Merge 'master' into 'ecies'

GNUmakefile

@@ -537,6 +537,9 @@ endif
 ifneq ($(wildcard *.exe.dSYM),)
 	-$(RM) -r *.exe.dSYM/
 endif
+ifneq ($(wildcard *.dylib.dSYM),)
+	-$(RM) -r *.dylib.dSYM/
+endif
 ifneq ($(wildcard cov-int/),)
 	-$(RM) -r cov-int/
 endif

GNUmakefile-cross

@@ -165,8 +165,11 @@ ifeq ($(HAS_SOLIB_VERSION),1)
 	-$(RM) libcryptopp.so libcryptopp.so$(SOLIB_COMPAT_SUFFIX)
 endif
 	-$(RM) adhoc.cpp.o adhoc.cpp.proto.o $(LIBOBJS) $(TESTOBJS)
-ifneq ($(wildcard *.dSYM),)
+ifneq ($(wildcard *.exe.dSYM),)
-	-$(RM) -r cryptest.exe.dSYM
+	-$(RM) -r *.exe.dSYM/
+endif
+ifneq ($(wildcard *.dylib.dSYM),)
+	-$(RM) -r *.dylib.dSYM/
 endif
 
 .PHONY: distclean

Readme.txt

@@ -68,7 +68,7 @@ Other features include:
       + Windows named pipes
       + /dev/random, /dev/urandom, /dev/srandom
       + Microsoft's CryptGenRandom on Windows
-      + VIA Padlock, Intel RDRAND and RDSEED
+      + VIA Padlock, Amd64 RDRAND and RDSEED
   * A high level interface for most of the above, using a filter/pipeline
     metaphor
   * benchmarks and validation testing
@@ -501,29 +501,39 @@ the mailing list.
       - expanded community input and support
           * 22 unique contributors for this release
       - fixed CVE-2016-3995
-      - changed SHA3 to FIPS 202 (F1600, XOF d=0x01)
+      - changed SHA3 to FIPS 202 (F1600, XOF d=0x06)
-      - added Keccak (F1600, XOF d=0x06)
+      - added Keccak (F1600, XOF d=0x01)
       - added ChaCha (ChaCha8/12/20)
       - added HMQV and FHMQV
           * Hashed and Fully Hashed MQV
       - added BLAKE2 (BLAKE2s and BLAKE2b)
           * C++, SSE2, SSE4, ARM NEON and ARMv8 ASIMD
       - added CRC32-C
-          * C/C++, Intel CRC, and ARMv8 CRC
+          * C/C++, Amd64 CRC, and ARMv8 CRC
+      - improved Rabin-William signatures
+          * Tweaked roots <em>e</em> and <em>f</em>
+      - improved C++11 support
+          * atomics, threads and fences
+          * alginof, alignas
+          * constexpr
+          * noexcept
       - improved GCM mode
-          * ARMv8 ASIMD using carry-less multiply
+          * ARM NEON and ARMv8 ASIMD
+          * ARMv8 carry-less multiply
       - improved MIPS, ARMv7 and ARMv8 support
-          * more IoT gadget testing
+          * added scripts setenv-{android|embedded|ios}.sh for GNUmakefile-cross
+          * aggressive use of -march=<arch> and -mfpu=<fpu> in cryptest.sh
       - improved build systems
           * Visual Studio 2010 default
-          * added Cmake support
+          * added CMake support (lacks FindCryptopp.cmake)
-          * archived VC++ 5/0/6.0 and VS2005 project files
+          * archived VC++ 5/0/6.0 project files (vc60.zip)
-          * archived Borland project files
+          * archived VS2005 project files (vs2005.zip)
+          * archived Borland project files (bds10.zip)
       - improved Testing and QA
-          * additional platform and compiller support
+          * expanded platforms and compilers
-          * additional tests in cryptest.sh
+          * added code generation tests based on CPU features
-          * added C++11, C++17, C++14, C++17 testing
+          * added C++03, C++11, C++14, C++17 testing
           * added -O3, -O5, -Ofast and -Os testing
-      - ported to MSVC 2015 SP3, Xcode 9.0, Sun Studio 12.5, GCC 7.0, Clang 4.0, Intel C++ 17.00
+      - ported to MSVC 2015 SP3, Xcode 9.0, Sun Studio 12.5, GCC 7.0, MacPorts GCC 7.0, Clang 3.8, Intel C++ 17.00
 
 Written by Wei Dai and the Crypto++ Project

keccak.h

@@ -2,9 +2,8 @@
 
 //! \file keccak.h
 //! \brief Classes for Keccak message digests
-//! \details The Keccak classes use F1600 and XOF byte 0x80, which is effectively
+//! \details The Crypto++ Keccak implementation uses F1600 with XOF d=0x01.
-//!   the behavior specified by NIST at round three of the selection process. If you
+//!   FIPS 202 conformance (XOF d=0x06) is available in SHA3 classes.
-//!   desire FIPS 202 behavior, then use SHA3 classes.
 //! \details Keccak will likely change in the future to accomodate extensibility of the
 //!   round function and the XOF functions.
 //! \sa <a href="http://en.wikipedia.org/wiki/Keccak">Keccak</a>
@@ -20,16 +19,15 @@ NAMESPACE_BEGIN(CryptoPP)
 
 //! \class Keccak
 //! \brief Keccak message digest base class
-//! \details The Keccak classes use F1600 and XOF byte 0x80, which is effectively
+//! \details The Crypto++ Keccak implementation uses F1600 with XOF d=0x01.
-//!   the behavior specified by NIST at round three of the selection process. If you
+//!   FIPS 202 conformance (XOF d=0x06) is available in SHA3 classes.
-//!   desire FIPS 202 behavior, then use SHA3 classes.
 //! \details Keccak is the base class for Keccak_224, Keccak_256, Keccak_384 and Keccak_512.
 //!   Library users should instantiate a derived class, and only use Keccak
 //!   as a base class reference or pointer.
 //! \details Keccak will likely change in the future to accomodate extensibility of the
 //!   round function and the XOF functions.
-//! \details Perform the following to specify a different digest size. The class will use F1600, 0x80,
+//! \details Perform the following to specify a different digest size. The class will use F1600,
-//!   and a new vaue for <tt>r()</tt> (which will be <tt>200-2*24 = 152</tt>).
+//!   XOF d=0x01, and a new vaue for <tt>r()</tt> (which will be <tt>200-2*24 = 152</tt>).
 //!   <pre>  Keccack_192 : public Keccack
 //!   {
 //!     public:

mersenne.h

@@ -5,7 +5,7 @@
 //! \brief Class file for Mersenne Twister
 //! \warning MersenneTwister is suitable for Monte-Carlo simulations, where uniformaly distrubuted
 //!   numbers are required quickly. It should not be used for cryptographic purposes.
-
+//! \since Crypto++ 5.6.3
 #ifndef CRYPTOPP_MERSENNE_TWISTER_H
 #define CRYPTOPP_MERSENNE_TWISTER_H
 
@@ -25,6 +25,7 @@ NAMESPACE_BEGIN(CryptoPP)
 //! \details Provides the MersenneTwister implementation. The class is a header-only implementation.
 //! \warning MersenneTwister is suitable for simulations, where uniformaly distrubuted numbers are
 //!   required quickly. It should not be used for cryptographic purposes.
+//! \since Crypto++ 5.6.3
 template <unsigned int K, unsigned int M, unsigned int N, unsigned int F, unsigned long S>
 class MersenneTwister : public RandomNumberGenerator
 {
@@ -180,12 +181,17 @@ private:
 };
 
 //! \brief Original MT19937 generator provided in the ACM paper.
-//! \details Also see http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/ARTICLES/mt.pdf; uses 4537 as default initial seed.
+//! \details MT19937 uses 4537 as default initial seed.
+//! \sa <A HREF="http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/ARTICLES/mt.pdf">Mersenne twister: a 623-dimensionally
+//!   equidistributed uniform pseudo-random number generator</A>
+//! \since Crypto++ 5.6.3
 typedef MersenneTwister<0x9908B0DF /*2567483615*/, 397, 624, 0x10DCD /*69069*/, 4537> MT19937;
 
 //! \brief Updated MT19937 generator adapted to provide an array for initialization.
-//! \details Also see http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/MT2002/emt19937ar.html; uses 5489 as default initial seed.
+//! \details MT19937 uses 5489 as default initial seed. Use this generator when interoperating with C++11's
-//! \note Use this generator when interoperating with C++11's mt19937 class.
+//!   mt19937 class.
+//! \sa <A HREF="http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/MT2002/emt19937ar.html">Mersenne Twister with improved initialization</A>
+//! \since Crypto++ 5.6.3
 typedef MersenneTwister<0x9908B0DF /*2567483615*/, 397, 624, 0x6C078965 /*1812433253*/, 5489> MT19937ar;
 
 NAMESPACE_END

rw.h

@@ -52,6 +52,7 @@ protected:
 
 //! \class InvertibleRWFunction
 //! \brief Rabin-Williams trapdoor function using the private key
+//! \since Tweaked roots using <em>e</em> and <em>f</em> since Crypto++ 5.6.4
 class CRYPTOPP_DLL InvertibleRWFunction : public RWFunction, public TrapdoorFunctionInverse, public PrivateKey
 {
 	typedef InvertibleRWFunction ThisClass;

sha3.h

@@ -1,9 +1,9 @@
 // sha3.h - written and placed in the public domain by Wei Dai
 
 //! \file sha3.h
-//! \brief Classes for SHA-3 message digests
+//! \brief Classes for SHA3 message digests
-//! \details The Crypto++ SHA-3 conforms to FIPS 202 version of SHA-3.
+//! \details The Crypto++ implementation conforms to the FIPS 202 version of SHA3 using F1600 with XOF d=0x06.
-//!   Previous behavior is available in SHA3 classes.
+//!   Previous behavior (XOF d=0x01) is available in Keccak classes.
 //! \sa <a href="http://en.wikipedia.org/wiki/SHA-3">SHA-3</a>,
 //!   <A HREF="http://csrc.nist.gov/groups/ST/hash/sha-3/fips202_standard_2015.html">SHA-3 STANDARD (FIPS 202)</A>.
 //! \since Crypto++ 5.6.2
@@ -18,11 +18,13 @@ NAMESPACE_BEGIN(CryptoPP)
 
 //! \class SHA3
 //! \brief SHA3 message digest base class
-	//! \details SHA3 is the base class for SHA3_224, SHA3_256, SHA3_384 and SHA3_512.
+//! \details The Crypto++ implementation conforms to FIPS 202 version of SHA3 using F1600 with XOF d=0x06.
-	//!   Library users should instantiate a derived class, and only use SHA3
+//!   Previous behavior (XOF d=0x01) is available in Keccak classes.
-	//!   as a base class reference or pointer.
+//! \details SHA3 is the base class for SHA3_224, SHA3_256, SHA3_384 and SHA3_512.
-	//! \sa Keccak, SHA3_224, SHA3_256, SHA3_384 and SHA3_512.
+//!   Library users should instantiate a derived class, and only use SHA3
-	//! \since Crypto++ 5.6.2
+//!   as a base class reference or pointer.
+//! \sa Keccak, SHA3_224, SHA3_256, SHA3_384 and SHA3_512.
+//! \since Crypto++ 5.6.2
 class SHA3 : public HashTransformation
 {
 public: