Crypto++ 5.6.3 check-in

2015-11-22 19:17:15 -05:00 · 2015-11-22 19:17:15 -05:00 · 298988a5b9
parent 62618fda97
commit 298988a5b9
67 changed files with 2141 additions and 1824 deletions
--- a/3way.h
+++ b/3way.h
@ -1,8 +1,7 @@
 // 3way.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file 3way.h
-//! \headerfile 3way.h
+//! \brief Classes for the 3-Way block cipher
 //! \brief Class file for the 3way cipher
 #ifndef CRYPTOPP_THREEWAY_H
 #define CRYPTOPP_THREEWAY_H
--- a/33
+++ b/33
@ -269,6 +269,10 @@ LIB_MAJOR := $(shell echo $(LIB_VER) | cut -c 1)
 LIB_MINOR := $(shell echo $(LIB_VER) | cut -c 2)
 LIB_PATCH := $(shell echo $(LIB_VER) | cut -c 3)
 ifeq ($(strip $(LIB_PATCH)),)
 LIB_PATCH := 0
 endif
 all: cryptest.exe
 ifneq ($(IS_DARWIN),0)
@ -292,18 +296,18 @@ test check: cryptest.exe
 # Directory we want (can't specify on Doygen command line)
 DOCUMENT_DIRECTORY := ref$(LIB_VER)
 # Default directory (missing in config file)
 ifeq ($(strip $(DOXYGEN_DIRECTORY)),)
 DOXYGEN_DIRECTORY := html-docs
 endif
 # Directory Doxygen uses (specified in Doygen config file)
 ifeq ($(wildcard Doxyfile),Doxyfile)
 DOXYGEN_DIRECTORY := $(strip $(shell $(EGREP) "OUTPUT_DIRECTORY" Doxyfile | grep -v "\#" | cut -d "=" -f 2))
 endif
 # Default directory (missing in config file)
 ifeq ($(strip $(DOXYGEN_DIRECTORY)),)
 DOXYGEN_DIRECTORY := html-docs
 endif
 .PHONY: docs html
 docs html:
-	-$(RM) -r $(DOXYGEN_DIRECTORY)/ $(DOCUMENT_DIRECTORY)/
+	-$(RM) -r $(DOXYGEN_DIRECTORY)/ $(DOCUMENT_DIRECTORY)/ html-docs/
 	doxygen Doxyfile -d CRYPTOPP_DOXYGEN_PROCESSING
 	mv $(DOXYGEN_DIRECTORY)/ $(DOCUMENT_DIRECTORY)/
 	-$(RM) CryptoPPRef.zip
@ -404,7 +408,7 @@ diff:
 	-svn diff -r 541 > cryptopp$(LIB_VER).diff
 # This recipe prepares the distro files
-TEXT_FILES := *.h *.cpp *.asm *.S adhoc.cpp.proto License.txt Readme.txt Filelist.txt Doxyfile cryptest* cryptlib* dlltest* cryptdll* cryptopp.rc TestVectors/*.txt TestData/*.dat
+TEXT_FILES := *.h *.cpp adhoc.cpp.proto License.txt Readme.txt Install.txt Filelist.txt config.recommend Doxyfile cryptest* cryptlib* dlltest* cryptdll* *.sln *.vcproj *.dsw *.dsp cryptopp.rc TestVectors/*.txt TestData/*.dat
 EXEC_FILES := GNUmakefile GNUmakefile-cross cryptest.sh rdrand-nasm.sh TestData/ TestVectors/
 ifeq ($(wildcard Filelist.txt),Filelist.txt)
@ -413,12 +417,15 @@ endif
 .PHONY: convert
 convert:
-	chmod a-x $(TEXT_FILES)
+	chmod 0700 TestVectors/ TestData/
-	chmod u+x $(EXEC_FILES)
+	chmod 0600 $(TEXT_FILES) *.zip
-	chmod u+x cryptest.sh
+	chmod 0700 $(EXEC_FILES)
-	unix2dos --keepdate --quiet $(TEXT_FILES) rdrand-masm.cmd
+	chmod u+x *.cmd *.sh
-	unix2dos --keepdate --quiet *.sln *.vcproj
+	unix2dos --keepdate --quiet $(TEXT_FILES) *.asm *.cmd
-	dos2unix --keepdate --quiet GNUmakefile GNUmakefile-cross cryptest.sh rdrand-nasm.sh
+	dos2unix --keepdate --quiet GNUmakefile GNUmakefile-cross *.S *.sh
 ifneq ($(IS_DARWIN),0)
 	xattr -c *
 endif
 .PHONY: zip dist
 zip dist: | distclean convert diff
@ -435,7 +442,7 @@ bench benchmark benchmarks: cryptest.exe
 	echo "<BODY>" >> benchmarks.html
 	echo "<H1><a href=\"http://www.cryptopp.com\">Crypto++</a>" $(LIB_MAJOR).$(LIB_MINOR).$(LIB_REVISION) "Benchmarks</H1>" >> benchmarks.html
 	echo "<P>Here are speed benchmarks for some commonly used cryptographic algorithms.</P>"  >> benchmarks.html
-	cryptest.exe b 3 2.4 >> benchmarks.html
+	./cryptest.exe b 3 2.4 >> benchmarks.html
 	echo "</BODY>" >> benchmarks.html
 	echo "</HTML>" >> benchmarks.html
--- a/TestVectors/hkdf.txt
+++ b/TestVectors/hkdf.txt
@ -5,7 +5,7 @@ Comment: Test Case 4
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b
 Salt: 0x000102030405060708090a0b0c
 Info: 0xf0f1f2f3f4f5f6f7f8f9
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896
 Test: Verify
@ -16,7 +16,7 @@ Comment: Test Case 5
 Key: 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
 Salt: 0x606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
 Info: 0xb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-DerivedLength: 82
+DerivedKeyLength: 82
 DerivedKey: 0x0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4
 Test: Verify
@ -27,7 +27,7 @@ Comment: Test Case 6
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Salt: ""
 Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918
 Test: Verify
@ -38,7 +38,7 @@ Comment: Test Case 7
 Key: 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
 Salt: ""
 Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48
 Test: Verify
@ -49,7 +49,7 @@ Comment: Test Case 1
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Salt: 0x000102030405060708090a0b0c
 Info: 0xf0f1f2f3f4f5f6f7f8f9
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865
 Test: Verify
@ -60,7 +60,7 @@ Comment: Test Case 2
 Key: 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
 Salt: 0x606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
 Info: 0xb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-DerivedLength: 82
+DerivedKeyLength: 82
 DerivedKey: 0xb11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87
 Test: Verify
@ -71,7 +71,7 @@ Comment: Test Case 3
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Salt: ""
 Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8
 Test: Verify
@ -82,7 +82,7 @@ Comment: Test Case 8 (Mirror Tests 1 and 4)
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Salt: 0x000102030405060708090a0b0c
 Info: 0xf0f1f2f3f4f5f6f7f8f9
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x832390086CDA71FB47625BB5CEB168E4C8E26A1A16ED34D9FC7FE92C1481579338DA362CB8D9F925D7CB
 Test: Verify
@ -93,7 +93,7 @@ Comment: Test Case 9 (Mirror Tests 2 and 5)
 Key: 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
 Salt: 0x606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
 Info: 0xb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-DerivedLength: 82
+DerivedKeyLength: 82
 DerivedKey: 0xCE6C97192805B346E6161E821ED165673B84F400A2B514B2FE23D84CD189DDF1B695B48CBD1C8388441137B3CE28F16AA64BA33BA466B24DF6CFCB021ECFF235F6A2056CE3AF1DE44D572097A8505D9E7A93
 Test: Verify
@ -104,7 +104,7 @@ Comment: Test Case 10 (Mirror Test 3 and 6)
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Salt: ""
 Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0xF5FA02B18298A72A8C23898A8703472C6EB179DC204C03425C970E3B164BF90FFF22D04836D0E2343BAC
 Test: Verify
@ -115,7 +115,7 @@ Comment: Test Case 11
 Key: 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
 Salt: ""
 Info:
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x1407D46013D98BC6DECEFCFEE55F0F90B0C7F63D68EB1A80EAF07E953CFC0A3A5240A155D6E4DAA965BB
 Test: Verify
@ -126,7 +126,7 @@ Comment: Test Case 12 (Mirror Tests 3 and 6)
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Salt: ""
 Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0xF5FA02B18298A72A8C23898A8703472C6EB179DC204C03425C970E3B164BF90FFF22D04836D0E2343BAC
 Test: Verify
@ -137,7 +137,7 @@ Comment: Test Case 13 (Mirror Tests 1 and 4)
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Salt: 0x000102030405060708090a0b0c
 Info: 0xf0f1f2f3f4f5f6f7f8f9
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x0D29F74CCD8640F44B0DD9638111C1B5766EFED752AF358109E2E7C9CD4A28EF2F90B2AD461FBA0744D4
 Test: Verify
@ -148,7 +148,7 @@ Comment: Test Case 14 (Mirror Tests 2 and 5)
 Key: 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
 Salt: 0x606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
 Info: 0xb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-DerivedLength: 82
+DerivedKeyLength: 82
 DerivedKey: 0x4EBE4FE2DCCEC42661699500BE279A993FED90351E19373B3926FAA3A410700B2BBF77E254CF1451AE6068D64A0904D966F4FF25498445A501B88F50D21E3A68A890E09445DC5886DD00E7F4F7C58A512170
 Test: Verify
@ -159,7 +159,7 @@ Comment: Test Case 15 (Mirror Tests 3 and 6)
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Salt: ""
 Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x110632D0F7AEFAC31771FC66C22BB3462614B81E4B04BA7F2B662E0BD694F56458615F9A9CB56C57ECF2
 Test: Verify
@ -170,6 +170,6 @@ Comment: Test Case 16 (Mirror Test 7)
 Key: 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
 Salt: r64 0x00
 Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x4089286EBFB23DD8A02F0C9DAA35D538EB09CD0A8CBAB203F39083AA3E0BD313E6F91E64F21A187510B0
 Test: Verify
--- a/algparam.h
+++ b/algparam.h
@ -12,7 +12,7 @@
 #include "config.h"
 // TODO: fix 6011 when the API/ABI can change
-#if CRYPTOPP_MSC_VERSION
+#if (CRYPTOPP_MSC_VERSION >= 1400)
 # pragma warning(push)
 # pragma warning(disable: 6011 28193)
 #endif
@ -494,6 +494,11 @@ AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwI
 #define CRYPTOPP_SET_FUNCTION_ENTRY(name)		(Name::name(), &ThisClass::Set##name)
 #define CRYPTOPP_SET_FUNCTION_ENTRY2(name1, name2)	(Name::name1(), Name::name2(), &ThisClass::Set##name1##And##name2)
 // TODO: fix 6011 when the API/ABI can change
 #if (CRYPTOPP_MSC_VERSION >= 1400)
 # pragma warning(pop)
 #endif
 NAMESPACE_END
 #endif
--- a/arc4.h
+++ b/arc4.h
@ -1,7 +1,6 @@
 // arc4.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file arc4.h
 //! \headerfile arc4.h
 //! \brief Classes for ARC4 cipher
 #ifndef CRYPTOPP_ARC4_H
--- a/argnames.h
+++ b/argnames.h
@ -78,9 +78,9 @@ CRYPTOPP_DEFINE_NAME_STRING(MaxLineLength)		//< int
 CRYPTOPP_DEFINE_NAME_STRING(DigestSize)			//!< int, in bytes
 CRYPTOPP_DEFINE_NAME_STRING(L1KeyLength)		//!< int, in bytes
 CRYPTOPP_DEFINE_NAME_STRING(TableSize)			//!< int, in bytes
-CRYPTOPP_DEFINE_NAME_STRING(Blinding)			//!< bool
+CRYPTOPP_DEFINE_NAME_STRING(Blinding)			//!< bool, timing attack mitigations, ON by default
 CRYPTOPP_DEFINE_NAME_STRING(DerivedKey)			//!< ByteArrayParameter, key derivation, derived key
-CRYPTOPP_DEFINE_NAME_STRING(DerivedLength)		//!< int, key derivation, derived key length in bytes
+CRYPTOPP_DEFINE_NAME_STRING(DerivedKeyLength)	//!< int, key derivation, derived key length in bytes
 DOCUMENTED_NAMESPACE_END
 NAMESPACE_END
--- a/base32.h
+++ b/base32.h
@ -18,12 +18,32 @@ NAMESPACE_BEGIN(CryptoPP)
 class Base32Encoder : public SimpleProxyFilter
 {
 public:
-	Base32Encoder(BufferedTransformation *attachment = NULL, bool uppercase = true, int outputGroupSize = 0, const std::string &separator = ":", const std::string &terminator = "")
+	//! \brief Construct a Base32Encoder
 	//! \param attachment a BufferedTrasformation to attach to this object
 	//! \param uppercase a flag indicating uppercase output
 	//! \param groupSize the size of the grouping
 	//! \param separator the separator to use between groups
 	//! \param terminator the terminator appeand after processing
 	//! \details Base32Encoder() constructs a default encoder. The constructor lacks fields for padding and
 	//!   line breaks. You must use IsolatedInitialize() to change the default padding character or suppress it.
 	//! \sa IsolatedInitialize() for an example of modifying a Base32Encoder after construction.
 	Base32Encoder(BufferedTransformation *attachment = NULL, bool uppercase = true, int groupSize = 0, const std::string &separator = ":", const std::string &terminator = "")
 		: SimpleProxyFilter(new BaseN_Encoder(new Grouper), attachment)
 	{
-		IsolatedInitialize(MakeParameters(Name::Uppercase(), uppercase)(Name::GroupSize(), outputGroupSize)(Name::Separator(), ConstByteArrayParameter(separator))(Name::Terminator(), ConstByteArrayParameter(terminator)));
+		IsolatedInitialize(MakeParameters(Name::Uppercase(), uppercase)(Name::GroupSize(), groupSize)(Name::Separator(), ConstByteArrayParameter(separator))(Name::Terminator(), ConstByteArrayParameter(terminator)));
 	}
 	//! \brief Initialize or reinitialize this object, without signal propagation
 	//! \param parameters a set of NameValuePairs used to initialize this object
 	//! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable
 	//!   number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on attached
 	//!   transformations. If initialization should be propagated, then use the Initialize() function.
 	//! \details The following code modifies the padding and line break parameters for an encoder:
 	//!   <pre>
 	//!     Base32Encoder encoder;
 	//!     AlgorithmParameters params = MakeParameters(Pad(), false)(InsertLineBreaks(), false);
 	//!     encoder.IsolatedInitialize(params);
 	//!   </pre>
 	void IsolatedInitialize(const NameValuePairs &parameters);
 };
@ -34,6 +54,8 @@ public:
 class Base32Decoder : public BaseN_Decoder
 {
 public:
 	//! \brief Construct a Base32Decoder
 	//! \param attachment a BufferedTrasformation to attach to this object
 	Base32Decoder(BufferedTransformation *attachment = NULL)
 		: BaseN_Decoder(GetDefaultDecodingLookupArray(), 5, attachment) {}
--- a/base64.cpp
+++ b/base64.cpp
@ -5,7 +5,6 @@
 NAMESPACE_BEGIN(CryptoPP)
 // Base64
 static const byte s_stdVec[] =
    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
--- a/base64.h
+++ b/base64.h
@ -1,6 +1,6 @@
 // base64.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file base64.h
 //! \brief Classes for the Base64Encoder, Base64Decoder, Base64URLEncoder and Base64URLDecoder
 #ifndef CRYPTOPP_BASE64_H
@ -18,12 +18,30 @@ NAMESPACE_BEGIN(CryptoPP)
 class Base64Encoder : public SimpleProxyFilter
 {
 public:
 	//! \brief Construct a Base64Encoder
 	//! \param attachment a BufferedTrasformation to attach to this object
 	//! \param insertLineBreaks a BufferedTrasformation to attach to this object
 	//! \param maxLineLength the lenght of a line if line breaks are used
 	//! \details Base64Encoder() constructs a default encoder. The constructor lacks parameters for padding.
 	//!    You must use IsolatedInitialize() to modify the Base64Encoder after construction.
 	//! \sa IsolatedInitialize() for an example of modifying a Base64Encoder after construction.
 	Base64Encoder(BufferedTransformation *attachment = NULL, bool insertLineBreaks = true, int maxLineLength = 72)
 		: SimpleProxyFilter(new BaseN_Encoder(new Grouper), attachment)
 	{
 		IsolatedInitialize(MakeParameters(Name::InsertLineBreaks(), insertLineBreaks)(Name::MaxLineLength(), maxLineLength));
 	}
 	//! \brief Initialize or reinitialize this object, without signal propagation
 	//! \param parameters a set of NameValuePairs used to initialize this object
 	//! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable
 	//!   number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on attached
 	//!   transformations. If initialization should be propagated, then use the Initialize() function.
 	//! \details The following code modifies the padding and line break parameters for an encoder:
 	//!   <pre>
 	//!     Base64Encoder encoder;
 	//!     AlgorithmParameters params = MakeParameters(Pad(), false)(InsertLineBreaks(), false);
 	//!     encoder.IsolatedInitialize(params);
 	//!   </pre>
 	void IsolatedInitialize(const NameValuePairs &parameters);
 };
@ -34,9 +52,16 @@ public:
 class Base64Decoder : public BaseN_Decoder
 {
 public:
 	//! \brief Construct a Base64Decoder
 	//! \param attachment a BufferedTrasformation to attach to this object
 	Base64Decoder(BufferedTransformation *attachment = NULL)
 		: BaseN_Decoder(GetDecodingLookupArray(), 6, attachment) {}
 	//! \brief Initialize or reinitialize this object, without signal propagation
 	//! \param parameters a set of NameValuePairs used to initialize this object
 	//! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable
 	//!   number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on
 	//!  attached transformations. If initialization should be propagated, then use the Initialize() function.
 	void IsolatedInitialize(const NameValuePairs &parameters)
 		{CRYPTOPP_UNUSED(parameters);}
@ -51,12 +76,33 @@ private:
 class Base64URLEncoder : public SimpleProxyFilter
 {
 public:
 	//! \brief Construct a Base64URLEncoder
 	//! \param attachment a BufferedTrasformation to attach to this object
 	//! \param insertLineBreaks a BufferedTrasformation to attach to this object
 	//! \param maxLineLength the lenght of a line if line breaks are used
 	//! \details Base64URLEncoder() constructs a default encoder. The constructor ignores insertLineBreaks
 	//!   and maxLineLength because the web and URL safe specifications don't use them. They are present
 	//!   in the constructor for API compatibility with Base64Encoder (drop-in replacement). The
 	//!   constructor also disables padding on the encoder for the same reason.
 	//! \details If you need line breaks or padding, then you must use IsolatedInitialize() to set them
 	//!   after constructing a Base64URLEncoder.
 	//! \sa IsolatedInitialize() for an example of modifying a Base64URLEncoder after construction.
 	Base64URLEncoder(BufferedTransformation *attachment = NULL, bool insertLineBreaks = false, int maxLineLength = -1)
 		: SimpleProxyFilter(new BaseN_Encoder(new Grouper), attachment)
 	{
-		IsolatedInitialize(MakeParameters(Name::InsertLineBreaks(), insertLineBreaks)(Name::MaxLineLength(), maxLineLength));
+		CRYPTOPP_UNUSED(insertLineBreaks), CRYPTOPP_UNUSED(maxLineLength);
 		IsolatedInitialize(MakeParameters(Name::InsertLineBreaks(), false)(Name::MaxLineLength(), -1)(Name::Pad(),false));
 	}
 	//! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable
 	//!   number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on attached
 	//!   transformations. If initialization should be propagated, then use the Initialize() function.
 	//! \details The following code modifies the padding and line break parameters for an encoder:
 	//!   <pre>
 	//!     Base64URLEncoder encoder;
 	//!     AlgorithmParameters params = MakeParameters(Name::Pad(), true)(Name::InsertLineBreaks(), true);
 	//!     encoder.IsolatedInitialize(params);
 	//!   </pre>
 	void IsolatedInitialize(const NameValuePairs &parameters);
 };
@ -67,9 +113,16 @@ public:
 class Base64URLDecoder : public BaseN_Decoder
 {
 public:
 	//! \brief Construct a Base64URLDecoder
 	//! \param attachment a BufferedTrasformation to attach to this object
 	Base64URLDecoder(BufferedTransformation *attachment = NULL)
 		: BaseN_Decoder(GetDecodingLookupArray(), 6, attachment) {}
 	//! \brief Initialize or reinitialize this object, without signal propagation
 	//! \param parameters a set of NameValuePairs used to initialize this object
 	//! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable
 	//!   number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on
 	//!  attached transformations. If initialization should be propagated, then use the Initialize() function.
 	void IsolatedInitialize(const NameValuePairs &parameters)
 		{CRYPTOPP_UNUSED(parameters);}
--- a/basecode.h
+++ b/basecode.h
@ -14,15 +14,24 @@
 NAMESPACE_BEGIN(CryptoPP)
 //! \class BaseN_Encoder
-//! \details base n encoder, where n is a power of 2
+//! \brief Encoder for bases that are a power of 2
 class CRYPTOPP_DLL BaseN_Encoder : public Unflushable<Filter>
 {
 public:
 	//! \brief Construct a BaseN_Encoder
 	//! \param attachment a BufferedTransformation to attach to this object
 	BaseN_Encoder(BufferedTransformation *attachment=NULL)
 		: m_alphabet(NULL), m_padding(0), m_bitsPerChar(0)
 		, m_outputBlockSize(0), m_bytePos(0), m_bitPos(0)
 			{Detach(attachment);}
 	//! \brief Construct a BaseN_Encoder
 	//! \param alphabet table of ASCII characters to use as the alphabet
 	//! \param log2base the log<sub>2</sub>base
 	//! \param attachment a BufferedTransformation to attach to this object
 	//! \param padding the character to use as padding
 	//! \pre log2base must be between 1 and 7 inclusive
 	//! \throws InvalidArgument if log2base is not between 1 and 7
 	BaseN_Encoder(const byte *alphabet, int log2base, BufferedTransformation *attachment=NULL, int padding=-1)
 		: m_alphabet(NULL), m_padding(0), m_bitsPerChar(0)
 		, m_outputBlockSize(0), m_bytePos(0), m_bitPos(0)
@ -45,15 +54,27 @@ private:
 };
 //! \class BaseN_Decoder
-//! \details base n encoder, where n is a power of 2
+//! \brief Decoder for bases that are a power of 2
 class CRYPTOPP_DLL BaseN_Decoder : public Unflushable<Filter>
 {
 public:
 	//! \brief Construct a BaseN_Decoder
 	//! \param attachment a BufferedTransformation to attach to this object
 	//! \details padding is set to -1, which means use default padding. If not
 	//!   required, then the value must be set via IsolatedInitialize().
 	BaseN_Decoder(BufferedTransformation *attachment=NULL)
 		: m_lookup(0), m_padding(0), m_bitsPerChar(0)
 		, m_outputBlockSize(0), m_bytePos(0), m_bitPos(0)
 			{Detach(attachment);}
 	//! \brief Construct a BaseN_Decoder
 	//! \param lookup table of values
 	//! \param log2base the log<sub>2</sub>base
 	//! \param attachment a BufferedTransformation to attach to this object
 	//! \details log2base is the exponent (like 5 in 2<sup>5</sup>), and not
 	//!   the number of elements (like 32).
 	//! \details padding is set to -1, which means use default padding. If not
 	//!   required, then the value must be set via IsolatedInitialize().
 	BaseN_Decoder(const int *lookup, int log2base, BufferedTransformation *attachment=NULL)
 		: m_lookup(0), m_padding(0), m_bitsPerChar(0)
 		, m_outputBlockSize(0), m_bytePos(0), m_bitPos(0)
@ -65,6 +86,16 @@ public:
 	void IsolatedInitialize(const NameValuePairs &parameters);
 	size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking);
 	//! \brief Intializes BaseN lookup array
 	//! \param lookup table of values
 	//! \param alphabet table of ASCII characters
 	//! \param base the base for the encoder
 	//! \param caseInsensitive flag indicating whether the alpabet is case sensitivie
 	//! \pre COUNTOF(lookup) == 256
 	//! \pre COUNTOF(alphabet) == base
 	//! \details Internally, the function sets the first 256 elements in the lookup table to
 	//   their value from the alphabet array or -1. base is the number of element (like 32),
 	//!  and not an exponent (like 5 in 2<sup>5</sup>)
 	static void CRYPTOPP_API InitializeDecodingLookupArray(int *lookup, const byte *alphabet, unsigned int base, bool caseInsensitive);
 private:
@ -74,13 +105,21 @@ private:
 	SecByteBlock m_outBuf;
 };
-//! filter that breaks input stream into groups of fixed size
+//! \class Grouper
 //! \brief Filter that breaks input stream into groups of fixed size
 class CRYPTOPP_DLL Grouper : public Bufferless<Filter>
 {
 public:
 	//! \brief Construct a Grouper
 	//! \param attachment a BufferedTransformation to attach to this object
 	Grouper(BufferedTransformation *attachment=NULL)
 		: m_groupSize(0), m_counter(0) {Detach(attachment);}
 	//! \brief Construct a Grouper
 	//! \param groupSize the size of the grouping
 	//! \param separator the separator to use between groups
 	//! \param terminator the terminator appeand after processing
 	//! \param attachment a BufferedTransformation to attach to this object
 	Grouper(int groupSize, const std::string &separator, const std::string &terminator, BufferedTransformation *attachment=NULL)
 		: m_groupSize(0), m_counter(0)
 	{
--- a/bench.cpp
+++ b/bench.cpp
@ -379,7 +379,7 @@ void BenchmarkAll(double t, double hertz)
 	cout << "Throughput Geometric Average: " << setiosflags(ios::fixed) << exp(logtotal/(logcount ? logcount : 1)) << endl;
 // Safer functions on Windows for C&A, https://github.com/weidai11/cryptopp/issues/55
-#if defined(CRYPTOPP_MSC_VERSION)
+#if (CRYPTOPP_MSC_VERSION >= 1400)
 	tm localTime = {};
 	char timeBuf[64];
 	errno_t err;
--- a/blowfish.h
+++ b/blowfish.h
@ -1,7 +1,7 @@
 // blowfish.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file blowfish.h
-//! \brief Classes for the Blowfish algorithm
+//! \brief Classes for the Blowfish block cipher
 #ifndef CRYPTOPP_BLOWFISH_H
 #define CRYPTOPP_BLOWFISH_H
--- a/camellia.cpp
+++ b/camellia.cpp
@ -13,7 +13,10 @@ See comments at top of rijndael.cpp for more details.
 #include "config.h"
 #if CRYPTOPP_MSC_VERSION
-# pragma warning(disable: 4456 6246)
+# pragma warning(disable: 4456)
 # if (CRYPTOPP_MSC_VERSION >= 1400)
 #  pragma warning(disable: 6246)
 # endif
 #endif
 #include "camellia.h"
--- a/camellia.h
+++ b/camellia.h
@ -1,15 +1,11 @@
 // camellia.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file camellia.h
-//! \headerfile camellia.h
+//! \brief Classes for the Cameliia block cipher
 //! \brief Classes for Cameliia cipher
 #ifndef CRYPTOPP_CAMELLIA_H
 #define CRYPTOPP_CAMELLIA_H
 /** \file
 */
 #include "config.h"
 #include "seckey.h"
 #include "secblock.h"
--- a/cast.h
+++ b/cast.h
@ -1,15 +1,11 @@
 // cast.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file cast.h
-//! \headerfile cast.h
+//! \brief Classes for the CAST-128 and CAST-256 block ciphers
 //! \brief Classes for CAST cipher
 #ifndef CRYPTOPP_CAST_H
 #define CRYPTOPP_CAST_H
 /** \file
 */
 #include "seckey.h"
 #include "secblock.h"
--- a/config.h
+++ b/config.h
@ -1,7 +1,6 @@
 // config.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file config.h
 //! \headerfile config.h
 //! \brief Library configuration file
 #ifndef CRYPTOPP_CONFIG_H
--- a/cryptest.sh
+++ b/cryptest.sh
@ -7,9 +7,9 @@
 # to automate building the library and running the self test with various
 # combinations of flags, options, and conditions.
-# Everything is tee'd into cryptest-result.txt. Change it to suite your taste.
+# Everything is tee'd into cryptest-result.txt. Change it to suite your taste. You
-# You should be able to use `egrep "(error|FAILED)" cryptest-result.txt` to
+# should be able to use `egrep -a "(Error|error|FAILED|Illegal)" cryptest-result.txt`
-# quickly find errors and failures.
+# to quickly find errors and failures.
 # Set to suite your taste
 TEST_RESULTS=cryptest-result.txt
@ -142,10 +142,6 @@ echo "User CXXFLAGS: $CXXFLAGS"
 echo "Retained CXXFLAGS: $ADD_CXXFLAGS"
 echo "Compiler:" $($CXX --version | head -1)
 # Remove previous test results
 rm -f "$TEST_RESULTS" > /dev/null 2>&1
 touch "$TEST_RESULTS"
 TEST_BEGIN=$(date)
 echo
 echo "Start time: $TEST_BEGIN"
@ -153,6 +149,16 @@ echo "Start time: $TEST_BEGIN"
 ############################################
 ############################################
 # Remove previous test results
 rm -f "$TEST_RESULTS" > /dev/null 2>&1
 touch "$TEST_RESULTS"
 rm -f "$BENCHMARK_RESULTS" > /dev/null 2>&1
 touch "$BENCHMARK_RESULTS"
 rm -f "$WARN_RESULTS" > /dev/null 2>&1
 touch "$WARN_RESULTS"
 ############################################
 # Basic debug build
 echo
--- a/cryptlib.h
+++ b/cryptlib.h
@ -7,22 +7,26 @@
 <dl>
 <dt>Abstract Base Classes<dd>
 	cryptlib.h
-<dt>Authenticated Encryption<dd>
+<dt>Authenticated Encryption Modes<dd>
-	AuthenticatedSymmetricCipherDocumentation
+	CCM, EAX, \ref GCM "GCM (2K tables)", \ref GCM "GCM (64K tables)"
-<dt>Symmetric Ciphers<dd>
+<dt>Block Ciphers<dd>
-	SymmetricCipherDocumentation
+	\ref Rijndael "AES", Weak::ARC4, Blowfish, BTEA, Camellia, CAST128, CAST256, DES, \ref DES_EDE2 "2-key Triple-DES", \ref DES_EDE3 "3-key Triple-DES",
 	\ref DES_XEX3 "DESX", GOST, IDEA, \ref LR "Luby-Rackoff", MARS, RC2, RC5, RC6, \ref SAFER_K "SAFER-K", \ref SAFER_SK "SAFER-SK", SEED, Serpent,
 	\ref SHACAL2 "SHACAL-2", SHARK, SKIPJACK,
 Square, TEA, \ref ThreeWay "3-Way", Twofish, XTEA
 <dt>Stream Ciphers<dd>
 	\ref Panama "Panama-LE", \ref Panama "Panama-BE", Salsa20, \ref SEAL "SEAL-LE", \ref SEAL "SEAL-BE", WAKE, XSalsa20
 <dt>Hash Functions<dd>
-	SHA1, SHA224, SHA256, SHA384, SHA512, Tiger, Whirlpool, RIPEMD160, RIPEMD320, RIPEMD128, RIPEMD256, Weak::MD2, Weak::MD4, Weak::MD5
+	SHA1, SHA224, SHA256, SHA384, SHA512, \ref SHA3 "SHA-3", Tiger, Whirlpool, RIPEMD160, RIPEMD320, RIPEMD128, RIPEMD256, Weak::MD2, Weak::MD4, Weak::MD5
 <dt>Non-Cryptographic Checksums<dd>
 	CRC32, Adler32
 <dt>Message Authentication Codes<dd>
-	VMAC, HMAC, CBC_MAC, CMAC, DMAC, TTMAC, GCM (GMAC)
+	VMAC, HMAC, CBC_MAC, CMAC, DMAC, TTMAC, \ref GCM "GCM (GMAC)"
 <dt>Random Number Generators<dd>
-	NullRNG(), LC_RNG, RandomPool, BlockingRng, NonblockingRng, AutoSeededRandomPool, AutoSeededX917RNG
+	NullRNG(), LC_RNG, RandomPool, BlockingRng, NonblockingRng, AutoSeededRandomPool, AutoSeededX917RNG,
-<dt>Key Derivation<dd>
+	\ref MersenneTwister "MersenneTwister (MT19937 and MT19937-AR)", RDRAND, RDSEED
-	HKDF
+<dt>Key Derivation and Password-based Cryptography<dd>
-<dt>Password-based Cryptography<dd>
+	HKDF, \ref PKCS12_PBKDF "PBKDF (PKCS #12)", \ref PKCS5_PBKDF1 "PBKDF-1 (PKCS #5)", \ref PKCS5_PBKDF2_HMAC "PBKDF-2/HMAC (PKCS #5)"
 	PasswordBasedKeyDerivationFunction
 <dt>Public Key Cryptosystems<dd>
 	DLIES, ECIES, LUCES, RSAES, RabinES, LUC_IES
 <dt>Public Key Signature Schemes<dd>
@ -31,8 +35,7 @@
 	DH, DH2, MQV, ECDH, ECMQV, XTR_DH
 <dt>Algebraic Structures<dd>
 	Integer, PolynomialMod2, PolynomialOver, RingOfPolynomialsOver,
-	ModularArithmetic, MontgomeryRepresentation, GFP2_ONB,
+	ModularArithmetic, MontgomeryRepresentation, GFP2_ONB, GF2NP, GF256, GF2_32, EC2N, ECP
 	GF2NP, GF256, GF2_32, EC2N, ECP
 <dt>Secret Sharing and Information Dispersal<dd>
 	SecretSharing, SecretRecovery, InformationDispersal, InformationRecovery
 <dt>Compression<dd>
@ -40,23 +43,23 @@
 <dt>Input Source Classes<dd>
 	StringSource, ArraySource, FileSource, SocketSource, WindowsPipeSource, RandomNumberSource
 <dt>Output Sink Classes<dd>
-	StringSinkTemplate, ArraySink, FileSink, SocketSink, WindowsPipeSink, RandomNumberSink
+	StringSinkTemplate, StringSink, ArraySink, FileSink, SocketSink, WindowsPipeSink, RandomNumberSink
 <dt>Filter Wrappers<dd>
 	StreamTransformationFilter, HashFilter, HashVerificationFilter, SignerFilter, SignatureVerificationFilter
 <dt>Binary to Text Encoders and Decoders<dd>
-	HexEncoder, HexDecoder, Base64Encoder, Base64Decoder, Base32Encoder, Base32Decoder
+	HexEncoder, HexDecoder, Base64Encoder, Base64Decoder, Base64URLEncoder, Base64URLDecoder, Base32Encoder, Base32Decoder
 <dt>Wrappers for OS features<dd>
 	Timer, Socket, WindowsHandle, ThreadLocalStorage, ThreadUserTimer
-<dt>FIPS 140 related<dd>
+<dt>FIPS 140 validated cryptography<dd>
 	fips140.h
 </dl>
 In the DLL version of Crypto++, only the following implementation class are available.
 <dl>
 <dt>Block Ciphers<dd>
-	AES, DES_EDE2, DES_EDE3, SKIPJACK
+	AES, \ref DES_EDE2 "2-key Triple-DES", \ref DES_EDE3 "3-key Triple-DES", SKIPJACK
 <dt>Cipher Modes (replace template parameter BC with one of the block ciphers above)<dd>
-	ECB_Mode\<BC\>, CTR_Mode\<BC\>, CBC_Mode\<BC\>, CFB_FIPS_Mode\<BC\>, OFB_Mode\<BC\>, GCM\<AES\>
+	\ref ECB_Mode "ECB_Mode<BC>", \ref CTR_Mode "CTR_Mode<BC>", \ref CBC_Mode "CBC_Mode<BC>", \ref CFB_FIPS_Mode "CFB_FIPS_Mode<BC>", \ref OFB_Mode "OFB_Mode<BC>", \ref GCM "GCM<AES>"
 <dt>Hash Functions<dd>
 	SHA1, SHA224, SHA256, SHA384, SHA512
 <dt>Public Key Signature Schemes (replace template parameter H with one of the hash functions above)<dd>
@ -230,11 +233,13 @@ struct CRYPTOPP_DLL DecodingResult
 	bool operator==(const DecodingResult &rhs) const {return isValidCoding == rhs.isValidCoding && messageLength == rhs.messageLength;}
 	//! \brief Compare two DecodingResult
 	//! \param rhs the other DecodingResult
-	//! \returns  true if both isValidCoding and messageLength are \a not equal,  false otherwise
+	//! \returns true if either isValidCoding or messageLength is \a not equal, false otherwise
 	//! \details Returns <tt>!operator==(rhs)</tt>.
 	bool operator!=(const DecodingResult &rhs) const {return !operator==(rhs);}
 	//! \brief Flag to indicate the decoding is valid
 	bool isValidCoding;
 	//! \brief Recovered message length if isValidCoding is true, undefined otherwise
 	size_t messageLength;
 #ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
@ -1169,6 +1174,7 @@ public:
 	word16 GetShort(word16 a=0, word16 b=0xffff) {return (word16)GenerateWord32(a, b);}
 	void GetBlock(byte *output, size_t size) {GenerateBlock(output, size);}
 #endif
 };
 //! \brief Random Number Generator that does not produce random numbers
@ -1910,7 +1916,7 @@ public:
 	virtual void AssignFrom(const NameValuePairs &source) =0;
 	//! \brief Check this object for errors
-	//! \param rng a  RandomNumberGenerator for objects which use randominzed testing
+	//! \param rng a RandomNumberGenerator for objects which use randomized testing
 	//! \param level the level of thoroughness
 	//! \returns  true if the tests succeed,  false otherwise
 	//! \details There are four levels of thoroughness:
@ -1920,13 +1926,13 @@ public:
 	//!   <li>2 - ensure this object will function correctly, and perform reasonable security checks
 	//!   <li>3 - perform reasonable security checks, and do checks that may take a long time
 	//!   </ul>
-	//! \details Level 0 does not require a  RandomNumberGenerator. A  NullRNG () can be used for level 0.
+	//! \details Level 0 does not require a  RandomNumberGenerator. A  NullRNG() can be used for level 0.
 	//! \details Level 1 may not check for weak keys and such.
 	//! \details Levels 2 and 3 are recommended.
 	virtual bool Validate(RandomNumberGenerator &rng, unsigned int level) const =0;
 	//! \brief Check this object for errors
-	//! \param rng a  RandomNumberGenerator for objects which use randominzed testing
+	//! \param rng a RandomNumberGenerator for objects which use randomized testing
 	//! \param level the level of thoroughness
 	//! \throws InvalidMaterial
 	//! \details Internally,  ThrowIfInvalid() calls  Validate() and throws  InvalidMaterial if validation fails.
@ -2153,42 +2159,58 @@ public:
 #endif
 };
 //! \class PK_Encryptor
 //! \brief Interface for public-key encryptors
 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Encryptor : public PK_CryptoSystem, public PublicKeyAlgorithm
 {
 public:
-	//! exception thrown when trying to encrypt plaintext of invalid length
+	//! \brief Exception thrown when trying to encrypt plaintext of invalid length
 	class CRYPTOPP_DLL InvalidPlaintextLength : public Exception
 	{
 	public:
 		InvalidPlaintextLength() : Exception(OTHER_ERROR, "PK_Encryptor: invalid plaintext length") {}
 	};
-	//! encrypt a byte string
+	//! \brief Encrypt a byte string
-	/*! re CiphertextLength(plaintextLength) != 0 (i.e., plaintext isn't too long)
+	//! \param rng a RandomNumberGenerator derived class
-		re size of ciphertext == CiphertextLength(plaintextLength)
+	//! \param plaintext the plaintext byte buffer
-	*/
+	//! \param plaintextLength the size of the plaintext byte buffer
 	//! \param ciphertext a byte buffer to hold the encrypted string
 	//! \param parameters additional configuration options
 	//! \pre <tt>CiphertextLength(plaintextLength) != 0</tt> ensures the plaintext isn't too large
 	//! \pre <tt>COUNTOF(ciphertext) == CiphertextLength(plaintextLength)</tt> ensures the output
 	//!   byte buffer is large enough.
 	//! \sa PK_Decryptor
 	virtual void Encrypt(RandomNumberGenerator &rng, 
 		const byte *plaintext, size_t plaintextLength, 
 		byte *ciphertext, const NameValuePairs &parameters = g_nullNameValuePairs) const =0;
-	//! create a new encryption filter
+	//! \brief Create a new encryption filter
-	/*! \note The caller is responsible for deleting the returned pointer.
+	//! \note The caller is responsible for deleting the returned pointer.
-		\note Encoding parameters should be passed in the "EP" channel.
+	//! \note Encoding parameters should be passed in the "EP" channel.
 	*/
 	virtual BufferedTransformation * CreateEncryptionFilter(RandomNumberGenerator &rng, 
 		BufferedTransformation *attachment=NULL, const NameValuePairs &parameters = g_nullNameValuePairs) const;
 };
 //! \class PK_Decryptor
 //! \brief Interface for public-key decryptors
 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Decryptor : public PK_CryptoSystem, public PrivateKeyAlgorithm
 {
 public:
-	//! decrypt a byte string, and return the length of plaintext
+	//! \brief Decrypt a byte string
-	/*! re size of plaintext == MaxPlaintextLength(ciphertextLength) bytes.
+	//! \param rng a RandomNumberGenerator derived class
-		\returns the actual length of the plaintext, indication that decryption failed.
+	//! \param ciphertext the encrypted byte buffer
-	*/
+	//! \param ciphertextLength the size of the encrypted byte buffer
 	//! \param plaintext a byte buffer to hold the decrypted string
 	//! \param parameters additional configuration options
 	//! \returns the result of the decryption operation
 	//! \pre <tt>COUNTOF(plaintext) == MaxPlaintextLength(ciphertextLength)</tt> ensures the output
 	//!   byte buffer is large enough
 	//! \details If DecodingResult::isValidCoding is true, then DecodingResult::messageLength
 	//!   is valid and holds the the actual length of the plaintext recovered.
 	//!   on success. The result is undefined if decryption failed. If DecodingResult::isValidCoding
 	//!   is false, then DecodingResult::messageLength is undefined.
 	//! \sa PK_Encryptor
 	virtual DecodingResult Decrypt(RandomNumberGenerator &rng, 
 		const byte *ciphertext, size_t ciphertextLength, 
 		byte *plaintext, const NameValuePairs &parameters = g_nullNameValuePairs) const =0;
@ -2295,25 +2317,25 @@ public:
 	virtual void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const =0;
 	//! sign and delete messageAccumulator (even in case of exception thrown)
-	/*! re size of signature == MaxSignatureLength()
+	/*! \pre size of signature == MaxSignatureLength()
 		\returns actual signature length
 	*/
 	virtual size_t Sign(RandomNumberGenerator &rng, PK_MessageAccumulator *messageAccumulator, byte *signature) const;
 	//! sign and restart messageAccumulator
-	/*! re size of signature == MaxSignatureLength()
+	/*! \pre size of signature == MaxSignatureLength()
 		\returns actual signature length
 	*/
 	virtual size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart=true) const =0;
 	//! sign a message
-	/*! re size of signature == MaxSignatureLength()
+	/*! \pre size of signature == MaxSignatureLength()
 		\returns actual signature length
 	*/
 	virtual size_t SignMessage(RandomNumberGenerator &rng, const byte *message, size_t messageLen, byte *signature) const;
 	//! sign a recoverable message
-	/*! re size of signature == MaxSignatureLength(recoverableMessageLength)
+	/*! \pre size of signature == MaxSignatureLength(recoverableMessageLength)
 		\returns actual signature length
 	*/
 	virtual size_t SignMessageWithRecovery(RandomNumberGenerator &rng, const byte *recoverableMessage, size_t recoverableMessageLength, 
@ -2351,17 +2373,17 @@ public:
 		const byte *signature, size_t signatureLength) const;
 	//! recover a message from its signature
-	/*! re size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
+	/*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
 	*/
 	virtual DecodingResult Recover(byte *recoveredMessage, PK_MessageAccumulator *messageAccumulator) const;
 	//! recover a message from its signature
-	/*! re size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
+	/*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
 	*/
 	virtual DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const =0;
 	//! recover a message from its signature
-	/*! re size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
+	/*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
 	*/
 	virtual DecodingResult RecoverMessage(byte *recoveredMessage, 
 		const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, 
@ -2388,7 +2410,7 @@ public:
 	//! return length of public keys in this domain
 	virtual unsigned int PublicKeyLength() const =0;
 	//! generate private key
-	/*! re size of privateKey == PrivateKeyLength() */
+	/*! \pre size of privateKey == PrivateKeyLength() */
 	virtual void GeneratePrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0;
 	//! generate public key
 	/*!	re size of publicKey == PublicKeyLength() */
@ -2399,8 +2421,8 @@ public:
 	//! derive agreed value from your private key and couterparty's public key, return false in case of failure
 	/*! \note If you have previously validated the public key, use validateOtherPublicKey=false to save time.
 		re size of agreedValue == AgreedValueLength()
-		re length of privateKey == PrivateKeyLength()
+		\pre length of privateKey == PrivateKeyLength()
-		re length of otherPublicKey == PublicKeyLength()
+		\pre length of otherPublicKey == PublicKeyLength()
 	*/
 	virtual bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const =0;
@ -2431,7 +2453,7 @@ public:
 	//! return length of static public keys in this domain
 	virtual unsigned int StaticPublicKeyLength() const =0;
 	//! generate static private key
-	/*! re size of privateKey == PrivateStaticKeyLength() */
+	/*! \pre size of privateKey == PrivateStaticKeyLength() */
 	virtual void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0;
 	//! generate static public key
 	/*!	re size of publicKey == PublicStaticKeyLength() */
@ -2444,25 +2466,26 @@ public:
 	virtual unsigned int EphemeralPrivateKeyLength() const =0;
 	//! return length of ephemeral public keys in this domain
 	virtual unsigned int EphemeralPublicKeyLength() const =0;
-	//! generate ephemeral private key
+	//! \brief Generate ephemeral private key
-	/*! re size of privateKey == PrivateEphemeralKeyLength() */
+	//! \pre size of privateKey == PrivateEphemeralKeyLength()
 	virtual void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0;
-	//! generate ephemeral public key
+	//! \brief Generate ephemeral public key
-	/*!	re size of publicKey == PublicEphemeralKeyLength() */
+	//! \pre size of publicKey == PublicEphemeralKeyLength()
 	virtual void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const =0;
-	//! generate private/public key pair
+	//! \brief Generate private/public key pair
 	/*! \note equivalent to calling GenerateEphemeralPrivateKey() and then GenerateEphemeralPublicKey() */
 	virtual void GenerateEphemeralKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const;
-	//! derive agreed value from your private keys and couterparty's public keys, return false in case of failure
+	//! \brief Derive agreed value
-	/*! \note The ephemeral public key will always be validated.
+	//! \returns true upon success, false in case of failure
-		      If you have previously validated the static public key, use validateStaticOtherPublicKey=false to save time.
+	//! \details Agree() derives an agreed value from your private keys and couterparty's public keys
-		re size of agreedValue == AgreedValueLength()
+	//! \details The ephemeral public key will always be validated. If you have previously validated the
-		re length of staticPrivateKey == StaticPrivateKeyLength()
+	//!   static public key, use validateStaticOtherPublicKey=false to save time.
-		re length of ephemeralPrivateKey == EphemeralPrivateKeyLength()
+	//! \pre size of agreedValue == AgreedValueLength()
-		re length of staticOtherPublicKey == StaticPublicKeyLength()
+	//! \pre length of staticPrivateKey == StaticPrivateKeyLength()
-		re length of ephemeralOtherPublicKey == EphemeralPublicKeyLength()
+	//! \pre length of ephemeralPrivateKey == EphemeralPrivateKeyLength()
-	*/
+	//! \pre length of staticOtherPublicKey == StaticPublicKeyLength()
 	//! \pre length of ephemeralOtherPublicKey == EphemeralPublicKeyLength()
 	virtual bool Agree(byte *agreedValue,
 		const byte *staticPrivateKey, const byte *ephemeralPrivateKey,
 		const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey,
--- a/datatest.cpp
+++ b/datatest.cpp
@ -610,10 +610,10 @@ void TestKeyDerivationFunction(TestData &v)
 	std::string salt = GetDecodedDatum(v, "Salt");
 	std::string info = GetDecodedDatum(v, "Info");
 	std::string derived = GetDecodedDatum(v, "DerivedKey");
-	std::string t = GetDecodedDatum(v, "DerivedLength");
+	std::string t = GetDecodedDatum(v, "DerivedKeyLength");
 	TestDataNameValuePairs pairs(v);
-	unsigned int length = pairs.GetIntValueWithDefault(Name::DerivedLength(), (int)derived.size());
+	unsigned int length = pairs.GetIntValueWithDefault(Name::DerivedKeyLength(), (int)derived.size());
 	member_ptr<KeyDerivationFunction> kdf;
 	kdf.reset(ObjectFactoryRegistry<KeyDerivationFunction>::Registry().CreateObject(name.c_str()));
--- a/default.cpp
+++ b/default.cpp
@ -20,8 +20,8 @@ NAMESPACE_BEGIN(CryptoPP)
 static const unsigned int MASH_ITERATIONS = 200;
 static const unsigned int SALTLENGTH = 8;
-static const unsigned int BLOCKSIZE = Default_BlockCipher::Encryption::BLOCKSIZE;
+static const unsigned int BLOCKSIZE = DefaultBlockCipher::Encryption::BLOCKSIZE;
-static const unsigned int KEYLENGTH = Default_BlockCipher::Encryption::DEFAULT_KEYLENGTH;
+static const unsigned int KEYLENGTH = DefaultBlockCipher::Encryption::DEFAULT_KEYLENGTH;
 // The purpose of this function Mash() is to take an arbitrary length input
 // string and *deterministicly* produce an arbitrary length output string such
@ -270,3 +270,4 @@ void DefaultDecryptorWithMAC::LastPut(const byte *inString, size_t length)
 }
 NAMESPACE_END
--- a/default.h
+++ b/default.h
@ -1,8 +1,7 @@
 // default.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file default.h
-//! \headerfile default.h
+//! \brief Classes for DefaultEncryptor, DefaultDecryptor, DefaultEncryptorWithMAC and DefaultDecryptorWithMAC
 //! \brief Classes for DefaultEncryptor, DefaultEncryptorWithMAC and decryptors
 #ifndef CRYPTOPP_DEFAULT_H
 #define CRYPTOPP_DEFAULT_H
@ -16,15 +15,29 @@
 NAMESPACE_BEGIN(CryptoPP)
-typedef DES_EDE2 Default_BlockCipher;
+//! \brief Default block cipher for DefaultEncryptor, DefaultDecryptor, DefaultEncryptorWithMAC and DefaultDecryptorWithMAC
 typedef DES_EDE2 DefaultBlockCipher;
 //! \brief Default hash for use with DefaultEncryptorWithMAC and DefaultDecryptorWithMAC
 typedef SHA DefaultHashModule;
 //! \brief Default HMAC for use withDefaultEncryptorWithMAC and DefaultDecryptorWithMAC
 typedef HMAC<DefaultHashModule> DefaultMAC;
-//! Password-Based Encryptor using DES-EDE2
+//! \class DefaultEncryptor
 //! \brief Password-Based Encryptor using TripleDES
 //! \details The class uses 2-key TripleDES (DES_EDE2) for encryption, which only
 //!   provides about 80-bits of security.
 class DefaultEncryptor : public ProxyFilter
 {
 public:
 	//! \brief Construct a DefaultEncryptor
 	//! \param passphrase a C-String password
 	//! \param attachment a BufferedTransformation to attach to this object
 	DefaultEncryptor(const char *passphrase, BufferedTransformation *attachment = NULL);
 	//! \brief Construct a DefaultEncryptor
 	//! \param passphrase a byte string password
 	//! \param passphraseLength the length of the byte string password
 	//! \param attachment a BufferedTransformation to attach to this object
 	DefaultEncryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL);
 protected:
@ -33,14 +46,34 @@ protected:
 private:
 	SecByteBlock m_passphrase;
-	CBC_Mode<Default_BlockCipher>::Encryption m_cipher;
+	CBC_Mode<DefaultBlockCipher>::Encryption m_cipher;
 };
-//! Password-Based Decryptor using DES-EDE2
+#if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20800)
 } __attribute__((deprecated ("DefaultEncryptor will be changing in the near future because the algorithms are no longer secure")));
 #elif (CRYPTOPP_GCC_VERSION)
 } __attribute__((deprecated));
 #else
 };
 #endif
 //! \class DefaultDecryptor
 //! \brief Password-Based Decryptor using TripleDES
 //! \details The class uses 2-key TripleDES (DES_EDE2) for encryption, which only
 //!   provides about 80-bits of security.
 class DefaultDecryptor : public ProxyFilter
 {
 public:
 	//! \brief Constructs a DefaultDecryptor
 	//! \param passphrase a C-String password
 	//! \param attachment a BufferedTransformation to attach to this object
 	//! \param throwException a flag specifiying whether an Exception should be thrown on error
 	DefaultDecryptor(const char *passphrase, BufferedTransformation *attachment = NULL, bool throwException=true);
 	//! \brief Constructs a DefaultDecryptor
 	//! \param passphrase a byte string password
 	//! \param passphraseLength the length of the byte string password
 	//! \param attachment a BufferedTransformation to attach to this object
 	//! \param throwException a flag specifiying whether an Exception should be thrown on error
 	DefaultDecryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL, bool throwException=true);
 	class Err : public Exception
@ -64,16 +97,39 @@ private:
 	void CheckKey(const byte *salt, const byte *keyCheck);
 	SecByteBlock m_passphrase;
-	CBC_Mode<Default_BlockCipher>::Decryption m_cipher;
+	CBC_Mode<DefaultBlockCipher>::Decryption m_cipher;
 	member_ptr<FilterWithBufferedInput> m_decryptor;
 	bool m_throwException;
 };
-//! Password-Based Encryptor using DES-EDE2 and HMAC/SHA-1
+#if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20800)
 } __attribute__((deprecated ("DefaultDecryptor will be changing in the near future because the algorithms are no longer secure")));
 #elif (CRYPTOPP_GCC_VERSION)
 } __attribute__((deprecated));
 #else
 };
 #endif
 //! \class DefaultEncryptorWithMAC
 //! \brief Password-Based encryptor using TripleDES and HMAC/SHA-1
 //! \details DefaultEncryptorWithMAC uses a non-standard mashup function called Mash() to derive key
 //!   bits from the password. The class also uses 2-key TripleDES (DES_EDE2) for encryption, which only
 //!   provides about 80-bits of security.
 //! \details The purpose of the function Mash() is to take an arbitrary length input string and
 //!   *deterministicly* produce an arbitrary length output string such that (1) it looks random,
 //!   (2) no information about the input is deducible from it, and (3) it contains as much entropy
 //!   as it can hold, or the amount of entropy in the input string, whichever is smaller.
 class DefaultEncryptorWithMAC : public ProxyFilter
 {
 public:
 	//! \brief Constructs a DefaultEncryptorWithMAC
 	//! \param passphrase a C-String password
 	//! \param attachment a BufferedTransformation to attach to this object
 	DefaultEncryptorWithMAC(const char *passphrase, BufferedTransformation *attachment = NULL);
 	//! \brief Constructs a DefaultEncryptorWithMAC
 	//! \param passphrase a byte string password
 	//! \param passphraseLength the length of the byte string password
 	//! \param attachment a BufferedTransformation to attach to this object
 	DefaultEncryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL);
 protected:
@ -82,15 +138,42 @@ protected:
 private:
 	member_ptr<DefaultMAC> m_mac;
 };
-//! Password-Based Decryptor using DES-EDE2 and HMAC/SHA-1
+#if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20800)
 } __attribute__((deprecated ("DefaultEncryptorWithMAC will be changing in the near future because the algorithms are no longer secure")));
 #elif (CRYPTOPP_GCC_VERSION)
 } __attribute__((deprecated));
 #else
 };
 #endif
 //! \class DefaultDecryptorWithMAC
 //! \brief Password-Based decryptor using TripleDES and HMAC/SHA-1
 //! \details DefaultDecryptorWithMAC uses a non-standard mashup function called Mash() to derive key
 //!   bits from the password. The class also uses 2-key TripleDES (DES_EDE2) for encryption, which only
 //!   provides about 80-bits of security.
 //! \details The purpose of the function Mash() is to take an arbitrary length input string and
 //!   *deterministicly* produce an arbitrary length output string such that (1) it looks random,
 //!   (2) no information about the input is deducible from it, and (3) it contains as much entropy
 //!   as it can hold, or the amount of entropy in the input string, whichever is smaller.
 class DefaultDecryptorWithMAC : public ProxyFilter
 {
 public:
 	//! \class MACBadErr
 	//! \brief Excpetion thrown when an incorrect MAC is encountered
 	class MACBadErr : public DefaultDecryptor::Err {public: MACBadErr() : DefaultDecryptor::Err("DefaultDecryptorWithMAC: MAC check failed") {}};
 	//! \brief Constructs a DefaultDecryptor
 	//! \param passphrase a C-String password
 	//! \param attachment a BufferedTransformation to attach to this object
 	//! \param throwException a flag specifiying whether an Exception should be thrown on error
 	DefaultDecryptorWithMAC(const char *passphrase, BufferedTransformation *attachment = NULL, bool throwException=true);
 	//! \brief Constructs a DefaultDecryptor
 	//! \param passphrase a byte string password
 	//! \param passphraseLength the length of the byte string password
 	//! \param attachment a BufferedTransformation to attach to this object
 	//! \param throwException a flag specifiying whether an Exception should be thrown on error
 	DefaultDecryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL, bool throwException=true);
 	DefaultDecryptor::State CurrentState() const;
@ -104,7 +187,14 @@ private:
 	member_ptr<DefaultMAC> m_mac;
 	HashVerifier *m_hashVerifier;
 	bool m_throwException;
 #if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20800)
 } __attribute__((deprecated ("DefaultDecryptorWithMAC will be changing in the near future because the algorithms are no longer secure")));
 #elif (CRYPTOPP_GCC_VERSION)
 } __attribute__((deprecated));
 #else
 };
 #endif
 NAMESPACE_END
--- a/des.h
+++ b/des.h
@ -1,8 +1,7 @@
 // des.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file des.h
-//! \headerfile des.h
+//! \brief Classes for DES, 2-key Triple-DES, 3-key Triple-DES and DESX
 //! \brief Classes for DES, 2-key and 3-key Triple-DES
 #ifndef CRYPTOPP_DES_H
 #define CRYPTOPP_DES_H
--- a/dsa.h
+++ b/dsa.h
@ -1,7 +1,6 @@
 // dsa.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file dsa.h
 //! \headerfile dsa.h
 //! \brief Classes for the DSA signature algorithm
 #ifndef CRYPTOPP_DSA_H
--- a/eccrypto.h
+++ b/eccrypto.h
@ -1,9 +1,11 @@
 // eccrypto.h - written and placed in the public domain by Wei Dai
 //! \file eccrypto.h
 //! \brief Classes and functions for Elliptic Curves over prime and binary fields
 #ifndef CRYPTOPP_ECCRYPTO_H
 #define CRYPTOPP_ECCRYPTO_H
 /*! \file
 */
 #include "config.h"
 #include "cryptlib.h"
 #include "pubkey.h"
@ -139,8 +141,8 @@ protected:
 	OID m_oid;			// set if parameters loaded from a recommended curve
 	Integer m_n;		// order of base point
 	bool m_compress, m_encodeAsOID;
 	mutable Integer m_k;		// cofactor
 	mutable bool m_compress, m_encodeAsOID;		// presentation details
 };
 //! EC public key
@ -473,8 +475,8 @@ protected:
 	OID m_oid;			// set if parameters loaded from a recommended curve
 	Integer m_n;		// order of base point
 	bool m_compress, m_encodeAsOID;
 	mutable Integer m_k;		// cofactor
 	mutable bool m_compress, m_encodeAsOID;		// presentation details
 };
 //! EC public key
--- a/ecp.h
+++ b/ecp.h
@ -1,7 +1,6 @@
 // ecp.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file ecp.h
 //! \headerfile ecp.h
 //! \brief Classes for Elliptic Curves over prime fields
 #ifndef CRYPTOPP_ECP_H
--- a/elgamal.h
+++ b/elgamal.h
@ -1,3 +1,8 @@
 // elgamal.h - written and placed in the public domain by Wei Dai
 //! \file elgamal.h
 //! \brief Classes and functions for ElGamal key agreement and encryption schemes
 #ifndef CRYPTOPP_ELGAMAL_H
 #define CRYPTOPP_ELGAMAL_H
@ -116,7 +121,8 @@ struct ElGamalKeys
 	typedef DL_PublicKey_GFP_OldFormat<DL_CryptoKeys_GFP::PublicKey> PublicKey;
 };
-//! ElGamal encryption scheme with non-standard padding
+//! \class ElGamal
 //! \brief ElGamal encryption scheme with non-standard padding
 struct ElGamal
 {
 	typedef DL_CryptoSchemeOptions<ElGamal, ElGamalKeys, int, int, int> SchemeOptions;
--- a/emsa2.h
+++ b/emsa2.h
@ -1,10 +1,11 @@
 // emsa2.h - written and placed in the public domain by Wei Dai
 //! \file emsa2.h
 //! \brief Classes and functions for various padding schemes used in public key algorithms
 #ifndef CRYPTOPP_EMSA2_H
 #define CRYPTOPP_EMSA2_H
 /** \file
 	This file contains various padding schemes for public key algorithms.
 */
 #include "cryptlib.h"
 #include "pubkey.h"
 #include "misc.h"
--- a/eprecomp.h
+++ b/eprecomp.h
@ -1,10 +1,15 @@
 // eprecomp.h - written and placed in the public domain by Wei Dai
 //! \file eprecomp.h
 //! \brief Classes for precomputation in a group
 #ifndef CRYPTOPP_EPRECOMP_H
 #define CRYPTOPP_EPRECOMP_H
 #include "cryptlib.h"
 #include "integer.h"
 #include "algebra.h"
-#include <vector>
+#include "stdcpp.h"
 NAMESPACE_BEGIN(CryptoPP)
--- a/gost.h
+++ b/gost.h
@ -1,9 +1,11 @@
 // gost.h - written and placed in the public domain by Wei Dai
 //! \file gost.h
 //! \brief Classes for the GIST block cipher
 #ifndef CRYPTOPP_GOST_H
 #define CRYPTOPP_GOST_H
 /** \file
 */
 #include "seckey.h"
 #include "secblock.h"
--- a/ida.h
+++ b/ida.h
@ -1,6 +1,6 @@
 // ida.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file ida.h
 //! \brief Classes for Information Dispersal Algorithm (IDA)
 #ifndef CRYPTOPP_IDA_H
--- a/idea.h
+++ b/idea.h
@ -1,9 +1,11 @@
 // idea.h - written and placed in the public domain by Wei Dai
 //! \file idea.h
 //! \brief Classes for the IDEA block cipher
 #ifndef CRYPTOPP_IDEA_H
 #define CRYPTOPP_IDEA_H
 /** \file
 */
 #include "seckey.h"
 #include "secblock.h"
--- a/lubyrack.h
+++ b/lubyrack.h
@ -1,10 +1,11 @@
 // lubyrack.h - written and placed in the public domain by Wei Dai
 //! \file lubyrack.h
 //! \brief Classes for the Luby-Rackoff block cipher
 #ifndef CRYPTOPP_LUBYRACK_H
 #define CRYPTOPP_LUBYRACK_H
 /** \file */
 #include "simple.h"
 #include "secblock.h"
--- a/mars.h
+++ b/mars.h
@ -1,8 +1,7 @@
 // mars.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file mars.h
-//! \brief Implementation of the MARS cipher (IBM AES submission)
+//! \brief Classes for the MARS block cipher (IBM AES submission)
 #ifndef CRYPTOPP_MARS_H
 #define CRYPTOPP_MARS_H
--- a/mersenne.h
+++ b/mersenne.h
@ -1,7 +1,9 @@
-// mersenne.h - written and placed in public domain by Jeffrey Walton. Copyright assigned to Crypto++ project.
+// mersenne.h - written and placed in public domain by Jeffrey Walton.
 //              Copyright assigned to Crypto++ project.
 //! \file
-//! \brief Implementation of the Mersenne Twister
+//! \brief Class file for Mersenne Twister
 //! \note Suitable for Monte Carlo simulations, and not cryptographic use
 #ifndef CRYPTOPP_MERSENNE_TWISTER_H
 #define CRYPTOPP_MERSENNE_TWISTER_H
@ -19,14 +21,16 @@ NAMESPACE_BEGIN(CryptoPP)
 //! \tparam N Size of the state vector
 //! \tparam F Multiplier constant
 //! \tparam S Sefault seed
-//! \details Provides the \p MersenneTwister implementation. The class is a header-only implementation
+//! \details Provides the MersenneTwister implementation. The class is a header-only implementation.
 //! \warning MersenneTwister is suitable for simulations, where uniformaly distrubuted numbers are
 //!   required quickly. It should not be used for cryptographic purposes.
 template <unsigned int K, unsigned int M, unsigned int N, unsigned int F, unsigned long S>
 class MersenneTwister : public RandomNumberGenerator
 {
 public:
 	//! \brief Construct a Mersenne Twister
-	//! \param seed 32 bit seed
+	//! \param seed 32-bit seed
-	//! \details Defaults to template parameter \p S due to changing algorithm
+	//! \details Defaults to template parameter S due to changing algorithm
 	//!   parameters over time
 	MersenneTwister(unsigned long seed = S) : m_seed(seed), m_idx(N)
 	{
@ -38,9 +42,9 @@ public:
 	//! \brief Generate random array of bytes
 	//! \param output byte buffer
 	//! \param size length of the buffer, in bytes
-	//! \details Bytes are written to \p output in big endian order. If \p output length
+	//! \details Bytes are written to output in big endian order. If output length
 	//!   is not a multiple of word32, then unused bytes are not accumulated for subsequent
-	//!   calls to \p GenerateBlock. Rather, the unused tail bytes are discarded, and the
+	//!   calls to GenerateBlock. Rather, the unused tail bytes are discarded, and the
 	//!   stream is continued at the next word32 boundary from the state array.
 	void GenerateBlock(byte *output, size_t size)
 	{
@ -84,8 +88,9 @@ public:
 		*((volatile word32*)&temp) = 0;
 	}
-	//! \brief Generate a random 32 bit word in the range min to max, inclusive
+	//! \brief Generate a random 32-bit word in the range min to max, inclusive
-	//! \details If the 32 bit candidate is not within the range, then it is discarded
+	//! \returns random 32-bit word in the range min to max, inclusive
 	//! \details If the 32-bit candidate is not within the range, then it is discarded
 	//!   and a new candidate is used.
 	word32 GenerateWord32(word32 min=0, word32 max=0xffffffffL)
 	{
@ -105,8 +110,8 @@ public:
 	//! \brief Generate and discard n bytes
 	//! \param n the number of bytes to discard, rounded up to a <tt>word32</tt> size
-	//! \details If \p n is not a multiple of <tt>word32</tt>, then unused bytes are
+	//! \details If n is not a multiple of <tt>word32</tt>, then unused bytes are
-	//!   not accumulated for subsequent calls to \p GenerateBlock. Rather, the unused
+	//!   not accumulated for subsequent calls to GenerateBlock. Rather, the unused
 	//!   tail bytes are discarded, and the stream is continued at the next
 	//!   <tt>word32</tt> boundary from the state array.
 	void DiscardBytes(size_t n)
@ -118,6 +123,7 @@ public:
 protected:
 	//! \brief Returns the next 32-bit word from the state array
 	//! \returns the next 32-bit word from the state array
 	//! \details fetches the next word frm the state array, performs bit operations on
 	//!   it, and then returns the value to the caller.
 	word32 NextMersenneWord()
@ -164,7 +170,7 @@ protected:
 private:
-	//! \brief 32-bit word state array of size \p N
+	//! \brief 32-bit word state array of size N
 	FixedSizeSecBlock<word32, N+1> m_state;
 	//! \brief the value used to seed the generator
 	unsigned int m_seed;
@ -178,7 +184,7 @@ typedef MersenneTwister<0x9908B0DF /*2567483615*/, 397, 624, 0x10DCD /*69069*/,
 //! \brief Updated MT19937 generator adapted to provide an array for initialization.
 //! \details Also see http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/MT2002/emt19937ar.html; uses 5489 as default initial seed.
-//! \note Use this generator when interoperating with C++11's \p mt19937 class.
+//! \note Use this generator when interoperating with C++11's mt19937 class.
 typedef MersenneTwister<0x9908B0DF /*2567483615*/, 397, 624, 0x6C078965 /*1812433253*/, 5489> MT19937ar;
 NAMESPACE_END
--- a/misc.cpp
+++ b/misc.cpp
@ -4,7 +4,10 @@
 #include "config.h"
 #if CRYPTOPP_MSC_VERSION
-# pragma warning(disable: 4189 6237)
+# pragma warning(disable: 4189)
 # if (CRYPTOPP_MSC_VERSION >= 1400)
 #  pragma warning(disable: 6237)
 # endif
 #endif
 #ifndef CRYPTOPP_IMPORTS
--- a/misc.h
+++ b/misc.h
@ -12,7 +12,10 @@
 #if CRYPTOPP_MSC_VERSION
 # pragma warning(push)
 # pragma warning(disable: 4146)
 # if (CRYPTOPP_MSC_VERSION >= 1400)
 #  pragma warning(disable: 6326)
 # endif
 #endif
 #include "cryptlib.h"
@ -129,8 +132,8 @@ struct CompileAssert
 //! \brief Counts elements in an array
 //! \param arr an array of elements
 //! \details COUNTOF counts elements in an array. On Windows COUNTOF(x) is deinfed
-//!   to _countof(x) to ensure correct results for pointers. Since the library code is
+//!   to <tt>_countof(x)</tt> to ensure correct results for pointers. Since the library code
-//!   cross-platform, Windows will ensure the safety on non-Windows platforms.
+//!   is cross-platform, Windows will ensure the safety on non-Windows platforms.
 //! \note COUNTOF does not produce correct results with pointers, and an array must be used.
 //!   The library ensures correct application of COUNTOF by enlisting _countof on Windows
 //!   platforms. Microsoft's _countof fails to compile using pointers.
@ -209,7 +212,7 @@ struct NewObject
 //!   <tt>_ReadWriteBarrier()</tt> or <tt>__asm__("" ::: "memory")</tt>.
 #define MEMORY_BARRIER ...
 #else
-#if defined(_MSC_VER)
+#if (_MSC_VER >= 1400)
 # pragma intrinsic(_ReadWriteBarrier)
 # define MEMORY_BARRIER() _ReadWriteBarrier()
 #elif defined(__INTEL_COMPILER)
@ -217,7 +220,7 @@ struct NewObject
 #elif defined(__GNUC__) || defined(__clang__)
 # define MEMORY_BARRIER() __asm__ __volatile__ ("" ::: "memory")
 #else
-// # error "Unknown compiler"
+# define MEMORY_BARRIER()
 #endif
 #endif // CRYPTOPP_DOXYGEN_PROCESSING
@ -306,7 +309,10 @@ inline void memcpy_s(void *dest, size_t sizeInBytes, const void *src, size_t cou
 #if CRYPTOPP_MSC_VERSION
 # pragma warning(push)
-# pragma warning(disable 4996 6386)
+# pragma warning(disable: 4996)
 # if (CRYPTOPP_MSC_VERSION >= 1400)
 #  pragma warning(disable: 6386)
 # endif
 #endif
 	memcpy(dest, src, count);
 #if CRYPTOPP_MSC_VERSION
@ -345,7 +351,10 @@ inline void memmove_s(void *dest, size_t sizeInBytes, const void *src, size_t co
 #if CRYPTOPP_MSC_VERSION
 # pragma warning(push)
-# pragma warning(disable 4996 6386)
+# pragma warning(disable: 4996)
 # if (CRYPTOPP_MSC_VERSION >= 1400)
 #  pragma warning(disable: 6386)
 # endif
 #endif
 	memmove(dest, src, count);
 #if CRYPTOPP_MSC_VERSION
--- a/mqv.h
+++ b/mqv.h
@ -1,9 +1,11 @@
 // mqv.h - written and placed in the public domain by Wei Dai
 //! \file mqv.h
 //! \brief Classes for Menezes–Qu–Vanstone (MQV) key agreement
 #ifndef CRYPTOPP_MQV_H
 #define CRYPTOPP_MQV_H
 /** \file
 */
 #include "cryptlib.h"
 #include "gfpcrypt.h"
 #include "modarith.h"
@ -12,7 +14,13 @@
 NAMESPACE_BEGIN(CryptoPP)
-//! _
+//! \class MQV_Domain
 //! \brief MQV domain for performing authenticated key agreement
 //! \tparam GROUP_PARAMETERS doamin parameters
 //! \tparam COFACTOR_OPTION cofactor option
 //! \details GROUP_PARAMETERS paramters include the curve coefcients and the base point.
 //!   Binary curves use a polynomial to represent its characteristic, while prime curves
 //!   use a prime number.
 template <class GROUP_PARAMETERS, class COFACTOR_OPTION = CPP_TYPENAME GROUP_PARAMETERS::DefaultCofactorOption>
 class MQV_Domain : public AuthenticatedKeyAgreementDomain
 {
--- a/nbtheory.h
+++ b/nbtheory.h
@ -1,5 +1,8 @@
 // nbtheory.h - written and placed in the public domain by Wei Dai
 //! \file nbtheory.h
 //! \brief Classes and functions  for number theoretic operations
 #ifndef CRYPTOPP_NBTHEORY_H
 #define CRYPTOPP_NBTHEORY_H
@ -14,14 +17,31 @@ CRYPTOPP_DLL const word16 * CRYPTOPP_API GetPrimeTable(unsigned int &size);
 // ************ primality testing ****************
-// generate a provable prime
+//! \brief Generates a provable prime
 //! \param rng a RandomNumberGenerator to produce keying material
 //! \param bits the number of bits in the prime number
 //! \returns Integer() meeting Maurer's tests for primality
 CRYPTOPP_DLL Integer CRYPTOPP_API MaurerProvablePrime(RandomNumberGenerator &rng, unsigned int bits);
 //! \brief Generates a provable prime
 //! \param rng a RandomNumberGenerator to produce keying material
 //! \param bits the number of bits in the prime number
 //! \returns Integer() meeting Mihailescu's tests for primality
 //! \details Mihailescu's methods performs a search using algorithmic progressions.
 CRYPTOPP_DLL Integer CRYPTOPP_API MihailescuProvablePrime(RandomNumberGenerator &rng, unsigned int bits);
 //! \brief Tests whether a number is a small prime
 //! \param p a candidate prime to test
 //! \returns true if p is a small prime, false otherwise
 //! \details Internally, the library maintains a table fo the first 32719 prime numbers
 //!   in sorted order. IsSmallPrime() searches the table and returns true if p is
 //!   in the table.
 CRYPTOPP_DLL bool CRYPTOPP_API IsSmallPrime(const Integer &p);
-// returns true if p is divisible by some prime less than bound
+//! 
-// bound not be greater than the largest entry in the prime table
+//! \returns true if p is divisible by some prime less than bound.
 //! \details TrialDivision() true if p is divisible by some prime less than bound. bound not be
 //!   greater than the largest entry in the prime table, which is 32719.
 CRYPTOPP_DLL bool CRYPTOPP_API TrialDivision(const Integer &p, unsigned bound);
 // returns true if p is NOT divisible by small primes
@ -38,12 +58,25 @@ CRYPTOPP_DLL bool CRYPTOPP_API IsStrongLucasProbablePrime(const Integer &n);
 // for several rounds with random bases
 CRYPTOPP_DLL bool CRYPTOPP_API RabinMillerTest(RandomNumberGenerator &rng, const Integer &w, unsigned int rounds);
-// primality test, used to generate primes
+//! \brief Verifies a prime number
 //! \param p a candidate prime to test
 //! \returns true if p is a probable prime, false otherwise
 //! \details IsPrime() is suitable for testing candidate primes when creating them. Internally,
 //!   IsPrime() utilizes SmallDivisorsTest(), IsStrongProbablePrime() and IsStrongLucasProbablePrime().
 CRYPTOPP_DLL bool CRYPTOPP_API IsPrime(const Integer &p);
-// more reliable than IsPrime(), used to verify primes generated by others
+//! \brief Verifies a prime number
 //! \param rng a RandomNumberGenerator for randomized testing
 //! \param p a candidate prime to test
 //! \param level the level of thoroughness of testing
 //! \returns true if p is a strong probable prime, false otherwise
 //! \details VerifyPrime() is suitable for testing candidate primes created by others. Internally,
 //!   VerifyPrime() utilizes IsPrime() and one-round RabinMillerTest(). If the candiate passes and
 //!   level is greater than 1, then 10 round RabinMillerTest() primality testing is performed.
 CRYPTOPP_DLL bool CRYPTOPP_API VerifyPrime(RandomNumberGenerator &rng, const Integer &p, unsigned int level = 1);
 //! \class PrimeSelector
 //! \brief Application callback to signal suitability of a cabdidate prime
 class CRYPTOPP_DLL PrimeSelector
 {
 public:
@ -51,8 +84,16 @@ public:
 	virtual bool IsAcceptable(const Integer &candidate) const =0;
 };
-// use a fast sieve to find the first probable prime in {x | p<=x<=max and x%mod==equiv}
+//! \brief Finds a random prime of special form
-// returns true iff successful, value of p is undefined if no such prime exists
+//! \param p an Integer reference to receive the prime
 //! \param max the maximum value
 //! \param equiv the equivalence class based on the parameter mod
 //! \param mod the modulus used to reduce the equivalence class
 //! \param pSelector pointer to a PrimeSelector function for the application to signal suitability
 //! \returns true if and only if FirstPrime() finds a prime and returns the prime through p. If FirstPrime()
 //!   returns false, then no such prime exists and the value of p is undefined
 //! \details FirstPrime() uses a fast sieve to find the first probable prime
 //!   in <tt>{x | p<=x<=max and x%mod==equiv}</tt>
 CRYPTOPP_DLL bool CRYPTOPP_API FirstPrime(Integer &p, const Integer &max, const Integer &equiv, const Integer &mod, const PrimeSelector *pSelector);
 CRYPTOPP_DLL unsigned int CRYPTOPP_API PrimeSearchInterval(const Integer &max);
--- a/osrng.h
+++ b/osrng.h
@ -123,6 +123,7 @@ protected:
 //! OS_GenerateRandomBlock
 //! \brief Generate random array of bytes
 //! \param blocking specifies whther a bobcking or non-blocking generator should be used
 //! \param output the byte buffer
 //! \param size the length of the buffer, in bytes
 //! \details OS_GenerateRandomBlock() uses the underlying operating system's
--- a/panama.h
+++ b/panama.h
@ -1,3 +1,8 @@
 // panama.h - written and placed in the public domain by Wei Dai
 //! \file panama.h
 //! \brief Classes for Panama stream cipher
 #ifndef CRYPTOPP_PANAMA_H
 #define CRYPTOPP_PANAMA_H
--- a/pubkey.h
+++ b/pubkey.h
@ -109,7 +109,7 @@ public:
 	virtual Integer ApplyRandomizedFunction(RandomNumberGenerator &rng, const Integer &x) const =0;
 	//! \brief Determines if the encryption algorithm is randomized
-	//! \returns \p true if the encryption algorithm is randominzed, \p false otherwise
+	//! \returns \p true if the encryption algorithm is randomized, \p false otherwise
 	//! \details If \p IsRandomized() returns \p false, then \p NullRNG() can be used.
 	virtual bool IsRandomized() const {return true;}
@ -170,7 +170,7 @@ public:
 	virtual Integer CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const =0;
 	//! \brief Determines if the decryption algorithm is randomized
-	//! \returns \p true if the decryption algorithm is randominzed, \p false otherwise
+	//! \returns \p true if the decryption algorithm is randomized, \p false otherwise
 	//! \details If \p IsRandomized() returns \p false, then \p NullRNG() can be used.
 	virtual bool IsRandomized() const {return true;}
 };
@ -197,7 +197,7 @@ public:
 		{return CalculateInverse(rng, x);}
 	//! \brief Determines if the decryption algorithm is randomized
-	//! \returns \p true if the decryption algorithm is randominzed, \p false otherwise
+	//! \returns \p true if the decryption algorithm is randomized, \p false otherwise
 	//! \details If \p IsRandomized() returns \p false, then \p NullRNG() can be used.
 	bool IsRandomized() const {return false;}
--- a/rc2.h
+++ b/rc2.h
@ -1,6 +1,7 @@
 // rc2.h - written and placed in the public domain by Wei Dai
 //! \file rc2.h
-//! \brief Class file for the RC2 stream cipher
+//! \brief Classes for the RC2 block cipher
 #ifndef CRYPTOPP_RC2_H
 #define CRYPTOPP_RC2_H
@ -91,3 +92,4 @@ typedef RC2::Decryption RC2Decryption;
 NAMESPACE_END
 #endif
--- a/rc5.h
+++ b/rc5.h
@ -1,9 +1,11 @@
 // rc5.h - written and placed in the public domain by Wei Dai
 //! \file rc5.h
 //! \brief Classes for the RC5 block cipher
 #ifndef CRYPTOPP_RC5_H
 #define CRYPTOPP_RC5_H
 /** \file
 */
 #include "seckey.h"
 #include "secblock.h"
--- a/rc6.h
+++ b/rc6.h
@ -1,9 +1,11 @@
 // rc6.h - written and placed in the public domain by Wei Dai
 //! \file rc6.h
 //! \brief Classes for the RC6 block cipher
 #ifndef CRYPTOPP_RC6_H
 #define CRYPTOPP_RC6_H
 /** \file
 */
 #include "seckey.h"
 #include "secblock.h"
--- a/rdrand.S
+++ b/rdrand.S
@ -21,9 +21,6 @@
 ;;   RRI = RDRAND, Intrinsic
 ;;   RSA = RDSEED, Intrinsic
 ;;  Caller/Callee Saved Registers
 ;;    https://msdn.microsoft.com/en-us/library/6t169e9c.aspx
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
--- a/rdrand.h
+++ b/rdrand.h
@ -16,7 +16,7 @@
 //   to select an implementation or "throw NotImplemented". At runtime, the
 //   class uses the result of CPUID to determine if RDRAND or RDSEED are
 //   available. A lazy throw strategy is used in case the CPU does not support
-//   the instruction. I.e., the throw is deferred until GenerateBlock is called.
+//   the instruction. I.e., the throw is deferred until GenerateBlock() is called.
 // Microsoft added RDRAND in August 2012, VS2012. GCC added RDRAND in December 2010, GCC 4.6.
 // Clang added RDRAND in July 2012, Clang 3.2. Intel added RDRAND in September 2011, ICC 12.1.
@ -48,7 +48,7 @@ public:
 	virtual ~RDRAND() {}
 	//! \brief Retrieve the number of retries used by the generator
-	//! returns the number of times GenerateBlock will attempt to recover from a failed generation
+	//! \returns the number of times GenerateBlock() will attempt to recover from a failed generation
 	unsigned int GetRetries() const
 	{
 		return m_retries;
@ -127,7 +127,7 @@ public:
 	virtual ~RDSEED() {}
 	//! \brief Retrieve the number of retries used by the generator
-	//! returns the number of times GenerateBlock will attempt to recover from a failed generation
+	//! \returns the number of times GenerateBlock() will attempt to recover from a failed generation
 	unsigned int GetRetries() const
 	{
 		return m_retries;
--- a/rng.h
+++ b/rng.h
@ -16,10 +16,14 @@
 NAMESPACE_BEGIN(CryptoPP)
 //! \brief Linear Congruential Generator (LCG)
-//! \details Originally by William S. England, do not use for cryptographic purposes
+//! \details Originally propsed by William S. England.
 //! \warning LC_RNG is suitable for simulations, where uniformaly distrubuted numbers are
 //!   required quickly. It should not be used for cryptographic purposes.
 class LC_RNG : public RandomNumberGenerator
 {
 public:
 	//! \brief Construct a Linear Congruential Generator (LCG)
 	//! \param init_seed the initial value for the generator
 	LC_RNG(word32 init_seed)
 		: seed(init_seed) {}
--- a/safer.h
+++ b/safer.h
@ -1,9 +1,11 @@
 // safer.h - written and placed in the public domain by Wei Dai
 //! \file safer.h
 //! \brief Classes for the SAFER block cipher
 #ifndef CRYPTOPP_SAFER_H
 #define CRYPTOPP_SAFER_H
 /** \file
 */
 #include "seckey.h"
 #include "secblock.h"
--- a/salsa.h
+++ b/salsa.h
@ -1,8 +1,7 @@
 // salsa.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file salsa.h
-//! \headerfile salsa.h
+//! \brief Classes for Salsa and Salsa20 stream ciphers
 //! \brief Classes for Salsa encryption scheme
 #ifndef CRYPTOPP_SALSA_H
 #define CRYPTOPP_SALSA_H
--- a/seal.h
+++ b/seal.h
@ -1,8 +1,7 @@
 // seal.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file seal.h
-//! \headerfile seal.h
+//! \brief Classes for SEAL stream cipher
 //! \brief Classes for SEAL encryption scheme
 #ifndef CRYPTOPP_SEAL_H
 #define CRYPTOPP_SEAL_H
--- a/secblock.h
+++ b/secblock.h
@ -12,7 +12,10 @@
 #if CRYPTOPP_MSC_VERSION
 # pragma warning(push)
-# pragma warning(disable: 4700 6386)
+# pragma warning(disable: 4700)
 # if (CRYPTOPP_MSC_VERSION >= 1400)
 #  pragma warning(disable: 6386)
 # endif
 #endif
 NAMESPACE_BEGIN(CryptoPP)
--- a/seed.h
+++ b/seed.h
@ -1,8 +1,7 @@
 // seed.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file seed.h
-//! \headerfile seed.h
+//! \brief Classes for the SEED block cipher
 //! \brief Classes for SEED encryption scheme
 #ifndef CRYPTOPP_SEED_H
 #define CRYPTOPP_SEED_H
--- a/serpent.h
+++ b/serpent.h
@ -1,9 +1,11 @@
 // serpent.h - written and placed in the public domain by Wei Dai
 //! \file serpent.h
 //! \brief Classes for the Serpent block cipher
 #ifndef CRYPTOPP_SERPENT_H
 #define CRYPTOPP_SERPENT_H
 /** \file
 */
 #include "seckey.h"
 #include "secblock.h"
--- a/shacal2.h
+++ b/shacal2.h
@ -1,9 +1,11 @@
 // shacal.h - written and placed in the public domain by Wei Dai
 //! \file shacal.h
 //! \brief Classes for the SHACAL-2 block cipher
 #ifndef CRYPTOPP_SHACAL2_H
 #define CRYPTOPP_SHACAL2_H
 /** \file
 */
 #include "seckey.h"
 #include "secblock.h"
--- a/shark.h
+++ b/shark.h
@ -1,8 +1,7 @@
 // shark.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file shark.h
-//! \headerfile shark.h
+//! \brief Classes for the SHARK block cipher
 //! \brief Classes for SHARK encryption scheme
 #ifndef CRYPTOPP_SHARK_H
 #define CRYPTOPP_SHARK_H
--- a/skipjack.h
+++ b/skipjack.h
@ -1,7 +1,7 @@
 // skipjack.h - written and placed in the public domain by Wei Dai
 //! \file skipjack.h
-//! \brief Classes for Skipjack encryption algorithm
+//! \brief Classes for the SKIPJACK block cipher
 #ifndef CRYPTOPP_SKIPJACK_H
 #define CRYPTOPP_SKIPJACK_H
--- a/sosemanuk.h
+++ b/sosemanuk.h
@ -1,3 +1,8 @@
 // sosemanuk.h - written and placed in the public domain by Wei Dai
 //! \file sosemanuk.h
 //! \brief Classes for Sosemanuk stream cipher
 #ifndef CRYPTOPP_SOSEMANUK_H
 #define CRYPTOPP_SOSEMANUK_H
--- a/square.h
+++ b/square.h
@ -1,7 +1,7 @@
 // square.h - written and placed in the public domain by Wei Dai
 //! \file square.h
-//! \brief Classes for SQUARE encryption algorithm
+//! \brief Classes for the Square block cipher
 #ifndef CRYPTOPP_SQUARE_H
 #define CRYPTOPP_SQUARE_H
--- a/tea.h
+++ b/tea.h
@ -1,9 +1,11 @@
 // tea.h - written and placed in the public domain by Wei Dai
 //! \file tea.h
 //! \brief Classes for the TEA, BTEA and XTEA block ciphers
 #ifndef CRYPTOPP_TEA_H
 #define CRYPTOPP_TEA_H
 /** \file
 */
 #include "seckey.h"
 #include "secblock.h"
 #include "misc.h"
--- a/test.cpp
+++ b/test.cpp
@ -940,7 +940,7 @@ bool Validate(int alg, bool thorough, const char *seedInput)
 	}
 // Safer functions on Windows for C&A, https://github.com/weidai11/cryptopp/issues/55
-#if defined(CRYPTOPP_MSC_VERSION)
+#if (CRYPTOPP_MSC_VERSION >= 1400)
 	tm localTime = {};
 	char timeBuf[64];
 	errno_t err;
--- a/twofish.h
+++ b/twofish.h
@ -1,9 +1,11 @@
 // twofish.h - written and placed in the public domain by Wei Dai
 //! \file twofish.h
 //! \brief Classes for the Twofish block cipher
 #ifndef CRYPTOPP_TWOFISH_H
 #define CRYPTOPP_TWOFISH_H
 /** \file
 */
 #include "seckey.h"
 #include "secblock.h"
--- a/validat1.cpp
+++ b/validat1.cpp
@ -32,6 +32,8 @@
 #include "rc6.h"
 #include "mars.h"
 #include "aes.h"
 #include "cpu.h"
 #include "rng.h"
 #include "rijndael.h"
 #include "twofish.h"
 #include "serpent.h"
@ -42,8 +44,7 @@
 #include "rdrand.h"
 #include "zdeflate.h"
 #include "smartptr.h"
-#include "rng.h"
+#include "channels.h"
 #include "cpu.h"
 #include <time.h>
 #include <memory>
@ -460,42 +461,44 @@ bool TestAutoSeeded()
 bool TestRDRAND()
 {
 	RDRAND rdrand;
-	bool maurer = true, generate = true, discard = true;
+	bool entropy = true, compress = true, discard = true;
 	static const unsigned int SIZE = 10000;
 	if (HasRDRAND())
 	{
 		cout << "\nTesting RDRAND generator...\n\n";
-		vector_ptr<byte> rdbytes(SIZE);		
+		MeterFilter meter(new Redirector(TheBitBucket()));
-		RandomNumberSource rns(rdrand, SIZE, true, new ArraySink(rdbytes, rdbytes.size()));
+		Deflator deflator(new Redirector(meter));
-		ArraySource as(rdbytes, rdbytes.size(), true);
+		MaurerRandomnessTest maurer;
-		MaurerRandomnessTest mt;
+		ChannelSwitch chsw;
-		as.CopyTo(mt);
+		chsw.AddDefaultRoute(deflator);
 		chsw.AddDefaultRoute(maurer);
-		const double mv = mt.GetTestValue();
+		RandomNumberSource rns(rdrand, SIZE, true, new Redirector(chsw));
 		deflator.Flush(true);
 		assert(0 == maurer.BytesNeeded());
 		const double mv = maurer.GetTestValue();
 		if (mv < 0.98f)
 		{
 			cout << "FAILED:";
-			maurer = false;
+			entropy = false;
 		}
 		else
 			cout << "passed:";
-		const std::streamsize oldp = cout.precision(5);
+		const std::streamsize oldp = cout.precision(6);
 		const std::ios::fmtflags oldf = cout.setf(std::ios::fixed, std::ios::floatfield);
-		cout << "  Maurer Randomness Test value of " << mv << endl;
+		cout << "  Maurer Randomness Test returned value " << mv << endl;
 		cout.precision(oldp);
 		cout.setf(oldf, std::ios::floatfield);
 		MeterFilter meter(new Redirector(TheBitBucket()));
 		as.CopyTo(meter);
 		if (meter.GetTotalBytes() < SIZE)
 		{
 			cout << "FAILED:";
-			generate = false;
+			compress = false;
 		}
 		else
 			cout << "passed:";
@ -519,10 +522,10 @@ bool TestRDRAND()
 	else
 		cout << "\nRDRAND generator not available, skipping test.\n";
-	if (!(maurer && generate && discard))
+	if (!(entropy && compress && discard))
 		cout.flush();
-	return maurer && generate && discard;
+	return entropy && compress && discard;
 }
 #endif
@ -530,42 +533,44 @@ bool TestRDRAND()
 bool TestRDSEED()
 {
 	RDSEED rdseed;
-	bool maurer = true, generate = true, discard = true;
+	bool entropy = true, compress = true, discard = true;
 	static const unsigned int SIZE = 10000;
 	if (HasRDSEED())
 	{
 		cout << "\nTesting RDSEED generator...\n\n";
-		vector_ptr<byte> rdbytes(SIZE);		
+		MeterFilter meter(new Redirector(TheBitBucket()));
-		RandomNumberSource rns(rdseed, SIZE, true, new ArraySink(rdbytes, rdbytes.size()));
+		Deflator deflator(new Redirector(meter));
-		ArraySource as(rdbytes, rdbytes.size(), true);
+		MaurerRandomnessTest maurer;
-		MaurerRandomnessTest mt;
+		ChannelSwitch chsw;
-		as.CopyTo(mt);
+		chsw.AddDefaultRoute(deflator);
 		chsw.AddDefaultRoute(maurer);
-		const double mv = mt.GetTestValue();
+		RandomNumberSource rns(rdseed, SIZE, true, new Redirector(chsw));
 		deflator.Flush(true);
 		assert(0 == maurer.BytesNeeded());
 		const double mv = maurer.GetTestValue();
 		if (mv < 0.98f)
 		{
 			cout << "FAILED:";
-			maurer = false;
+			entropy = false;
 		}
 		else
 			cout << "passed:";
-		const std::streamsize oldp = cout.precision(5);
+		const std::streamsize oldp = cout.precision(6);
 		const std::ios::fmtflags oldf = cout.setf(std::ios::fixed, std::ios::floatfield);
-		cout << "  Maurer Randomness Test value of " << mv << endl;
+		cout << "  Maurer Randomness Test returned value " << mv << endl;
 		cout.precision(oldp);
 		cout.setf(oldf, std::ios::floatfield);
 		MeterFilter meter(new Redirector(TheBitBucket()));
 		as.CopyTo(meter);
 		if (meter.GetTotalBytes() < SIZE)
 		{
 			cout << "FAILED:";
-			generate = false;
+			compress = false;
 		}
 		else
 			cout << "passed:";
@ -589,10 +594,10 @@ bool TestRDSEED()
 	else
 		cout << "\nRDSEED generator not available, skipping test.\n";
-	if (!(maurer && generate && discard))
+	if (!(entropy && compress && discard))
 		cout.flush();
-	return maurer && generate && discard;
+	return entropy && compress && discard;
 }
 #endif
--- a/vs-clean.cmd
+++ b/vs-clean.cmd
@ -1,39 +0,0 @@
@echo OFFse
 REM set THIS_DIR=%~dp0
 set THIS_DIR=.
 attrib -R -A -S -H  "%THIS_DIR%\*.aps"
 attrib -R -A -S -H  "%THIS_DIR%\*.ncb"
 attrib -R -A -S -H  "%THIS_DIR%\*.suo"
 attrib -R -A -S -H  "%THIS_DIR%\*.sdf"
 attrib -R -A -S -H  "%THIS_DIR%\*.user"
 del "%THIS_DIR%\*.aps" /q
 del "%THIS_DIR%\*.ncb" /q
 del "%THIS_DIR%\*.suo" /q
 del "%THIS_DIR%\*.sdf" /q
 del "%THIS_DIR%\*.user" /q
 del "%THIS_DIR%\*.diff" /q
 del "%THIS_DIR%\adhoc.cpp" /q
 del "%THIS_DIR%\cryptopp.mac.done" /q
 del "%THIS_DIR%\adhoc.cpp.copied" /q
 REM Visual Studio build artifacts
 rmdir /Q /S "%THIS_DIR%\Debug\"
 rmdir /Q /S "%THIS_DIR%\Release\"
 rmdir /Q /S "%THIS_DIR%\Win32\"
 rmdir /Q /S "%THIS_DIR%\x64\"
 rmdir /Q /S "%THIS_DIR%\ipch\"
 rmdir /Q /S "%THIS_DIR%\.vs\"
 REM Visual Studio VCUpgrade artifacts
 del "%THIS_DIR%\*.old" /q
 del "%THIS_DIR%\UpgradeLog.htm" /q
 del "%THIS_DIR%\UpgradeLog.XML" /q
 rmdir /Q /S "%THIS_DIR%\_UpgradeReport_Files\"
 rmdir /Q /S "%THIS_DIR%\Backup\"
 REM New Visual Studio artifacts after a VCUpgrade 2010
 REM attrib -R -A -S -H  "%THIS_DIR%\*.filters"
 REM del "%THIS_DIR%\*.filters" /q
 REM del "%THIS_DIR%\*.vcxproj" /q
--- a/vs2010.zip
+++ b/vs2010.zip
--- a/wake.h
+++ b/wake.h
@ -1,3 +1,8 @@
 // wake.h - written and placed in the public domain by Wei Dai
 //! \file wake.h
 //! \brief Classes for WAKE stream cipher
 #ifndef CRYPTOPP_WAKE_H
 #define CRYPTOPP_WAKE_H