f b1a77782 baff5a6d 0998e588 353d9bcd 87b7ab40 e80644c1 f242d84f 00b1fbec
+Digest: e5285356 ba9d8113 a4a62d2b 1e3884a9 80d309f1 e947b5dd a3bc6690 35da5ede
+Test: Verify
+#
+Comment: random test vector, size 85
+Message: 3be50533 abb362ed c7089dc2 9d69258a 18c81093 af8ed119 e0793803 62e17d1c a29b7926 51945089 0971d746 a02a3ded b25db038 a7a27364 b0b289b9 af387886 19cacf48 af7f611b 8cfa0281 1f028d2c b72a4055 96
+Digest: 9f60fd89 ed86245d 9ee814e3 e71f3ba7 ae6b6a19 aabe05a9 389d0da6 8390e6f8
+Test: Verify
+#
+Comment: random test vector, size 86
+Message: e2015440 e9921502 20fc3bc3 edcbb1f5 7b620db1 79bcda28 a046c38b 70507d97 c811c067 25b71485 65aee584 2b811e84 0d853832 26a711a5 c69ddfe7 51bf343b 27ba9af6 8a26dd52 65e4a097 c1a2045b 5ba0319b be84
+Digest: 11e3bbc5 e8b1d1bb 2b5aa18c 141b6ad7 1a9a66b8 3c38de32 4a8f7c14 ef778d67
+Test: Verify
+#
+Comment: random test vector, size 87
+Message: 6038e5dc 290d99af 15b7db92 88e20b4f c70edd0c b891d366 442b201d 7d487fc5 209f09be 74855840 c83e243d 8171362a 01d6ba3b 12c3aa1a 9381cfab bfcd1166 d00bb945 5a40b308 7323501a 8e23f896 70415d78 6f3a57
+Digest: 45cdb012 a502fd1d 9aa6e6a4 9d25ec6a 187f1c2b b7c38e0a 0374ecff 45549d5e
+Test: Verify
+#
+Comment: random test vector, size 88
+Message: 54f6ffa6 2efd4da1 9e40b607 54014bc9 4f55f606 3abf4b24 1403d92c 28d7fe74 5a8ba2b9 fc3fce4d c1ef0c2c a6b19747 bd65b351 ff5de199 e0f77d08 d36a4073 ac952ec8 1eff7caa ca0c9955 f7eab657 2b348e57 3017e813
+Digest: 778ad765 3f099c70 03c7f4bc 21904992 7746edce 92ffc64a 31c6f611 af90cffa
+Test: Verify
+#
+Comment: random test vector, size 89
+Message: 44b25308 46032203 ea3632e7 4979b0ec 969b1117 5610c3c7 e815530b dd2ee97e 3b93b529 e4a3db21 73e1aebe b5ef127e cb9e1ad7 d3cb8325 2a827b6b d233ba59 c8349baf 251f38f1 c92686b7 f2abc0ea 4b7cfed3 bac62941 c8
+Digest: 166acd98 1a9ed2d6 f9c1a52f cb519f03 117beb6b 6f447c5c 34fa9b09 ff3165ea
+Test: Verify
+#
+Comment: random test vector, size 90
+Message: d4ef4827 d237d55c dc03f016 48f95a00 ae442cb7 4fda4d50 bc917673 fe3b388e ff81384e 2cab8caf ec0f5575 6eb3cf21 f9ed4b28 c4a3bfd8 408541b6 87e03825 225d63a8 ae39540e 3edf31db cd433a39 6d7be00d 7b3c7359 8005
+Digest: 8dcf7aaa 40301c68 c11773d1 c6785f21 53254164 41f58397 dff83082 d91a2dde
+Test: Verify
+#
+Comment: random test vector, size 91
+Message: fe89ea00 4e4cd769 71ffd695 be48cfc9 a0ac4cca 47a81d58 11f912c4 214cff03 9e8c1e3b 84a0e347 659d0d9e f57eed7d 92102df5 c9280d9b 5aaf80fc dff89dbd 574e6a71 d22239fd c3d12ac8 39bf5e25 4654f36f eb6d6bde 61cb79
+Digest: 16568e3a 55dd41e0 f326e1ee 1ee5c9ef 8cb6887e 1f85026d 346e7f9b eaf3be10
+Test: Verify
+#
+Comment: random test vector, size 92
+Message: 99a42fd6 04569529 15902893 af4b7a02 364d447b 257e0175 d35fa952 21efc56a 50946e52 67f27d3e b3d0659a 6f139d7c 5c95ef4d 0eda28f0 efcfc289 00631b9c 1f7f3c9d 9c3cd8e7 cea29a10 c11ba8fe a92cc2ae dcdee92e b8a9b1fa
+Digest: 3d320a74 9aa65e1e 869f0c51 e8f1c637 875dde10 d3fa3d03 867d70b6 8a637606
+Test: Verify
+#
+Comment: random test vector, size 93
+Message: b423f75e f564079e 5119b89d df9025eb 4fff6542 513b2d7b 3a4331b1 942e6bb5 7eeb3ca6 5d3d02c2 3a4f3002 d60d8fd7 10d284b4 92d5bcbc 4323aea9 8a2dd991 ade82ed2 ed9e0062 f6de577f 34c40364 74a47246 29590280 52e68479 aa
+Digest: 4e279e1d bf9e31c3 1ba54485 dd386f16 e5fd459b 0dc86cdc ba0c2070 64cdeea6
+Test: Verify
+#
+Comment: random test vector, size 94
+Message: 843596fc 48853f48 bfaaccca 580dee36 53f572d1 5a995eb6 79782a99 d73840b7 f64c0a8b a986ed3d 51ccd381 1ac84a85 f105e59f 240625b7 ae679158 a4b099d0 0c0ce8e0 bd993bab 495387c6 711577e3 4bfc23d7 200a2c7e 3ff92c40 bb0d
+Digest: d69346be ea2460a2 5e0a1c5f 8db04e78 48d76362 acd48db0 bef10f0d 3e76f19a
+Test: Verify
+#
+Comment: random test vector, size 95
+Message: 182f6075 f8bfff5f 681a1a61 91f9d7bc dfec63ca e6e892df de8c2e13 9fc293da 1259858e f029ebff da2b481b 2eb48f7d 089a18c5 34ce79f8 29c8bc12 abec1f72 0cdc5b4d 8355ca99 9a61d1b9 235ab53c 98f32feb d3d2ae3e 41976958 687287
+Digest: a22bdc79 f518b95a 7cb816ee d351e71d f90f4bcb 6ca45174 3f1ad9c6 76c5d080
+Test: Verify
+#
+Comment: random test vector, size 96
+Message: 450991c8 bfa70c81 4590fbad 7829dcad 0157af1b cfb6d077 1ec79d14 42693367 1c781e12 bc009d9d 65e864a9 e6840ae9 11fc9fc6 54ff4e8b 69fe207b 49e393d0 460f641c bf70b38f c32bd668 0b64cda1 89987203 50b38bc9 11f6afcc 0053d61d
+Digest: 4dab3b47 1a52f6d7 cc6607a9 ba0ebb88 c4c0de7f 4056f67f 6eb035e6 83623fe6
+Test: Verify
+#
+Comment: random test vector, size 97
+Message: 1803cfb7 59f1f2fe 1cc4cc66 2aa3478f 664cf1c7 5eba89d7 1211c6e9 7f66fd9b ca30788d 4b27d3d1 d99b0c3c a347a46c 4462fc3d 8dd87fc7 00c29e9b 18458a2d 74fe388d f2c15940 6be8cff8 64d415a7 7e896cd0 66369bcc 8d916443 c491df3b f4
+Digest: 854bd8cd 4607590e c1c2a577 3c5f4af7 7f6b630d 7de46e43 e8866ddb 9def1ff1
+Test: Verify
+#
+Comment: random test vector, size 98
+Message: f4552e8c 32b1e9cf 69cf4e22 8fe1d3cc 2137fe99 97193c79 05abc57d 9f0a34f8 f852ea4b 57518565 ab6ba19e d62ef210 63ff0b49 48d35635 6232f94a 86c905b3 cfef7b9a 6062224f bf7ad534 fe5ee1d8 d4def2ab d5f74cef a568a2d6 dcb87d03 79e2
+Digest: a03467e8 5a481168 b1df72f5 1bf305e6 f019f89f 1bb70dc9 98151e74 568decb4
+Test: Verify
+#
+Comment: random test vector, size 99
+Message: 455772dc 5075a29f fd62508b 09060e60 27717c93 abd389e7 c6d5de53 493323cd ab745937 a7c93c60 9e03de6e 912abc71 ef2d675d 394cd8f0 24801e89 0558332a b723cb71 b09fed34 267fc2d7 b0f44b96 3221d65b ff35b33c 9fc19b4b 161a1755 54872f
+Digest: bb598652 424764f5 5146980b 219ecede 4a23f51e b128182e 491e28fc 69f4faa6
+Test: Verify
+#
+Comment: random test vector, size 100
+Message: 19914a92 29713e34 450a1568 abe95705 dad58a70 7ebb80f9 d9ff2117 a6393a60 9ac78a51 b104cfdd 1b407da2 cdad3116 0a0f5035 41747609 66d28124 76b8ec22 bbcd697d 2e146de6 44d9984f aa1aae1f e4d5ea70 a3788c38 9699b8a5 181048d9 21c2d2c4
+Digest: 8c68915e 3d2f1601 5a52b380 ffb91f8a feb65104 7ac5cec1 48cf907e fc8962b3
+Test: Verify
+#
+Comment: random test vector, size 101
+Message: 629b9c24 a4fbd0b3 26aa6f71 d99ab79c 903d85a9 46b03768 011e1a47 5489ee20 6ecbbce1 831c7e00 061fbe09 5d2ce517 aab14c01 03100884 4de96756 dc6214ec c51947c3 3843feb4 dc2d445e 5c575b79 815da516 5f39a97b 91e067c3 ef4d87d1 999e944d 45
+Digest: f12972e8 600433c8 35f0c7b5 46d6bd09 bbd07e78 ba45e143 c5286534 c94c06a5
+Test: Verify
+#
+Comment: random test vector, size 102
+Message: d9e9ba03 b77a7187 8198a262 fe8d37a1 915bc28e 8a94bf62 1c22e9cd cecafd7d dece53b8 108b0462 60535ce6 fdd81061 9ddb13cd 69ac611d 5a94a7e6 4ddca058 0044b037 6d8db107 29197f49 0bfea21e f7af1a05 74f1c575 52b72634 fce4b8e7 af574f58 ced1
+Digest: 24163dad a76f534f dd43b72a 8c2d144f def614dd 357e3df7 e63ee2e7 8737fa23
+Test: Verify
+#
+Comment: random test vector, size 103
+Message: 0e8380d7 def1ccc8 49ebe5b0 35c061fc 9bf5e66d 53cfad92 b9645610 adf66d59 63717920 deaa7dc4 95631943 bb966a9f 81b5e14d ba17419b e830585e 44626b64 bcb9d17f 3d0de1ff dcff206c a63ad7ca 45575c04 cdf2a25a e6675caa 5d44a727 846c0669 fc1653
+Digest: 3e5619c4 96ed71d8 ec2bc6f4 21c59d4f 671dbb04 be94bf08 e7da4b9e 4e103e4b
+Test: Verify
+#
+Comment: random test vector, size 104
+Message: e72e355b 257284fa 85e3bc14 816e8534 3bf08ab5 3e839f76 b86f7eb2 987d8e0a c8fce5db 2d37e4a5 ce1da44f 299567ab 9dfda42d a53cf76c 4ccaf481 79db9ffb f93f987f 8033906e 7045bd35 d0ec2e2d d081f859 0364efee d713f7b5 eb7b4de2 8e2afae3 6f631128
+Digest: 77b9d42a dc7b2676 38181a84 b31388bc 0960c94a 895f5133 662f8075 b0063215
+Test: Verify
+#
+Comment: random test vector, size 105
+Message: c1489cca 9670a755 9954a328 fe008712 54debd77 da7aa132 77005598 d03d2d8e 86f8703d 883c3c2e 4d61c020 2c551cd8 a6c9d79f 0e73404c a087f688 e32a7ea5 596cb59f f7a1da6c 7cc579a8 2239c98e 70f10a85 62b4c5d9 7a183013 cca3b2c2 1c22dde7 0882425f 49
+Digest: 26aeceb2 a19778ba 688e43fa 8a3cf707 171cdfeb 97a707ea 99ca5d8f 39aa212e
+Test: Verify
+#
+Comment: random test vector, size 106
+Message: 13eda709 f4fa36be e6db024f b10a67c5 77adb14a 5aee3bbf 51907df4 33a2e9c6 0ab5935e ee04d426 4dcb67c7 9fb86122 fd2a0ae3 15ddb7b3 d2efc3f2 21e70ea0 e532c07a 986e5290 07380834 063d367a 4ea8bea9 dc1c4db7 b6b4034d f5299297 ee887b5a a844e8ef a751
+Digest: 45e9a3f3 21b1745b 9156fb38 6cb5fe43 a42bde29 a3e0313c 53527f47 9b6ac607
+Test: Verify
+#
+Comment: random test vector, size 107
+Message: d55e6968 55f2aefc 5a800b33 502fce5a dc1ec63d 37b0b03e 0cae3ffb 80f73211 59d6d3f2 a6fa2bdc 52c3acc2 649c65cf 37bb145d 3a415845 5ff369e2 73ea5915 85fa186b 0e7e4e78 2ac45f40 a6173215 bf107765 f8bd7c99 f345470a 7cfffc2d b60c060c e35a5f21 3e4e9a
+Digest: f6f477da ca904d78 89d6a8c0 f3f69acf cf85aaaf 84f82aab 38c25217 449ba7d3
+Test: Verify
+#
+Comment: random test vector, size 108
+Message: 2a0dc389 cd7294a3 81a08279 26030cb8 4cd89fbb b8ae7a0a d41f821e e27336e4 19af6a0b 8c68ba63 a8178d8d 54fdaad3 1a2800bb f6895a7d 19744e39 669fe34f ad7d10fd 34c8b12b 98483a3a ce350a8e ad18ed7f 7a1d056e f5ac1bcc 8635ca4e 6cff4f95 59e253ab 22e68a14
+Digest: b8c64ec7 e0d18475 db1405d7 262530ea bd7861bb 63c7483f 7384721b d21c5820
+Test: Verify
+#
+Comment: random test vector, size 109
+Message: 31721fc5 ff30db16 9933e17c 0eae6e22 cf923eaf 2914d7b8 01f2df4c 6b5e1dc4 358a6837 fec9fb03 134caf73 cc4132d3 c4e48d11 c8455404 a482c444 2bb8588d e573cf6f 25dbef46 3c63f603 1318c3fd f1c9fa06 7e806074 b58de828 1c2cf067 4f92465e f76dd844 31d6e704 3f
+Digest: 840bde72 990db1c4 e53c443b 7cafd671 0935c9a7 423a47fa 18a5fba3 b54fa1dd
+Test: Verify
+#
+Comment: random test vector, size 110
+Message: ce8e84fc 95f5b394 77c19517 4c6f4fba ea8a7578 c574eab4 a5db4301 6c3f9dfd 75b67071 f7abdb8f 63a01d48 52feb24f 210b1fa3 24ccfa8b 7af19205 7cdd95db a595e0ec d24cbdd8 8b950ab9 fdef498c 3a07080b 3f4f64b3 eec553b8 71997c28 e4bfe022 3db263a0 49aa0499 c03a
+Digest: c426b0ab 30ebc65a 31338f86 4d81a029 95727c51 4c3c8c1c cb113263 147bb9aa
+Test: Verify
+#
+Comment: random test vector, size 111
+Message: 2614db25 10ee904d ecd6234e 56fabd06 18c128e8 336e3f7b 81d925bb e0e644ae 39ad2a74 f6cf10c7 c9dcc448 79a1ec9a abd48483 1e79a646 e909a2a3 dfea5a9d 1a04e0da 8974860d 537b710e 3185226e 01c4320f ea93ca33 0ccb7d9b 38a186aa 13c9af83 2033cd19 d9415ff5 4eee18
+Digest: ecd5b75f 7178ae59 0463d993 6b7d5154 cb851d47 7a17ac33 db6f4ab0 e1d4b7af
+Test: Verify
+#
+Comment: random test vector, size 112
+Message: ef8080bb 71ae02fa ced63c94 fa30b64e 21b15011 64eb9c36 deadd742 9a5886cd b6f9fbc1 be35aa50 cacb0cbd 9f8c3e2d 88c2e246 615a3442 09801de6 345e22fb a799164b eb34c133 53a848c1 abe69447 11365481 62554c23 1b83a230 c8844c48 b30952da 37a0fe14 ebaf660b a06c1107
+Digest: 1b91f7d1 28cdcabc e180c2cd b262e1b4 28fde853 5daa4523 bf91d251 970e3e05
+Test: Verify
+#
+Comment: random test vector, size 113
+Message: 7780ec7b 19e96bff c160ca35 1f26b458 3b3b85e3 65005421 5d4635fa dd7b1067 311b863c 7ad82977 6b3bddcb 1bb58b6b b760d686 2031ba88 9d9e9158 bc1e7899 99867c0c 7dcf9dff dc55ed46 ee5b28c1 95e7099c 03e27ffd 21f4d8f9 60667dac 92f52571 c0f89732 840d0318 49986cec c7
+Digest: 3c061b35 0dabf337 21e7e660 6ef20430 ebfce866 76ccf8a3 0e1f6d4f 3c3afd24
+Test: Verify
+#
+Comment: random test vector, size 114
+Message: 53cb075c 941aed75 b897d5d5 93c7d7d1 00e73c16 bfff5446 7e3804c2 ab8c9366 c30d353a 2f886972 55a3e551 f8d12cfc 77c4babd ffab131e c0e0c3f2 d262d0d6 4505715e c2cc88e1 3f9756d3 58694c74 619d71bb c436489c df389dbd 16a77151 4b6b4041 b2a1c9bf de700bce d213d931 eae4
+Digest: 7eab9750 76990ed6 e170c57b 7121b59d fb1b7ff2 8c13ca1c deb8d6aa a49d0442
+Test: Verify
+#
+Comment: random test vector, size 115
+Message: 49fc215e 60fa381d 82f3bfed 49308383 0bc81f52 45551f04 52566372 dbd4732e 393a9e1f f7fe4b25 fff8b6a0 e5b64499 07742947 24c93816 83461da6 8d6b0cb5 abcd4011 4fa37351 6a7b8e93 7bd6fca9 a6963134 135e9845 f1011ff6 4d6eb3bd 1c674700 391eec54 91f94cdb 1d39f655 08a36d
+Digest: 547698c2 63aa8e8a 7797d307 674e68a3 8a4acb8b 02963b9e 1dd65922 d661120f
+Test: Verify
+#
+Comment: random test vector, size 116
+Message: 0bd80074 6cbf10df 691d32df c4a0f33d 12493cb5 6d52584e 236c6113 968dc0f7 d4675d5f 88be9f8b f3f3f950 92e0299c ebf20cff 9560f06a 5b7cce1c 92efcfb3 82f1dd7d d3f42829 ff0b9abc e29be4db aa3bedf1 5fe1c40b d7385cce c59ff4c0 8f01037f 6222e390 36c1f78c dfeb0bf4 722a3b20
+Digest: 2fdfa8b1 123d2d2f 4851af04 e64198fc f45ae369 7e89abad 943200e9 9e92f4e8
+Test: Verify
+#
+Comment: random test vector, size 117
+Message: bcdb91b4 ddd36e4e 53eae0ec af533231 64c5702b fec90dcd 09bafc75 29c783c7 b4a0a5c7 9021845f f2a35e99 73e718c9 a80b667f a650f0cc 7bf08104 38084d1d 47b4daa5 561235e1 4c52f8f4 a7c77f6d a7905c51 2e6840e0 6f3e0611 c6748f42 0b6c066b 59abe0d1 caa026ef f961e809 b5826fd0 f6
+Digest: ef68ee3a 1012465b 57c59ae9 eb5b8401 56fbfd37 4d23a374 6a21dd0c 6a2d3eba
+Test: Verify
+#
+Comment: random test vector, size 118
+Message: e3c8fe3a d9af08cf 694aabf0 876faa1a ad217b04 85579820 5925bb06 8ff1aeed cd0ca8cd 35c36e5b 189724da d1134760 9e1e6b69 ff6b61bc 90e247e2 80f52ed3 d3a4da36 5eabe643 0567a9ac b5f74bab 2e7ea633 6a74de5d a3d37fe6 55b1eeb1 fff35eb1 0482e331 7acf14c6 2dbcd871 bf30d846 0b13
+Digest: 7ea42e25 6b1e2f33 d5e90cef 5310703a 20e9b781 d4b8dacc 6d1c419f dea67551
+Test: Verify
+#
+Comment: random test vector, size 119
+Message: fe9fd3f9 fff3bc65 4133c0bc 90ca8363 8e3282a9 1e3f68c5 5a29e0da 76ac7514 b4934571 d962d471 acc1e6ef 89264d35 876bfc83 1fd83d45 4b8511a5 86974a04 ef72f1cf 1bc5d308 afb8381e c49cd7cf 77016506 fe6623ba ec4af192 af5d7dff 6183bf51 22a3efc5 b3a08577 ac8933aa 65305b97 420560
+Digest: e3b38fa0 05a13f7f aaf736d6 3e647bd4 e5c99657 94820257 3a2930ea 4933c375
+Test: Verify
+#
+Comment: random test vector, size 120
+Message: 365cdc26 a22eb50f 2e27eb46 f7df5af8 ac0d419b d6584908 3300ad2b c2d52cfd 4c81386b 257a6848 39b1cf4a b8929131 09791f64 a3d7d153 abebb04a 576bc8ac 0f60fda6 f02f084f 7747fd83 d78e2152 481eb0bb d174f0f4 9f2d6137 f1d587e7 9cfd64b4 77ee8759 1361cb4f 36f17774 699486ff 2418cacf
+Digest: 67b0a822 3700d346 b7e18886 eb4de5d8 4d56e5a4 356543f6 6c555b30 9fa6300c
+Test: Verify
+#
+Comment: random test vector, size 121
+Message: 06ba2172 ef79bf8d 3e022009 550aff7a ec9ba9d6 370a5ae2 e5569ed1 dd7d78af 206aa423 ea1b82f5 91bbd542 4c085b53 4bf85087 1054ad02 28d8a607 5f3f8036 27037e9c 46834304 b2f204fc 40887597 7846e27e c964ea3a 8c4c3e2a 9da832e3 3686451f 8b4411dd c5461ded 65104277 219270a8 a36f95a4 14
+Digest: 38edaad0 6b837451 8d8d9b03 ef9cf0fc 7c181181 37c48cc9 3152c33b 38d6c895
+Test: Verify
+#
+Comment: random test vector, size 122
+Message: 6dd80381 e89cc33d d841b972 edd9212e 0f12435e b2e5df42 46de7e0b 0519cb27 24dfb7a6 0300c5d7 98b727d4 9505bb5d f831dd65 daa8f0c4 27b084b0 dd951153 1892bef1 c616c8ab 920e8713 9f33a9d1 7f77678c 18fa1651 c82282b0 f950dfe4 549ea91f 13a186b8 2beb497e 04fc4ce5 2a95a895 6d350792 1ab6
+Digest: 6b0a4759 a219c056 f6cf35ae 4007a2a0 8fde345d 52a69f68 afb903e9 3baa0e4b
+Test: Verify
+#
+Comment: random test vector, size 123
+Message: 1592561e 4aec32a9 811df61c e0963c40 82dfccec acf5e057 40b3274d 1f7656ce b362fb2b ff1cdd89 6b26f1f5 c6c94e66 6c416d2d 4c1c9bb3 fd44eca1 03333d92 ee1d3b12 402029a1 c6fe250b 189fb36c 1e77fea4 8fe17ca2 28a395e9 5fc76222 3815f09b 18d4d08b a954e1e7 f74a398b dafa3b46 13650661 c85c10
+Digest: 53d25c13 fd3685d4 23078e01 c3cb5fde d76bc52f 0a2a7700 fa64d2fd c9da9bcf
+Test: Verify
+#
+Comment: random test vector, size 124
+Message: dedbe6ec e78358b7 d033f48e 1850c6e5 f7a6e790 f7cd6717 dd600cc3 802ff770 ab5aa5f6 a28f3101 cf784270 2f08b077 44e891fd ef43edcf 1d877e87 33c1ae58 150b19b4 0a09ffd0 d77d6602 3dcf24c8 e1651ee0 bcab39f1 faf139e5 f13e3b29 c135583d 6248c5dc 27a638ad ee16c29a 0a23b579 0e8bd147 73169914
+Digest: 7eab83e1 56223188 080c325d daddff2e 7ebe6374 80fec0a8 9ff5d4ff cf4fac97
+Test: Verify
+#
+Comment: random test vector, size 125
+Message: 13bf6ea6 10a2102a a1144a1b 4c862861 cb00fc12 f7d2f060 87e9f87f db61d013 83b18849 6e619f42 a78327a6 e29684d6 f2154c4b 2fa9a8a7 9d332df0 20272321 a135835c 2767b012 7f0a5c91 9f601d46 37970aa7 283fa5e3 1fa34e44 f1dc70a0 5ba752fd b870c50c 08d2988e 9394c14a b1c38469 65530f22 68fd9b04 24
+Digest: cb1048a8 69571045 606b6551 a1a5813f 3985a25f 6d3b8dd3 2d01d2a1 632f357d
+Test: Verify
+#
+Comment: random test vector, size 126
+Message: e13ff9fb 16a96f24 9b069ea9 eaf5988e 692eaef3 5630966b 47c025f1 bf285525 bab75bb8 1211f3af 749a2ae7 fce7df2d fb3a5957 c1de7cb2 63a28084 48e92cf8 9e112b11 7b6b028f e2f165c9 884f7f37 1d71044b a32fb3ec 5b0a24fe 25a94e20 9778deb6 3897b5ac f89a48b6 85a256ee 83232cb0 13ffc642 1a3fbc8e 81ab
+Digest: 71a1b608 2fb3e73c 3cc5667a 480763d8 287d4a41 abc1e086 7469ae1c f1fb08fe
+Test: Verify
+#
+Comment: random test vector, size 127
+Message: a8b7f749 153eb918 2ed532b6 c6aca354 3a6de851 dfc353f6 77ff06da db039300 7d14796b ef66fe9e 1da26791 5302c141 c5e4b358 c06b03c0 0319a7ad 52a2079f bc572e69 52adf834 4f0903d5 a03f17f8 968a0189 4c1fb7c5 54b7de85 c873b569 63708968 d8dfadaf 866772b2 cc4eb036 e7e5ea77 0af68af1 fcbf14e6 99c7d7
+Digest: 30177032 a6001130 b342e6b3 ff573ce2 2dd4244e e00e810e 19dd3940 af3d69a7
+Test: Verify
+#
+Comment: All 0's test vector, size 1
+Message: r1 00
+Digest: 1c1b3b34 745f1ee3 1006f8dd 7a6c9bf1 2513c981 872baa9c e44cad77 7f9a54c6
+Test: Verify
+#
+Comment: All 0's test vector, size 2
+Message: r2 00
+Digest: f2788b4e 344d7c1c 7846cd5c f12d5f07 4730bc07 60cac48f 8c565f8b dcb55946
+Test: Verify
+#
+Comment: All 0's test vector, size 4
+Message: r4 00
+Digest: 567bdd30 1163798a a1269029 77021563 3bbb6401 4f7e15f6 4214a5da f0e35a83
+Test: Verify
+#
+Comment: All 0's test vector, size 8
+Message: r8 00
+Digest: 6c32dbed 2ef3b41e 54356ead b43d076b 2d7ef3bb 89aa1f4d 980bf1f9 bb9a8906
+Test: Verify
+#
+Comment: All 0's test vector, size 16
+Message: r16 00
+Digest: 293c3325 2a232c86 03ec7097 cfd259f3 a4af3cf3 15c68f72 ba359eeb 73c08b0f
+Test: Verify
+#
+Comment: All 0's test vector, size 32
+Message: r32 00
+Digest: d279501a 6c65f7bf 7a994ccb cb61df42 e5869604 d9613cfb 749c04b9 6ec75068
+Test: Verify
+#
+Comment: All 0's test vector, size 64
+Message: r64 00
+Digest: 5b334f6e 9fde0625 5257aec6 853da2bb ae4baab0 3c764035 c0d0a6c8 b3af22f8
+Test: Verify
+#
+Comment: All 0's test vector, size 128
+Message: r128 00
+Digest: 8a377d23 b588ac9a 4f9c967a 189df1a6 afc85fa9 65297c1b 7779fbf4 d668b577
+Test: Verify
+#
+Comment: All 0's test vector, size 256
+Message: r256 00
+Digest: 884f41cc 17306136 21e6775f 99d56a57 44f82a71 fcbf60db f949a413 c96c040e
+Test: Verify
+#
+Comment: All 0's test vector, size 384
+Message: r384 00
+Digest: 4a8a0f48 ae959a3a 9b141a6e 7873e767 415123a4 8dd732b9 253d3804 de6b0a14
+Test: Verify
+#
+Comment: All 0's test vector, size 512
+Message: r512 00
+Digest: 6944bc36 880f33c6 68512b60 da7245b0 21d7f439 c55eac62 6470760c 4aae8d7e
+Test: Verify
+#
+Comment: All 0's test vector, size 768
+Message: r768 00
+Digest: 295383e9 c4d74944 17a8eb69 ec8c37b4 de3d9f47 626297c9 b94ac2f5 2d1e5d6e
+Test: Verify
+#
+Comment: All 0's test vector, size 1024
+Message: r1024 00
+Digest: c7d9bbbc ff934a1a b336e104 dcf3ecfa d18497e9 11c61738 d06e4bbd 0b63c684
+Test: Verify
+#
+Comment: All 0's test vector, size 2048
+Message: r2048 00
+Digest: 3839aa4d e6328da8 be264839 3eb2c7f7 66191e60 3db33dc9 4c565930 f4c7acea
+Test: Verify
+#
+Comment: All 0's test vector, size 4096
+Message: r4096 00
+Digest: cda0dcbd 7a3a2665 f6ca2c8f 5b26e3af f35cb5fe c462e7af 4b3a94cf bf46c3c4
+Test: Verify
+#
+Comment: All 0's test vector, size 8192
+Message: r8192 00
+Digest: e4ad9a5a 50870825 16e4f5c4 7a22c8a9 86d14761 dd544863 3ef9ab8f 1a173606
+Test: Verify
+#
+Comment: All 0's test vector, size 16384
+Message: r16384 00
+Digest: 4ff14571 a9b5cf02 abd8492e 93758f50 b11dac82 4189acf8 e77400ca e8eba51c
+Test: Verify
+#
+Comment: All 0's test vector, size 32768
+Message: r32768 00
+Digest: 582975d2 c7004ba3 396b3fc7 d944b0bc 72de7459 6a5dee71 9bd981d7 a228ab88
+Test: Verify
+#
+Comment: All 0's test vector, size 65536
+Message: r65536 00
+Digest: 87531683 87e0e5f2 eeb7cb8d 055cf985 ebdd5acf d4aa13f5 4e6609b5 17f51ce2
+Test: Verify
diff -Nru libcrypto++-8.4.0/TestVectors/lsh512.txt libcrypto++-8.6.0/TestVectors/lsh512.txt
--- libcrypto++-8.4.0/TestVectors/lsh512.txt	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestVectors/lsh512.txt	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,1477 @@
+AlgorithmType: MessageDigest
+Name: LSH-384
+Source: gen_lsh512.cpp, https://github.com/noloader/cryptopp-test/lsh
+#
+Comment: random test vector, size 0
+Message:
+Digest: dbb259cf 22459368 ab2c52b3 e1c97728 8b38670a dcb91cae 6b8b6a2d 646e76f8 bd53e5ca b0e47c85 6f55249b 895c1730
+Test: Verify
+#
+Comment: random test vector, size 1
+Message: 76
+Digest: 52ff6386 afce2189 733ab9f2 06dd8777 4c22c147 5b22f4e7 2cb7f603 c1ac5440 2c63cabe 2cf10cf0 1697a0da 717de9ec
+Test: Verify
+#
+Comment: random test vector, size 2
+Message: 0adc
+Digest: 483c7ae2 baf43232 96482c47 e02323aa 2aa6d3b0 cdd1d386 b91d8ba1 f707025c a0b46951 5e72cd59 3f027d21 367e36c7
+Test: Verify
+#
+Comment: random test vector, size 3
+Message: 3c0f2e
+Digest: 66f0262b 988628d2 691f9b0d 87e123c4 8eff9ac3 e6549bc9 6c808359 b1ae596c 16d51c25 6b2c21f5 9e5d92cc c2509221
+Test: Verify
+#
+Comment: random test vector, size 4
+Message: b5e731a6
+Digest: 3561ca15 9a692298 55d16a12 0be70339 1459bd51 ab012cb7 8e6192f1 1c54de31 fd4bf176 45ec7e0d 28a73a13 ced5c6ea
+Test: Verify
+#
+Comment: random test vector, size 5
+Message: 3a8dc2d7 11
+Digest: f8489a36 83e4974a 3631d06c 3546c05d 9ba98e65 47db67c4 6d034c3b 5ad68e02 5011ac60 b555f92a 245bc1d3 9ee99983
+Test: Verify
+#
+Comment: random test vector, size 6
+Message: 194a6e58 3507
+Digest: f82e0c55 28d4e432 e81bd173 f4bb9aa3 07bf6da5 af6f7c3c 86e8892a b56a18a5 bd3c314b f726103a c728a0c8 69529416
+Test: Verify
+#
+Comment: random test vector, size 7
+Message: 0c21b328 ee3571
+Digest: 08937c36 81c8a691 b3ecbe57 f4b567e0 e0dfc8f8 e59c1b8d 65e0ac48 d078c9ea 03d9cff2 eaf0bdc6 52a543fd 9d8d8f0b
+Test: Verify
+#
+Comment: random test vector, size 8
+Message: 6cd8d466 d50f7f18
+Digest: a74624ba dc80c77b e48b1f52 82eefaa3 9ca572f0 566e42b9 8eb6aa56 a305ff76 c7f9fe0f 31370af5 fd21c804 5c89b6aa
+Test: Verify
+#
+Comment: random test vector, size 9
+Message: 8477fa2a 172e4f03 9a
+Digest: 4513d61a 2b5b9b48 5db5189b 89ebf660 ccb6bdeb b8db838a 22d7eef9 b38e59ef 79b851dc 190aa917 e72d72de 8805eaf6
+Test: Verify
+#
+Comment: random test vector, size 10
+Message: 2a9ae3b3 091eee7b 74ab
+Digest: 520c1ca3 1d7ee635 c8286231 c70266cc 862a9a34 9071cc0d 4f24a2d4 88bc0569 be11d3d0 6cdaa60e e098d6f6 3c4db011
+Test: Verify
+#
+Comment: random test vector, size 11
+Message: c62109bc 804e4aed 644281
+Digest: 743feba1 42d131a0 e1ffd5da ded1070d 2b258e6c 415a2c04 29a47f77 cd6f65ad b92fab39 709a6fb3 b28e756f 79de8afd
+Test: Verify
+#
+Comment: random test vector, size 12
+Message: 9a1a0285 b7b982d0 bfa867aa
+Digest: 1e532f4b c7bfa7d7 873a4784 79051bb9 b49cb353 ae6b5100 d396799d 92ea465f 7f50e2c4 8e057fdb 7c802168 ed850db5
+Test: Verify
+#
+Comment: random test vector, size 13
+Message: c54805a8 824cfc4d 7dbb66b1 f9
+Digest: 7690dc61 88867477 ba1be83e 20fb444d 09d93640 d53cc578 0cd18fbc aa71fe74 32913ec5 9ea6d38f a8630be9 7b4f57f6
+Test: Verify
+#
+Comment: random test vector, size 14
+Message: 07fd7513 db270a84 896f9a14 15c8
+Digest: 2e19e00b 445ce820 1af38653 ad536358 0a1473e2 6f5504d6 e9352aee 23b28df5 92cc0017 9755738f 2d6e7587 4fd7e23a
+Test: Verify
+#
+Comment: random test vector, size 15
+Message: 7c3d29c7 bceafba3 63457635 049765
+Digest: 19c6acf5 5f621f8d 5b7f73d9 c3a189ed 6348c886 6731e84e f5d4a585 696d60c3 b4cd4305 39e4be0d 245088f5 e9ce69a4
+Test: Verify
+#
+Comment: random test vector, size 16
+Message: 77b902ea 2d638e9f 3b93a9b5 8e9cefb6
+Digest: e6e5b336 6f67c531 b8bff8cf 36466e6b 0113b8ff b9214c1c d6158bef 8758bc19 2dd7a6f3 302781ea eb6813c0 eeb4600c
+Test: Verify
+#
+Comment: random test vector, size 17
+Message: 3cdee7e2 25985755 4aac5a25 6c016dfd e1
+Digest: cb62cd84 3a35636d d85aff1d 1339e97c 060ad1be 9e1112f4 e1f49ac1 fe409731 b347d291 bff89788 869fbea4 91382e4d
+Test: Verify
+#
+Comment: random test vector, size 18
+Message: 4e9c197d cc6b9ee7 1f065ca5 3ec85cbd c486
+Digest: 1c971b84 e9f8b58a 908688e9 f0f1f2c6 aa99757d f301b76d 9193b85f 44946696 504fc52a 5225ab57 9024ea4e cad21974
+Test: Verify
+#
+Comment: random test vector, size 19
+Message: bde41c87 3e2d48d9 0d9cf3a1 b96cf68d 342010
+Digest: cd20e37b e619af35 bf0438f2 2707160a 14c6e587 2496c141 ca251449 cbd0eba9 f3cc79e6 ae5830b8 d4568fa3 c57c5638
+Test: Verify
+#
+Comment: random test vector, size 20
+Message: 79a41785 fd33ddf0 4742d3e5 ab9b5ea3 edf1a68b
+Digest: 43ba45cf 61b6b4f5 21553cb6 f8be9c66 93b2359a 7cc7ea98 fc4a8d77 efdbcbef c54b15f3 02c68c94 13518672 caa1e06f
+Test: Verify
+#
+Comment: random test vector, size 21
+Message: 87def047 ea5e5e55 cf614f6c 23b9c1f9 3672b92e a2
+Digest: da004142 37bbde06 d8ddafdc 7de55400 b1673b1e dfc8ce4e 29185ac9 3a59919f 178384a9 0087f225 712f6a5d abf19112
+Test: Verify
+#
+Comment: random test vector, size 22
+Message: 7d802a6d 308c1cd9 a50ef09d ba6deabe 3edcb7fc 1d5d
+Digest: e9ceb3d9 50df63b6 a0188db5 8c6fc8e0 9ffc3448 b859b161 daef1da3 7ecea7a9 0cfea089 dc8ff19d 24d5e614 2657b6b1
+Test: Verify
+#
+Comment: random test vector, size 23
+Message: 3950d5b5 95643d22 801923ae f22cd1ed da6485cc 9cb7ee
+Digest: 3e7b5577 be928e74 cb617515 51b4e6f2 6801deac 9f056298 57a92d00 f78abc4e 4912fb55 2894950d e92bbd6e 32d9150c
+Test: Verify
+#
+Comment: random test vector, size 24
+Message: 7610fd46 a6dde969 66b0692c 61f3e8bc cfa62083 fefc3a35
+Digest: c328a164 8093b4a8 c0c98096 67974dad 971a471d 79f533d6 6c667dbd e4758411 3fcfec0f 6cfb205b 337b064c 47270f64
+Test: Verify
+#
+Comment: random test vector, size 25
+Message: 6ed9103f 44a757fd ded2e7da c429bf11 18917443 ab080ffb ea
+Digest: b3e19bf1 f0f5976e 42f392f3 e8c0af05 ceca3498 4a03f90b 1e071bee c5877e9e 05453e27 5c478883 cab47c2f 85fbda8e
+Test: Verify
+#
+Comment: random test vector, size 26
+Message: 2bf6f6d0 56b60ea1 867f4851 ece4091b c25ad926 a1556c4d 0cb3
+Digest: 3cf9b9f6 8567b523 bc44a5da 89a76ed1 c82ef9fa e1e5a13e 8141f7c1 ea3d3dd1 a0e1c9f7 91f675a3 4810e784 43801ced
+Test: Verify
+#
+Comment: random test vector, size 27
+Message: 98bfc5d9 3e973387 07b077aa c71da71d ac0a80a7 fc2dbe3e 4ee73f
+Digest: b29f6e36 2e145e53 d795edb1 a17254e9 27ff4361 cd6c20be 192299f1 32804f9d 100855f2 424568f0 75f3fa4c fdbb8827
+Test: Verify
+#
+Comment: random test vector, size 28
+Message: d14b7b34 baf16fc9 a216d9d6 d1aab6aa 29efb2c3 b7961669 094926fa
+Digest: ca5e3604 a3c87260 034114a1 25b6b08a 7cce47a9 350a39b3 f98666a0 f6b62c80 57076add 96f8a274 d119bfd6 90407b0d
+Test: Verify
+#
+Comment: random test vector, size 29
+Message: 8d563da5 b87c175b 88119fa4 0377150e 962b77f5 e175a42c d450dabb 8b
+Digest: caf51258 5639449a 44296ae9 2ebf58a5 d7ef043c 89b58444 dea88c78 df80a9ea e55c31dc fb64f467 7c104f86 5d091be7
+Test: Verify
+#
+Comment: random test vector, size 30
+Message: a22da406 8ab6acd0 732215b9 91f7203b e043a4c5 32086e32 0f728e03 cb6b
+Digest: d38f2edc 9534a432 dc64f731 79cbca19 2046c24f 282d3de9 d48dad7c b352447d 43898d06 a49e6e4d a50e43e0 d82b9b50
+Test: Verify
+#
+Comment: random test vector, size 31
+Message: 21088218 61268566 a78160d0 ca3bc056 ae73282a 159d8e27 6ba7dcb7 0693e3
+Digest: 8cce9141 629399ff 6e563fab ad2eeca1 42ab3c45 cffbeb97 02cf9c48 0fedc4be 5df1b503 5ed988c9 4c8e7cb2 7d8ce808
+Test: Verify
+#
+Comment: random test vector, size 32
+Message: 2f7dcc08 2942ab4e 7826c62d 242a7e8a 0328a2e9 6ce78732 4a2560e7 27be47c6
+Digest: 2f1149ac 6de1ce22 4ab9b22c f3538c7b ad86b53a b97d6160 d2904f0c 1b93bc83 c8414b9e 3ba3a75d e94450a6 5a0b7334
+Test: Verify
+#
+Comment: random test vector, size 33
+Message: c69bf91c b1a041d8 72be460e b26b06fb d278dafc 6decbef1 608ce64f bc8b15ae 34
+Digest: 8d3d9255 aaeeffa6 f7b2089a 291b01db fc9e957b 5f8d52a3 bc33841d 3c42a435 777dfdc9 c62e246f 38994e4b aa990665
+Test: Verify
+#
+Comment: random test vector, size 34
+Message: 0339ccb2 ffd72e42 fc532f16 c964cfac 744df8e7 0bbb59b8 166b9517 3948db22 931b
+Digest: f3943db5 7db24ae0 96bcab44 11e90ff3 6ff5a34b 04b7d727 99920632 fc7e8a67 d8550f92 3401add3 0e1e3843 01cd490f
+Test: Verify
+#
+Comment: random test vector, size 35
+Message: 10223a5b f03d3637 01e32705 5f3e0a24 26d79eed 7da21492 1a5ff980 71bfa11e 5486b3
+Digest: 0d83434f 36f1153e 288edec3 dd0addca 005c5d2e 198a8d9b d1b15c2e f37ac06e 4b8a8a4d a64afc67 744caa87 06850ede
+Test: Verify
+#
+Comment: random test vector, size 36
+Message: 035df5e2 f747cdf1 b2705554 5bbc4004 943fd5aa bfaae29f 2da09e4d 56fbd587 10a2b41f
+Digest: 65a45071 242bda90 5516e84b 2b85d014 3fbebb42 f91b6d20 b2e9b606 ff4aceca a395d274 6eca6484 d02f84d7 0446aaa6
+Test: Verify
+#
+Comment: random test vector, size 37
+Message: dc79643d e84e3026 46c1c0be acd837fd 8163c3e0 8b82ba8a f6535a06 3eb43f4f 0773b010 24
+Digest: ec48ba9b b80122c0 823bb7a9 e2569a37 424d73df 332d2e72 18995e8a 1a4de8e5 3840e8c5 1cc28142 f8d95db9 5ddeab30
+Test: Verify
+#
+Comment: random test vector, size 38
+Message: 9d280acd f35fb36b a7b9e219 d346f08d d96c88e7 3682ba00 ba53296a 8254fe82 88bd18e7 ece6
+Digest: 9087f5d4 031c14ec d960c8f7 c68c9ad2 7d52e20e 62ea2344 4da045a0 8d31b596 d5a010cb b2466f6a e6757751 460d712e
+Test: Verify
+#
+Comment: random test vector, size 39
+Message: bb20c332 0767986a 2ed17e12 890ffa50 2cfc413b fb706fd5 35c02d0b 7e259f37 c2c56057 278161
+Digest: c0f5bbd9 e9debd81 34042b79 1451c291 1f27de86 5e3080e0 ffe1a9ee 66f9fc6c a1036442 780acaff e3715bf8 4c109531
+Test: Verify
+#
+Comment: random test vector, size 40
+Message: e0dfe24d a18585c5 7fc559bb 8f85fee4 07ad306a 0b90f3ee ce9f99d2 63110891 a5518fab b22690fc
+Digest: 05d5ddde 6ec79cf6 9815746d 07dc0881 7228068d eef36c8e 798a0adb 117f1e44 28b11e13 001ddb21 5d210746 122aa544
+Test: Verify
+#
+Comment: random test vector, size 41
+Message: 0e77c8cf c0e7f79e bc211d07 48ec2609 41828487 5d88239d cb10b2ef 06f47b80 4ce9aa54 8a63c440 a6
+Digest: e8b535a8 48c3d2b3 0f84e31f d3980782 504180ab d84d8d39 48513b85 3f5950cc 461c0957 88889c65 0b0e4e50 6e2986fa
+Test: Verify
+#
+Comment: random test vector, size 42
+Message: 40a77adb 2d7efffd 5bd6777f c77a46a2 2960accc 28c16d3a d45463d6 64624cf9 c893bffa 14008979 6f8c
+Digest: 204671ba cd9b22ab 5c9caa9a e8f13c0b f430cdba 434032ca 725ffe59 3cd49689 f9965aa2 e65e2380 9a19c39e 82168161
+Test: Verify
+#
+Comment: random test vector, size 43
+Message: 9a1acee9 6edb447c e215115a a2d4eb50 fcf64247 90ce65df e3414e62 7231031e 2773bab9 f8343cf6 b7e4a3
+Digest: 7180cca1 b6059a53 d61e6ce8 fb5eba75 3cfe8a8c 6954ec47 69ee94de e8f68d5d 281154fa 0f33e562 76fcdeb4 113ec704
+Test: Verify
+#
+Comment: random test vector, size 44
+Message: 6c20fa9f 3da06802 736639ac b66eb586 fbbf6589 293042e4 a23d6f21 008765a2 f28a60bd 1c713922 3908d5d6
+Digest: 45c5a432 36d2cbeb 47e3335f 3a02cb1d 2236f0d6 64ce7775 93efafa4 f8fc8ce7 75140526 d848b29a 400f49da dddfaa3e
+Test: Verify
+#
+Comment: random test vector, size 45
+Message: e14c14c0 9e61a20d 392e9472 bc47d96b e4b30181 0e7e7a8f 4c824320 f253d5a1 8c263359 69bbe08f 85dea662 0a
+Digest: bb1d1a56 d34c4e92 5831a096 2650d977 ffeb435b c7db3545 b1bce410 b1ceeba0 6f1005fd 1e688212 3d294544 543df840
+Test: Verify
+#
+Comment: random test vector, size 46
+Message: ebe97a3b 3822e872 3908fa4d 21d9be03 0db3791a bf49425b 4a12d546 30c0dc22 2ef1254d 71eaefee feafa949 3d86
+Digest: e7f08b68 55d4cdbf ebfdec2f 2cc37aa1 279c9a9f e9c7d346 6d7ab8e2 71455c9e 348d38a6 1d6e00f3 26ac8e79 73880e0b
+Test: Verify
+#
+Comment: random test vector, size 47
+Message: 15e56012 71205339 e2e34fc9 cf9487db feda9e3d c6bce680 cd13b298 c21eecee caab3b06 016853d4 b8426905 e3d1a4
+Digest: 684d0da9 f7089684 bbb9808a 66725400 68a93c42 ab76f902 19c1fa27 ceb9f086 b74a41bb aaeec695 0afdf849 906a9e69
+Test: Verify
+#
+Comment: random test vector, size 48
+Message: 8200c5fe 2cc2fcc7 c03ceeec 3c0f2fbf 55bf6d78 6b5a19eb 0b759323 e571124e af73eaf4 d3a19ae7 49bc13d4 f785cb2b
+Digest: 188285d9 9d51b4ba c1baaf16 5b1dc7f8 8ce5bf97 f17376f3 8c3e75db e48480a4 3464c1fc 867192f2 edae260e d749706d
+Test: Verify
+#
+Comment: random test vector, size 49
+Message: 08f0865b 3947cc15 51fcaf8f 91366a58 a25e39e7 109f3c1e 3a231a0d 5c1c1b13 bb57f92f 519ac57e e5b34605 93056266 01
+Digest: 0da624ba f2e65db9 c4cc3297 9ca67dad 952c14a3 a38d49bd 2379b581 d56c9184 e35ea872 13e0d147 bd5bc840 7f85426d
+Test: Verify
+#
+Comment: random test vector, size 50
+Message: e7e4d4d9 d6f3589a 7fb81058 95738b88 9fe22c28 44d86d9c 9aef083a 3b90cbd9 b2e755bb dc081811 08b01d76 4fde164b 8e04
+Digest: 10a9b65e 3e356800 0da960d1 652dde4d 863603f9 32a8a821 a068d23f 4f99ad4a 980edbb2 8dfaea7c 06b0cba9 18a30f74
+Test: Verify
+#
+Comment: random test vector, size 51
+Message: ced75929 aa16792e fb4adf78 195e9c19 feff1fa2 80dde340 a5306491 91960c30 52a40727 6c63e24a 803eef70 2896dac7 b5a085
+Digest: 9b9d9326 4def07df c366ea75 fac500a4 c5e84f03 6dbb20fa 37641e20 44e8cf4f fa07a09f f227a532 47e23bed 8183fc6f
+Test: Verify
+#
+Comment: random test vector, size 52
+Message: d124222f 03897f92 c0650d44 72d2347d 40111c32 a8491837 255d93d8 714d4c67 974e8bdf 0862fc9c 6be6e258 7b2bd7fe 151da6dc
+Digest: 9cabc246 5e6c7351 b303ad74 56ee6496 146cab29 20be76f1 e5e83afc 780d623f fac57e66 5fba7946 6220a77b f254159d
+Test: Verify
+#
+Comment: random test vector, size 53
+Message: 9704e3ec 1a3bba85 89c2e76f 1553d0de 2feca175 aa4a4184 c9892a10 bcd8c06c c40900f4 7c434a22 bf582e46 61501e2d e35b633f 80
+Digest: 3b6deff3 ba935abd fc962798 9f4af3f9 0734facb 6e5d357d b0907a9d 2868dc4a db4608d6 49bec2e0 f42a7392 aa4601c4
+Test: Verify
+#
+Comment: random test vector, size 54
+Message: a9e2cfbd 09f4ca28 b48b43b6 625aac11 62344ae0 179c66c6 1c3ffee0 0ac336f2 12b6ad9d 91addb5a e8e620e5 7e044d86 609a93b5 108f
+Digest: 6dda1f87 4be9d3e2 ddbd1869 1d687ca5 d2aa2c69 33eecde8 e5d06d1d 1778b516 0c4187b6 edb383e3 6457766f 9d8e0b0f
+Test: Verify
+#
+Comment: random test vector, size 55
+Message: 8de7140f 2d709120 878bac67 22412155 f18e77a8 2903102d 96655d53 130ee968 d560e992 031e7779 5995e5ed 3b73a2a0 c1609e0b a92145
+Digest: 4bf5aa11 708b2fba 6381eaef e1e37570 0f277bb6 0c4feb2a 60deec1c e4be157e bcbe76de ec91de90 cb531572 b881b226
+Test: Verify
+#
+Comment: random test vector, size 56
+Message: 030d2c4b 99d4c9f8 6b48f2e4 cafea4f9 65e138c0 b18de299 03c1512b e129d2c8 15b13c80 bc878700 829bc0f8 bedbda5a a95a7243 3aca2d34
+Digest: 7ad4e197 93b9ca22 1d2a8353 a0ba84e0 cd050c8e bbed85d5 fc2b6fdd b340af9f cfc0574c bb6d2428 3b737eaa d93c571b
+Test: Verify
+#
+Comment: random test vector, size 57
+Message: 46e88de5 f1e128f0 9415f6a1 b01a4d68 56ecef44 5cf5c0b6 627bb797 b4255ba0 3a092090 320a26f4 8dfee62d 91c866d8 436e43dd 4b372d23 5a
+Digest: 8d1934ec 63fdf8ee 18bee27c 4e1b7f88 c8d5b42a 8045477f 7f4db299 76db8d2a a04804e7 7de4edb2 6ffa371b 2be5dc2c
+Test: Verify
+#
+Comment: random test vector, size 58
+Message: 77df4c46 7c641349 8be0b028 354c7a19 8e36ac46 be5b12fd 48c1b8ca 7a4ca16e 1a1c2af5 b9e74aeb c82c7c36 d4544797 9e930c95 aa3ce23b 9ec0
+Digest: 55bb912f 60a207ec 4ddf568a c95a84dd b1cfcd92 fd83e0ae a2a76c5f 5655954e 5405b83e 5e45e0e1 862193e9 b584826c
+Test: Verify
+#
+Comment: random test vector, size 59
+Message: f6b6436f f160deff bc66694f 59303dcf 8d9ca373 f5226a02 ff2576e3 9dbd1060 20e27577 927a2e12 06441ee9 ea3e43e2 f469a5d3 8b1c7ba0 1e3464
+Digest: 4ba83b17 63bf311c 42482769 7ab60240 4bb60509 0e8a2fe5 08b20444 d2749c08 d2ca5e48 c28672bc 2e699c89 5cbcba04
+Test: Verify
+#
+Comment: random test vector, size 60
+Message: 83fc4f2d c8bf5fe3 00175c05 b32db3cf bb432d8d bc49dcef 4d7ca8a8 fec1197c 97d1a7e0 2d3637ff 40ea04c1 ed833473 e0baba50 c6086d60 9b0c86cf
+Digest: 8e0a2633 f608faa4 cf0850a9 cc6bb2eb e1f48b49 ffe35522 f58bf8df c0b50962 9e4bb7d5 5e14eb8b 5bcaeb05 dd12ac47
+Test: Verify
+#
+Comment: random test vector, size 61
+Message: 120c8da0 dc4aeec5 f43d9d9b 76d7d73e d86cf253 7a7523c4 2d75659c fce0d765 f0a15a78 319f6828 30642130 e8a22e37 f8ad2db6 5fbec759 fe4bb5a2 66
+Digest: 8924c71e aa3de495 e7acc810 27688958 f6981ff3 6355f1b1 8f260f47 1ad193de ee9c517c b8f58adc 1e100261 543432c8
+Test: Verify
+#
+Comment: random test vector, size 62
+Message: 761cba1e e536d135 a5986b9e 4fe4474a 8b2f5564 63eb6150 e50807be 2fa5a52f 0663bcdc 95a6ddec 18062800 c762410a 7f605963 b2e7962f 111aaae0 d522
+Digest: 028fdf21 727924a8 844baff1 63aec2b1 bb159ffb 140e6730 cc628377 8f4a9106 f28fe1f8 16759e45 2e2a4fd3 a543e37f
+Test: Verify
+#
+Comment: random test vector, size 63
+Message: 9d6c7b1f 9aa771a1 d7b64774 31a361bf fd599a44 0951b5a2 a1fc8bba 6dfef153 8973a344 4543c5e5 9767c7cc efe8803e b1c4251c 532b7238 a8f85bf9 0706c8
+Digest: aaf13ef3 60fcd63b 6576a7dd 5ee63392 6f68df90 847039a6 39dafaee 913993dd adab6262 4238e5b5 3686a327 aa8a70ae
+Test: Verify
+#
+Comment: random test vector, size 64
+Message: c9d8926e 15bd5aff b070277b 38060132 539531b4 d4acca9b d840a15a b7bfa4b3 35990e38 c6c50d58 cd4564f9 ef8e8d09 f3ecde91 4e279725 88ced328 b6401481
+Digest: 5ac54bee be713762 4b7b845d 58bda968 f8bd844f 5c2e0943 5dad4006 2290b2c3 220eeb76 9f80e0d2 949def53 e1b2fdd3
+Test: Verify
+#
+Comment: random test vector, size 65
+Message: fa1b1287 f6dd3a7b 29ee4cbd 9ad270e2 2e5bd823 09952083 7b69413d 87603ef0 a4b04b02 f3bb3202 cc3d9741 4503e722 f60200b2 73573a13 98c68d06 cee561ee d7
+Digest: 9820fb4b e36d5dbc c51a34ff e53dd903 0103f98a 2c90a8e0 0590212b 19d1363f 91644160 d92957ad 2053be32 26cc3815
+Test: Verify
+#
+Comment: random test vector, size 66
+Message: 29c01be7 9d33098c 4fc0bced dcbe4590 ab96ed02 84e02322 dd6566ed 643ad4cf e2761d22 a6582d5b e9eedaca a0a9bc08 5e52c35e 73b78fe7 2b50c924 ee00491d 22aa
+Digest: 5fa5e8f6 eea78c87 53409a8a feb806f2 b3b2dbb1 f76134db 07371785 1137de48 6f75eda1 a894079d 414ffb6b 7b04de73
+Test: Verify
+#
+Comment: random test vector, size 67
+Message: f70f13a4 f5243e0f ff5ed7bc ded1b0af a0843e80 822d71fc fe1dbbd1 dd03f9dc 20b5c85d f7df4f7b e9c41f6c 52cb8a1f 6bd50816 4ea4ad31 c0e341c1 1b90ac80 e09c61
+Digest: 0de93fc7 d00d257a af693660 6a005243 97e213dc 77989018 fe7149fe c359d102 12f18070 34625f73 b47826f8 af2af724
+Test: Verify
+#
+Comment: random test vector, size 68
+Message: 183647a4 fd807936 8974d5be 4ef3fac3 20abe378 0b823584 483e26b4 aa07b33f 9daf2129 37739aa3 91ee75fd 0acfc33f 1a5aeb0b 2395e20d 2671c9ed 53f75cc9 a49eb52a
+Digest: 4534f81d 8f250777 706623d3 4b26e173 509ecfc0 01ab9ccc 8a1aeb39 d3fc7ad5 cb173502 fb9d2978 be796adf e9128c4f
+Test: Verify
+#
+Comment: random test vector, size 69
+Message: d12da737 afdcfd7f abda05d3 093207df 56a27b83 5fdd230c 2eda557f 6a96b414 4ebde1d6 75f6e2a7 7811d0d3 e274e86d df098c70 b9588023 5ea9feec 2acea0d5 62ad06a9 71
+Digest: 92f5e9b1 d19e9068 969b97ef 030d9322 93e65c23 36252c1b 70cdfb3d bd52ae19 ef5eeebf 75ffae04 b8a46b08 fb1d1396
+Test: Verify
+#
+Comment: random test vector, size 70
+Message: 63eb7901 06a401bf ad461df7 a7e29567 56a516c7 0be22372 183d782b 05b50a56 afbfaf18 8e49b785 30637187 c9871c16 a8ba3b24 0934d72b 442d3e29 0f5326df 489fe96c 349f
+Digest: fc1006d1 99077639 3285b07a d3aa39d2 23e473cf 1bdfbc15 17cc8711 6dd9eb5f 94f582ce 6acaffcd 870845a1 84b134e7
+Test: Verify
+#
+Comment: random test vector, size 71
+Message: 44a8374d e72ef011 6d8b0393 33dd72e7 61f79e3d c86d8ce3 a89f184b eac5f9bb 9de9f79e 2e798cb2 38759dbc 4adf9498 b8e2e53e 5be834aa 5888186a 16b074ce 4c02caaa cec2c0
+Digest: e9e65bc3 91b9d39f af7a5d3e 96b6456d a72b09f3 71c35cb3 82ba2d7c 61693e8b c2b9db48 d7e68a77 c659923a 42c7c52e
+Test: Verify
+#
+Comment: random test vector, size 72
+Message: 391164da 19b949f4 a078d011 e26e579c 08c54489 3d24728f 9d340cba 3695f743 7d0b17da 3cce6240 a61c1480 dda42121 bd75e0a1 664a03c8 c161b4bf 6b4e68a0 d8fb6c09 d0874219
+Digest: 213b74ce 4be99ae0 0741c7ab 882874d1 e328b900 7d3ad963 782aec53 5da66888 9664211b 218d403c 8898d9dc 01ab3f00
+Test: Verify
+#
+Comment: random test vector, size 73
+Message: 4997e336 57c665ff 5710dbf5 8f866a8b 159129c6 2061b1d8 9dc6cae6 2f7bf555 e2e1861c 97e782d3 f282d401 f8469407 f828e5e2 f6f53230 688e7d41 91fb496e 8278d91f 0b8c6eb9 c6
+Digest: 96d9ce2a c93fb7c7 1b6d1e07 aa416e62 5f149ac1 6fd4c259 45c5e9e2 3830afec bde0748e cb1d229a c4980d51 e863ac24
+Test: Verify
+#
+Comment: random test vector, size 74
+Message: fe2129c2 11f2621c aec557cd 41efa83c d8de3c11 2a0c2959 323f8299 c8d62752 9df9e658 3193b47a 98b1acb5 9181949b 989f8966 009a50e2 0fd74464 621bc023 bae50f2b 6a293352 7c5a
+Digest: 383fd43b bfa9f1f9 bbc4cda2 39ff4c35 a17831de dbf16057 37775d4f eb3c2a32 d1de71a2 223eb02c 49b4a030 2fe5203b
+Test: Verify
+#
+Comment: random test vector, size 75
+Message: 3f3fcc17 1b41f7cd 63f45148 95106ed1 61ad92e5 e90503fd 85885f45 30b7740e 6aa07b4e 4c2fcb3a 8ec9245b 37c0d653 0061bbbf 4fc44964 5b7d4686 b3a60a1a a1a90661 d0720b4b e7d5c8
+Digest: cb2ba33d d24c095c 836983d6 fd1a9db0 788a1b85 ddebb0d4 2deffdae 45950565 2d73b5b1 5a7427e7 5d9a33d0 7c39e313
+Test: Verify
+#
+Comment: random test vector, size 76
+Message: e0fd7520 66e9bcfa 9329b5e1 ba49389c 5b02a4bb 6383d141 31bc2f12 0decd60d 6f5e41c6 58d1409b ab8d5868 ad16bb1f 03423bab f541360b 8202c8d8 0e848821 480b658e c32e9b84 358cf8ed
+Digest: fd6ca233 ee56049f 288437ab ee6ae90f 9f9be4b6 b464e67d 7e4fa43e 14c7a79f 89be978c 0d78ceda b01acb4d 8a0ec117
+Test: Verify
+#
+Comment: random test vector, size 77
+Message: f842af1b 448a94c7 f9c19544 9fde70e2 539e0440 c8b4a99b 2a8033e0 285fce83 07cd6062 e9a32a65 c6cfcc79 336025fe a7443c6b 12f752f1 d9f91620 4fee8bce 62be337a 08ca8707 12a7d5a0 21
+Digest: a415993c 876c32e7 d5984e55 5988d6a6 9eb6df9e cf253c0e 127e8344 95de0745 3a4d6e6a 6ad130dd 22851131 b65eb737
+Test: Verify
+#
+Comment: random test vector, size 78
+Message: 5c538006 ef311646 5127b29c 880b68d8 732a5a7c 77f477a3 3965342d 951e0595 de551a1d 67dce37b 63ae44c2 f745fc5e 83b528ba 415d9b62 171a5d6d 742a37ec e7d5e2a7 4f4b5ebc 548bc705 5a42
+Digest: 6246a7a9 d99d617e bc0e10d9 b5296d21 30f6949f 6f58c40e 687c2871 4dfc3f7a 981ab972 11f928f4 171f3f35 2876ced4
+Test: Verify
+#
+Comment: random test vector, size 79
+Message: 18a790fb 0bdaaea2 723a3b98 ef39974d ae29ff1a 23ade218 5b15ede2 5be7ee15 8da26803 3d9e1637 79510690 f3f633b0 23675af9 c2e4c1e5 ea3e21d3 053aafde 100055e6 4e2a828a 1b2797ff 1b9fcb
+Digest: 52b73e39 c7850dd7 3e6053de 39f1541a 291c3384 e05162dc 800e85f8 70c47a8f ad1843bb 9bc3463e 4d37a22f 32e278e0
+Test: Verify
+#
+Comment: random test vector, size 80
+Message: e978cc16 b29af67f 06e9bfc7 35fe685c 9c3cb76f 98dc5ee9 2f0130d7 9294fba6 1ef8ff0d ba880c39 02dee8e8 3bb14ad7 38a63b43 82060b1d 748c5ebe 70059a22 4108dc45 962be867 8ba9faeb e78b99d1
+Digest: c1714965 ce109b87 baf5cdb9 fe189a54 8b8fe36d fec61db5 e7debd70 8d874036 0ed9baa8 4c41ba6f 4e39adb1 c57c3fc4
+Test: Verify
+#
+Comment: random test vector, size 81
+Message: b4d21e49 9e6b88d1 07497eca bea8cd51 e29cb5ad 91c37664 511de81b 0040339c 5f095485 081c27dc 71ea9255 4f776b14 3ed7a9eb 6620f025 50d0dcba 73a1bce5 9d6b6149 3eb0358d 9c055710 8bea1963 20
+Digest: c0fd62c6 a69dff80 51058fd8 d0db8845 533af703 50ce5ccc 4ecc5869 ed272ffc c19b16d8 e019f90d 6cb55a0d 47a54a27
+Test: Verify
+#
+Comment: random test vector, size 82
+Message: 3ebf6383 790378b5 1b480bd8 9e377627 e1d9fb29 cdc2a868 0b7aab00 c80efc8f e9954935 57b865c3 d466135b 0497e53c e4a191cb 5cc6be83 b82f4db0 c7448055 3a6ca20f 6e1348d6 b296ac4f aef70d39 5022
+Digest: 3ce3154e edeebe4b d6ffe751 db2b6552 95cf7152 eae8db68 7751ff5a 2a17ed5e 768e5e32 6b60ac07 9a6d0c89 3dea37af
+Test: Verify
+#
+Comment: random test vector, size 83
+Message: 3e9be9b0 f5ae646b ff6e89bc b83b263d 2112baf7 a98fbc1d defdbf46 3ade21e8 9799b4e2 e81adbce 3228504c 6e09a8ef 95731c94 be864f72 26d9a20f afafef5c 8867d6c4 3594b0c1 8449bac9 5eb137f0 974fa9
+Digest: 096a65d5 482ba55f e47b2f2b e1663cb7 3844a8c3 d9a968d2 8fc9ac9a e9daef5a 28747cd1 6ccf9dae 8eaaf39b 3470f0c2
+Test: Verify
+#
+Comment: random test vector, size 84
+Message: d23b5e64 94c76b88 53c4d279 da8e4e86 b4023990 17af706f 7d5b7517 26701727 10a8f796 1f63c198 95e1813c 76e314bd 2e1e2680 a3362b47 a75ba377 be8b2da1 f8d7da1a efd7ee65 afdc0918 480bc26d 93fef9f9
+Digest: 9d52169e 9ef96921 b7103f3b 2c69c091 47cf5f33 8b9cf948 c988dcea 7e05a485 60b54481 1088ffb2 14b7e7b3 900a8fe9
+Test: Verify
+#
+Comment: random test vector, size 85
+Message: 0f89e47b 2a5deb90 1437fa70 5ecedcab 854a593b d9d66ee2 d3d16db0 1845b391 79748d8f 20f20c09 c1eef0e2 0017473f ecf7c2dd 529e8bd8 2b785374 a3e291c3 5d3a027d 13a8767a cee16444 6b4df81f 47c8c67a c9
+Digest: f271d193 d52c5f01 d72192f9 9474a7b7 ee09747b 2d222467 3fca266a a327064c 3f60b5e5 20adf606 5a8ea9e3 7aa04636
+Test: Verify
+#
+Comment: random test vector, size 86
+Message: f3107f37 a8482700 80702894 d8c7d8df 8cf4f37a 82bd2718 3e1ac9c8 d080a5c7 ad8521b4 6d3c3e50 6e721e23 8e66ea68 7c38e099 4c77d05f a979eccf 8746525d 206bf92d 61b276d2 4e4dcf76 54fb2b9e bc369abd b88c
+Digest: 9d0bb7f2 194d2ea2 b9cc82d1 05136884 67cb13d6 f50f75f1 cbd7aca6 a0b670c5 1f7c0e1b 108b3ff4 2c1d6df4 6ebb4e8f
+Test: Verify
+#
+Comment: random test vector, size 87
+Message: 5da576fd 5464eb98 59cebcfb dbaeb167 7094981b d4efa4f1 d64c2682 f081f9c1 4e7f3f5b 8ec8bc6c 998594f4 c52e208b fb51deea 1340b810 fd00a3a6 6bafa97c daaa4780 134f876d e31ba8d7 b07901e0 430c530b b25110
+Digest: 10120bf7 41fce3dd c294e9f4 9cf1637d 1d331fc8 29eed590 775255c4 e749e783 9d495c7f 17fca2c1 8ef64cd9 4d455bb0
+Test: Verify
+#
+Comment: random test vector, size 88
+Message: dc088e57 469ef7f2 743c4226 de5106f6 b560b75d 2cd4e6f7 61851d63 dc98d55e b3971853 ab82e912 729f8260 d8370cc8 48997c1e 546f2312 6dd98c62 80b8b2f1 0293c6d5 46a46254 a2bf1d9a a20e49b6 fbf04175 e5c3aa68
+Digest: 42c714dc a40ffa78 71aa4c4b bbd9fa9a 76e59525 ff1da937 770481f7 69e60f0a f54e0263 d055108d 0f24160b 9de7c2c2
+Test: Verify
+#
+Comment: random test vector, size 89
+Message: 8bdc0c48 cc117a9d 4bd13a93 c6bb8f91 8327f5cc 66cef9e4 9032a4cc b2df1384 0a238591 68d97299 a2b8dc5b 7840d121 16f10400 d9653a28 1a269719 d0dc7e25 3a43bbc6 6575d961 e0d1d12e 163042bc 07ab1d4f 9283a193 03
+Digest: 55a283e7 e652afd2 322150af 0b3f3bdd a8b3f167 d4deaa69 449e1e69 ea58653a 7bc93f43 fa7812c1 6ffb70e8 a00a4ddb
+Test: Verify
+#
+Comment: random test vector, size 90
+Message: 8c83af3c 349083e2 ef8b9d91 bb9a921d 29399293 1bd6d698 37d1d9b3 b04bebfb 9e5d0b92 49ba30ca 329b5fc4 37da8fd3 947b1edd 0158858e b395cf89 ff78593b 7b5d8235 3e43fca8 3a37db02 e0cfeaff 72927e02 fd45be5c b27b
+Digest: 24bcdb84 b03bf6a2 7ad9a798 eb36c6a8 13f5d3ae ec4757cd e3f309eb 0871ef7f 8f10f8b7 a5e01e88 e1b7775f f40731f0
+Test: Verify
+#
+Comment: random test vector, size 91
+Message: 71577b96 cdfa1b4f 0a141a9f 8e3c0f85 091d985f 623a2676 8d968709 96fe8d64 af4406b0 de6ee67c f4d66cdb bfb8c486 d87fafb5 b10edaac 0b4813dc f626aeca e305d26a b11aa061 49cc07a6 22693ceb c00f37c6 033ba556 3a3101
+Digest: 313bd0ea 2837d6e7 6d08703e f4f33d76 ac547e96 75601aa3 c1f8df73 7462993c 3998aa9a ccbf065b 8f0c0a49 ef76a47a
+Test: Verify
+#
+Comment: random test vector, size 92
+Message: 1fa5d336 006298ec d1e5eb21 d031f398 4929cc30 917a7be5 6f1e7621 e57638a3 20df0620 1fa3e29f f88841d2 896f1250 9a83d051 ca22216d 2d9a12bd f57477eb 556455f1 f24a76e6 38fd4b18 0eace553 2ae75d81 4ace150a fbfd956f
+Digest: 2345847b f78de67e 0006d25a d0796a62 7cc63216 3007c925 fb1773b5 eebe95d2 76f98d1e 8d015ba9 2066d44f df4c0b7d
+Test: Verify
+#
+Comment: random test vector, size 93
+Message: edb66601 03665bd8 54b2e8e9 a697f77b 8c8ed441 85b03030 2ec7003f 7cb3e725 2954a10a 6c2381fc 8c620c42 3687f3c2 a68fd823 748dbd76 3c61e793 dd43cb21 16fb3c3a e096b0c0 1a83696b 95886935 76a9633e 3261a9ea 292ea12d c5
+Digest: c52f5218 d6a00497 d1189eae 008eb9a4 e2825690 bc238049 20a9a0c8 1575cd60 74a817e4 b028eecd abf18564 30ecc6f4
+Test: Verify
+#
+Comment: random test vector, size 94
+Message: a51cf38d ad28b0ea 3d92aebf af8aeee3 6e155b5c d11fbf4b 7a71a3cd 7749c944 12dd94ee 119e44c8 deb1f1cc 0f3a78a3 a57cfb0b 37016525 d5c6251a 8532145f 8ece8fbf 6552db59 1b91a4d9 f8db1ac4 9cc029d3 957ed1d2 86b1521f 7eb2
+Digest: cbc7d0a2 54e8fccf 3d340db8 786b9df1 134605e8 dc20472d 63288aeb 917a0aa7 8d486960 2d027862 2fce671b 9fb8ce71
+Test: Verify
+#
+Comment: random test vector, size 95
+Message: dd9f9e1c 015d9588 c26295cc b8880f87 533b3463 ad22d5af 8d96b5e3 22342677 ebf3a196 9fcb0c55 c2c85b42 eba5ac49 be315945 af2fb287 38eeb22c b51261f7 edb77dd1 52492e6c 6f3b9752 6d06f45b 885b98fe e1ea65f5 8ef6e102 b02e85
+Digest: 983c8148 0cea8dce 0984e0d1 f2d537dc fb701797 18416ca9 524285a9 3a9bc3f0 cb6ba096 02d2b738 09a3c04a 80677902
+Test: Verify
+#
+Comment: random test vector, size 96
+Message: 7fb2235e b150836e 2e267c57 a8f60d67 8754b805 9e27706a 502daafb 5ff95189 5cd5c45a 5c7f0ebc 7b6e1974 7a364fa4 46f40ff1 8d5b8d89 b539c395 113d1721 230f2c3a 793897bb c6f66e24 f0933bda fa91661b 01afab91 b23a4e0e 708dab9f
+Digest: 08b54436 1cf955f0 745b65fe 67e6884c 4a27c4ec 405c2347 fb0920e9 4b457723 3fa35f63 9cdd6d55 3153122c 115178c3
+Test: Verify
+#
+Comment: random test vector, size 97
+Message: 3971f912 60cd1a5c 4ddd20c4 069ee236 2e7a6540 4069d5cd 6e24fad0 b34e6de8 a63e908f 2342a2a3 acd45c47 ccbe981c 1d36efd4 b4731eef 8e9bb147 23ef297d a7af8fce bbe064fd 95427b8d 79e90ed2 396cf9a6 8eb4b597 1a262ea9 c64f0660 f8
+Digest: cb8c006e 5918c3b5 b86981c6 95efef01 9e55f277 04fff5db 007a75d4 da53d169 d04fb918 9e441aee e61f8aa0 b6d7a01d
+Test: Verify
+#
+Comment: random test vector, size 98
+Message: 7b6a43c0 1a5ee069 772b7485 d8ee5584 dfb830b0 14f86581 cb368460 7d9f61c3 e027ae51 70c860d7 bc95429c e13580eb 3637032c 8b755623 d141ce6d 361855f3 bfeea742 a8d63ac7 94e1cff4 4934285a 30e94199 38d59fed 8b8dd202 8173171a bd43
+Digest: 2e8409d9 75d74776 fbf5c47e be371330 a69fc0db d68a50fe 53a57f00 261cb259 9d289d37 da1f15f4 ca265a05 4032e840
+Test: Verify
+#
+Comment: random test vector, size 99
+Message: 33cac1a3 f0a089fb fc3418dc 2cb7e311 df5e726c a244bf36 da79dba8 e66d903b 5a488f96 1c0c508f 662dd97b 4608ec08 61d44000 ab2508ef 5664eb19 588d5997 544613bf 58acd3ed 58792399 39438d0d dd97df1c 22408269 6c7e7969 ef99991e e8a837
+Digest: 18070805 6e51cc3f 10eea474 48bcc071 f193fa8a 4f8f09cd 88aafcf2 5d7a2454 23efc40f 7f2f5438 5de0f90f 34d1dfca
+Test: Verify
+#
+Comment: random test vector, size 100
+Message: abdde167 00b5ecca 0461759d 156312e0 ac7662a2 e45410d7 8ad3ce18 7386522f 06688a5b 34726a48 e42ef603 59eff3c4 a21177e0 a4c58637 b9e69489 5116019d 2b33c03f 8354286f 66a075e5 10c4ddf2 476696e5 e2456c3f f6864c1a 1457ade2 43cb4ed9
+Digest: 32df2707 51576bf1 448a20a2 357ae5b4 cc19cf2a 103c15b7 b811c469 d6c109f1 58b077ac c9398e53 a5050c2a 88b8f5c8
+Test: Verify
+#
+Comment: random test vector, size 101
+Message: f256fbc6 fd062c24 1f40f0a8 4e06a575 570c0b2b 6ec8f423 a6a73328 aeafcba4 ce7d3ced a230421b ee1d365d 93e5bfdf c7acb834 f6eb268c 1a509955 1f9bd594 2e03e2f6 03d64fcb 201b1983 e9af3475 8568ae76 1399e174 df84c2ac 01b8d019 5846e36b e7
+Digest: 17d34f1a b8eb1987 31890ee0 f307a8a5 f0f65254 1dcc875c fe60d089 3b55b33c 82f2f232 e9d17de3 4b29cae8 bcbb9725
+Test: Verify
+#
+Comment: random test vector, size 102
+Message: 4abb71e6 0d5dc2fa ffad3a6c 39065b87 977f3bac dc9c0701 c900d2e1 1663c420 91e63c59 9d997fb9 704341a6 8a100dbd efd9dec8 70d67d9d 5ed11ac0 406125e8 2e8a9843 f607ef92 7b7a1f1f 7d157235 7d7a44aa 11ec6158 74b67061 c445fd5a 6af3be7a fbe0
+Digest: de50a636 f0c4f281 94e4758d 72c06e66 d8294192 8e2b4dee 94ceb74b 6961265a d2421f6a ef1140ae 4ebf7757 a141febb
+Test: Verify
+#
+Comment: random test vector, size 103
+Message: f9a1bfa1 286b6645 641963f4 2d6b29e0 349ee075 c2d6d88e e477477b 8acc2033 13c9d2e4 52ac63a8 eabf7dd5 e1c726b7 c3589dab 6bdc22ba 858827c2 b0cefefb cd3998e2 8768b55f 0a25581f 2900b9cd 7bbc192b e3364873 0ca2d2a5 49099484 b6387399 66a27b
+Digest: 2ba4f8cc e3c84566 73873890 b3ce62a4 90f6d762 47a97248 f5e30d28 c220f106 e606ea64 b455d073 68ce35a4 bc821e49
+Test: Verify
+#
+Comment: random test vector, size 104
+Message: a4cabafe 13cb377f 75fcbfaa 9faacf35 b81d98b6 4501d7d9 adacafe6 0fb8f2a7 1cfacb58 c9ddca36 69f03251 6ca2d549 719b979b 0caddcc5 c1584410 40f7f54a 9b3385c2 a43305ad 024e9342 53af5d29 ae4885ac ee6fb89f 04e67b71 577771b0 b8d67a04 ea1e7b37
+Digest: 7166c0a7 aaaeeaee b489bdc5 f01b1066 8f2265ac 8679c908 430fb681 97e4a02d 1c5d0f7b 6b873311 3c17c84f 290334a5
+Test: Verify
+#
+Comment: random test vector, size 105
+Message: a0b83fcb ae9b08ed 65d487ed f2c41075 e25e8e18 6830b823 57ed3c12 4086eba6 ecaefde6 4e444844 e25aaab8 569cde4d ccff9d9c 822f9c20 d0256501 71463e20 7bde4886 217a8574 f49fab48 4ad8870e deaa41d0 f485467c 990412e9 dd070a6f e3ffbe24 4d00c101 ed
+Digest: 01fa3ac1 7b48ec5d fc5764ee c98e6905 cb336492 9fdd740c 805e6666 5cb84e22 159a60a4 a3fddd65 c00ae61c 1006a8d2
+Test: Verify
+#
+Comment: random test vector, size 106
+Message: 8a07aa9c 6dca62ea d7a3a354 cc40bd6e 3e1df4d9 3b42d9ec 317ef92b e5b96733 7f348533 937b1cec e94bd023 604a4e95 8d66aa9e 05874115 7ed44560 f23922f7 63168d49 26309d97 b8033bf0 422bba3b ab673a05 695e890b 5eb0a8ee 9f5bf5dd 603e91e8 c8a3bb68 c2a0
+Digest: 59202eb1 08c0791e d47d1a73 0cd4d7c2 e9a22939 18b41750 eca69883 d2d34bc3 a403e30f 7eb71f58 ff0832bc 1b9797a3
+Test: Verify
+#
+Comment: random test vector, size 107
+Message: c963ff57 46fd7952 f31979f7 420fa782 8268a8e3 f4f18470 056646ac 1d3cfa19 a9a8ebff 6ec4462f 96313990 79401145 c65d61fa 871aa632 a7e860fd 2ae24cde 8bbc658d 98b1a722 f729671a da0bc9cf 099ab281 98cddbfd feca6cf4 10a46b48 ee39c1d8 e00343fe 129c28
+Digest: 03942a7e 0752923c 456be6e9 00a595ef e5a2e17d 4b3f3679 4ea37fc7 15ff0a02 240648e6 68d64749 04bd4ffc 622f2909
+Test: Verify
+#
+Comment: random test vector, size 108
+Message: 246fcc36 531ac15c 465b9a9e da8fa0d4 20c8c812 dc4c3e3e f4533f31 49c10211 e90bb1c3 8df1b382 4842469b 0ea035d7 6dc96444 55caed96 764b57d1 0141bd58 390ea5c8 7259c61c 3560ed35 a6a94c2c 425a62e8 f2d32917 f527b54a 8c43aa09 0bacbbe7 6d4d8824 7b2bfae7
+Digest: 87f1dc6e 8915a92d e1ab03b1 0d9b14a2 1f5f58a8 d8713847 f2f25638 cd5c045a 478241d7 9b845ba3 768e5250 79e2f161
+Test: Verify
+#
+Comment: random test vector, size 109
+Message: 840c5142 81b02b10 16f6b86e 70fbc942 31dac365 6685fb3c ffd70e44 e264ef93 45c5e140 8046047a 1048cde1 8619bed3 b3f393db 02a9017a 57bb40ed b249b407 36eaeee4 ad35f61e 53762a45 88cf95e9 c27d5f23 ecd74b94 56a7e263 7e5b1c9e ceec715f 718653f1 d568e07b 95
+Digest: 3a58110a 78551d9d e773de14 2fdc71ae 16ffc823 57c5fe70 5a365728 abda7e94 bf2535d3 1082024c 1ad84322 55285cb7
+Test: Verify
+#
+Comment: random test vector, size 110
+Message: 1e3f9fb9 7a748b91 f540cedb 80239b24 f1ec339b 7d24783b 95dbf313 860e36eb daf33067 09af8869 7dc2b3b9 44a71c40 1b2df1e4 11605ca6 8549cc33 1320649f a3a1f873 f5bf952e caa3c209 a2aa4b16 0d89b002 fccd317f 6075e3ca da92a784 2c5e8104 6eaa01f0 5f5bbbc9 75e8
+Digest: 47eb08b0 078de446 29d597d4 b703dafb ccbd2c84 009d21e8 363c6d60 93606475 88ba879c 1112fda3 393fc2d7 748a800a
+Test: Verify
+#
+Comment: random test vector, size 111
+Message: 23e6a209 9033d4b9 9b294572 871138c6 575140d8 fd612801 d89600d3 f5fc4f35 ca7ad9a5 2605aa77 99776a33 d5a90aa6 e67b9ddf abe8d84c 6bf0f9bb 8d1fd5a8 fb81cebf 07cba2c6 70b80b9d 0e52bd35 bcf42be6 2324c843 40b40838 3f031d54 456a02d0 f48a9b3e 4565c9ab 154190
+Digest: 1bb47b49 b1252620 6a26afbb 91673b19 d40baf34 89493f1f 0893e755 26d1a3ed ae873f38 ad75d442 acdbc8d0 0120a29d
+Test: Verify
+#
+Comment: random test vector, size 112
+Message: 73fbc851 49e315a1 8385d71e 8797a74f ee23243c 54748fa5 03c716b8 bb30dea7 20d463ba 2aab6625 f28db643 80bffa05 6002f0d1 34b6c94e e980d61f e24ade02 cec89319 8c950ca4 84943bc8 927092b0 9df3f360 78a072e7 be900844 dbf54d35 e2678fd8 9cdbc13a cf835450 55544a0b
+Digest: 35542032 824eef21 82bfadb7 7abc8488 39b11046 994436d2 2d8221d9 7075f091 c27fce1e c30d96cb ac76b44d 96adf4d2
+Test: Verify
+#
+Comment: random test vector, size 113
+Message: 219c2075 c019196c 1c128136 d4f0afa9 a9a2c312 4cdd8e35 8075ac82 7aaeb7c7 3afd5b04 dba96269 3bf7c3ea 54d59a7d f8e7c22c 68330b38 a13b3ef7 bb537a3e a124cc99 8b9428a7 b6114724 342caa87 8afcd519 f76d0518 16152cb3 3eded14f ce86981f 7dd28587 8736b4ab d80f715e 68
+Digest: 80414293 4dcc2155 ff54781c ed6c4dfa 4b95a6c9 67237a9d 570b2479 8507a162 7dc295a5 92c19ae8 1cbf6f30 9f86142c
+Test: Verify
+#
+Comment: random test vector, size 114
+Message: 218b3764 ca14e053 99bfd7db 9a54e534 013d549e 6b4f5e4d e9747ed4 1ebb3912 56e7cc42 f146d003 9dab0853 b32cbd3e a39064a4 b584c209 29561ef4 3b83bdc9 0166994d 303f94b9 68a2e08a 42efb6ed ba7e7223 a372e45d ddc95bd2 61ad23d5 cc7dfcea 42413316 1e057e07 648edb2e 7674
+Digest: 2c705c80 f91874b7 23f159ea c4ebe7c2 ca1ef96c 85d262b7 42c113c6 d8c2f503 dd8eef45 c163127c db4dfb82 818e77f7
+Test: Verify
+#
+Comment: random test vector, size 115
+Message: ab15a81b 0fb850e7 7de6d332 49d40045 40680fa5 a1a0dc56 06b4b43d 71be1d46 2a176f63 77047d2b ab3ddc40 7e34b2fb 9715b41e 559dae04 e534787a 5dff131d a6439e22 9f25b74b d0f6a01f 2c2a2018 fb137834 56fa73f6 5743b75d d1024231 e662d112 6bbd2b63 95634acf 6b678a99 558c9e
+Digest: d478d19c 5cf4d86d 4740a0ad a4bc33af 98ebbc3c f87cde0e f4069796 790c9308 2f222b65 570605c5 f79fce95 59e27442
+Test: Verify
+#
+Comment: random test vector, size 116
+Message: f5854012 14619d54 cd97a199 2c4add16 495a4080 2107bf88 67e1e4cf cbe396d1 71f7620f 4f6f75ca c4ce14ed e7cf097e 366b7344 52d8871b 17defc95 eb6c25ca f25ced81 a9f5d912 badfa28c 69ebed17 13377016 7e145113 c2a87ff3 481c43fc 5cffe416 d52daf13 0364dbd6 1f39e55c 10f3141f
+Digest: bdc617be d85e4cdf d6d426bc 7bffbbb3 7a627578 9b049d56 5b9156b0 c4cbe714 cadc3fcf d78de665 7729f811 42a8b6f9
+Test: Verify
+#
+Comment: random test vector, size 117
+Message: c4f42483 27d7382e f48ef7ab 77370f03 6d0e6a4e 4dd22fad 74d1be43 c4296888 f2805967 a8fba36f d7e521a5 62f5611e 4af35ae0 4e3fd50d 6e9b05b4 53b0495f bf6b7bc1 baab986f 6f9db5c1 5651bed7 54135f48 96da0910 37e8cad5 eb350708 64034f9b 0b0d20ab 2087b1bc b98cd3d4 912ae3c0 66
+Digest: 8f08adb0 9c1eda35 f3dee3fe 76886de6 e8662622 62a1369b 782605ea c6a5a988 f3415521 90e6ea81 af7581d1 8cacbf51
+Test: Verify
+#
+Comment: random test vector, size 118
+Message: 08a2e44d 2b14c347 ee800e1a bf71fd52 2eca44ca b32eaeef 0119a27b 7828a922 8b3a8c47 ad3c2409 ac2eda9b 39a038f3 9b965ac2 8f6f3baa c3e926b2 65383ad7 12b9cbce a45ebff1 245f024d ed72d4f2 0d4752bd ca4bab97 8eb0c443 c38445ae f1dc8432 2533d55e 8ea4fc66 97cedb61 39ecdaf6 9b2d
+Digest: 8322ddec e958897e 5d7fd5b9 bcaf4149 fd51502d 2e1e6847 22854a88 d486d47c 1a574141 77597faf 97df15a2 388bac98
+Test: Verify
+#
+Comment: random test vector, size 119
+Message: 64fb2b90 f26c2aea 36a2093e c85e2a12 3dc5ed64 91703d0e 1c07c4ec ee58c1b3 28fa6c82 2a434754 3b2fa93e 8eef5010 c783c96f 8d541565 269fa7a8 716f07af c5e3c921 6c84d168 eb39b279 086da0a1 1ca27d88 cfce7ad7 9d6e5bfb aa890587 6169f531 f7bf6947 28a97481 6271ddde a298fa49 617bbc
+Digest: dfc51df4 739776ff 771394f7 e6193bc1 8c2a136d 1fb5ef05 874e864f 5d24c975 05e2140c 95380d5d 167905f3 33470b1c
+Test: Verify
+#
+Comment: random test vector, size 120
+Message: 36addd08 ab32c247 5e59b898 e9798003 6a05208d e0d00fc9 a50a50e6 16566dfa ae1ec282 591c9f63 2cfafaf3 59cc5c2f 2a0c91ed a59da1a0 3c4213a6 f10fcc3c 7f7ba139 1a064ae3 f7fdbea7 874a8b30 2a83a766 86866617 bc3b35d0 c49ad5a3 3d1962f0 bfae1b7f 42cb181d d7cd516a 995127dc 9e788bd9
+Digest: c977dba6 68c272ab 54827048 a832d1d0 349885dd 6d3800ef 8a908565 161594b1 f611e796 defa7507 103e0aba 03cbda14
+Test: Verify
+#
+Comment: random test vector, size 121
+Message: e86afaa9 0cc9183d 4ab674d8 8ac18274 03cafa34 ba6a2f22 aea93368 c34c3f0b c64fa5c9 bbf44a0b 44e98ed6 6471285a 676b28c7 1bf7773f e238c7cb e0587da6 2030039b a3473683 76211296 4a2ce338 c93acde4 d94d296a f353c14c 48f784b9 349e3163 aa4c181f ed2a2df5 c79d34b3 1821b1f1 43a334b6 8b
+Digest: f94d7d33 5233246e 3434dcb7 41f412f8 487322e7 6e17902f a0b30d9b 9eb57e22 a1e5c811 11dba443 5b54500b a0bac924
+Test: Verify
+#
+Comment: random test vector, size 122
+Message: 0e22e1ea d73fa924 6704d71c 17f8e223 81ce81b5 b00919c5 f005c387 b32d9996 51395152 8b1c4745 9525cf5c b0c7c963 939f2316 14a78edf cb78e00f 3f8ea8ad 5e8b2969 6e33ab21 ae05572f 7b19835a 71fb04cc 6489aa94 d86f71fa 0f04e857 5851c777 258afcec 00013323 953cae6c f9367cc7 9d29a64b bb25
+Digest: ab2949d7 2d9bc6ed 2dcdddb2 6433ea90 2dd2e170 ed348bd4 2b176845 f41db1b7 1ee57825 b0889216 c8d6eaf4 c276a92f
+Test: Verify
+#
+Comment: random test vector, size 123
+Message: ead01869 a2a88cae dcb20533 7df6cfdd 9e385953 f6c0edd0 657b5891 b10d96e5 f2f80262 6357bd33 411463c1 1a0456f4 441a94da 2ec6f9f3 5b5cce88 310f751f a6e39e3c 90133f87 8017c34b fae39b5f 2cba946e 98222f53 5f52639d 92ec45ad dc6aa932 3a558d98 3a492bd5 18763640 ae1fddef 2bd40f90 14b529
+Digest: 4705420d 4f64967e 747ae1c8 67cd16a2 f6dca5c1 0f740276 8f8bb15e ae01f233 c134763d e50a8161 9373ae78 98454cb7
+Test: Verify
+#
+Comment: random test vector, size 124
+Message: 7e92b824 f59568bb c88b843d ab3e1530 0d970147 caee1fed 031ea86c f9314768 21725ec0 625989a9 2e31e35f 34f31191 4c17d07d 2f056f84 ec52c9c6 f96b4f56 0516b7a1 8ae3fc61 60b7f4fb f865b7bc 766c8346 721bbefb 24e90df3 b8cfb48d e88ef347 7f7f3e1e fa4a3dc7 593d3b14 9625dbae 50d04c29 0305bfce
+Digest: 97efea12 284fa7b4 9c55e4fd 17f1aa98 47b0d5a6 2f406366 f6987dde d9387a7f 78e11350 97f771be 28ac75c2 acf94ec7
+Test: Verify
+#
+Comment: random test vector, size 125
+Message: b7c07d9c 31fab2f2 96c7f6f9 76f02072 aafe36ed f96ceb67 5b6efd0a 28cd402d 63a15312 55edaae3 9c78a146 9ea835f6 9422e2fe 4412a077 3271c42d 091ed250 33073179 e59d621c 6a819661 3dd25f4b 3fb93332 9e8d5098 c50ba769 7fbba42f b71d103c 243155c4 ba4979fc fa8665a3 62066de6 f9b41e48 069b74e1 86
+Digest: f86c1d97 7495bf39 3f926898 433bd228 17781a47 3c40f0fc 22f540e3 b794f22a 034b3ec8 fe31deb7 10ddaf8d 99f080a0
+Test: Verify
+#
+Comment: random test vector, size 126
+Message: 6735dab7 06b36927 ee191a8d 13b49b3c 46dac52e 67bada3e 97ff7f8c fdbb5b97 0607611f 125897e7 e7c9f97a 04984133 f76afbd1 a6217ae8 ee9c7f8a 069efea7 575a00c3 ed58084f ef91ba39 9bbdee0d aec7b9c1 13de9752 7e566662 46ec902e 65a9f359 f7acf28c 02b44a61 4a77de67 afa76237 c7ae5d18 c14ce20b 1fa5
+Digest: aba3e63d 77ab9fe0 dab419e1 841618e5 9616f93f 562dccb0 78cd5e06 a0589447 689dcfb7 cccf6a3d aa6976bb 973856b2
+Test: Verify
+#
+Comment: random test vector, size 127
+Message: 642009b5 35959390 96cd8fb8 47fc2998 44143644 7a8ed5ac 0ad6f686 8b91deeb 0fb03e77 630c96dc 8f8cdbeb 2a912a9e 0aee36f4 eb70ce03 cea4a632 f1f09eee d64fa36a 05aa255f 31cb91c0 64af4d46 47a28404 118217c1 19c7f403 37c65b07 9394dd35 ffebff0a 557109d0 ee11a168 de634c43 c9517afd 12c97f01 897197
+Digest: 8e2445eb 023f0c22 57fdc38e 9e762742 4cef179e d59a2af3 91a2b757 3c07e823 7779ca38 3ac2c377 f49eb5be 938097e7
+Test: Verify
+#
+Comment: All 0's test vector, size 1
+Message: r1 00
+Digest: 844aeade bcd10602 38747e75 afd99610 14c86903 894fb0d3 144c0258 7546d47d 7594f05e 9a8fc08a cb52faad b77a3623
+Test: Verify
+#
+Comment: All 0's test vector, size 2
+Message: r2 00
+Digest: 64424388 876e9d37 71ea54a4 c6b4471c ca6b3f30 3d306f0b 9d5b9eb9 64a5e51b 8504125e da01c597 9023ead3 e2ab1606
+Test: Verify
+#
+Comment: All 0's test vector, size 4
+Message: r4 00
+Digest: 51f1f012 1e67c10f 72c9479f 6021ac3b 2854eee3 aa7a439c 08f7e29a e0092c27 cd96668e d5e9766c ba277b1d 8b290fd9
+Test: Verify
+#
+Comment: All 0's test vector, size 8
+Message: r8 00
+Digest: bffd5b77 904861ac 876e1634 38da2547 302ae635 17c58cb0 9dd31da7 c129f72c 5589312e a3b3afc6 a8711da7 182c4a9f
+Test: Verify
+#
+Comment: All 0's test vector, size 16
+Message: r16 00
+Digest: 7a3de4b5 f1bdb7c1 59a63960 6cd96fee ac365ec4 cb0df17a add09381 b864068a b2d157b2 995ef229 7e2b15c4 da6659ec
+Test: Verify
+#
+Comment: All 0's test vector, size 32
+Message: r32 00
+Digest: ae6c04bf 53103fb0 bd042f6c ef0de7d8 09f9e3f2 19a31f68 9387c858 e64df9b9 14ed01c2 e508becc 208b3728 851afe21
+Test: Verify
+#
+Comment: All 0's test vector, size 64
+Message: r64 00
+Digest: bef608d3 2f391c05 23a2b69d 3499ca57 820fef72 f1e42625 d26ed445 a6300f3d 84c0dace 49707535 8be64834 d4a21efd
+Test: Verify
+#
+Comment: All 0's test vector, size 128
+Message: r128 00
+Digest: f1dc5474 3d7d26f0 72746b88 5b678866 664ec4b6 d75ed756 11374ba6 79495d67 e7a91455 0d5b2bc7 4976e0e1 cad76388
+Test: Verify
+#
+Comment: All 0's test vector, size 256
+Message: r256 00
+Digest: 4b65ee3e 2ee30a45 63229029 f2a987a9 6c38c67e c5c88490 86a04d98 d634f27c 8869c61b 6065402a 7e619782 45df9663
+Test: Verify
+#
+Comment: All 0's test vector, size 384
+Message: r384 00
+Digest: 868f5200 ce657d67 cc567fc0 83aed110 c354aaaa f50626a8 2a57c997 dea19681 87564989 cfe99f13 c4c33c2c ae86bb22
+Test: Verify
+#
+Comment: All 0's test vector, size 512
+Message: r512 00
+Digest: 76bb308b 06dffd7d 26b765ad ef0e66e5 b45f5df3 2e7a46ab 82f24d34 cd03753e c85a8846 8faaccc0 a1206d6b 0e1347fc
+Test: Verify
+#
+Comment: All 0's test vector, size 768
+Message: r768 00
+Digest: a6928040 8e6e0335 b7879399 b25b800b d5c06ee3 c1e088ad 827b2057 4387b752 5c8889e8 1b74ccea 70c1f1cf 17da0cf8
+Test: Verify
+#
+Comment: All 0's test vector, size 1024
+Message: r1024 00
+Digest: 0b8a527a 775fd98a bf4de3db ca8b07af cfd0276f 4927cc8d b13a445f 24601a79 6af68015 c844e1db b65b9aee 89f86ba5
+Test: Verify
+#
+Comment: All 0's test vector, size 2048
+Message: r2048 00
+Digest: 735d38b4 1bd31ee7 79d2e706 d5b76955 f0c9d7d5 a035a151 c7340116 23c70c5b 62bc8855 17d67e49 4900a18c d6b0ec94
+Test: Verify
+#
+Comment: All 0's test vector, size 4096
+Message: r4096 00
+Digest: e22ca4d5 3a00e8b6 77270e44 e2068aed 1a3b53d5 7ca61869 e2c53feb 9de92894 a4a95732 79b93448 1a4528e9 b58aa550
+Test: Verify
+#
+Comment: All 0's test vector, size 8192
+Message: r8192 00
+Digest: 2e3f7529 23920019 a965a1ee 1e704ea1 84e226fd f1aa113d fc673c28 ec7f1246 d6d647dd 318968e1 226d65f9 32f1baec
+Test: Verify
+#
+Comment: All 0's test vector, size 16384
+Message: r16384 00
+Digest: d2b9e5aa 4fbb7abf 9a660c9a f92c8c8e 1058287e d2b9ee11 a7e321f6 834cb050 b0b29c70 99a63d0a 79bad0c4 e2be58f3
+Test: Verify
+#
+Comment: All 0's test vector, size 32768
+Message: r32768 00
+Digest: fca1adfe 1f326081 c3bbd5fa 13485c25 2709e1f1 9859d83c ba24dd91 6b34c45f 3faa2d9f 4e6b85bf a811bcb4 6a4e2790
+Test: Verify
+#
+Comment: All 0's test vector, size 65536
+Message: r65536 00
+Digest: 8a183616 099793c5 6f9e46d7 84e6a4a4 1b01eb42 ca271ed4 1ea929c0 5e90827c 4c3047b1 f1e9b109 ba0d57f9 641c90f2
+Test: Verify
+
+AlgorithmType: MessageDigest
+Name: LSH-512
+Source: gen_lsh512.cpp, https://github.com/noloader/cryptopp-test
+#
+Comment: random test vector, size 0
+Message:
+Digest: 118a2ff2 a99e3b21 34125e2b af20ebe3 bdd034d5 a69b29c2 2fc49950 63340b46 697801d7 f7fb0070 568f78e8 ed514215 fc70af27 d6f27b01 aa8a1da7 2b14ce7c
+Test: Verify
+#
+Comment: random test vector, size 1
+Message: 41
+Digest: 32e896b2 1bec19c1 5254f7a1 f089f748 e05918a6 8e6d829f b1a62b7d 5822ad98 b7de274f 7dc6c73e 6f52c5f0 b7633666 dbe60486 61351d81 1105ee01 5b9dcac9
+Test: Verify
+#
+Comment: random test vector, size 2
+Message: 3c57
+Digest: e86ac1ef 43519446 927c26d9 07fa5a3a 64b3f4b1 888ef10f fc6b687e c73ac5bf d9db4ad7 427011d3 5243adc9 8d2c2b1b 58a28bd2 2179668b 43a2816d 07c65963
+Test: Verify
+#
+Comment: random test vector, size 3
+Message: abfcde
+Digest: 732442e8 c76252c6 d6fc950c cd7fd6d5 a8a8114b e245a307 6c3f6732 b8029447 8b136bc5 2fe8db4e 01766711 a71aa691 79361804 c2791c77 ec2383c1 be480501
+Test: Verify
+#
+Comment: random test vector, size 4
+Message: 8877c3d9
+Digest: da6e655c bd0ed74f 1875b185 7d7e5229 e8ca5460 c384eb71 3d2a7fc1 6618de4f 0faf4e03 caf6444a 9f0f76e2 0de91d09 4c9eae5c d7a8676d 8b441eec 6ed00ca9
+Test: Verify
+#
+Comment: random test vector, size 5
+Message: 0e29d0b5 3d
+Digest: 00531eac d8afcaee 78dd4a76 70b01aa5 65ddfa31 37e5e3ae b06daa4c 020379cb 898c17f0 58a103cb 9ea7eb74 c7fb4b89 f0e16e8b cda1b90e 60ca42bd c500e398
+Test: Verify
+#
+Comment: random test vector, size 6
+Message: 3b627abb 33c8
+Digest: e711bd4c 05115c83 400502a9 1fc5602e 074a3810 94d0a0e9 7f32cf85 2e9b33f9 cf52c2a5 4c0a781f 507173a3 6c74cf90 9bb5ed01 5c73683c 27b9a8ea 25095ff5
+Test: Verify
+#
+Comment: random test vector, size 7
+Message: a71a7187 f9e947
+Digest: 60a37bb8 8763cfc8 c0a49bcc cca43094 7031d92d e4a3496d e2bfaf27 f7f55ae2 e391d323 5ef5f6ef 80b7ad24 da97b19a 878a13da d4deeb7e f0c64322 6e54a974
+Test: Verify
+#
+Comment: random test vector, size 8
+Message: 427e1952 21e92952
+Digest: ff3e6f95 37d5b90d e6110cc8 095dbbb3 dae9ad31 7e85ce5f a771e864 bbd224fb 930fc3fa 812c700f 4be9c2f9 6316781e 4d94a966 aee699a0 d3f9d6cc f8a170f1
+Test: Verify
+#
+Comment: random test vector, size 9
+Message: 291562c8 a4b612f2 90
+Digest: 2cd2a5a4 e15cc0bb 7d70e819 b92a68f1 abaa3b6c b05232a9 3b0d0be9 3650e7aa fcefa84f 8894a866 1021e3b3 aedc1063 36e5f86e 85138a15 3d8b50e9 334f8c85
+Test: Verify
+#
+Comment: random test vector, size 10
+Message: 2d65a814 2467a0c6 5db2
+Digest: a81bb000 6b8e0020 de714542 6ba530a2 c83fec7e 909bfc9a d1693759 e69a5bc1 2aa6823f ce6a3900 afa7831f 9064b42f abfb9a83 ad1c7294 280c8267 c8da31c5
+Test: Verify
+#
+Comment: random test vector, size 11
+Message: b1c1e0b5 72d933cf 9b9240
+Digest: 4229dc9d da13d3b6 dbec0e8f 8c43d3f8 cc96c658 4c2193f8 4030eea3 e8f692a6 a2326f14 583b5317 44e9d8cf e64e958e cf4b79c6 7cf67fcc 4434411a 045be361
+Test: Verify
+#
+Comment: random test vector, size 12
+Message: 633865e0 28638d0b 7c99fd5c
+Digest: bd0bb84a 6870b70d 238e70d4 2a8510eb 99a9f84b 552f82a6 44ca2110 5c644464 1ed99f01 c576e8d5 206bba38 5dac69ab 760161eb d2c952b3 d5200b5a dbedebd0
+Test: Verify
+#
+Comment: random test vector, size 13
+Message: 82d0f25f e993f11b 8826c8aa c4
+Digest: f25ac57c 755ff310 318ede5c cf679aad 2cb3420d 8bcf1e5c 8ff8cd37 e8e34ac6 1e17e07a c6afdb8a 2e772539 f1046724 c0c2b03b dbf8591b 2a5e97db ee72eaf9
+Test: Verify
+#
+Comment: random test vector, size 14
+Message: 8c2773c0 9c9ee0e3 6d39cddf 581b
+Digest: 07fb2521 c61eb51d 6391da76 a481c09e 7b0dd0ac 14be7953 520f1054 e867aaf0 22d54996 33a8b007 eff48278 b66ff8f6 a2f29e19 195013d9 b387e0f3 ac90766e
+Test: Verify
+#
+Comment: random test vector, size 15
+Message: 1afb48ab 6935e0bc 71cc50f3 2fabe2
+Digest: 4722db66 e6cb1c72 d01f0e98 f2fc61aa 846847ae bd15b5ad f2deaac2 7928aef5 678d4754 80d46b64 08aef4ba e7a69e38 cfd13ae3 4d6b9383 6c07492f fe100031
+Test: Verify
+#
+Comment: random test vector, size 16
+Message: 1eb85e27 c655c27c 8604c038 49c70f23
+Digest: eb4083b0 b9759f9c 9942fdc8 85b8ffdf fb6212ff a74504e4 f82c8007 2ef544cb 801d6a89 c2b198ec 5a91e25d 19ce476b a32fea85 add4f0ef 7c3009f2 adc48307
+Test: Verify
+#
+Comment: random test vector, size 17
+Message: 34cb6d84 5fa0db8c 777a5d37 e745df3e 67
+Digest: 73bd0589 c3934d13 fbdf468d 4981d8b9 44c81061 72c5a29c 5e6065f4 bb8a629b 6a534638 d02bf333 5a1e2435 3177296b 8a69fa38 f1bad0a9 cfe4ec91 fb0eba8d
+Test: Verify
+#
+Comment: random test vector, size 18
+Message: 6bd7c718 810c8e31 fa35558f 7f45bca8 6d75
+Digest: e57eb7d5 d8905344 18e3e45b 13520e76 ee422e40 d783e302 9650f507 e086ea03 6afc046a 0a4c0e53 d1b2d250 06b6d46f 67b50284 a70781bb 3f5ed5c9 e111137e
+Test: Verify
+#
+Comment: random test vector, size 19
+Message: 0127ebdc a33fbd33 44b73dde 21f5797c 9736b0
+Digest: 5dede9a6 7723dc45 921f635a 28cb7758 9cf53ea9 b1e52206 8027452f 056fbc95 3c8fd3db d2defa49 f56b0fd9 e46795ad 4128b412 cd09d6f5 e86a96b1 018cf74b
+Test: Verify
+#
+Comment: random test vector, size 20
+Message: fc95846e 6c1134c1 39d07a30 3240a6a6 d9e2685b
+Digest: fe5fef13 c4a2d0e4 fc5b2e8a 13ca4c6f 6aa8ea74 4e88e8ff 8d39e96c e52bf507 dde13daf c9c37510 212e0a12 4a6d2259 78d48fd7 79df759d 53cb57e5 506335ff
+Test: Verify
+#
+Comment: random test vector, size 21
+Message: 83bf0d76 c1d4ef62 f7699f25 65bc47f3 42fb828a 09
+Digest: 72f4d9b3 b3455591 25a1e3e4 e4d64741 48b6a39e 262ab4a8 c6de2eec eb3c7aaa f7f30231 a8c357f7 fe39419a 5b73c1ac a51fbfc1 85c67987 07b0d459 66a7ad5a
+Test: Verify
+#
+Comment: random test vector, size 22
+Message: 85b3789b 4ff9b615 03172b6e b12606ab 517c121b 2283
+Digest: 20a2b621 2df0ca27 666c47f4 d580558f 1efd5e39 88729d9d 13c96fea 63506321 87d0e305 e6e52eb6 c7bf34aa 099edb2f ae8788fe cd5b6c01 a12e40cc 15db9f3b
+Test: Verify
+#
+Comment: random test vector, size 23
+Message: 6458c83b c2e50f97 b2c458db 8e307a7a cada48c5 3da0a6
+Digest: 619fbb2b 7173e976 b8b8cc6d a1444dcb 65dfcebf 06fd6c5a 1e270d6a ac62380d bcccd563 0b81135a 312d7507 56491c7b 749791fc c724db11 d55a910d cfa9a09b
+Test: Verify
+#
+Comment: random test vector, size 24
+Message: 45df4559 cf16ed27 c80176dc 50f60109 48fefd66 e3b29342
+Digest: 7cfca413 fc03ea78 739c92c8 6fc173e5 ae3b7f25 1ecca6cc b6be99d2 427197cf ea2c4417 0fdc3849 82d660b4 0375cbe4 86ecb766 a0f6b1c4 86885c22 6353820b
+Test: Verify
+#
+Comment: random test vector, size 25
+Message: 664b9872 f6e65aad 6608b5fd 375cc4ab 331eee39 5f979d75 09
+Digest: 50d7ff40 1d7f4e83 09b7d03f 280ca8b7 b5ac8cca 82115ddb 46c84bcf 06dd8d75 36e1bc75 b870fb53 33dfa6aa b8977c4f fe58e9e2 1fee9e5a e9c96f1b 8d883318
+Test: Verify
+#
+Comment: random test vector, size 26
+Message: 6f622f3a 48f0573e e7962682 0d59401c 1758a547 d6983693 530b
+Digest: 2a772c00 2ad6de8a 9b9d4232 bd1b69cc 1483993a c16edd96 4dfb01bd fe2ccec6 f1db38d0 8977ff80 c87fd11c 8f48638c 1f718d47 f9cb4dc1 14a4e845 0b54822e
+Test: Verify
+#
+Comment: random test vector, size 27
+Message: 16d623b1 c503f02b f66aa6f3 58a10ad2 a7e53bcb 022d90ed 27c3f8
+Digest: 0f9089ae 75bca531 658b8b7b 647ff344 8ddb4cb5 7bc35494 8389109c 0976c401 8bcc77ad ce3f4e6e 992a8dc2 6602e948 ae4db87e 1306c3f7 161fb618 d762dfef
+Test: Verify
+#
+Comment: random test vector, size 28
+Message: ba894b19 abc35313 7f8443de 8cb3682a 68c34bd6 f108e189 5b5ffaf9
+Digest: 229ac968 c39170c3 ceb9cbaa 24d5ed58 fb64bbe7 58a5cdd1 84bdd297 f71ce30c 4360ab57 23160a49 bfadc45a ffb07773 65fe4b25 90a82582 9229987a 8c5b050a
+Test: Verify
+#
+Comment: random test vector, size 29
+Message: 5e0ddad3 5d27b00a c95ac23e c20c15ab a26ffd0b bc13c154 e8206e09 3a
+Digest: dbb1cbee f7c6f2d6 4afed9f6 62a59073 b2c590cf 3c22257d 27fb8432 913acfbc e7c8fab9 4ee3fb7e ffe27fe8 8ec27135 3ea14d26 fb5db867 9dc01cbd dc728718
+Test: Verify
+#
+Comment: random test vector, size 30
+Message: a4c01b18 488d8f2a 129d0c29 64b61828 40cd5e19 6e3d4d7d e1c0a58a 7155
+Digest: b977eeef cc7631ff a6dbe078 e1549a68 ee8a961f 68b6e43d 57935daa c729aebe bd284727 0874378d 121342dd c1e05ee4 af9dea2f 79d214df 9b15e94c 26be9d30
+Test: Verify
+#
+Comment: random test vector, size 31
+Message: c3707bfb d004e47a d376b527 c0bc0509 b20ad247 5e0f63b0 dd4fadb4 18741f
+Digest: 98c3aa9a 70fd7660 7d8f5f8e 1100ce80 510566b7 2bab12e2 e150e1ac 2e31476e 09bda37d 4cf62c73 a773587f f75a88c2 58df53eb 0977b52a 63deea58 332255fc
+Test: Verify
+#
+Comment: random test vector, size 32
+Message: 430405cf 1822b2fb 0cfdc700 739787dc 33cc152c 5ff08268 82d12a09 38bde230
+Digest: 567f7517 a6459108 e90837fb 6fccf40c 4d3f96e6 51efaf31 802b3c9f 3c98f68d e5fa0c0d 546e032f 7372328b 20b1f62b f2960c69 924b5d92 e175ec80 c10c40f8
+Test: Verify
+#
+Comment: random test vector, size 33
+Message: c129c878 fa5a0ee3 c323f857 20ff68ba 07a0c773 9b6a6752 3d7b2ce1 0c6a5ee3 54
+Digest: 44ce079e 6235763a 7835fa0b a5a3117a c4270d08 5c31d148 b0b06f02 1031f273 2159616b bf5e9550 556769cb 7db45026 801b5e3d a07d34e0 9f4573f8 9406f8a0
+Test: Verify
+#
+Comment: random test vector, size 34
+Message: 9e11fb1e c6cea0a7 65ff732d 08faa865 382a6676 1665e30f fc54b890 a6ef3e71 02bb
+Digest: 11ae17b1 a873fbfc 6f43a807 6342f357 7f7edaf1 8764f531 e152f552 eb900588 0f01e31b a50a1885 73b7c3c6 506c5bbb 435af34a 6c216005 cc56193c 529db888
+Test: Verify
+#
+Comment: random test vector, size 35
+Message: cf0e4830 d683ba21 90177b2b 89573b10 633dbde9 f2222e95 831b2221 dbf75473 be2ad1
+Digest: 6ae2a1b6 ccb29521 35fd2dfc 556fe15f 332413cf 7131eeee 0ce76869 12baf01b 54c85c0a dd69ca3c e687a6ca 655ddccb 759a2ddb 08525fae abd01b8a b3ae15e9
+Test: Verify
+#
+Comment: random test vector, size 36
+Message: c6289c55 8043e60d e2d522df 4b26946e ffd3553a 57be0686 43ddc97e 6f70f438 30e3732f
+Digest: b749756b 1369f95d c4473ff2 bc54e609 b6296e72 93fd1e5d edf3f86f 5c1b70ad 7da6e51d f78a3587 ff902c1b a308a980 546c16be 184ae472 838b5ec0 58073f90
+Test: Verify
+#
+Comment: random test vector, size 37
+Message: 715dd80c 870adda2 ff3ae0f7 cc30bb36 3ce63791 6f51f0ab 5c8a213e 0a9ad84a 3ac753d2 26
+Digest: 04caeb67 374412f3 5f18397e c06112f6 80a8bc48 60c1c057 802ec4e8 7659d380 2871d01e e466e5c9 1093db32 0a671622 a855683e e97c18f5 7524f8ff 1d508c60
+Test: Verify
+#
+Comment: random test vector, size 38
+Message: 82d2bb8f 78adf821 9403c0ec 1daa0fb2 8791821e 426039b1 cb8290bd 487d7f91 2a4d6801 6c22
+Digest: b634e4f8 50ad1c2a 43dcc03b 8ed70def 847cd84f 6d0ee0cd 7adec782 b7421d1f 681a5a62 7b3c333e 81355604 b34968cb 77510cc6 504537a1 c7351297 2fa731fe
+Test: Verify
+#
+Comment: random test vector, size 39
+Message: fd6c9621 1adcee6b f1a3e217 3889ca82 d91798ef 44dc659d 056c8b0c 985a2461 dbdcc4c3 2d3c6c
+Digest: 3cac80c5 bd5a83d1 0a6c5a53 78da95c8 5e042f1e 62326a7a 2d80ad08 9030239d dea3793e 4f108768 3be2633f 7f2f5278 636c6384 fc4c7dd7 f18a3335 826d574b
+Test: Verify
+#
+Comment: random test vector, size 40
+Message: 3a21261f ac966b1d 210791ec 8b71073e 6c3aba00 b52a94d2 c2135d62 80863b53 3cfe8ab3 08bf3c9e
+Digest: 87528099 78f308be c7454d41 8e9ed617 5f3771d3 127ae7e5 9596746e be5e2df8 983b9755 a0e8ee52 05cdb2e5 c18e0fe6 e21b7fc2 6bbec94a bd57c34a bfb28fdc
+Test: Verify
+#
+Comment: random test vector, size 41
+Message: b664b4c7 a37895c7 69585be3 2bf10f6f adc301b1 9f9832c3 b5367a49 c041026d 2c1c7fdd b01f427d 35
+Digest: 60d0c1ff 1f1c4f9a 85f4ed49 ef8e7dce 1d5435bc 44bac19e 60e6ac29 fbb202c4 1488795f 5e522ffa b59ec359 e301cd1a 6f7699e2 56753b6a e40d6d6b feac4bad
+Test: Verify
+#
+Comment: random test vector, size 42
+Message: de978221 6209bdf9 7d4c0df0 33dcb51d bc014a41 f1ffdd8c 7ff7a927 045d5f5b bcd1582a 3530026c 348c
+Digest: 351e8b59 93bc76df cf65f1d4 26f98fbf 979a4434 2f58cc8d 7a6e1c57 adaeda84 3654e646 b97c6770 f8d4d12f 08611c9b 8311296c 59c7b82f d5fac4fa 71d0d56d
+Test: Verify
+#
+Comment: random test vector, size 43
+Message: 3b950a69 c0b8c7f2 0f986eea 89da29ae 763752de cf481dd9 071549bc 161d02d5 62398a86 4d88aafc 679834
+Digest: 2803eca9 6245eb5f 2d5c9d0d a7cd355d 3dc1ffc6 ffd1280f d70e83c9 693b2982 e08bd50d b28181eb 978f6544 9f6af0d4 6a9fa917 80a3c4f2 e343ab77 92e9ffcc
+Test: Verify
+#
+Comment: random test vector, size 44
+Message: 539d2075 d1127ab4 c71e19b0 ff1ffaa7 b0abf807 9e96282a 08f3fbc6 eee67300 0e1a7027 82151f54 3f795f0a
+Digest: d955910e a4b8c68d f8b561fa 0a20a0c6 87be7f9f 70d82681 ae528e6b 404f6b94 bad24629 9745be46 35249d66 5d344d3d 9e79e623 d2d0c8aa f68233e5 269e0539
+Test: Verify
+#
+Comment: random test vector, size 45
+Message: 6cf85cae e5fec55f 140cbd46 859b1d15 598f16a6 9891b868 64b6d837 e9f93435 e006bf50 4f2d4ea6 144c39be 8e
+Digest: e9c5987e 13afd1bc 62a68293 584f568e 14d1b70c 6a65a287 82fa8ef8 b2cf4006 e8ab6ab9 16c9c59b e1554005 d09eee7e d70fd652 16214890 1b74ceb3 279979ab
+Test: Verify
+#
+Comment: random test vector, size 46
+Message: 79b738b3 cb3075c8 0c4a41a3 68ee2bea d6fe80f0 a4d8fbd2 0e42dbc5 8cb74383 74d2e559 d153830f 1a8ebe33 cab7
+Digest: c5e8423f abf93410 c264b466 eae3c8bc 57ed587a c78231a8 2f0b3f34 6a91d27b fdee5736 633f2d41 83ce3eb2 7f58a135 e78f30ec 2ed52828 ab4fd972 5f15ebc3
+Test: Verify
+#
+Comment: random test vector, size 47
+Message: 9a3d0219 a34a2122 55c331e8 348e88f5 08218245 62406a77 5a334ee9 98cb0e56 69a30b07 8130ae3f 9e1f342e 5ba66b
+Digest: 3093b6e5 5d4ce5a8 eb4c5e0d 91d9e044 e8389351 409eca9c e1cdebbf e7e4259c 0eb82164 c09d9072 a30a0d0e 0c7d6be1 419213f7 77f3f203 61e44d97 8c9f47b3
+Test: Verify
+#
+Comment: random test vector, size 48
+Message: 26f1e261 2f299677 39a594c4 b3f61391 27e65243 680b30e1 156510b6 74b96fa1 2672f9c3 36074278 695abdf5 b875e3d4
+Digest: f884b57c badee2d5 e5d21902 0c3c4280 eda963c3 1b00ceb6 96bf432f 2795c7ee 224936a2 931f5fe9 c26742a7 fdf38fb9 1cddc663 c294e107 9e52a2bf 2ccb7576
+Test: Verify
+#
+Comment: random test vector, size 49
+Message: 9f9afcd3 8b36e843 2a56ca46 6bfc68cd 7179e3bf 14f79d51 24b743a8 4bc86315 ef9013fe 51d1f9df 4041ec42 c921dcf2 4b
+Digest: c06b82a4 21ecfcb3 28b07573 2b1ae8e2 0002ce5a a9e241e9 abc1261e 51a2fa2e ff50d62f 579322ac e5693cfe bfa3c36c 939f4ada af1ba1e1 058f3057 e13a6c9e
+Test: Verify
+#
+Comment: random test vector, size 50
+Message: aed8161c 36e6777e 8ce85d18 49232ce5 24acfb81 7fb72210 82d3627d b3a7e22d 94286ac0 2b4aca0e d155179f 170acdb0 6e22
+Digest: 87681d09 7d072855 720818aa 79f8c5e4 b65c7b4b 18115f7c 6693fcc1 e450dcba 9e4f6949 5e7a6557 681425d0 bf0f67e3 f0bc00a1 62723d99 f9c707f4 89985805
+Test: Verify
+#
+Comment: random test vector, size 51
+Message: e9c231ad ba0f8e00 4d1db513 5e5fb4a5 4d82a3c8 b302a531 e453881a 9576a6ae 5c9494a4 90698f80 0e8946de 66787682 be9a33
+Digest: 210c804d 9de5c464 b1d385e4 0be1fcce 3f1138f3 07bb0e7a 28fd92ae 4c96e53f 6a45e77f 6db531c4 4afad7e4 617e922a 2f784004 3039f130 be4db06f 57a30c46
+Test: Verify
+#
+Comment: random test vector, size 52
+Message: 97b16833 b21f6af6 4ab0da7c 5b0de9ef ee294a7b 54cee6d2 3d0bebf9 1ca1eb55 427188ac a22177b2 a2a9ec3e 9f766fec 5421cca5
+Digest: 69daa22a de654146 8d49c99b 2efdb372 b20695bc 641822f8 fb28d8f9 13bac5d5 56cc3766 2bfb1967 41ae88fb d546c5ec 63849fe9 705c7b48 4d3c7522 bac6d4a8
+Test: Verify
+#
+Comment: random test vector, size 53
+Message: 81e9a45f 0a39caec 11987978 e9dc5104 91b4d618 d77733b0 2085a5fa 6b79c5ba 8beb9f67 ccea5377 2bdd54d8 1555c983 8a33ce35 7c
+Digest: 2047bbee bd6bff3d 41f3b637 019e23a6 b14de715 0daeb5eb 38907a69 d7683f52 2659980e e667f8fb a79ceadc d1d27a99 7c2311d0 e9b55154 775c91ff 7420aad4
+Test: Verify
+#
+Comment: random test vector, size 54
+Message: 22d157ad a41ddac8 7303b168 b88eed14 92a49c0d 64d128ab 066e0c89 811844fa ab11a9fc a802bb10 e6d179c2 16388f2d 89b22bd7 8140
+Digest: 656faba1 4739f50b e2cbee5b 4b6a68a3 d984380e 648db57d 292acaee da539f97 5df611bf f4aa2412 2a7ed150 d5c62eb3 84fd1114 ac50c3cd 4150b151 ed836def
+Test: Verify
+#
+Comment: random test vector, size 55
+Message: ea785fd6 a5a84f50 25677bae a20916ed afbf6142 ccf6e4f2 17b260c3 e68c400d 4d6c25a8 f109fe96 d2bcd92d 89c79292 72e96d80 38a4b2
+Digest: 912c3753 c24f4e21 e6f1d6ad 00200239 293b31e7 8949eb1d f8479a72 accc527e 9c892d14 55718a09 adbb0bb1 015c0599 44a90866 d33dac52 6a1a5f81 30406324
+Test: Verify
+#
+Comment: random test vector, size 56
+Message: f3f365f1 6050a4eb 535fc59d 0152ddca 368d1cd8 16ba1756 4bac1b4f 97b78249 ccf80f7e 9e45b17a 0b5aa506 659c60e0 acf2a980 8dcf1f87
+Digest: 49efc51e eba32acc 2763b470 18bb7a51 58981f47 b675c0fa f470774a a7ec66d3 172dc945 c6a78ea9 0830282c 9a0c0210 ac846145 1a76c2c6 dd60774d 2ccca25a
+Test: Verify
+#
+Comment: random test vector, size 57
+Message: 48739df5 735a2954 01711478 75beec20 0e520e3e eef31a94 aaae4b5f 6dec5e67 644eede8 90c53961 b9379bef 47925f35 5cf29c0b 11854343 1f
+Digest: 264e5b92 ad279991 b6dc8bd6 604509b4 b9f1220e 81db79a0 d9a17732 2dc4dd37 733cb9e8 51afe7a7 6a3898d7 fe5a38cb f32cfc1c 1cb81b72 39c84fd5 0c9cedab
+Test: Verify
+#
+Comment: random test vector, size 58
+Message: 9b2add0c fda39b59 d577f9b5 a1e76671 9081280b 9eebeaa1 6d698619 8674c651 05f2942c 82a528e6 03506381 ee0606f5 d0285394 10a1d36d 62fd
+Digest: 7905c8c2 c15b5be5 53b81e7f aa29bd48 23795bd8 fc197be3 f2ef1a04 7ef199b4 baad58e9 ba952a31 cf82c02c d804f672 1116d767 e5647b48 e4765a23 9ac36d69
+Test: Verify
+#
+Comment: random test vector, size 59
+Message: 964eae77 df40c447 1b1b38b9 711077a7 2ae0c3ef 19df6c80 2b145ac4 77e33bff b6139df3 9f719f89 8f524acc b671334d 3e2d9989 9a204204 18c1cd
+Digest: 90b9b820 35ec8419 6b18ee06 2bfa5a9e 59c7459d 0d4ed42d 1c45846d 864ecd7b 97c7cbb7 ae9900e5 f33fc804 13aac085 c33138bb 6565cf28 c97b8eb1 8f5e031a
+Test: Verify
+#
+Comment: random test vector, size 60
+Message: 39e1cd44 f0058fef 0aa16d2f 80e90e79 f7ecc402 968f964c 2ff518b7 2c320755 075ac813 738c0e8d a06655b6 23dd6356 ef791ab1 ee02cf67 c2d0ebcc
+Digest: abc6fa9e bcbf6353 faffd998 28718d92 a27e5623 890c90bf ee6a83e0 3431ce2c a1338b76 2b58bcda 971cf075 7e9cbb7a 83c9619e 15e15061 7cfbca06 332d8c2d
+Test: Verify
+#
+Comment: random test vector, size 61
+Message: cf614023 f6343c1d 3178b5ad 3e26ef24 c4a1d7e8 0ba59d89 4dbb040e 5bda2022 9b6db55e 1ff7be20 4852afd7 72faf875 3ca5f401 f9f39b43 17428fb5 73
+Digest: 19b366ee 0e96382b aa5ba4d5 eceabaa9 f7915d61 3e02645b fc6c61bf 75a81cef aa9935a2 8e9a7b8c 92d48932 80207962 94388034 c816f89b 914c8771 834c69cd
+Test: Verify
+#
+Comment: random test vector, size 62
+Message: 8dc8ca4a ca99fae1 1aa9ce85 405e9f3c 3a7dc6ac 5b77a7f8 72573338 ab320b4f c9a79d2d 533aa9a5 f1a8d053 b9b2c71f 7d1ecab6 c05c0fb2 e995a892 731c
+Digest: 01de5d37 47853adc 30f25bc7 c82e38d6 2e739e8b 69fb9104 c5c21f5b 610506cd c2f876ae 2fbf8002 970fff77 15339f44 e310098f 6b05085a e973bbf1 9aff0abc
+Test: Verify
+#
+Comment: random test vector, size 63
+Message: d5a48e98 83c9025d 1cf19922 9f97b28f d8995cdf 3919dacc 8b28ccce 9b3e1a82 dcfc8083 97935cbb 77b1fcdb 7bde3fd5 9d42a15e f65e4f85 4f064a02 edc34c
+Digest: 10057da0 87a1612b 79ce4f1c 88683e99 f7efbe38 45c0a9bb fc1a4684 0f858ec8 7d93c449 c8ccfb90 dbd5e806 48390b6a d151024a 5881496d 9520dea5 de7039f6
+Test: Verify
+#
+Comment: random test vector, size 64
+Message: e5ecf70e 4f7d1134 20a5b767 457adb05 c633a5ce faf47a76 72f5719a 416690ad 2f09d4c7 870cfc44 81e4354f 019cf869 53536804 6350ea7b 6559dd86 67f3e34e
+Digest: d16ce8d7 bc443814 5c479d60 0fd06b05 e1409587 fdc95b63 69c389be 12b8c543 34f1ab84 0ea8980c 15d1fdd1 0424e036 c4405cd1 24f90d97 c1fceeca a569e526
+Test: Verify
+#
+Comment: random test vector, size 65
+Message: 11a97df6 bec145c5 38d80e6e 5626e5ae 0318ab3e 1f8392f3 c7d106b6 1de09c6b f3421952 b1674b23 b36cb3ea 3c657b75 323c9aae 9010f0da 1373f24e 260cec04 10
+Digest: 660774a3 9ef3225b 515ae159 3224fe90 7c8ea38a bbcf241a f89c3bed fae18c0b e22f9f36 cbb27d51 d1819804 af314d01 2217feb9 b03e767d dd13c7db 21ce25c6
+Test: Verify
+#
+Comment: random test vector, size 66
+Message: fba05629 c80deee5 0717e006 1bbf0a50 8b4e095b 82e3a90c 28bf9703 54649b01 8b6f118c a2859a2c 3963579d f4cf0d06 2e78e446 f043fb47 fe710e66 7d174e4e 0c05
+Digest: 447b5ace 28e9533e 1b8004ae 136b4c94 595bdc1d 5e9ac25c b4472ed6 8930537f dab0602b 640b2dce 42ab4bd9 2cc633bb deb04093 57d335e2 95d8e5c4 a3888cb0
+Test: Verify
+#
+Comment: random test vector, size 67
+Message: 383b037e 7d030817 38e929eb b651750d 480d30e0 a426171b a7e33bd4 10c88ae4 a37fdc09 5086a3f7 e049720a b6437b5a 530db79f 20f5af83 d23999ee 40fe71ba c6ccf4
+Digest: b78f1302 04083b8d d816e08f 7a854423 7da8c5a1 26256f51 21b89e21 08efe932 37eebee1 5af3fbba 39c27160 ea2d0f20 3724d3b5 b19c478a c274621e 373d4945
+Test: Verify
+#
+Comment: random test vector, size 68
+Message: 16c177ba f957e85f 4d455a83 e738f42d f7212cc2 9c84934b 92a1d0f7 cda025c2 6871fcf2 1e096dd6 7b85b372 b67f640d 060d54de 5b4addca 70a2414d eaf5d011 38bfb840
+Digest: 454ef4ca b6e37227 0b93cc03 958b42f7 48013bb4 01561d57 35968873 46d07fb8 ed8049b7 d000af65 16c473a6 e91fe322 b53aa997 0f0b47dd f63d64a2 9a0e17cc
+Test: Verify
+#
+Comment: random test vector, size 69
+Message: 9de73e2b a42cf799 bd97fc81 d822d1de 22de75c3 cdecad72 43f6bbb3 1859c6bd 90646148 6c427bac a05d9d9c 345ff3ac 4e83ab81 a2a6a6f0 307ebecb c255f23f e84b2f08 8a
+Digest: d5be90e4 2b7a07d3 457bb2ef 62c9e2ea 2792092a 056983cc 0e799f81 23f551fa ce72a074 e53f54a8 4552c334 ebada404 91a0653f 919485d8 617e3a58 2c74ffb4
+Test: Verify
+#
+Comment: random test vector, size 70
+Message: f0ba8c05 7121a542 0b118610 497d28cb 3b44d315 db8ff66c 70c8a49b 42ce9451 b1c79b76 459e8786 7e752d83 06d020b5 2949fd8f ea525c96 6633cdce ae6758aa 913afa47 6897
+Digest: 0975788c 3f09903c adc71560 2be327e6 f478ffb9 f37eaaee daf0c22e a5d4546d 260b5cef 3b686a7d 866822b0 c58a8285 5b531989 30fcac97 310ab2e2 4818135a
+Test: Verify
+#
+Comment: random test vector, size 71
+Message: 4be17358 f3e9b177 596dbc00 07d54b30 0dfd5870 b29469c6 e4c657d7 3f4872a5 3dbca44f 3bef69ae 726c4c47 38341693 07d8e56e d46945d0 759294d7 a68cb12a f76ff02f 75a2fb
+Digest: d01eb6fb 56d01a19 d7856e6a 4c7a381e dddd485f 47f24b2a 7e65cf41 15104b4f 93577fd6 834c69af efb1181b 1d7495c0 01d86c97 b5d07e98 0f0109df 5bf51a87
+Test: Verify
+#
+Comment: random test vector, size 72
+Message: f8354393 52c2229c e651606f ce4420cc cfd988b6 de36673c f957a2bd a50e7891 b419960e 90274079 54f247b8 2df6b023 9ac743a9 bd9817bd 91b450be 5a268fbf d99fd0fc 5a2dac29
+Digest: cebca5f5 96e31665 fec9c7a8 ba1808ca 5d19ab22 4e2e1a2d 50ed798b 639b946f c8d1619b 76090dcd 5e9a49bd 8341ffe9 559d0be1 e688dfce 2ded006a 0998c4c3
+Test: Verify
+#
+Comment: random test vector, size 73
+Message: 5d1689b5 7df18c36 8738886b a450c8e9 23193c6e 4a5b10a6 777ccf3b d2977919 4890c019 a1f8f4cd 3a0ae0b8 361087f6 c4c3602d 4699baad e60afd88 b4992e9e cc0486a0 6350ab40 86
+Digest: 14e9d9e7 c89eee5a 432c580a 02465ced 9467b14f 002f3d22 fa8893da 6b6059ed db75f2df 6cd3e3d6 1b4702af c0fcd496 00cac21a 49ff8609 74aba62a fba36da6
+Test: Verify
+#
+Comment: random test vector, size 74
+Message: 426bfcb4 f1f17d33 82c8d98f eb21173e e3cc6152 ba036912 dd1a72a0 62b3d77f 4359a612 5b501163 b566b420 66579405 56b82784 fdae8277 310e3689 441c5b69 52395ca2 9aeccf94 0e1c
+Digest: 3eaf3603 93166d23 da6a592b c124adc8 4cc89702 72982558 92f81759 7b45483a b041e54f ec08b653 e2d77200 1274305c 6f52db91 f441ece6 27aa3c83 fa52c309
+Test: Verify
+#
+Comment: random test vector, size 75
+Message: 54585137 8a470d48 2dd6a935 6720b8bb c5e9c423 e46ebb2d c590a39c 19ea1455 f9e220fd a43828b9 f9c17e20 cc6b7120 e7231705 1c8426fa 0842cf0e 03863e29 267f7359 9f5bd269 c5bd68
+Digest: 06be919b cd2629c1 02cae5af 6c7793fa 0ec1d736 c838dd41 c0ee7d58 0af9865e 53d25fb1 049bcef4 2d0e5816 08d349c7 33dc2072 48d31065 79ea37f3 528dafe2
+Test: Verify
+#
+Comment: random test vector, size 76
+Message: b5b92d1b 55cff56e 6e44462d e07f080e b48b6c58 f6efc541 71522935 d8638c2d 3cf5ca19 df793029 bfef2661 ba5a934a c030f9df 96e65cb1 d3bbc896 7a9c5d48 95df15b5 d3009dbf c161cc50
+Digest: e510d446 991027f2 00b8efe6 f2f0fe16 61cc3c25 041333c4 2a3af62c 97da70c9 384235ee 315c539e 891bc404 92533579 6255e1c5 69199ef0 c937ceb7 4b0b9438
+Test: Verify
+#
+Comment: random test vector, size 77
+Message: 76f095cf 94344ca3 2b66de7b ed39cd6a 8927e76e 9ce628c4 f86c729c 5643de1e d13ad7ef d0de4730 2c9adf57 1c95ab94 d5d7db82 7b176e02 e7ce17e8 91cec27f 58b9533c 29500a3f 339299d2 07
+Digest: 788848a1 09f85325 73101fcf bea9cd14 9ef297b1 3cb18849 de06da17 e19f1e8a 35bfb408 65b9b33f 9d4dc15e ca70b9ca 775dee3d b88edc47 b58eba48 ffbd7ac9
+Test: Verify
+#
+Comment: random test vector, size 78
+Message: 2037617d 4290b110 321e1440 ee5c446f 3b1a0424 fde0f79b c78bc1d4 7bfef82d d808c393 fa9939dd 5b1ad36d a7e66bd0 7a51a12b 9f0f7101 bf353ca5 6fccc2ed 52452628 481356ab c51056dc 467b
+Digest: 4ee2b91d b125ebb6 eccaed4f e21209bd 562dfdd9 2f65d8b6 b4777c0d e6800055 67909f53 4b9b97f5 6b80963d 9be0dda0 aa30e3d0 18ff6d7e 8de0f2aa 76dbdf08
+Test: Verify
+#
+Comment: random test vector, size 79
+Message: 3d34acc0 47d67bc3 c47e9329 a27f27da 3f2c45c4 8be43f2d 9815c439 5b0b78c8 890cb2aa c5f92136 db7c1534 63eb5a45 e2edeeba 3cc54fcd 3a72f3f3 13ea9e3b 3b318587 4ec5073e 523cce4e ddf33a
+Digest: 890b948b 3d9a5b29 f2706fe0 b0f2fdb8 caee0f2d 44646902 ba050522 1631ef85 b33bee15 0fe7f82f bd59e251 290c5458 9d96da09 acfe3e60 21d25b97 914aaf7f
+Test: Verify
+#
+Comment: random test vector, size 80
+Message: 2106183b fbf89811 4699d942 71088a44 61e07143 363653dc 42caffe2 1f2df2e4 c246c6bd 2d2f13bb 3bd36bd3 684fbee4 b16d947b 962c73c4 28075fe2 e8e34be3 66a341c8 5758cccb 029db131 89b5997b
+Digest: 463416c7 5c59b6f4 f82fdb22 0f1b7a38 054225a2 ca77903c 64172071 a52aee0b 3cb63c12 ce43fcda 7e6afe87 f34d8d1b 1f8fd2c6 276c1f70 ab9e095b 5f1af2e8
+Test: Verify
+#
+Comment: random test vector, size 81
+Message: dd97dd00 a0e4b9f9 fcf53ff1 6a4e6828 c1cb8761 48d66e5e 350f99ae a805c620 549118bd 192c98f7 a1cce531 340cace2 5fbebb8d acdcba94 527a6ad1 d2b56535 bce6ad71 a101d2ad 567ac52a 5b990e2e 63
+Digest: 2f4d0e37 216a5a31 cb555922 c3d54d16 5ebf5c34 6a8fa824 c295d35d bc876bee f726e2ef 7c0dd1f8 2449925d 0b1a902b e59c2f78 606c936a 9fc4efa2 c709cc50
+Test: Verify
+#
+Comment: random test vector, size 82
+Message: 5196226a 7eee4648 c5498493 cdcdd3e9 385c2900 7816e266 29631618 22f7fe06 d624d32b 679cf7a0 a03ebb0f a8e45985 f899bc37 09ea4d15 23fe62f8 dd3bad26 dfb72dcc d0d18748 022aaf96 32deaf5d 4d48
+Digest: b621499c 2f67862b f1e330c8 23beaeab 44231d27 da50d459 fef38a2a 313851d4 8e8b42a6 5539e4c0 46302c43 5aa29623 5173a79f 2b74d554 853b2bcd e9353ec6
+Test: Verify
+#
+Comment: random test vector, size 83
+Message: b326cf0c 04a43071 d75684d3 6239fa67 5cf71248 464a0964 d6975d10 ec81103b b09d9992 b79b1ae8 4a7d2e90 acb80f60 cf74e909 6b4e67ba 947b7c2e 9a73f54f 5f92ba39 20268545 60f4ee11 b844d0bb 7b5594
+Digest: 32023093 c801ebe3 eca174de 27cc12c8 411eeafe 14fa446c f6016865 106261db 9453aafe 94fe4332 b4ed1877 4067c60f d84750a1 809e8c23 736ea46e a1262b20
+Test: Verify
+#
+Comment: random test vector, size 84
+Message: f606d716 2ed304ba d6fd17fb 25902956 26a65109 3f06a5f6 39a8dbf2 32365c3c 855b9228 4c4fb010 9021f80a 97fa0a16 b0e0e666 d3fb82a7 8027473c 5bd1ac26 19c3166b f67bbf47 1b4b3773 d55b8922 fe7caf09
+Digest: e8fd50d2 c72765f9 0a88f2e2 d0b9c9a4 1b676387 4f80cc63 71f65496 5ac86697 b7ce67ba d1b897a9 8104c913 76edd050 8c8a7892 981fc7a2 c9712594 6417628c
+Test: Verify
+#
+Comment: random test vector, size 85
+Message: 54b88e1a c283eaf6 e8a3540f 2cdeda7e 6a45b587 d9cde8ae 6fb24b5e c2b0bde2 d59aedf0 009ebb90 cc3a85f9 982658ef cfcaed32 3085fe66 5f515925 dc0e070f fa2efaf7 9be7b152 d1b08538 2ab033fc c76962df a6
+Digest: 14758899 64cb0e04 ee5c9307 575a9503 f5eac446 0ef80eb5 9217fec9 25b9c042 c67c6c1b b09683ec c42acbbb 1e1f5268 802a4c0f 9a62ab0b 87d552fe 8fcdf5b9
+Test: Verify
+#
+Comment: random test vector, size 86
+Message: e798835b 4d691a57 c830d175 0ce59523 87e8ef8f aba66416 5f8136aa b72b5c96 b16fa8fa 2fe816a4 23f6d9d5 d512ab58 6ef8fefe 60c42721 86b6d05f 63678189 97987595 d4eca033 cf096272 162bb74e 73741a9f 9055
+Digest: 026c397a 1ec8cd33 edae4c05 4812762f fce3a3d8 14abc4b3 2d774435 08985686 1fbd40cf f97553b4 b5defa29 71c92905 ef5de290 027456ea ce688a42 5ae3628d
+Test: Verify
+#
+Comment: random test vector, size 87
+Message: ac349974 6daf8a05 2ba21bee ed4aa927 51562c33 5cad62aa 045abc8b 52681475 8c192565 19150f1f f5502f98 69c5f1c7 fc115f62 c42e2300 84cdc8cf c22e689d 32c960c2 72057d87 677f4f3c 3dbc9c79 768325ea 9d551a
+Digest: 8a034cbe 6da4fc6e 3488eea7 cd84713d 7d4218b2 2d49970d 85c1a20b b19dc484 aa605e0a a4c1d019 b4b3df81 f7099d98 5dbc83f9 96d8991b 2c747be1 84c766ef
+Test: Verify
+#
+Comment: random test vector, size 88
+Message: 65496f54 4e948ddd ac0cc947 d75ef190 5917d97b 1eb9b299 d8306d03 c72ff9b6 cbabe2c0 b5c11dbb 8dc81fa4 3eecbd1c cf9efa6c 6a439726 5b6e576d 9eb99fca 33ac1fae 69c9d275 33a67e95 4b5571fe c573b171 765a1e77
+Digest: 30ff8858 5a9a98d7 22b56d67 e63ea78b fee605dc 91cb0af2 4874b15e a223da34 b71d5c31 92ef4fbe 3279beb0 2552a83c e5bc138d 2b3a4e98 4f3c24e0 f54559c0
+Test: Verify
+#
+Comment: random test vector, size 89
+Message: 735f7955 e3e66da4 86689cd0 1f2dada0 ac260438 17aa4971 19d02ca1 914a0b7b fc09d573 c654f4c2 8b746ed9 066f730f 9628e271 f0c13923 1193cd10 1e96f462 75f9f72f 3c630f29 78056e0c bf771e88 e402173d 8d9d8d31 6f
+Digest: f2af115f 3ae658e7 c9336fe4 18fa5bcd 3c0abcf6 502fcadf 4d7f2c70 d62ad235 e1cd5c8a c5be44a4 67aafe9d 4d393a2c 1d542b9b 11e00b28 fd4fafe0 15670d78
+Test: Verify
+#
+Comment: random test vector, size 90
+Message: f560f636 182d659f cbd9f728 60e99aab 62681af9 766a9862 530d25e0 cfd4fada f2f0c47e 3a0cec62 240c7fef ac70cd79 91853411 767b5f9f 6be99c0c 266a3c4f aa97fb65 51b6f377 3dd03d21 8fcd28b1 f79b9c40 c830538c b242
+Digest: f9c9817f f9591ade b6903f20 9bb7a8b3 218e14c7 93dcf61f 16aec8ed 645e5b99 5a728390 adf39edc 6919a6d9 2d5c9c5e 4a208ea2 1e8bc98e ed121edb 8741e566
+Test: Verify
+#
+Comment: random test vector, size 91
+Message: 5430e9ad 56617943 da5b3e3e aded9a94 9add8c55 b54dab71 4b171363 e84be3c5 94b79217 1d6165f2 c0aae774 2874e403 8957fe03 c45a05af 90d48dfb 5a6e199b a18861a9 7dc6da4c 4589653c 78f4ec53 fcc64d69 74a6deb5 4d9cd8
+Digest: d5b2b5b6 ad49943f 237f2565 834424b5 849e2d61 4cd9a85d 5ef8c48c 8de05f5b 8de0e9b2 f5f26a84 a91ebfd0 18482d29 de787124 0747c573 f10731ea 98f91af0
+Test: Verify
+#
+Comment: random test vector, size 92
+Message: 6f70b21c f3ce0f20 1f5e6543 cffa5da3 606829f2 be1933f6 a8fa2df5 4b40f102 7f222a66 b4444e39 7853b567 8dc267f6 7c691f9b 8fee09b3 bb61f71b 8a3cc92a 29d4e1eb d35d0c6d 09d3503f e6c1b12c 9301dee4 78535711 95952639
+Digest: f589f1cd cedf8e9d 57e91b75 04ac86da fe176a51 19019143 d7126983 05a18c15 7fb4489c 121f207e 28c4ba7c dbedc49c d6aab397 d82ddc6f 448d3864 0b5885af
+Test: Verify
+#
+Comment: random test vector, size 93
+Message: 5a508dbf 4c4e672e 9e87d595 ff6bd251 5b0aa9c1 3ab3394a 4861a360 ac46c758 768da104 ac52806c cb7a6332 98783e0b 93626f82 3b5d1c85 22fbb65e 001fa85e c4557e12 ea84688f 772583cd 79b6e343 b7386073 8c6ad35b bb5342fd 8c
+Digest: 7a7ad946 6d72f9db 4c5dbb20 fc01b61a 621f3fbd b2b619e8 a851ef20 f2aa4cfd 03883cdf 970bb915 b0e695d9 f9fae808 a4e8cf7a 3c21245d e0e9db88 7e743f4c
+Test: Verify
+#
+Comment: random test vector, size 94
+Message: d93734c1 57292ddf 2834d4bd 00c69588 5aa193c5 e68bc4a7 fca99f85 255c63e4 fcad591f 92af723f 482855f4 dcceb866 080a12f6 b5602fd0 44f6fae2 e3f0f287 b8c97674 3a9e6a22 4432e332 4350922b a7c17aa9 7828667a 0b320f7f fb67
+Digest: 29850664 dff19b6c 16d0bae9 87624d5b 635ccf96 1c648354 0562de88 5df225ec a80fce02 15ac9b78 fc836398 3e88bb92 343fb445 667d862d 0904252c 478d45ba
+Test: Verify
+#
+Comment: random test vector, size 95
+Message: 44efa7ca 42e5caa8 24bf8092 52a08694 952d0333 8ddd002e 1d7a7064 5b204f41 c83d4fba 27535e73 2d87c702 ee045dc4 6856f034 c7d94773 53de56aa 7cf81e27 b092c61b 02897aaa 908f8587 275e82a0 f2deff91 e1f826b7 991736c2 2b1fdd
+Digest: bec32b82 c275a519 e26ccee6 4c72bdcf 0abe4335 92baeb18 09915603 d2755737 3eb1216e 1d480001 a80c864f 1ec7f342 08400897 7f402aa3 26675e5a ec15c323
+Test: Verify
+#
+Comment: random test vector, size 96
+Message: ce3d3469 e4c3a341 fa608fea b597a229 ff1fc076 db3b886c e57aec3e 75da658a ad75c63a 41ded450 9acda805 92e64c39 7ad252cb 66513159 40b26de7 61318cce 98aa4b38 3a52d8d4 548f0cca cb34e265 2093a382 2ba3d37e 8f2dc6a1 e6d2c88e
+Digest: 218d6537 98e0f458 a54fef56 e78f807c 7dd64dff 2cc61857 4672f21a c6411a4c c2ebbec7 253effdf 6f2e474b b02b8f62 ee277ed6 2b9afbcc cd11a1ac 378fd308
+Test: Verify
+#
+Comment: random test vector, size 97
+Message: a82614f4 ef8a60ca 0bc34edf 726e1979 89f752fc bac1113b 22b58cfd a20ea95c 303535b2 ee274b64 f072036e b3c9be89 a95358bd 5db526a6 02d47896 01b06138 59b97b82 14ae9941 42a2a471 a58d220e afb753dd 61ad611e fdb5fedf c585de9f 68
+Digest: 12dcc83d a1c5222e 845c3d67 29ec89bf 985a9d07 97d9158c a20cc449 935a6867 edab0ff6 f3be5515 c32fed67 ad14ef14 ba5e2741 c6eeca7a 2f565a27 52fd34ad
+Test: Verify
+#
+Comment: random test vector, size 98
+Message: 2748f781 a2f90904 31fd7772 9b8b052a c48e11cc 1ef49859 a64e6ce2 6615db2b 933cc201 02eb1f9e f8c305eb c1a60b9c cb94a62d 542a55dc 66421b0f b113d491 447f7aca a1cee2a4 268467d3 b46736fe 588bda46 0edc28c2 1219e31e 968b1bb4 6a8f
+Digest: 04a64402 c9e18ae9 9c215892 4c74dea4 93bc7fed 5c40eb5e a0b9017a 54e07b6b 3a11a4a3 5df984dc ea17b864 494b02a7 9c8f912e 1add5831 faae87d9 adbea814
+Test: Verify
+#
+Comment: random test vector, size 99
+Message: 69707354 db8f52b6 dd777b52 73d5d988 91c9982d 25ac19fe 8606acfa 9cc9a738 99df1a3c ed7e0519 4bc99cd7 56dfe5fc 650a9c4c ce09a062 499d5402 478d1031 898353dc 07a212de 6dd017da 8f3c105d 9377392a 43d1c219 6912b633 61c66664 9471a9
+Digest: 3fd1419d 384bf1da 48541091 c843ace9 ab53ee9d 147ebc19 9e9a47ea a024b4d1 41330b93 51589193 795f2d38 d4d16765 31b8334f c3150a44 d6d28e9c 05fa27cb
+Test: Verify
+#
+Comment: random test vector, size 100
+Message: d8271f5b 6771cdb6 bb1e10d5 d988f02e 9ac74af6 9f28a0e4 36698440 c7846d12 87573e87 ee1d5408 a42039cf 8de3ef3a b5523cb4 8dcabc1e 4e36bc73 dfa07efd 0dfa0bc6 bbd01673 c3d7d882 636be28f 7666faa1 200c23b5 bb878151 9c477424 05d9599a
+Digest: c9f5e0aa 4107d5d0 3857f8cb ba210840 61b93e5c edf53599 83c37af0 10489aa5 af09daa8 1cb9c6ae be9077d5 12897152 a561bae8 b743ff5b b13e7144 ae910461
+Test: Verify
+#
+Comment: random test vector, size 101
+Message: d4933e50 fd087bf9 712cf60d a03ee7a5 c71afd3d 0c0f730a 7a919fdd 397a4932 30e383e8 2fcb74ff e4ebcfe4 d6dce7de 432ea3b2 d5f10d55 03651cc4 72e6c29a ca1217d5 94a0c52a da1c5de8 b0e0cd38 4f86ee91 3f329285 364a9c92 1daa81cd 9da156b7 8e
+Digest: be15d273 73d5a229 f8ee4b76 6d47503c d5dcf0b8 a9fbc348 72ead56a ae3fb11f 59620751 6b6963e4 638c1baf 5264d50f bd2eae89 ff3b099f 2eadfff1 cfdc25f3
+Test: Verify
+#
+Comment: random test vector, size 102
+Message: 3215bab5 1714ac72 08adc78d 7c3b2552 68a5006b 4ec77670 e8dd8d7f b35ddef2 6b0ae6df 18781595 b24be08e c9ef413a d3b35ee0 a9f2b391 c294c7a8 3675ae2c 8b58f09c 9264c6a3 7a43a9c7 76d0cda2 5af6d55f c0246e0b da7db8b2 5c5a4e2e 5e774662 da78
+Digest: 4b782ea5 09b44fb0 259cd562 27576599 e20e0f4a 3a567570 49524bdd 92c1fd8f 626b3d7d 135fbe15 ab037dc9 598b24bf 783f7da1 a42c607f a7f21bbb 6de239d6
+Test: Verify
+#
+Comment: random test vector, size 103
+Message: eab1622b 0999b3d0 713eb49b 1179604d 4fc8dfb4 6bf9d0bc 9385f21b d1d48cd3 ab1d8995 d5afcf4d d70d5406 6ecbaaa7 1accdd2c 3d5c9978 1e58296b 662e828e 5e89c1f0 4e414c80 45da35bc f3e12150 19e9550b 3b509f3e 1b79a1a6 23bf4486 4e2b4f87 7587fe
+Digest: 910c9f07 54700f30 18d9da31 82f3f15e 711e1460 274c8565 90405856 e8373dd5 fbb4254b ffe0ee00 a559e429 0b2224e4 b7bfee38 7731ad25 b9dfbad8 d0140b0a
+Test: Verify
+#
+Comment: random test vector, size 104
+Message: 81ef4dd8 54b145f5 892780d4 44c7e846 f417b0e5 e9665fe0 a5ad6047 7f42ccaf db1ab3c5 ed5ddda4 7f9efee0 2134e147 6da41de3 b5919708 5e21730e 3a8fd45b e209cd34 b2526c12 0c047b5d 16353bd9 b10ded17 fd00b15c fefde949 3b8546a9 bb6823ae 50684f84
+Digest: 51b44eac a53da375 4963f6d7 dea38f26 667eef75 ed612937 020b3cd6 514aac12 6acb6520 820a9998 4d1494f1 3c1cefdd 4e7cabcb e4290c69 bfa0bfa1 0c64153f
+Test: Verify
+#
+Comment: random test vector, size 105
+Message: 923f5683 bcfb1181 082d1d1b 891ab9e2 832a222a 576ba5ef 9c0806bf 49213c94 f29bedf9 51bf960e 5ceb09ae dadb7754 cd23405f edd9b34b eb6c21db 56fb9860 8fbd3c79 6825a41b 2f900a33 0e7e6c90 ff831feb 6a3a4f0a 5a7ceba6 ee104300 3fa91fac 6bb45914 9b
+Digest: 56488b85 d6cf4dad 3097ea67 3cef1878 5f1a42a7 089e9634 3da79c90 ab2c8439 f676e14c a15f1e79 f0647f70 123e48a9 6ba2c2e7 d5cc67d7 384af126 1a36ccbd
+Test: Verify
+#
+Comment: random test vector, size 106
+Message: a91e71ad b5851cfb e234df78 337875fa 9f93753a 9fc951e6 4d98fcf7 46f054d0 e7dce9a7 362fe082 676c18fc 5e60ba7c bb6e860f 3623b270 528866da 0e77ec02 038567c0 4cd300f1 9e9b43ae 180688ad 0fce26a7 9c2baee6 0cba1c8d 6ab3d941 52c3f927 1cbc03fd 4365
+Digest: 13def024 074f82c7 d86980a3 ed93ff45 fc696741 90afadb3 9b426ac5 6a2dd588 cf709f93 27a80cfd cc10f5fd 3ad54196 1b4d4c56 a46aa250 80860330 03cf1805
+Test: Verify
+#
+Comment: random test vector, size 107
+Message: decba33c 3f38b625 5f72f0d1 816c9b88 e3927017 429020cf 8453581f a61256d7 9ebe25ab 82301217 65f5c30d 0f7a9296 dc791c9c 26601d50 c6095858 3cc310eb 3857587f 9d709dfe bbe2b4a8 b087c45f c8aa754a 097f5f45 045b450d 43b742a1 6a0b1cc3 5f5be702 2cea22
+Digest: 0f72da4f 4a9f6b50 e213ef11 a5539c10 aff0b9c7 609e5404 5029d454 09e0a81f a3e332a9 7be35b9b b54b2e74 f65f24db e852cc45 5d0d4150 3d40b4e5 ce8f3808
+Test: Verify
+#
+Comment: random test vector, size 108
+Message: 06fe3598 ac4476a8 a5fa316d 25e70ecf eb20bb3a 90a7e76c 8ba4b3f2 37fddb63 32c21c73 e0b7fb7a 158e8a49 244f2694 db95bc6c 68bdf8eb ea2a55c1 b3d89f44 8bfd0812 6201a88b 680a7a26 35ab436c f86128ff a15e2e84 cd2e2485 cfa1192c d2d04cd9 f533b32f cd26adcb
+Digest: 237d869e 2afd683b 7a6838ea 08af00a4 0ded266e f3b11172 021ce60d 07ec0c91 bfb2efb6 68a127da e1627d8c 8e83ceca ffcd5b97 710bf42b 86920c05 44b92036
+Test: Verify
+#
+Comment: random test vector, size 109
+Message: 8f59b0f8 f472ae44 c3d56437 a49a8dd6 21b5695c 348d92a0 c5415d88 4deb4058 022e6152 790f8957 b2421d5a 07e9764b b9403b2f 6366a902 747b8569 b394f6aa 8898ad73 04acb342 cf7e3be9 83da41cc b00035ee edb6c2c8 ee58d929 60787c33 f1d1ca8f e6af7957 059187c8 c2
+Digest: a918e85a d9077bc8 5686424d d3c8e40b 0bf5b787 9c6bf514 7f2c3495 b85b5d3b 6341ddf9 ddc9d4c8 979d4e0c c4dfb0d3 cc20238f 8617d0a9 12899301 5900cb48
+Test: Verify
+#
+Comment: random test vector, size 110
+Message: 00256b64 13d44435 767f2b70 d2e21158 719740d5 9f744f0e 707a2bbc d34f9a4a 9c68fed5 f0a34887 4cf254cb b3b953ee 79b35214 83b399cb 33f3ab91 aba9a31c e376950b da8213b1 4323daf1 ed227ab8 66389ca9 e518a131 8c13e13c 04adb97c a24e9f89 025829d0 7fda6da9 a0b5
+Digest: 3164251a 5cd09643 2b83af96 4007a876 cc48735a 55e11327 50f871d3 54a64e12 0d3eb0b4 1f9193b5 fddfb826 27ebac99 bf3a5cb9 07c631b0 736c60ed 4d16de1c
+Test: Verify
+#
+Comment: random test vector, size 111
+Message: 38e72a4e 4bc99e39 0bb10784 d2798c40 db049ca5 d8cab81e 1b7c6a3f 94bd4ec6 44bfe20f 5ef7bbe8 ec76624c 426dbc70 947952b5 f26d0265 2dee4eb3 9486ac11 2f58a2f8 f164b2cf 35037882 8b637a38 cfd223da 452cd006 b69505ee 7d4555cf 6f449d5e 44ad6a83 453225b4 83ca71
+Digest: fdecc9da 4bc9213b 959ae862 8ca7e529 799c34c9 c2bde5e8 cbcb42ac 66a8049d 8d35fe87 90781cbd 1da835ab aef365f5 01f3125e b1c227ec 6ebd936f 1ac3f68f
+Test: Verify
+#
+Comment: random test vector, size 112
+Message: e702442d 4251271b 546efa0a 0954c129 675aa0da ba359548 1590531b f0f141f8 aeebbe7a e478b65c 0a3c290f a85ce2bf 4dc2b175 b7aadbcb cf85f2f7 3d604f10 03288321 251324d0 ff600a5f 7aff5e02 b9d20bed ed5a7bc9 6f7d90ff 50ad0322 27ca71ff 0d1d7c15 5d8dd6a6 e7115a2e
+Digest: c695de6b c491e8f8 a0d75af0 1b3e8d6c 866d4408 f04a4970 c2295ce5 3ff1d508 3f7bc1a9 804fc51d 57402d2c 34cc89dc a2ea74ed b7c9b85c d0e0f6b6 a7d5a62a
+Test: Verify
+#
+Comment: random test vector, size 113
+Message: 6cd344e4 a3145e4e 1c58d207 6c46dba7 041e516c 21b40a76 893cb934 f66f8caa 1d284849 7f00fa0f 2a041bf7 6e82dc51 8a324c2a a20bb6b9 2226c8b8 e365f319 20092dea fdc83a0c 82cd1cd5 b95338eb 93f0ae67 52ce1036 46a05d05 3b6a00b4 4bf9fdec d1b4109e c9da66fd 4f44fcb4 12
+Digest: e9901a49 9de62bc5 90752842 56d61f87 a68f1fa6 6c37d6e5 99bdfd3d b975ec59 5b9d731c 6c1ccab3 76dd26e9 1e17e807 3d8c39ab ec8955e2 9b8aaf95 39d11619
+Test: Verify
+#
+Comment: random test vector, size 114
+Message: 645dcf3e 6f08e331 2437e937 9584f16e 85085d62 b8f93246 d1e39254 89510870 58ea1e95 9fc428df 3cc0fde2 7a17488d 34347afa 144d2e58 27e0f0d2 7ffcb1cb 30170b0f f0e092b7 14e2af62 868d0d30 6ebed1ac 5e2c15e8 925ed79c cf5c0e11 8babdf9d b542efc3 4e86cf95 a3609f9e 107b
+Digest: 3f605524 a0024b49 f94fb8cc 2dd3fd11 b7d076af 92014c7e 2f0a92b6 8dc17abb 8bb7194b 522c5ae2 cff867f4 5b460537 09c68e66 1f6244c8 0f824c7b 8cf3f52f
+Test: Verify
+#
+Comment: random test vector, size 115
+Message: 50a5ddc4 91b6fe2c f8cb29ea 617774f5 da9cebba dd645da1 3c32b5e4 638794f0 f9c35df6 c9397f19 7d638706 8bcf5330 724b1d92 2b114b8c 0609dfad fccd5d98 bbd90db6 0c0734bc 91bb81c0 c0f43a5e a2d77e5f 7406427e 85e3bfa5 a7d6c3e5 60c7386e 9ad8357f 1b1ae90b c0d1f569 101f60
+Digest: a1ae6b53 9cdde42e b676d443 fb0a59e1 ed88404f 11a22bb0 1887e2b0 b3face28 23b4f70c c2853d5a 0ee0b11b c2b759db a3ac3567 7a36caf6 95dad5d3 ff727f92
+Test: Verify
+#
+Comment: random test vector, size 116
+Message: be7b6b12 094ca213 2dbdd053 38f1898d b00e55ed a0de519f efe0084b e814631e cb44898d dbd56968 06d2c117 c1106c46 a24a0d02 428e494c 65f2be7a 5b425fdd e7bac885 80b26073 4da93f79 aa4237a8 2a00e944 54634ea5 92664f01 a71f15ac debf614c 9bff6b1c 5c8d2d39 4c3ec4a6 3d6676cc
+Digest: 8c4f9b88 d0fc2bdc 3da01438 d8f2a787 b0d784a9 a29c88cb 90bec1c8 18572cde 74356306 6806eac6 b510adc4 d906b934 d6139162 16761960 6ec7702e 79fa55b4
+Test: Verify
+#
+Comment: random test vector, size 117
+Message: 9ae28982 6ea58fa7 43ab3c04 8fe1458d d4b9a288 fda7fa94 1d9a8bb4 d8a76df2 0acafb69 d13296a3 dc21704c 6cc057ff 7162607c 88ef6770 97bc1149 ddb97199 4ba34c23 0708ceb3 87af6722 94785890 82cd2dd8 438d5b29 6187c169 537d86cd 7e7c31b9 f537a4c1 429eac69 79eb3627 3c3e5234 61
+Digest: dcad17bd 5f262def 91e27ebf 13f5ac31 0220187a 21b2d152 4e14aeb4 03ebc917 4df34836 ec8b72a7 3a864c35 96c63240 5bc11925 4009360c 4bb37b5a b4ed8d96
+Test: Verify
+#
+Comment: random test vector, size 118
+Message: 8dea45cf 8756e48b 45df7d71 f9b1dc53 d04d7703 4f2a0b5d 29b8139a f319f706 be10793a 79acbe7a fe545c5c 05719003 2d3e1ca3 893bce2e e724c025 3086f412 c8d32004 2a38e219 536617b7 bfef1f3d 9dc27114 ba67dcf8 3ff6c61f d8536235 e6dfaadb dc7786cd 1e658058 c1cf0627 0824820a a03c
+Digest: 9f3e966a 2c58365f 3fd3493a cfe68b63 bb98012f a83d7644 7c0e20ce a01f889d 8016eedb 8e098863 55373867 c84910f9 3a48eb20 bdd8f8ad 783e8cb8 4f490d6c
+Test: Verify
+#
+Comment: random test vector, size 119
+Message: 03585704 5dc405c8 f3f70989 3a783665 645fac5c e9365bf4 4803cc6d c790ab3b 3fcbacf7 6f34e049 33d5ccd0 61d245cb eac757e1 509ab9ea 577496be 6c58aa43 f91ab83d 52c55621 d1af20b8 8f2190cf 2992e266 75f253e8 a5e5a4df 97bd9dc2 b13f3335 2d3b5d61 c0f2423f 517e2bc0 6e0c4877 ce764b
+Digest: 109d4123 268ea840 5ed1f357 45baf8b0 17c603bd 9768572a 4bfbb338 601333e0 303d94df 35c7625d b0e4d2a1 0ccea425 4bd702b4 1767a8bf 3ae4b0d4 8b254194
+Test: Verify
+#
+Comment: random test vector, size 120
+Message: d62ef6e9 96518e6b b3d6e3c2 9285b18c f037e56e 9a080ab2 be82ceca 373df2aa 4124ba55 3901bac8 c2018b0e c5b9c384 4a9d1dcb d9df2c20 292bb88e 3d76d6ca 980f1cb1 0900bb92 d4fc2b65 f16e9eec aac3e846 735c3468 362021c1 260dfd81 b8e9e005 04ff7d17 9be238fb 1df0d8db 5281283b 18eb65e0
+Digest: bdedbb5e 79c19f93 09abfbb5 1fde09bc 1316004c e9e81e71 550d0a28 10720b7d 040855b9 0bed8a19 c18a076e de4f7b40 ebd2f5c5 ffe1ef5e 9974585c def0d690
+Test: Verify
+#
+Comment: random test vector, size 121
+Message: 1f44931a 17fc9e93 488af6f6 eb416f3d 0089e289 cce5c2f5 7f41e2e3 56184355 2db8507c bbe59844 1abcfb32 0e592a87 60f1a3d4 2c7e6656 da800b31 8cb964b1 5946a25f 0bed3892 00c5005d 41d25237 2ea55690 9e048ba1 55cd928f 1b749693 4efc053f 7567d828 fe3c3bf2 e559698b fa5a4d27 d252cd20 16
+Digest: cbc8546a 1e9ad694 3b749ad5 ab1d524c b08463c9 bbf4ed3e 6a9b88c6 18a7fbbc 440592f1 adce4701 23ac311c eb75375a 3ba93482 54d3df8a 68567f97 f9b387c5
+Test: Verify
+#
+Comment: random test vector, size 122
+Message: 69eabe23 54a0ca67 8351f074 1659f99a 762fbf9d af1252a2 26dc2906 a67fdcdd 4ce1bb99 3e0c4a19 d41bead5 519018eb 30d2a64a 58c70ab4 6a5ecdd0 d056d0a3 aa82d609 78758cb0 daf0ad3e ea1a58b1 9f8f3927 22493154 b46097bf 9f523015 19dd8b0e a427a860 ddffabee e5916ee0 47fa1ce1 ab6ed3a0 196b
+Digest: de83a07b 72d1637b 4fae5eb1 99ce81bb 4aa786a1 5739f1ef ddb54e06 a4e15eb3 febd097a bbb77405 0aa31148 418a3bda deb5b2ca c1db7bdf b5f6b416 62b1fa3a
+Test: Verify
+#
+Comment: random test vector, size 123
+Message: cf3ed8c0 fa7caac4 befa3754 24a3d294 fb473eef 42a2865b c39bf3ee 768a9cf4 1136aad0 616fd49f 764d9270 b6afedb7 f5126a8b 0f4d9fe7 2b214826 5cc27a64 19d23229 1c55f964 13f4a5dd 981b2448 e7d48848 fd6eaca1 b5f953c6 383acc97 9a61f2ba e1705e1a 499078dd 62b1a7d9 673ff616 5af4d0f7 8c1890
+Digest: 8406d5ea 89af5607 3021905b c14b2cfb 4396b02b 0af3638f 0d879349 0c284b75 0b5e2e66 1ac6cc0f ecf7219c 3426fd4d 5062cd17 d890366e 6edd95ef ac123097
+Test: Verify
+#
+Comment: random test vector, size 124
+Message: 73151b33 37630820 e30ecadc 3e9f43e8 b5ababd9 2f3aeea8 dda22e69 4d7c7dc2 7fa5b71a 17e55885 baec2d77 24c8ff19 34395a82 714e1855 40007e48 f23621a6 385ffe17 5d2b6f3b ac08c3a0 bf137070 b7dc99d1 4c039a5c 639c1e85 73b9a1d6 0cc2d47e 61dbf0db e144f628 e132df70 506b50e9 fbe5a9bc 2f892eb2
+Digest: e7a4c237 9d750c72 f579497e e2c96223 6cf80195 501b3816 17fc57bf 1af0a4a9 65f42ac9 5156caf6 3db08c61 f5da84d4 ffb6139e 30e85b67 4532492f bda8ad7b
+Test: Verify
+#
+Comment: random test vector, size 125
+Message: 98bd9f43 35d1a5bf fa3ee9cc 48f79aa9 a37ac7b3 f344705c b06330ee b529d7e9 962f0876 9eb02b15 126e9dfb 42e757ce 23befa38 3320b0b6 d08b359b 30f43c13 6167a027 fbfcd4dc 11351dab d782c49c ac412a12 80686783 00e5b2af eaa21240 29685bde 4d7bbfb6 7243a246 03450d51 f9c9657b 2e2fad1c 652dbe68 44
+Digest: 686ddb7f 079b867e 43811024 2bafb9ff 1ee217f0 e70ae04d 91e419fd bef11b3c c6e94f35 7d90e61e da70cd1d cd1247aa 5bad6999 dd5f187a 4a2db3d2 fd491ea0
+Test: Verify
+#
+Comment: random test vector, size 126
+Message: 2e38ad2a 14d67081 1c551cd7 55fbacc7 c5ae8d3f 13597000 5b5e5b5e bcf752f0 646f4dcb c0e1c17f 80197087 8b323a2a 074e11fe dbdac3f6 f052699c c75d618c 3a3a1a9a f3902fe5 a7f70fe2 d35651c3 c14982b9 56dc3363 21a31e1c 222dab05 c4a4c710 4c5f9d33 5267b67f 27921f21 69881406 a7d539e7 6e9f176b aa01
+Digest: 1cd38c8a 78e10525 d10bc18c 0f5cd195 b31640ce ed0ddee1 16bf1ab4 31229efd 4e5c3f0a 51dbfde1 c15b8729 680d57cb cd6e28a4 d425e85a 60bf3457 5bef932c
+Test: Verify
+#
+Comment: random test vector, size 127
+Message: d8eca364 9bf77603 7304987e d0ce2fd6 2ce61f37 fa4f9c95 3bec2146 896ae80f d88ab9da 8956756e 53db2ee5 74a0ba87 7e176451 cf4b0f40 376bc33e 402716e9 fae20e80 ee6c846a fb47d26f c2f3efdd 62ed45ba 056c51d0 826502b7 ef90a57c e4582a47 b8e29eb5 5820e799 f973a803 44d329c3 c7f36815 82e14550 664e5c
+Digest: c34111ef 6951da8c d68b5520 b879e3f7 51ced801 fe278bf3 d9a5f345 6915280b 5d1f7f4e 76dd2ec4 c58f1677 e8ebb322 8feb0e62 d1911dd9 35c877d3 23dbc42e
+Test: Verify
+#
+Comment: All 0's test vector, size 1
+Message: r1 00
+Digest: 48d2daa6 9672868d 4a0d682a b74d3e78 db793139 283aca40 8460fac3 aae5d958 026d24ae a841f830 2a89ffca d04a0312 feb37e0c 734e7cbc e6b36122 02851698
+Test: Verify
+#
+Comment: All 0's test vector, size 2
+Message: r2 00
+Digest: 1434c998 1544f4ca e869459e b9d6a184 b32d0329 79b1691b 08cc0c85 0d6b7c17 31786453 ee3cf0dd 4c13f23b 53c8431a 569ba51e 34258132 cab6f3bf e71b04b5
+Test: Verify
+#
+Comment: All 0's test vector, size 4
+Message: r4 00
+Digest: 0ad52394 9c379020 1becfda4 4663a8f7 642752e4 cd76abf5 6f45b1a6 1d9b9197 3fa349db 62e5f6a6 efa25ccd 197ebb4d 12ffdc89 5d568e0a ab79c4be 5c291b7c
+Test: Verify
+#
+Comment: All 0's test vector, size 8
+Message: r8 00
+Digest: 1673db14 ed4970f0 69c452c9 28338507 5d18a0b3 9980d455 2b36115c 7430c14c a1f1e729 fa66b5c5 03441f70 89e843c9 c472365d 65d5840d 25a876a1 1de75004
+Test: Verify
+#
+Comment: All 0's test vector, size 16
+Message: r16 00
+Digest: 232337b0 0ff3269e 54c831a6 5759445a e29103fc 00e7affd f2f32d6d 3325296c 0d149066 7dc361b7 4a945b00 72d04bdb 4d817aa9 a283deb1 c0cca93d 80a3aa1e
+Test: Verify
+#
+Comment: All 0's test vector, size 32
+Message: r32 00
+Digest: 317bd95d 6d73a360 a77857b1 c206e723 8e27c4c2 7af40217 654b5be4 e1e50345 df82d004 57b3dad7 beb161fc 3e026a5f cd52609b 97146ef9 9f6f0eda cd45fa3c
+Test: Verify
+#
+Comment: All 0's test vector, size 64
+Message: r64 00
+Digest: 00bc1ab2 b52b351b 472e8a1a 3f6f7971 9cdcb63f 71befefd d7f20366 b523d4ce 1e9c687d f62f9357 0c83e31e fa205fb0 114fdc31 ede46d70 0813462c 6fcc81ca
+Test: Verify
+#
+Comment: All 0's test vector, size 128
+Message: r128 00
+Digest: 352ccd16 f4d58313 08c2b5d8 287841e0 e82784de d94b573a 8a4d77ed fd7cf06f 8dece08e 402fdbd6 96458cd5 1edff8ac 2f01fefe 22111bf8 4e2290db e8ae79c9
+Test: Verify
+#
+Comment: All 0's test vector, size 256
+Message: r256 00
+Digest: fc5f1099 09295c97 a830af7f f09722c2 02e2e6e8 f5c2bdd0 04fceaeb 13695107 baed0622 0242b74d ff05ba58 152f7db8 a041893b 52e5649a 920b482c 0b6697f7
+Test: Verify
+#
+Comment: All 0's test vector, size 384
+Message: r384 00
+Digest: 6ef663ad a101db2f 950f0299 2945cdb3 d82b347d 18bd703f 174cbaa0 03da939c bba12bb7 ccb18326 e5773241 52d311cb 2a749764 07c72bc7 db91158c d69fbea6
+Test: Verify
+#
+Comment: All 0's test vector, size 512
+Message: r512 00
+Digest: 528fb66b 4cebea49 7a2776b3 26fc2e01 1f1dde7b be5ae525 a6b95e40 f5960da4 551f6f20 65813b51 b2aca813 840564f1 de056e1a 7fc7f427 ba194a27 734735eb
+Test: Verify
+#
+Comment: All 0's test vector, size 768
+Message: r768 00
+Digest: d07089f7 17fa8096 f2b4cc7e b728669d e14f1162 513186a8 86e1d75a 5331d2c8 d77da67d 91e5ee54 85555978 c78656a3 fd7c80d4 4099ef7b b86fede6 912bee39
+Test: Verify
+#
+Comment: All 0's test vector, size 1024
+Message: r1024 00
+Digest: eaa5a31f 9acfdbe6 2785e491 493f5eb0 9e4e5bbc b7412e28 22249dc5 b6f4f046 59cd79f7 98894c5e 10b61954 b5dfdb46 4083865f a8c15071 031e6a42 1df37602
+Test: Verify
+#
+Comment: All 0's test vector, size 2048
+Message: r2048 00
+Digest: 8fe90f1c 76461e60 8bb59bf6 95209fce 490eb1c2 c2473a5d e1730305 4f9ba1ab 357b143a 68e4eb38 c1bb94bf 96a6fe36 b9c7f123 fcd534d5 1aa16f28 617d77f4
+Test: Verify
+#
+Comment: All 0's test vector, size 4096
+Message: r4096 00
+Digest: ed646b37 f5ff0306 c2520029 a441c220 b7831cb3 ddd030b1 645be8d8 92acc136 df8ceaf3 ff1a5834 ac99d7bf 9fd46186 00b0ebc2 c7be867f 63b8625a 55371147
+Test: Verify
+#
+Comment: All 0's test vector, size 8192
+Message: r8192 00
+Digest: 6ed608e8 278704e8 ffa6aa44 ef6ef223 030f2ad5 a75f73d7 fe419756 dc8d30b9 347c4252 592cffda b12a6c40 54c230ec c734e6cf 985e935f 63fa21bc 676ccae9
+Test: Verify
+#
+Comment: All 0's test vector, size 16384
+Message: r16384 00
+Digest: 9248c468 1e6f2c5d 30713a8d c9fb6c34 b48ad4fb bc6e9cea ea51c826 c718870b ef1eb13d 0b936dc3 efc3f3a5 f6bad380 4634e80b 105abc5b af1eeb1f de75fa76
+Test: Verify
+#
+Comment: All 0's test vector, size 32768
+Message: r32768 00
+Digest: 92d18f5e b77358f3 22c90a2d 5431b6cf 783cd6fc cb208e71 996b223e 2b6c8006 2f99f04c b14e7dd0 8dc1156e 6c6e5ef8 028513be fbfc7a5f fa3d72d6 720c3b68
+Test: Verify
+#
+Comment: All 0's test vector, size 65536
+Message: r65536 00
+Digest: 44e716d7 7a704c9a 3068e37a 1876b201 6e5ce828 9343e427 49572156 165c71a8 f2a5f258 c4c95ee7 60d56897 88389b6f f2e88082 d0fdc5e6 14c8b54d c1e42af7
+Test: Verify
diff -Nru libcrypto++-8.4.0/TestVectors/lsh.txt libcrypto++-8.6.0/TestVectors/lsh.txt
--- libcrypto++-8.4.0/TestVectors/lsh.txt	1970-01-01 00:00:00.000000000 +0000
+++ libcrypto++-8.6.0/TestVectors/lsh.txt	2021-09-24 11:48:47.000000000 +0000
@@ -0,0 +1,5 @@
+AlgorithmType: FileList
+Name: LSH test vectors
+Test: TestVectors/lsh256.txt
+Test: TestVectors/lsh512.txt
+Test: TestVectors/lsh512_256.txt
diff -Nru libcrypto++-8.4.0/tiger.h libcrypto++-8.6.0/tiger.h
--- libcrypto++-8.4.0/tiger.h	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/tiger.h	2021-09-24 11:48:47.000000000 +0000
@@ -48,7 +48,7 @@
 	/// \brief Computes the hash of the current message
 	/// \param digest a pointer to the buffer to receive the hash
 	/// \param digestSize the size of the truncated digest, in bytes
-	/// \details TruncatedFinal() call Final() and then copies digestSize bytes to digest.
+	/// \details TruncatedFinal() calls Final() and then copies digestSize bytes to digest.
 	///   The hash is restarted the hash for the next message.
 	void TruncatedFinal(byte *digest, size_t digestSize);
 
diff -Nru libcrypto++-8.4.0/.travis.yml libcrypto++-8.6.0/.travis.yml
--- libcrypto++-8.4.0/.travis.yml	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/.travis.yml	2021-09-24 11:48:47.000000000 +0000
@@ -472,8 +472,8 @@
         - BUILD_MODE=android
         - ANDROID_CPU=armv7a
         - ANDROID_API=23
-        - ANDROID_SDK_ROOT="$HOME/android-sdk"
-        - ANDROID_NDK_ROOT="$HOME/android-ndk"
+        - ANDROID_SDK_ROOT="/opt/android-sdk"
+        - ANDROID_NDK_ROOT="/opt/android-ndk"
     - name: Android, aarch64, Linux
       os: linux
       arch: amd64
@@ -482,8 +482,8 @@
         - BUILD_MODE=android
         - ANDROID_CPU=aarch64
         - ANDROID_API=23
-        - ANDROID_SDK_ROOT="$HOME/android-sdk"
-        - ANDROID_NDK_ROOT="$HOME/android-ndk"
+        - ANDROID_SDK_ROOT="/opt/android-sdk"
+        - ANDROID_NDK_ROOT="/opt/android-ndk"
     - name: Android, x86, Linux
       os: linux
       arch: amd64
@@ -492,8 +492,8 @@
         - BUILD_MODE=android
         - ANDROID_CPU=x86
         - ANDROID_API=23
-        - ANDROID_SDK_ROOT="$HOME/android-sdk"
-        - ANDROID_NDK_ROOT="$HOME/android-ndk"
+        - ANDROID_SDK_ROOT="/opt/android-sdk"
+        - ANDROID_NDK_ROOT="/opt/android-ndk"
     - name: Android, x86_64, Linux
       os: linux
       arch: amd64
@@ -502,8 +502,8 @@
         - BUILD_MODE=android
         - ANDROID_CPU=x86_64
         - ANDROID_API=23
-        - ANDROID_SDK_ROOT="$HOME/android-sdk"
-        - ANDROID_NDK_ROOT="$HOME/android-ndk"
+        - ANDROID_SDK_ROOT="/opt/android-sdk"
+        - ANDROID_NDK_ROOT="/opt/android-ndk"
     - name: iPhoneOS, armv7, iOS
       os: osx
       osx_image: xcode10.1
@@ -595,7 +595,7 @@
         # https://github.com/travis-ci/travis-ci/issues/9037
         sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A145
         sudo apt-get -qq -y update
-        bash TestScripts/install-ndk.sh
+        sudo -E TestScripts/install-ndk.sh
     fi
     if [[ "$BUILD_OS" == "linux" ]] && [[ "$BUILD_MODE" == "autotools" ]]; then
         # https://github.com/travis-ci/travis-ci/issues/9037
diff -Nru libcrypto++-8.4.0/validat0.cpp libcrypto++-8.6.0/validat0.cpp
--- libcrypto++-8.4.0/validat0.cpp	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/validat0.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -499,7 +499,7 @@
     {
         for (unsigned int i=0; i(*rng.get());
 		pass = Test_RandomNumberGenerator(padlock);
 
+		// PadlockRNG does not accept entropy. However, the contract is no throw
+		const byte entropy[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
+		(void)padlock.IncorporateEntropy(entropy, sizeof(entropy));
+
 		SecByteBlock zero(16), one(16), t(16);
 		std::memset(zero, 0x00, zero.size());
 		std::memset( one, 0xff,  one.size());
@@ -839,6 +846,10 @@
 		RDRAND& rdrand = dynamic_cast(*rng.get());
 		pass = Test_RandomNumberGenerator(rdrand) && pass;
 
+		// RDRAND does not accept entropy. However, the contract is no throw
+		const byte entropy[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
+		(void)rdrand.IncorporateEntropy(entropy, sizeof(entropy));
+
 		MaurerRandomnessTest maurer;
 		const unsigned int SIZE = 1024*10;
 		RandomNumberSource(rdrand, SIZE, true, new Redirector(maurer));
@@ -880,6 +891,10 @@
 		RDSEED& rdseed = dynamic_cast(*rng.get());
 		pass = Test_RandomNumberGenerator(rdseed) && pass;
 
+		// RDSEED does not accept entropy. However, the contract is no throw
+		const byte entropy[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
+		(void)rdseed.IncorporateEntropy(entropy, sizeof(entropy));
+
 		MaurerRandomnessTest maurer;
 		const unsigned int SIZE = 1024*10;
 		RandomNumberSource(rdseed, SIZE, true, new Redirector(maurer));
@@ -923,6 +938,10 @@
 		DARN& darn = dynamic_cast(*rng.get());
 		pass = Test_RandomNumberGenerator(darn) && pass;
 
+		// DARN does not accept entropy. However, the contract is no throw
+		const byte entropy[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
+		(void)darn.IncorporateEntropy(entropy, sizeof(entropy));
+
 		MaurerRandomnessTest maurer;
 		const unsigned int SIZE = 1024*10;
 		RandomNumberSource(darn, SIZE, true, new Redirector(maurer));
diff -Nru libcrypto++-8.4.0/validat5.cpp libcrypto++-8.6.0/validat5.cpp
--- libcrypto++-8.4.0/validat5.cpp	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/validat5.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -28,6 +28,7 @@
 #include "siphash.h"
 #include "poly1305.h"
 #include "whrlpool.h"
+#include "lsh.h"
 
 #include "pssr.h"
 #include "hkdf.h"
@@ -514,14 +515,22 @@
 
 bool ValidatePanama()
 {
+	std::cout << "\nPanama validation suite running...\n";
 	return RunTestDataFile("TestVectors/panama.txt");
 }
 
 bool ValidateWhirlpool()
 {
+	std::cout << "\nWhirlpool validation suite running...\n";
 	return RunTestDataFile("TestVectors/whrlpool.txt");
 }
 
+bool ValidateLSH()
+{
+	std::cout << "\nLSH validation suite running...\n";
+	return RunTestDataFile("TestVectors/lsh.txt");
+}
+
 #ifdef CRYPTOPP_REMOVED
 bool ValidateMD5MAC()
 {
diff -Nru libcrypto++-8.4.0/validat7.cpp libcrypto++-8.6.0/validat7.cpp
--- libcrypto++-8.4.0/validat7.cpp	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/validat7.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -46,6 +46,25 @@
 NAMESPACE_BEGIN(CryptoPP)
 NAMESPACE_BEGIN(Test)
 
+ANONYMOUS_NAMESPACE_BEGIN
+
+inline bool operator==(const x25519& lhs, const x25519& rhs)
+{
+	// This is a hack because the KeyAgreement classes do not make it easy to access the PrivateKey
+	ByteQueue q1, q2;
+	lhs.DEREncodePrivateKey(q1);
+	rhs.DEREncodePrivateKey(q2);
+
+	return q1 == q2;
+}
+
+inline bool operator!=(const x25519& lhs, const x25519& rhs)
+{
+	return !operator==(lhs, rhs);
+}
+
+ANONYMOUS_NAMESPACE_END
+
 bool ValidateDH()
 {
 	std::cout << "\nDH validation suite running...\n\n";
@@ -250,32 +269,13 @@
 {
 	std::cout << "\nTesting curve25519 Key Agreements...\n\n";
 	const unsigned int AGREE_COUNT = 64;
-	bool pass = true;
-
-	try {
-
-		FileSource f1(DataDir("TestData/x25519.dat").c_str(), true, new HexDecoder);
-		FileSource f2(DataDir("TestData/x25519v0.dat").c_str(), true, new HexDecoder);
-		FileSource f3(DataDir("TestData/x25519v1.dat").c_str(), true, new HexDecoder);
+	bool pass = true, fail;
 
-		x25519 x1(f1);
-		x25519 x2(f2);
-		x25519 x3(f3);
-
-		FileSource f4(DataDir("TestData/x25519.dat").c_str(), true, new HexDecoder);
-		FileSource f5(DataDir("TestData/x25519v0.dat").c_str(), true, new HexDecoder);
-		FileSource f6(DataDir("TestData/x25519v1.dat").c_str(), true, new HexDecoder);
-
-		x1.Load(f4);
-		x2.Load(f5);
-		x3.Load(f6);
-	}
-	catch (const BERDecodeErr&) {
-		pass = false;
-	}
+	size_t i = 0;
+	unsigned int failed = 0;
 
 	SecByteBlock priv1(32), priv2(32), pub1(32), pub2(32), share1(32), share2(32);
-	for (unsigned int i=0; i(ptr);
 }
@@ -49,34 +51,147 @@
     return reinterpret_cast(ptr);
 }
 
+inline bool operator==(const RSA::PrivateKey& lhs, const RSA::PrivateKey& rhs) {
+	return lhs.GetModulus() == rhs.GetModulus() &&
+		lhs.GetPublicExponent() == rhs.GetPublicExponent() &&
+		lhs.GetPrivateExponent() == rhs.GetPrivateExponent();
+}
+
+inline bool operator!=(const RSA::PrivateKey& lhs, const RSA::PrivateKey& rhs) {
+	return !operator==(lhs, rhs);
+}
+
+inline bool operator==(const RSA::PublicKey& lhs, const RSA::PublicKey& rhs) {
+	return lhs.GetModulus() == rhs.GetModulus() &&
+		lhs.GetPublicExponent() == rhs.GetPublicExponent();
+}
+
+inline bool operator!=(const RSA::PublicKey& lhs, const RSA::PublicKey& rhs) {
+	return !operator==(lhs, rhs);
+}
+
+inline bool operator==(const LUC::PrivateKey& lhs, const LUC::PrivateKey& rhs) {
+	return lhs.GetModulus() == rhs.GetModulus() &&
+		lhs.GetPublicExponent() == rhs.GetPublicExponent() &&
+		lhs.GetPrime1() == rhs.GetPrime1() &&
+		lhs.GetPrime2() == rhs.GetPrime2() &&
+		lhs.GetMultiplicativeInverseOfPrime2ModPrime1() == rhs.GetMultiplicativeInverseOfPrime2ModPrime1();
+}
+
+inline bool operator!=(const LUC::PrivateKey& lhs, const LUC::PrivateKey& rhs) {
+	return !operator==(lhs, rhs);
+}
+
+inline bool operator==(const LUC::PublicKey& lhs, const LUC::PublicKey& rhs) {
+	return lhs.GetModulus() == rhs.GetModulus() &&
+		lhs.GetPublicExponent() == rhs.GetPublicExponent();
+}
+
+inline bool operator!=(const LUC::PublicKey& lhs, const LUC::PublicKey& rhs) {
+	return !operator==(lhs, rhs);
+}
+
+inline bool operator==(const Rabin::PrivateKey& lhs, const Rabin::PrivateKey& rhs) {
+	return lhs.GetModulus() == rhs.GetModulus() &&
+		lhs.GetQuadraticResidueModPrime1() == rhs.GetQuadraticResidueModPrime1() &&
+		lhs.GetQuadraticResidueModPrime2() == rhs.GetQuadraticResidueModPrime2() &&
+		lhs.GetPrime1() == rhs.GetPrime1() &&
+		lhs.GetPrime2() == rhs.GetPrime2() &&
+		lhs.GetMultiplicativeInverseOfPrime2ModPrime1() == rhs.GetMultiplicativeInverseOfPrime2ModPrime1();
+}
+
+inline bool operator!=(const Rabin::PrivateKey& lhs, const Rabin::PrivateKey& rhs) {
+	return !operator==(lhs, rhs);
+}
+
+inline bool operator==(const Rabin::PublicKey& lhs, const Rabin::PublicKey& rhs) {
+	return lhs.GetModulus() == rhs.GetModulus() &&
+		lhs.GetQuadraticResidueModPrime1() == rhs.GetQuadraticResidueModPrime1() &&
+		lhs.GetQuadraticResidueModPrime2() == rhs.GetQuadraticResidueModPrime2();
+}
+
+inline bool operator!=(const Rabin::PublicKey& lhs, const Rabin::PublicKey& rhs) {
+	return !operator==(lhs, rhs);
+}
+
+ANONYMOUS_NAMESPACE_END
+
 bool ValidateRSA_Encrypt()
 {
 	// Must be large enough for RSA-3072 to test SHA3_256
 	byte out[256], outPlain[128];
 	bool pass = true, fail;
 
+#if defined(CRYPTOPP_EXTENDED_VALIDATION)
+	{
+		FileSource keys(DataDir("TestData/rsa1024.dat").c_str(), true, new HexDecoder);
+		RSA::PrivateKey rsaPriv; rsaPriv.Load(keys);
+		RSA::PublicKey rsaPub(rsaPriv);
+
+		const Integer& n = rsaPriv.GetModulus();
+		const Integer& e = rsaPriv.GetPublicExponent();
+		const Integer& d = rsaPriv.GetPrivateExponent();
+
+		RSA::PrivateKey rsaPriv2;
+		rsaPriv2.Initialize(n, e, d);
+
+		fail = (rsaPriv != rsaPriv2);
+		pass = pass && !fail;
+
+		std::cout << (fail ? "FAILED    " : "passed    ");
+		std::cout << "RSA::PrivateKey initialization\n";
+
+		RSA::PublicKey rsaPub2;
+		rsaPub2.Initialize(n, e);
+
+		fail = (rsaPub != rsaPub2);
+		pass = pass && !fail;
+
+		std::cout << (fail ? "FAILED    " : "passed    ");
+		std::cout << "RSA::PublicKey initialization\n";
+	}
+	{
+		FileSource keys(DataDir("TestData/rsa1024.dat").c_str(), true, new HexDecoder);
+		RSA::PrivateKey rsaPriv; rsaPriv.Load(keys);
+
+		ByteQueue q;
+		rsaPriv.DEREncodePrivateKey(q);
+
+		RSA::PrivateKey rsaPriv2;
+		rsaPriv2.BERDecodePrivateKey(q, true, q.MaxRetrievable());
+
+		fail = (rsaPriv != rsaPriv2);
+		pass = pass && !fail;
+
+		std::cout << (fail ? "FAILED    " : "passed    ");
+		std::cout << "RSA::PrivateKey encoding and decoding\n";
+	}
+#endif
+
 	{
 		FileSource keys(DataDir("TestData/rsa1024.dat").c_str(), true, new HexDecoder);
 		RSAES_PKCS1v15_Decryptor rsaPriv(keys);
 		RSAES_PKCS1v15_Encryptor rsaPub(rsaPriv);
 
-		pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass;
+		fail = !CryptoSystemValidate(rsaPriv, rsaPub);
+		pass = pass && !fail;
 	}
 	{
 		RSAES >::Decryptor rsaPriv(GlobalRNG(), 512);
 		RSAES >::Encryptor rsaPub(rsaPriv);
 
-		pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass;
+		fail = !CryptoSystemValidate(rsaPriv, rsaPub);
+		pass = pass && !fail;
 	}
 	{
-		byte *plain = (byte *)
+		const byte plain[] =
 			"\x54\x85\x9b\x34\x2c\x49\xea\x2a";
-		static const byte encrypted[] =
+		const byte encrypted[] =
 			"\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
 			"\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
 			"\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
 			"\x62\x51";
-		static const byte oaepSeed[] =
+		const byte oaepSeed[] =
 			"\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2"
 			"\xf0\x6c\xb5\x8f";
 		ByteQueue bq;
@@ -105,10 +220,79 @@
 
 bool ValidateLUC_Encrypt()
 {
-	FileSource f(DataDir("TestData/luc1024.dat").c_str(), true, new HexDecoder);
+	bool pass = true, fail;
+
+#if defined(CRYPTOPP_EXTENDED_VALIDATION)
+	{
+		FileSource keys(DataDir("TestData/luc1024.dat").c_str(), true, new HexDecoder);
+		LUC::PrivateKey lucPriv; lucPriv.BERDecode(keys);
+		LUC::PublicKey lucPub(lucPriv);
+
+		const Integer& n = lucPriv.GetModulus();
+		const Integer& e = lucPriv.GetPublicExponent();
+		const Integer& p = lucPriv.GetPrime1();
+		const Integer& q = lucPriv.GetPrime2();
+		const Integer& u = lucPriv.GetMultiplicativeInverseOfPrime2ModPrime1();
+
+		LUC::PrivateKey lucPriv2;
+		lucPriv2.Initialize(n, e, p, q, u);
+
+		fail = (lucPriv != lucPriv2);
+		pass = pass && !fail;
+
+		std::cout << (fail ? "FAILED    " : "passed    ");
+		std::cout << "LUC::PrivateKey initialization\n";
+
+		LUC::PublicKey lucPub2;
+		lucPub2.Initialize(n, e);
+
+		fail = (lucPub != lucPub2);
+		pass = pass && !fail;
+
+		std::cout << (fail ? "FAILED    " : "passed    ");
+		std::cout << "LUC::PublicKey initialization\n";
+	}
+	{
+		FileSource keys(DataDir("TestData/luc1024.dat").c_str(), true, new HexDecoder);
+		LUC::PrivateKey lucPriv; lucPriv.BERDecode(keys);
+
+		ByteQueue q;
+		lucPriv.DEREncode(q);
+
+		LUC::PrivateKey lucPriv2;
+		lucPriv2.BERDecode(q);
+
+		fail = (lucPriv != lucPriv2);
+		pass = pass && !fail;
+
+		std::cout << (fail ? "FAILED    " : "passed    ");
+		std::cout << "LUC::PrivateKey encoding and decoding\n";
+	}
+	{
+		FileSource keys(DataDir("TestData/luc1024.dat").c_str(), true, new HexDecoder);
+		LUC::PrivateKey lucPriv; lucPriv.BERDecode(keys);
+		LUC::PublicKey lucPub(lucPriv);
+
+		ByteQueue q;
+		lucPub.DEREncode(q);
+
+		LUC::PublicKey lucPub2;
+		lucPub2.BERDecode(q);
+
+		fail = (lucPub != lucPub2);
+		pass = pass && !fail;
+
+		std::cout << (fail ? "FAILED    " : "passed    ");
+		std::cout << "LUC::PublicKey encoding and decoding\n";
+	}
+#endif
+
 	LUCES_OAEP_SHA_Decryptor priv(GlobalRNG(), 512);
 	LUCES_OAEP_SHA_Encryptor pub(priv);
-	return CryptoSystemValidate(priv, pub);
+	fail = !CryptoSystemValidate(priv, pub);
+	pass = pass && !fail;
+
+	return pass;
 }
 
 bool ValidateLUC_DL_Encrypt()
@@ -123,10 +307,81 @@
 
 bool ValidateRabin_Encrypt()
 {
+	bool pass = true, fail;
+
+#if defined(CRYPTOPP_EXTENDED_VALIDATION)
+	{
+		FileSource keys(DataDir("TestData/rabi1024.dat").c_str(), true, new HexDecoder);
+		Rabin::PrivateKey rabinPriv; rabinPriv.BERDecode(keys);
+		Rabin::PublicKey rabinPub(rabinPriv);
+
+		const Integer& n = rabinPriv.GetModulus();
+		const Integer& r = rabinPriv.GetQuadraticResidueModPrime1();
+		const Integer& s = rabinPriv.GetQuadraticResidueModPrime2();
+		const Integer& p = rabinPriv.GetPrime1();
+		const Integer& q = rabinPriv.GetPrime2();
+		const Integer& u = rabinPriv.GetMultiplicativeInverseOfPrime2ModPrime1();
+
+		Rabin::PrivateKey rabinPriv2;
+		rabinPriv2.Initialize(n, r, s, p, q, u);
+
+		fail = (rabinPriv != rabinPriv2);
+		pass = pass && !fail;
+
+		std::cout << (fail ? "FAILED    " : "passed    ");
+		std::cout << "Rabin::PrivateKey initialization\n";
+
+		Rabin::PublicKey rabinPub2;
+		rabinPub2.Initialize(n, r, s);
+
+		fail = (rabinPub != rabinPub2);
+		pass = pass && !fail;
+
+		std::cout << (fail ? "FAILED    " : "passed    ");
+		std::cout << "Rabin::PublicKey initialization\n";
+	}
+	{
+		FileSource keys(DataDir("TestData/rabi1024.dat").c_str(), true, new HexDecoder);
+		Rabin::PrivateKey rabinPriv; rabinPriv.BERDecode(keys);
+
+		ByteQueue q;
+		rabinPriv.DEREncode(q);
+
+		Rabin::PrivateKey rabinPriv2;
+		rabinPriv2.BERDecode(q);
+
+		fail = (rabinPriv != rabinPriv2);
+		pass = pass && !fail;
+
+		std::cout << (fail ? "FAILED    " : "passed    ");
+		std::cout << "Rabin::PrivateKey encoding and decoding\n";
+	}
+	{
+		FileSource keys(DataDir("TestData/rabi1024.dat").c_str(), true, new HexDecoder);
+		Rabin::PrivateKey rabinPriv; rabinPriv.BERDecode(keys);
+		Rabin::PublicKey rabinPub(rabinPriv);
+
+		ByteQueue q;
+		rabinPub.DEREncode(q);
+
+		Rabin::PublicKey rabinPub2;
+		rabinPub2.BERDecode(q);
+
+		fail = (rabinPub != rabinPub2);
+		pass = pass && !fail;
+
+		std::cout << (fail ? "FAILED    " : "passed    ");
+		std::cout << "Rabin::PublicKey encoding and decoding\n";
+	}
+#endif
+
 	FileSource f(DataDir("TestData/rabi1024.dat").c_str(), true, new HexDecoder);
 	RabinES >::Decryptor priv(f);
 	RabinES >::Encryptor pub(priv);
-	return CryptoSystemValidate(priv, pub);
+	fail = !CryptoSystemValidate(priv, pub);
+	pass = pass && !fail;
+
+	return pass;
 }
 
 bool ValidateECP_Encrypt()
diff -Nru libcrypto++-8.4.0/validate.h libcrypto++-8.6.0/validate.h
--- libcrypto++-8.4.0/validate.h	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/validate.h	2021-09-24 11:48:47.000000000 +0000
@@ -60,6 +60,7 @@
 bool ValidateRIPEMD();
 bool ValidatePanama();
 bool ValidateWhirlpool();
+bool ValidateLSH();
 
 bool ValidateSM3();
 bool ValidateBLAKE2s();
@@ -172,6 +173,7 @@
 bool TestHuffmanCodes();
 // http://github.com/weidai11/cryptopp/issues/346
 bool TestASN1Parse();
+bool TestASN1Functions();
 // https://github.com/weidai11/cryptopp/pull/334
 bool TestStringSink();
 // Additional tests due to no coverage
Binary files /tmp/tmpdsagicgn/jnlH3Y1AA7/libcrypto++-8.4.0/vs2005.zip and /tmp/tmpdsagicgn/ikYwRBHz90/libcrypto++-8.6.0/vs2005.zip differ
diff -Nru libcrypto++-8.4.0/xed25519.cpp libcrypto++-8.6.0/xed25519.cpp
--- libcrypto++-8.4.0/xed25519.cpp	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/xed25519.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -73,8 +73,8 @@
 
 x25519::x25519(const byte y[PUBLIC_KEYLENGTH], const byte x[SECRET_KEYLENGTH])
 {
-    std::memcpy(m_pk, y, SECRET_KEYLENGTH);
-    std::memcpy(m_sk, x, PUBLIC_KEYLENGTH);
+    std::memcpy(m_pk, y, PUBLIC_KEYLENGTH);
+    std::memcpy(m_sk, x, SECRET_KEYLENGTH);
 
     CRYPTOPP_ASSERT(IsClamped(m_sk) == true);
     CRYPTOPP_ASSERT(IsSmallOrder(m_pk) == false);
@@ -152,9 +152,12 @@
     // if the OIDs do not match.
     OID oid(bt);
 
+    // 1.3.6.1.4.1.3029.1.5.1/curvey25519 from Cryptlib used by OpenPGP.
+    // https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-rfc4880bis
     if (!m_oid.Empty() && m_oid != oid)
         BERDecodeError();  // Only accept user specified OID
-    else if (oid == ASN1::curve25519() || oid == ASN1::X25519())
+    else if (oid == ASN1::curve25519() || oid == ASN1::X25519() ||
+        oid == OID(1)+3+6+1+4+1+3029+1+5)
         m_oid = oid;  // Accept any of the x25519 OIDs
     else
         BERDecodeError();
@@ -660,6 +663,14 @@
         ("DerivePublicKey", true));
 }
 
+ed25519Signer::ed25519Signer(const PKCS8PrivateKey &key)
+{
+    // Load all fields from the other key
+    ByteQueue queue;
+    key.Save(queue);
+    AccessPrivateKey().Load(queue);
+}
+
 ed25519Signer::ed25519Signer(RandomNumberGenerator &rng)
 {
     AccessPrivateKey().GenerateRandom(rng);
@@ -846,6 +857,14 @@
         (Name::PublicElement(), ConstByteArrayParameter(by, PUBLIC_KEYLENGTH, false)));
 }
 
+ed25519Verifier::ed25519Verifier(const X509PublicKey &key)
+{
+    // Load all fields from the other key
+    ByteQueue queue;
+    key.Save(queue);
+    AccessPublicKey().Load(queue);
+}
+
 ed25519Verifier::ed25519Verifier(BufferedTransformation ¶ms)
 {
     AccessPublicKey().Load(params);
diff -Nru libcrypto++-8.4.0/xed25519.h libcrypto++-8.6.0/xed25519.h
--- libcrypto++-8.4.0/xed25519.h	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/xed25519.h	2021-09-24 11:48:47.000000000 +0000
@@ -157,7 +157,7 @@
     /// \param bt BufferedTransformation object
     /// \details Save() will write the OID associated with algorithm or scheme.
     ///  In the case of public and private keys, this function writes the
-    ///  subjectPubicKeyInfo parts.
+    ///  subjectPublicKeyInfo parts.
     /// \details The default OID is from RFC 8410 using id-X25519.
     ///  The default private key format is RFC 5208, which is the old format.
     ///  The old format provides the best interop, and keys will work
@@ -173,7 +173,7 @@
     /// \param v1 flag indicating v1
     /// \details Save() will write the OID associated with algorithm or scheme.
     ///  In the case of public and private keys, this function writes the
-    ///  subjectPubicKeyInfo parts.
+    ///  subjectPublicKeyInfo parts.
     /// \details The default OID is from RFC 8410 using id-X25519.
     ///  The default private key format is RFC 5208.
     /// \details v1 means INTEGER 0 is written. INTEGER 0 means
@@ -206,7 +206,7 @@
     /// \param version indicates version
     /// \details DEREncode() will write the OID associated with algorithm or
     ///  scheme. In the case of public and private keys, this function writes
-    ///  the subjectPubicKeyInfo parts.
+    ///  the subjectPublicKeyInfo parts.
     /// \details The default OID is from RFC 8410 using id-X25519.
     ///  The default private key format is RFC 5208.
     /// \details The value of version is written as the INTEGER. INTEGER 0 means
@@ -366,6 +366,8 @@
     ///  concatenation of r || s.
     CRYPTOPP_CONSTANT(SIGNATURE_LENGTH = 64);
 
+    virtual ~ed25519PrivateKey() {}
+
     // CryptoMaterial
     bool Validate(RandomNumberGenerator &rng, unsigned int level) const;
     bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const;
@@ -380,7 +382,7 @@
     /// \param bt BufferedTransformation object
     /// \details Save() will write the OID associated with algorithm or scheme.
     ///  In the case of public and private keys, this function writes the
-    ///  subjectPubicKeyInfo parts.
+    ///  subjectPublicKeyInfo parts.
     /// \details The default OID is from RFC 8410 using id-Ed25519.
     ///  The default private key format is RFC 5208, which is the old format.
     ///  The old format provides the best interop, and keys will work
@@ -396,7 +398,7 @@
     /// \param v1 flag indicating v1
     /// \details Save() will write the OID associated with algorithm or scheme.
     ///  In the case of public and private keys, this function writes the
-    ///  subjectPubicKeyInfo parts.
+    ///  subjectPublicKeyInfo parts.
     /// \details The default OID is from RFC 8410 using id-Ed25519.
     ///  The default private key format is RFC 5208.
     /// \details v1 means INTEGER 0 is written. INTEGER 0 means
@@ -433,7 +435,7 @@
     /// \param version indicates version
     /// \details DEREncode() will write the OID associated with algorithm or
     ///  scheme. In the case of public and private keys, this function writes
-    ///  the subjectPubicKeyInfo parts.
+    ///  the subjectPublicKeyInfo parts.
     /// \details The default OID is from RFC 8410 using id-X25519.
     ///  The default private key format is RFC 5208.
     /// \details The value of version is written as the INTEGER. INTEGER 0 means
@@ -510,43 +512,50 @@
 
     virtual ~ed25519Signer() {}
 
-    /// \brief Create a ed25519Signer object
+    /// \brief Create an ed25519Signer object
     ed25519Signer() {}
 
-    /// \brief Create a ed25519Signer object
+    /// \brief Create an ed25519Signer object
     /// \param y public key
     /// \param x private key
-    /// \details This constructor creates a ed25519Signer object using existing parameters.
+    /// \details This constructor creates an ed25519Signer object using existing parameters.
     /// \note The public key is not validated.
     ed25519Signer(const byte y[PUBLIC_KEYLENGTH], const byte x[SECRET_KEYLENGTH]);
 
-    /// \brief Create a ed25519Signer object
+    /// \brief Create an ed25519Signer object
     /// \param x private key
-    /// \details This constructor creates a ed25519Signer object using existing parameters.
+    /// \details This constructor creates an ed25519Signer object using existing parameters.
     ///  The public key is calculated from the private key.
     ed25519Signer(const byte x[SECRET_KEYLENGTH]);
 
-    /// \brief Create a ed25519Signer object
+    /// \brief Create an ed25519Signer object
     /// \param y public key
     /// \param x private key
-    /// \details This constructor creates a ed25519Signer object using existing parameters.
+    /// \details This constructor creates an ed25519Signer object using existing parameters.
     /// \note The public key is not validated.
     ed25519Signer(const Integer &y, const Integer &x);
 
-    /// \brief Create a ed25519Signer object
+    /// \brief Create an ed25519Signer object
     /// \param x private key
-    /// \details This constructor creates a ed25519Signer object using existing parameters.
+    /// \details This constructor creates an ed25519Signer object using existing parameters.
     ///  The public key is calculated from the private key.
     ed25519Signer(const Integer &x);
 
-    /// \brief Create a ed25519Signer object
+    /// \brief Create an ed25519Signer object
+    /// \param key PKCS8 private key
+    /// \details This constructor creates an ed25519Signer object using existing private key.
+    /// \note The keys are not validated.
+    /// \since Crypto++ 8.6
+    ed25519Signer(const PKCS8PrivateKey &key);
+
+    /// \brief Create an ed25519Signer object
     /// \param rng RandomNumberGenerator derived class
     /// \details This constructor creates a new ed25519Signer using the random number generator.
     ed25519Signer(RandomNumberGenerator &rng);
 
-    /// \brief Create a ed25519Signer object
+    /// \brief Create an ed25519Signer object
     /// \param params public and private key
-    /// \details This constructor creates a ed25519Signer object using existing parameters.
+    /// \details This constructor creates an ed25519Signer object using existing parameters.
     ///  The params can be created with Save.
     /// \note The public key is not validated.
     ed25519Signer(BufferedTransformation ¶ms);
@@ -629,6 +638,8 @@
     CRYPTOPP_CONSTANT(PUBLIC_KEYLENGTH = 32);
     typedef Integer Element;
 
+    virtual ~ed25519PublicKey() {}
+
     OID GetAlgorithmID() const {
         return m_oid.Empty() ? ASN1::Ed25519() : m_oid;
     }
@@ -637,7 +648,7 @@
     /// \param bt BufferedTransformation object
     /// \details Save() will write the OID associated with algorithm or scheme.
     ///  In the case of public and private keys, this function writes the
-    ///  subjectPubicKeyInfo parts.
+    ///  subjectPublicKeyInfo parts.
     /// \details The default OID is from RFC 8410 using id-X25519.
     ///  The default private key format is RFC 5208, which is the old format.
     ///  The old format provides the best interop, and keys will work
@@ -706,31 +717,38 @@
 
     virtual ~ed25519Verifier() {}
 
-    /// \brief Create a ed25519Verifier object
+    /// \brief Create an ed25519Verifier object
     ed25519Verifier() {}
 
-    /// \brief Create a ed25519Verifier object
+    /// \brief Create an ed25519Verifier object
     /// \param y public key
-    /// \details This constructor creates a ed25519Verifier object using existing parameters.
+    /// \details This constructor creates an ed25519Verifier object using existing parameters.
     /// \note The public key is not validated.
     ed25519Verifier(const byte y[PUBLIC_KEYLENGTH]);
 
-    /// \brief Create a ed25519Verifier object
+    /// \brief Create an ed25519Verifier object
     /// \param y public key
-    /// \details This constructor creates a ed25519Verifier object using existing parameters.
+    /// \details This constructor creates an ed25519Verifier object using existing parameters.
     /// \note The public key is not validated.
     ed25519Verifier(const Integer &y);
 
-    /// \brief Create a ed25519Verifier object
+    /// \brief Create an ed25519Verifier object
+    /// \param key X509 public key
+    /// \details This constructor creates an ed25519Verifier object using an existing public key.
+    /// \note The public key is not validated.
+    /// \since Crypto++ 8.6
+    ed25519Verifier(const X509PublicKey &key);
+
+    /// \brief Create an ed25519Verifier object
     /// \param params public and private key
-    /// \details This constructor creates a ed25519Verifier object using existing parameters.
+    /// \details This constructor creates an ed25519Verifier object using existing parameters.
     ///  The params can be created with Save.
     /// \note The public key is not validated.
     ed25519Verifier(BufferedTransformation ¶ms);
 
-    /// \brief Create a ed25519Verifier object
+    /// \brief Create an ed25519Verifier object
     /// \param signer ed25519 signer object
-    /// \details This constructor creates a ed25519Verifier object using existing parameters.
+    /// \details This constructor creates an ed25519Verifier object using existing parameters.
     ///  The params can be created with Save.
     /// \note The public key is not validated.
     ed25519Verifier(const ed25519Signer& signer);
diff -Nru libcrypto++-8.4.0/xts.cpp libcrypto++-8.6.0/xts.cpp
--- libcrypto++-8.4.0/xts.cpp	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/xts.cpp	2021-09-24 11:48:47.000000000 +0000
@@ -22,12 +22,8 @@
 // 0.3 to 0.4 cpb profit
 #if defined(__SSE2__) || defined(_M_X64)
 # include 
-// Clang intrinsic casts
-# define M128_CAST(x) ((__m128i *)(void *)(x))
-# define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x))
 #endif
 
-
 #if defined(__aarch32__) || defined(__aarch64__) || defined(_M_ARM64)
 # if (CRYPTOPP_ARM_NEON_HEADER)
 #  include 
diff -Nru libcrypto++-8.4.0/xts.h libcrypto++-8.6.0/xts.h
--- libcrypto++-8.4.0/xts.h	2021-01-02 06:54:31.000000000 +0000
+++ libcrypto++-8.6.0/xts.h	2021-09-24 11:48:47.000000000 +0000
@@ -52,7 +52,7 @@
     /// \brief The algorithm name
     /// \return the algorithm name
     /// \details StaticAlgorithmName returns the algorithm's name as a static
-    ///   member function.
+    ///  member function.
     CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName()
         {return "XTS";}