Crypto++ 5.6.3 check-in

2015-11-22 19:17:15 -05:00 · 2015-11-22 19:17:15 -05:00 · 298988a5b9
parent 62618fda97
commit 298988a5b9
67 changed files with 2141 additions and 1824 deletions
--- a/3way.h
+++ b/3way.h
@ -1,8 +1,7 @@
 // 3way.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file 3way.h
-//! \headerfile 3way.h
+//! \brief Classes for the 3-Way block cipher
 //! \brief Class file for the 3way cipher
 #ifndef CRYPTOPP_THREEWAY_H
 #define CRYPTOPP_THREEWAY_H
--- a/33
+++ b/33
@ -269,6 +269,10 @@ LIB_MAJOR := $(shell echo $(LIB_VER) | cut -c 1)
 LIB_MINOR := $(shell echo $(LIB_VER) | cut -c 2)
 LIB_PATCH := $(shell echo $(LIB_VER) | cut -c 3)
 ifeq ($(strip $(LIB_PATCH)),)
 LIB_PATCH := 0
 endif
 all: cryptest.exe
 ifneq ($(IS_DARWIN),0)
@ -292,18 +296,18 @@ test check: cryptest.exe
 # Directory we want (can't specify on Doygen command line)
 DOCUMENT_DIRECTORY := ref$(LIB_VER)
 # Default directory (missing in config file)
 ifeq ($(strip $(DOXYGEN_DIRECTORY)),)
 DOXYGEN_DIRECTORY := html-docs
 endif
 # Directory Doxygen uses (specified in Doygen config file)
 ifeq ($(wildcard Doxyfile),Doxyfile)
 DOXYGEN_DIRECTORY := $(strip $(shell $(EGREP) "OUTPUT_DIRECTORY" Doxyfile | grep -v "\#" | cut -d "=" -f 2))
 endif
 # Default directory (missing in config file)
 ifeq ($(strip $(DOXYGEN_DIRECTORY)),)
 DOXYGEN_DIRECTORY := html-docs
 endif
 .PHONY: docs html
 docs html:
-	-$(RM) -r $(DOXYGEN_DIRECTORY)/ $(DOCUMENT_DIRECTORY)/
+	-$(RM) -r $(DOXYGEN_DIRECTORY)/ $(DOCUMENT_DIRECTORY)/ html-docs/
 	doxygen Doxyfile -d CRYPTOPP_DOXYGEN_PROCESSING
 	mv $(DOXYGEN_DIRECTORY)/ $(DOCUMENT_DIRECTORY)/
 	-$(RM) CryptoPPRef.zip
@ -404,7 +408,7 @@ diff:
 	-svn diff -r 541 > cryptopp$(LIB_VER).diff
 # This recipe prepares the distro files
-TEXT_FILES := *.h *.cpp *.asm *.S adhoc.cpp.proto License.txt Readme.txt Filelist.txt Doxyfile cryptest* cryptlib* dlltest* cryptdll* cryptopp.rc TestVectors/*.txt TestData/*.dat
+TEXT_FILES := *.h *.cpp adhoc.cpp.proto License.txt Readme.txt Install.txt Filelist.txt config.recommend Doxyfile cryptest* cryptlib* dlltest* cryptdll* *.sln *.vcproj *.dsw *.dsp cryptopp.rc TestVectors/*.txt TestData/*.dat
 EXEC_FILES := GNUmakefile GNUmakefile-cross cryptest.sh rdrand-nasm.sh TestData/ TestVectors/
 ifeq ($(wildcard Filelist.txt),Filelist.txt)
@ -413,12 +417,15 @@ endif
 .PHONY: convert
 convert:
-	chmod a-x $(TEXT_FILES)
+	chmod 0700 TestVectors/ TestData/
-	chmod u+x $(EXEC_FILES)
+	chmod 0600 $(TEXT_FILES) *.zip
-	chmod u+x cryptest.sh
+	chmod 0700 $(EXEC_FILES)
-	unix2dos --keepdate --quiet $(TEXT_FILES) rdrand-masm.cmd
+	chmod u+x *.cmd *.sh
-	unix2dos --keepdate --quiet *.sln *.vcproj
+	unix2dos --keepdate --quiet $(TEXT_FILES) *.asm *.cmd
-	dos2unix --keepdate --quiet GNUmakefile GNUmakefile-cross cryptest.sh rdrand-nasm.sh
+	dos2unix --keepdate --quiet GNUmakefile GNUmakefile-cross *.S *.sh
 ifneq ($(IS_DARWIN),0)
 	xattr -c *
 endif
 .PHONY: zip dist
 zip dist: | distclean convert diff
@ -435,7 +442,7 @@ bench benchmark benchmarks: cryptest.exe
 	echo "<BODY>" >> benchmarks.html
 	echo "<H1><a href=\"http://www.cryptopp.com\">Crypto++</a>" $(LIB_MAJOR).$(LIB_MINOR).$(LIB_REVISION) "Benchmarks</H1>" >> benchmarks.html
 	echo "<P>Here are speed benchmarks for some commonly used cryptographic algorithms.</P>"  >> benchmarks.html
-	cryptest.exe b 3 2.4 >> benchmarks.html
+	./cryptest.exe b 3 2.4 >> benchmarks.html
 	echo "</BODY>" >> benchmarks.html
 	echo "</HTML>" >> benchmarks.html
--- a/Install.txt
+++ b/Install.txt
@ -1,169 +1,169 @@
-CONTENTS OF THIS FILE
+CONTENTS OF THIS FILE
---------------------
+---------------------
-
+
-* Introduction
+* Introduction
-* Building the Library
+* Building the Library
-* Installing the Library
+* Installing the Library
-* Makefile Targets
+* Makefile Targets
-* DataDir Patch
+* DataDir Patch
-* Dynamic Analysis
+* Dynamic Analysis
-* Acceptance Testing
+* Acceptance Testing
-* Reporting problems
+* Reporting problems
-
+
-INTRODUCTION
+INTRODUCTION
------------
+------------
-
+
-Crypto++ Library is a free C++ class library of cryptographic algorithms and schemes. It was written and placed in public domain by Wei Dai. The library homepage is at http://www.cryptopp.com/. The latest library source code can be found at https://github.com/weidai11/cryptopp. For licensing and copyright information, please see License.txt.
+Crypto++ Library is a free C++ class library of cryptographic algorithms and schemes. It was written and placed in public domain by Wei Dai. The library homepage is at http://www.cryptopp.com/. The latest library source code can be found at https://github.com/weidai11/cryptopp. For licensing and copyright information, please see License.txt.
-
+
-These are general instructions for the BSDs, Linux, OS X, Solaris and Unix. On BSD you will likely have to use `gmake` to build the library. On Linux, OS X, Solaris and Unix, the system's make should be OK. On Windows, Crypto++ provides Borland and Visual Studio solutions.
+These are general instructions for the BSDs, Linux, OS X, Solaris and Unix. On BSD you will likely have to use `gmake` to build the library. On Linux, OS X, Solaris and Unix, the system's make should be OK. On Windows, Crypto++ provides Borland and Visual Studio solutions.
-
+
-Crypto++ uses a GNU makefile, which combines configuration and a non-anemic make. You should look through the GNUmakefile and config.h to ensure settings look reasonable before building. Please pay particular attention to CRYPTOPP_NO_UNALIGNED_DATA_ACCESS in config.h.
+Crypto++ uses a GNU makefile, which combines configuration and a non-anemic make. You should look through the GNUmakefile and config.h to ensure settings look reasonable before building. Please pay particular attention to CRYPTOPP_NO_UNALIGNED_DATA_ACCESS in config.h.
-
+
-Crypto++ does not depend upon other tools or libraries. It does not use Autotools, does not use Cmake, and does not use Boost.
+Crypto++ does not depend upon other tools or libraries. It does not use Autotools, does not use Cmake, and does not use Boost.
-
+
-
+
-BUILDING THE LIBRARY
+BUILDING THE LIBRARY
--------------------
+--------------------
-
+
-In general, all you should have to do is open a terminal, and then:
+In general, all you should have to do is open a terminal, and then:
-
+
-    make
+    make
-    make test
+    make test
-    sudo make install
+    sudo make install
-
+
-The command above builds the static library and cryptest.exe program. If you want to build the shared object, then issue:
+The command above builds the static library and cryptest.exe program. If you want to build the shared object, then issue:
-
+
-    make static dynamic cryptest.exe
+    make static dynamic cryptest.exe
-	
+	
-Or:
+Or:
-
+
-    make libcryptopp.a libcryptopp.so cryptest.exe
+    make libcryptopp.a libcryptopp.so cryptest.exe
-
+
-
+
-If you would like to use a different compiler, the set CXX:
+If you would like to use a different compiler, the set CXX:
-
+
-    export CXX=/opt/intel/bin/icpc
+    export CXX=/opt/intel/bin/icpc
-    make
+    make
-
+
-If you want to build using C++11, then:
+If you want to build using C++11, then:
-
+
-    make CXXFLAGS="-std=c++11"
+    make CXXFLAGS="-std=c++11"
-
+
-Or:
+Or:
-
+
-    CXXFLAGS="-std=c++11"
+    CXXFLAGS="-std=c++11"
-    make
+    make
-
+
-LLVM's libc++ is also supported, so you can:
+LLVM's libc++ is also supported, so you can:
-
+
-    CXXFLAGS="-std=c++11 -stdlib=libc++"
+    CXXFLAGS="-std=c++11 -stdlib=libc++"
-    make
+    make
-
+
-
+
-INSTALLING THE LIBRARY
+INSTALLING THE LIBRARY
----------------------
+----------------------
-
+
-To install the library into a user selected directory, perform:
+To install the library into a user selected directory, perform:
-
+
-    make install PREFIX=/usr/local
+    make install PREFIX=/usr/local
-
+
-During install, the makefile copies cryptest.exe into $PREFIX/bin, copies headers into $PREFIX/include/cryptopp, and copies libraries into $PREFIX/lib. If you only built a static or dynamic version of the library, then only one library is copied. The install recipe does not fail if the static library or shared object is not built.
+During install, the makefile copies cryptest.exe into $PREFIX/bin, copies headers into $PREFIX/include/cryptopp, and copies libraries into $PREFIX/lib. If you only built a static or dynamic version of the library, then only one library is copied. The install recipe does not fail if the static library or shared object is not built.
-
+
-PREFIX is non-standard, but its retained for historical purposes. The makefile also responds to `prefix=<path>`.
+PREFIX is non-standard, but its retained for historical purposes. The makefile also responds to `prefix=<path>`.
-
+
-There are some open issues installing the library because cryptest.exe is not sympathetic to path changes of of its test vectors and test data. See the DataDir patch below to fix it.
+There are some open issues installing the library because cryptest.exe is not sympathetic to path changes of of its test vectors and test data. See the DataDir patch below to fix it.
-
+
-
+
-MAKEFILE TARGETS
+MAKEFILE TARGETS
----------------
+----------------
-
+
-The following are some of the targets provided by the GNU makefile.
+The following are some of the targets provided by the GNU makefile.
-
+
-`make` invokes the default rule, which builds the Crypto++ static library and test harness. They are called `libcryptopp.a` and `cryptest.exe`, respectively. `cryptest.exe` links against `libcryptopp.a`, so the static library is a prerequisite for the target.
+`make` invokes the default rule, which builds the Crypto++ static library and test harness. They are called `libcryptopp.a` and `cryptest.exe`, respectively. `cryptest.exe` links against `libcryptopp.a`, so the static library is a prerequisite for the target.
-
+
-`make libcryptopp.a` and `make static` build the static version of the library.
+`make libcryptopp.a` and `make static` build the static version of the library.
-
+
-`make libcryptopp.so` and `make dynamic` build the dynamic version of the library. On Mac OS X, the recipe builds `libcryptopp.dylib` instead.
+`make libcryptopp.so` and `make dynamic` build the dynamic version of the library. On Mac OS X, the recipe builds `libcryptopp.dylib` instead.
-
+
-`make cryptest.exe` builds the library test harness.
+`make cryptest.exe` builds the library test harness.
-
+
-`make test` and `make check` are the same recipe and invoke the test harness with the the validation option. That is, it executes `cryptest.exe v`. 
+`make test` and `make check` are the same recipe and invoke the test harness with the the validation option. That is, it executes `cryptest.exe v`. 
-
+
-`make install` installs the library. By default, the makefile copies into `/usr`. On OpenBSD, `make install` uses `/usr/local` by default because C++ headers should not be placed with the system headers.
+`make install` installs the library. By default, the makefile copies into `/usr`. On OpenBSD, `make install` uses `/usr/local` by default because C++ headers should not be placed with the system headers.
-
+
-`make clean` cleans most transient and temporary objects.
+`make clean` cleans most transient and temporary objects.
-
+
-`make disclean` cleans most objects that are not part of the original distribution.
+`make disclean` cleans most objects that are not part of the original distribution.
-
+
-`make dist` and `make zip` build s ZIP file that is suitable for distribution.
+`make dist` and `make zip` build s ZIP file that is suitable for distribution.
-
+
-
+
-DATADIR PATCH
+DATADIR PATCH
-------------
+-------------
-
+
-The library offers a DataDir patch to help with post-installation issues regarding the location of the test vectors and test data. Its a patch provided by the community, so it must be applied manually. To acquire the patch, see http://www.cryptopp.com/wiki/DataDir.
+The library offers a DataDir patch to help with post-installation issues regarding the location of the test vectors and test data. Its a patch provided by the community, so it must be applied manually. To acquire the patch, see http://www.cryptopp.com/wiki/DataDir.
-
+
-
+
-DYNAMIC ANALYSIS
+DYNAMIC ANALYSIS
----------------
+----------------
-
+
-The Crypto++ embraces tools like Undefined Behavior sanitizer (UBsan), Address sanitizer (Asan) and Valgrind. Both Clang 3.2 and above and GCC 4.8 and above provide sanitizers. Please check with your distribution on how to install the compiler with its sanitizer libraries (they are sometimes a separate install item).
+The Crypto++ embraces tools like Undefined Behavior sanitizer (UBsan), Address sanitizer (Asan) and Valgrind. Both Clang 3.2 and above and GCC 4.8 and above provide sanitizers. Please check with your distribution on how to install the compiler with its sanitizer libraries (they are sometimes a separate install item).
-
+
-UBsan and Asan are mutually exclusive options, so you can perform only one of these at a time:
+UBsan and Asan are mutually exclusive options, so you can perform only one of these at a time:
-
+
-    make ubsan
+    make ubsan
-    ./cryptest.exe v 2>&1 | egrep "(error|FAILED)"
+    ./cryptest.exe v 2>&1 | egrep "(error|FAILED)"
-    ./cryptest.exe tv all 2>&1 | egrep "(error|FAILED)"
+    ./cryptest.exe tv all 2>&1 | egrep "(error|FAILED)"
-
+
-Or:
+Or:
-
+
-    make asan
+    make asan
-    ./cryptest.exe v 2>&1 | egrep "(error|FAILED)"
+    ./cryptest.exe v 2>&1 | egrep "(error|FAILED)"
-    ./cryptest.exe tv all 2>&1 | egrep "(error|FAILED)"
+    ./cryptest.exe tv all 2>&1 | egrep "(error|FAILED)"
-
+
-If you experience self test failures or see reports of undefined behavior, then you should ensure CRYPTOPP_NO_UNALIGNED_DATA_ACCESS is defined in config.h. CRYPTOPP_NO_UNALIGNED_DATA_ACCESS is not defined due to historical purposes.
+If you experience self test failures or see reports of undefined behavior, then you should ensure CRYPTOPP_NO_UNALIGNED_DATA_ACCESS is defined in config.h. CRYPTOPP_NO_UNALIGNED_DATA_ACCESS is not defined due to historical purposes.
-
+
-If you experience failures under Asan, then gather more information with:
+If you experience failures under Asan, then gather more information with:
-
+
-    ./cryptest.exe v 2>&1 | asan_symbolize
+    ./cryptest.exe v 2>&1 | asan_symbolize
-
+
-If you moved Crypto++ such that the paths have changed, then perform:
+If you moved Crypto++ such that the paths have changed, then perform:
-
+
-    ./cryptest.exe v 2>&1 | sed "s/<old path>/<new path>/g" | asan_symbolize
+    ./cryptest.exe v 2>&1 | sed "s/<old path>/<new path>/g" | asan_symbolize
-
+
-
+
-ACCEPTANCE TESTING
+ACCEPTANCE TESTING
------------------
+------------------
-
+
-Crypto++ uses five security gates in its engineering process. The library must maintain the quality provided by the review system and integrity of the test suites. You can use the information to decide if the Crypto++ library suits your needs and provides a compatible security posture.
+Crypto++ uses five security gates in its engineering process. The library must maintain the quality provided by the review system and integrity of the test suites. You can use the information to decide if the Crypto++ library suits your needs and provides a compatible security posture.
-
+
-The first gate is code review and discussion of proposed patches. Git commits often cross reference a User Group discussions.
+The first gate is code review and discussion of proposed patches. Git commits often cross reference a User Group discussions.
-
+
-Second is the compiler warning system. The code must clean compile under the equivalent of GCC's -Wall -Wextra (modulo -Wno-type-limits -Wno-unknown-pragmas). This is a moving target as compiler analysis improves.
+Second is the compiler warning system. The code must clean compile under the equivalent of GCC's -Wall -Wextra (modulo -Wno-type-limits -Wno-unknown-pragmas). This is a moving target as compiler analysis improves.
-
+
-Third, the code must pass cleanly though GCC and Clang's Undefined Behavior sanitizer (UBsan) and Address sanitizer (Asan) with CRYPTOPP_NO_UNALIGNED_DATA_ACCESS defined in config.h. See DYNAMIC ANALYSIS above on how to execute them.
+Third, the code must pass cleanly though GCC and Clang's Undefined Behavior sanitizer (UBsan) and Address sanitizer (Asan) with CRYPTOPP_NO_UNALIGNED_DATA_ACCESS defined in config.h. See DYNAMIC ANALYSIS above on how to execute them.
-
+
-Fourth, the test harness provides a "validation" option which performs basic system checks (like endianess and word sizes) and exercises algorithms (like AES and SHA). You run the validation suite as shown below. The tail of the output should indicate 0 failed tests.
+Fourth, the test harness provides a "validation" option which performs basic system checks (like endianess and word sizes) and exercises algorithms (like AES and SHA). You run the validation suite as shown below. The tail of the output should indicate 0 failed tests.
-
+
-    ./cryptest.exe v
+    ./cryptest.exe v
-    ...
+    ...
-
+
-    All tests passed!
+    All tests passed!
-    Test ended at Sun Jul 26 02:10:57 2015
+    Test ended at Sun Jul 26 02:10:57 2015
-    Seed used was: 1437891055
+    Seed used was: 1437891055
-
+
-Fifth, the test harness provides a "test vector" option which uses many known test vectors, even those published by other people (like Brian Gladman for AES). You run the test vectors as shown below. The tail of the output should indicate 0 failed tests.
+Fifth, the test harness provides a "test vector" option which uses many known test vectors, even those published by other people (like Brian Gladman for AES). You run the test vectors as shown below. The tail of the output should indicate 0 failed tests.
-
+
-    ./cryptest.exe tv all
+    ./cryptest.exe tv all
-    ...
+    ...
-
+
-    Testing SymmetricCipher algorithm MARS/ECB.
+    Testing SymmetricCipher algorithm MARS/ECB.
-    .................
+    .................
-    Tests complete. Total tests = 4094. Failed tests = 0.
+    Tests complete. Total tests = 4094. Failed tests = 0.
-
+
-REPORTING PROBLEMS
+REPORTING PROBLEMS
------------------
+------------------
-
+
-Dirty compiles and failures in the validation suite or test vectors should be reported at the Crypto++ User Group. The User Group is located at https://groups.google.com/forum/#!forum/cryptopp-users.
+Dirty compiles and failures in the validation suite or test vectors should be reported at the Crypto++ User Group. The User Group is located at https://groups.google.com/forum/#!forum/cryptopp-users.
-
+
-Also see http://www.cryptopp.com/wiki/Bug_Report.
+Also see http://www.cryptopp.com/wiki/Bug_Report.
--- a/TestVectors/hkdf.txt
+++ b/TestVectors/hkdf.txt
@ -5,7 +5,7 @@ Comment: Test Case 4
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b
 Salt: 0x000102030405060708090a0b0c
 Info: 0xf0f1f2f3f4f5f6f7f8f9
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896
 Test: Verify
@ -16,7 +16,7 @@ Comment: Test Case 5
 Key: 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
 Salt: 0x606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
 Info: 0xb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-DerivedLength: 82
+DerivedKeyLength: 82
 DerivedKey: 0x0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4
 Test: Verify
@ -27,7 +27,7 @@ Comment: Test Case 6
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Salt: ""
 Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918
 Test: Verify
@ -38,7 +38,7 @@ Comment: Test Case 7
 Key: 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
 Salt: ""
 Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48
 Test: Verify
@ -49,7 +49,7 @@ Comment: Test Case 1
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Salt: 0x000102030405060708090a0b0c
 Info: 0xf0f1f2f3f4f5f6f7f8f9
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865
 Test: Verify
@ -60,7 +60,7 @@ Comment: Test Case 2
 Key: 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
 Salt: 0x606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
 Info: 0xb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-DerivedLength: 82
+DerivedKeyLength: 82
 DerivedKey: 0xb11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87
 Test: Verify
@ -71,7 +71,7 @@ Comment: Test Case 3
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Salt: ""
 Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8
 Test: Verify
@ -82,7 +82,7 @@ Comment: Test Case 8 (Mirror Tests 1 and 4)
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Salt: 0x000102030405060708090a0b0c
 Info: 0xf0f1f2f3f4f5f6f7f8f9
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x832390086CDA71FB47625BB5CEB168E4C8E26A1A16ED34D9FC7FE92C1481579338DA362CB8D9F925D7CB
 Test: Verify
@ -93,7 +93,7 @@ Comment: Test Case 9 (Mirror Tests 2 and 5)
 Key: 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
 Salt: 0x606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
 Info: 0xb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-DerivedLength: 82
+DerivedKeyLength: 82
 DerivedKey: 0xCE6C97192805B346E6161E821ED165673B84F400A2B514B2FE23D84CD189DDF1B695B48CBD1C8388441137B3CE28F16AA64BA33BA466B24DF6CFCB021ECFF235F6A2056CE3AF1DE44D572097A8505D9E7A93
 Test: Verify
@ -104,7 +104,7 @@ Comment: Test Case 10 (Mirror Test 3 and 6)
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Salt: ""
 Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0xF5FA02B18298A72A8C23898A8703472C6EB179DC204C03425C970E3B164BF90FFF22D04836D0E2343BAC
 Test: Verify
@ -115,7 +115,7 @@ Comment: Test Case 11
 Key: 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
 Salt: ""
 Info:
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x1407D46013D98BC6DECEFCFEE55F0F90B0C7F63D68EB1A80EAF07E953CFC0A3A5240A155D6E4DAA965BB
 Test: Verify
@ -126,7 +126,7 @@ Comment: Test Case 12 (Mirror Tests 3 and 6)
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Salt: ""
 Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0xF5FA02B18298A72A8C23898A8703472C6EB179DC204C03425C970E3B164BF90FFF22D04836D0E2343BAC
 Test: Verify
@ -137,7 +137,7 @@ Comment: Test Case 13 (Mirror Tests 1 and 4)
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Salt: 0x000102030405060708090a0b0c
 Info: 0xf0f1f2f3f4f5f6f7f8f9
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x0D29F74CCD8640F44B0DD9638111C1B5766EFED752AF358109E2E7C9CD4A28EF2F90B2AD461FBA0744D4
 Test: Verify
@ -148,7 +148,7 @@ Comment: Test Case 14 (Mirror Tests 2 and 5)
 Key: 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
 Salt: 0x606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
 Info: 0xb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-DerivedLength: 82
+DerivedKeyLength: 82
 DerivedKey: 0x4EBE4FE2DCCEC42661699500BE279A993FED90351E19373B3926FAA3A410700B2BBF77E254CF1451AE6068D64A0904D966F4FF25498445A501B88F50D21E3A68A890E09445DC5886DD00E7F4F7C58A512170
 Test: Verify
@ -159,7 +159,7 @@ Comment: Test Case 15 (Mirror Tests 3 and 6)
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Salt: ""
 Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x110632D0F7AEFAC31771FC66C22BB3462614B81E4B04BA7F2B662E0BD694F56458615F9A9CB56C57ECF2
 Test: Verify
@ -170,6 +170,6 @@ Comment: Test Case 16 (Mirror Test 7)
 Key: 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
 Salt: r64 0x00
 Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x4089286EBFB23DD8A02F0C9DAA35D538EB09CD0A8CBAB203F39083AA3E0BD313E6F91E64F21A187510B0
 Test: Verify
--- a/algparam.h
+++ b/algparam.h
@ -12,7 +12,7 @@
 #include "config.h"
 // TODO: fix 6011 when the API/ABI can change
-#if CRYPTOPP_MSC_VERSION
+#if (CRYPTOPP_MSC_VERSION >= 1400)
 # pragma warning(push)
 # pragma warning(disable: 6011 28193)
 #endif
@ -494,6 +494,11 @@ AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwI
 #define CRYPTOPP_SET_FUNCTION_ENTRY(name)		(Name::name(), &ThisClass::Set##name)
 #define CRYPTOPP_SET_FUNCTION_ENTRY2(name1, name2)	(Name::name1(), Name::name2(), &ThisClass::Set##name1##And##name2)
 // TODO: fix 6011 when the API/ABI can change
 #if (CRYPTOPP_MSC_VERSION >= 1400)
 # pragma warning(pop)
 #endif
 NAMESPACE_END
 #endif
--- a/arc4.h
+++ b/arc4.h
@ -1,7 +1,6 @@
 // arc4.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file arc4.h
 //! \headerfile arc4.h
 //! \brief Classes for ARC4 cipher
 #ifndef CRYPTOPP_ARC4_H
--- a/argnames.h
+++ b/argnames.h
@ -78,9 +78,9 @@ CRYPTOPP_DEFINE_NAME_STRING(MaxLineLength)		//< int
 CRYPTOPP_DEFINE_NAME_STRING(DigestSize)			//!< int, in bytes
 CRYPTOPP_DEFINE_NAME_STRING(L1KeyLength)		//!< int, in bytes
 CRYPTOPP_DEFINE_NAME_STRING(TableSize)			//!< int, in bytes
-CRYPTOPP_DEFINE_NAME_STRING(Blinding)			//!< bool
+CRYPTOPP_DEFINE_NAME_STRING(Blinding)			//!< bool, timing attack mitigations, ON by default
 CRYPTOPP_DEFINE_NAME_STRING(DerivedKey)			//!< ByteArrayParameter, key derivation, derived key
-CRYPTOPP_DEFINE_NAME_STRING(DerivedLength)		//!< int, key derivation, derived key length in bytes
+CRYPTOPP_DEFINE_NAME_STRING(DerivedKeyLength)	//!< int, key derivation, derived key length in bytes
 DOCUMENTED_NAMESPACE_END
 NAMESPACE_END
--- a/base32.h
+++ b/base32.h
@ -18,12 +18,32 @@ NAMESPACE_BEGIN(CryptoPP)
 class Base32Encoder : public SimpleProxyFilter
 {
 public:
-	Base32Encoder(BufferedTransformation *attachment = NULL, bool uppercase = true, int outputGroupSize = 0, const std::string &separator = ":", const std::string &terminator = "")
+	//! \brief Construct a Base32Encoder
 	//! \param attachment a BufferedTrasformation to attach to this object
 	//! \param uppercase a flag indicating uppercase output
 	//! \param groupSize the size of the grouping
 	//! \param separator the separator to use between groups
 	//! \param terminator the terminator appeand after processing
 	//! \details Base32Encoder() constructs a default encoder. The constructor lacks fields for padding and
 	//!   line breaks. You must use IsolatedInitialize() to change the default padding character or suppress it.
 	//! \sa IsolatedInitialize() for an example of modifying a Base32Encoder after construction.
 	Base32Encoder(BufferedTransformation *attachment = NULL, bool uppercase = true, int groupSize = 0, const std::string &separator = ":", const std::string &terminator = "")
 		: SimpleProxyFilter(new BaseN_Encoder(new Grouper), attachment)
 	{
-		IsolatedInitialize(MakeParameters(Name::Uppercase(), uppercase)(Name::GroupSize(), outputGroupSize)(Name::Separator(), ConstByteArrayParameter(separator))(Name::Terminator(), ConstByteArrayParameter(terminator)));
+		IsolatedInitialize(MakeParameters(Name::Uppercase(), uppercase)(Name::GroupSize(), groupSize)(Name::Separator(), ConstByteArrayParameter(separator))(Name::Terminator(), ConstByteArrayParameter(terminator)));
 	}
 	//! \brief Initialize or reinitialize this object, without signal propagation
 	//! \param parameters a set of NameValuePairs used to initialize this object
 	//! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable
 	//!   number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on attached
 	//!   transformations. If initialization should be propagated, then use the Initialize() function.
 	//! \details The following code modifies the padding and line break parameters for an encoder:
 	//!   <pre>
 	//!     Base32Encoder encoder;
 	//!     AlgorithmParameters params = MakeParameters(Pad(), false)(InsertLineBreaks(), false);
 	//!     encoder.IsolatedInitialize(params);
 	//!   </pre>
 	void IsolatedInitialize(const NameValuePairs &parameters);
 };
@ -34,6 +54,8 @@ public:
 class Base32Decoder : public BaseN_Decoder
 {
 public:
 	//! \brief Construct a Base32Decoder
 	//! \param attachment a BufferedTrasformation to attach to this object
 	Base32Decoder(BufferedTransformation *attachment = NULL)
 		: BaseN_Decoder(GetDefaultDecodingLookupArray(), 5, attachment) {}
--- a/base64.cpp
+++ b/base64.cpp
@ -5,7 +5,6 @@
 NAMESPACE_BEGIN(CryptoPP)
 // Base64
 static const byte s_stdVec[] =
    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
--- a/base64.h
+++ b/base64.h
@ -1,6 +1,6 @@
 // base64.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file base64.h
 //! \brief Classes for the Base64Encoder, Base64Decoder, Base64URLEncoder and Base64URLDecoder
 #ifndef CRYPTOPP_BASE64_H
@ -18,12 +18,30 @@ NAMESPACE_BEGIN(CryptoPP)
 class Base64Encoder : public SimpleProxyFilter
 {
 public:
 	//! \brief Construct a Base64Encoder
 	//! \param attachment a BufferedTrasformation to attach to this object
 	//! \param insertLineBreaks a BufferedTrasformation to attach to this object
 	//! \param maxLineLength the lenght of a line if line breaks are used
 	//! \details Base64Encoder() constructs a default encoder. The constructor lacks parameters for padding.
 	//!    You must use IsolatedInitialize() to modify the Base64Encoder after construction.
 	//! \sa IsolatedInitialize() for an example of modifying a Base64Encoder after construction.
 	Base64Encoder(BufferedTransformation *attachment = NULL, bool insertLineBreaks = true, int maxLineLength = 72)
 		: SimpleProxyFilter(new BaseN_Encoder(new Grouper), attachment)
 	{
 		IsolatedInitialize(MakeParameters(Name::InsertLineBreaks(), insertLineBreaks)(Name::MaxLineLength(), maxLineLength));
 	}
-    
+
 	//! \brief Initialize or reinitialize this object, without signal propagation
 	//! \param parameters a set of NameValuePairs used to initialize this object
 	//! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable
 	//!   number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on attached
 	//!   transformations. If initialization should be propagated, then use the Initialize() function.
 	//! \details The following code modifies the padding and line break parameters for an encoder:
 	//!   <pre>
 	//!     Base64Encoder encoder;
 	//!     AlgorithmParameters params = MakeParameters(Pad(), false)(InsertLineBreaks(), false);
 	//!     encoder.IsolatedInitialize(params);
 	//!   </pre>
 	void IsolatedInitialize(const NameValuePairs &parameters);
 };
@ -34,9 +52,16 @@ public:
 class Base64Decoder : public BaseN_Decoder
 {
 public:
 	//! \brief Construct a Base64Decoder
 	//! \param attachment a BufferedTrasformation to attach to this object
 	Base64Decoder(BufferedTransformation *attachment = NULL)
 		: BaseN_Decoder(GetDecodingLookupArray(), 6, attachment) {}
 	//! \brief Initialize or reinitialize this object, without signal propagation
 	//! \param parameters a set of NameValuePairs used to initialize this object
 	//! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable
 	//!   number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on
 	//!  attached transformations. If initialization should be propagated, then use the Initialize() function.
 	void IsolatedInitialize(const NameValuePairs &parameters)
 		{CRYPTOPP_UNUSED(parameters);}
@ -51,12 +76,33 @@ private:
 class Base64URLEncoder : public SimpleProxyFilter
 {
 public:
 	//! \brief Construct a Base64URLEncoder
 	//! \param attachment a BufferedTrasformation to attach to this object
 	//! \param insertLineBreaks a BufferedTrasformation to attach to this object
 	//! \param maxLineLength the lenght of a line if line breaks are used
 	//! \details Base64URLEncoder() constructs a default encoder. The constructor ignores insertLineBreaks
 	//!   and maxLineLength because the web and URL safe specifications don't use them. They are present
 	//!   in the constructor for API compatibility with Base64Encoder (drop-in replacement). The
 	//!   constructor also disables padding on the encoder for the same reason.
 	//! \details If you need line breaks or padding, then you must use IsolatedInitialize() to set them
 	//!   after constructing a Base64URLEncoder.
 	//! \sa IsolatedInitialize() for an example of modifying a Base64URLEncoder after construction.
 	Base64URLEncoder(BufferedTransformation *attachment = NULL, bool insertLineBreaks = false, int maxLineLength = -1)
 		: SimpleProxyFilter(new BaseN_Encoder(new Grouper), attachment)
 	{
-		IsolatedInitialize(MakeParameters(Name::InsertLineBreaks(), insertLineBreaks)(Name::MaxLineLength(), maxLineLength));
+		CRYPTOPP_UNUSED(insertLineBreaks), CRYPTOPP_UNUSED(maxLineLength);
 		IsolatedInitialize(MakeParameters(Name::InsertLineBreaks(), false)(Name::MaxLineLength(), -1)(Name::Pad(),false));
 	}
 	//! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable
 	//!   number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on attached
 	//!   transformations. If initialization should be propagated, then use the Initialize() function.
 	//! \details The following code modifies the padding and line break parameters for an encoder:
 	//!   <pre>
 	//!     Base64URLEncoder encoder;
 	//!     AlgorithmParameters params = MakeParameters(Name::Pad(), true)(Name::InsertLineBreaks(), true);
 	//!     encoder.IsolatedInitialize(params);
 	//!   </pre>
 	void IsolatedInitialize(const NameValuePairs &parameters);
 };
@ -67,9 +113,16 @@ public:
 class Base64URLDecoder : public BaseN_Decoder
 {
 public:
 	//! \brief Construct a Base64URLDecoder
 	//! \param attachment a BufferedTrasformation to attach to this object
 	Base64URLDecoder(BufferedTransformation *attachment = NULL)
 		: BaseN_Decoder(GetDecodingLookupArray(), 6, attachment) {}
 	//! \brief Initialize or reinitialize this object, without signal propagation
 	//! \param parameters a set of NameValuePairs used to initialize this object
 	//! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable
 	//!   number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on
 	//!  attached transformations. If initialization should be propagated, then use the Initialize() function.
 	void IsolatedInitialize(const NameValuePairs &parameters)
 		{CRYPTOPP_UNUSED(parameters);}
--- a/basecode.h
+++ b/basecode.h
@ -14,15 +14,24 @@
 NAMESPACE_BEGIN(CryptoPP)
 //! \class BaseN_Encoder
-//! \details base n encoder, where n is a power of 2
+//! \brief Encoder for bases that are a power of 2
 class CRYPTOPP_DLL BaseN_Encoder : public Unflushable<Filter>
 {
 public:
 	//! \brief Construct a BaseN_Encoder
 	//! \param attachment a BufferedTransformation to attach to this object
 	BaseN_Encoder(BufferedTransformation *attachment=NULL)
 		: m_alphabet(NULL), m_padding(0), m_bitsPerChar(0)
 		, m_outputBlockSize(0), m_bytePos(0), m_bitPos(0)
 			{Detach(attachment);}
 	//! \brief Construct a BaseN_Encoder
 	//! \param alphabet table of ASCII characters to use as the alphabet
 	//! \param log2base the log<sub>2</sub>base
 	//! \param attachment a BufferedTransformation to attach to this object
 	//! \param padding the character to use as padding
 	//! \pre log2base must be between 1 and 7 inclusive
 	//! \throws InvalidArgument if log2base is not between 1 and 7
 	BaseN_Encoder(const byte *alphabet, int log2base, BufferedTransformation *attachment=NULL, int padding=-1)
 		: m_alphabet(NULL), m_padding(0), m_bitsPerChar(0)
 		, m_outputBlockSize(0), m_bytePos(0), m_bitPos(0)
@ -45,15 +54,27 @@ private:
 };
 //! \class BaseN_Decoder
-//! \details base n encoder, where n is a power of 2
+//! \brief Decoder for bases that are a power of 2
 class CRYPTOPP_DLL BaseN_Decoder : public Unflushable<Filter>
 {
 public:
 	//! \brief Construct a BaseN_Decoder
 	//! \param attachment a BufferedTransformation to attach to this object
 	//! \details padding is set to -1, which means use default padding. If not
 	//!   required, then the value must be set via IsolatedInitialize().
 	BaseN_Decoder(BufferedTransformation *attachment=NULL)
 		: m_lookup(0), m_padding(0), m_bitsPerChar(0)
 		, m_outputBlockSize(0), m_bytePos(0), m_bitPos(0)
 			{Detach(attachment);}
 	//! \brief Construct a BaseN_Decoder
 	//! \param lookup table of values
 	//! \param log2base the log<sub>2</sub>base
 	//! \param attachment a BufferedTransformation to attach to this object
 	//! \details log2base is the exponent (like 5 in 2<sup>5</sup>), and not
 	//!   the number of elements (like 32).
 	//! \details padding is set to -1, which means use default padding. If not
 	//!   required, then the value must be set via IsolatedInitialize().
 	BaseN_Decoder(const int *lookup, int log2base, BufferedTransformation *attachment=NULL)
 		: m_lookup(0), m_padding(0), m_bitsPerChar(0)
 		, m_outputBlockSize(0), m_bytePos(0), m_bitPos(0)
@ -65,6 +86,16 @@ public:
 	void IsolatedInitialize(const NameValuePairs &parameters);
 	size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking);
 	//! \brief Intializes BaseN lookup array
 	//! \param lookup table of values
 	//! \param alphabet table of ASCII characters
 	//! \param base the base for the encoder
 	//! \param caseInsensitive flag indicating whether the alpabet is case sensitivie
 	//! \pre COUNTOF(lookup) == 256
 	//! \pre COUNTOF(alphabet) == base
 	//! \details Internally, the function sets the first 256 elements in the lookup table to
 	//   their value from the alphabet array or -1. base is the number of element (like 32),
 	//!  and not an exponent (like 5 in 2<sup>5</sup>)
 	static void CRYPTOPP_API InitializeDecodingLookupArray(int *lookup, const byte *alphabet, unsigned int base, bool caseInsensitive);
 private:
@ -74,13 +105,21 @@ private:
 	SecByteBlock m_outBuf;
 };
-//! filter that breaks input stream into groups of fixed size
+//! \class Grouper
 //! \brief Filter that breaks input stream into groups of fixed size
 class CRYPTOPP_DLL Grouper : public Bufferless<Filter>
 {
 public:
 	//! \brief Construct a Grouper
 	//! \param attachment a BufferedTransformation to attach to this object
 	Grouper(BufferedTransformation *attachment=NULL)
 		: m_groupSize(0), m_counter(0) {Detach(attachment);}
 	//! \brief Construct a Grouper
 	//! \param groupSize the size of the grouping
 	//! \param separator the separator to use between groups
 	//! \param terminator the terminator appeand after processing
 	//! \param attachment a BufferedTransformation to attach to this object
 	Grouper(int groupSize, const std::string &separator, const std::string &terminator, BufferedTransformation *attachment=NULL)
 		: m_groupSize(0), m_counter(0)
 	{
--- a/bench.cpp
+++ b/bench.cpp
@ -379,7 +379,7 @@ void BenchmarkAll(double t, double hertz)
 	cout << "Throughput Geometric Average: " << setiosflags(ios::fixed) << exp(logtotal/(logcount ? logcount : 1)) << endl;
 // Safer functions on Windows for C&A, https://github.com/weidai11/cryptopp/issues/55
-#if defined(CRYPTOPP_MSC_VERSION)
+#if (CRYPTOPP_MSC_VERSION >= 1400)
 	tm localTime = {};
 	char timeBuf[64];
 	errno_t err;
--- a/blowfish.h
+++ b/blowfish.h
@ -1,7 +1,7 @@
 // blowfish.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file blowfish.h
-//! \brief Classes for the Blowfish algorithm
+//! \brief Classes for the Blowfish block cipher
 #ifndef CRYPTOPP_BLOWFISH_H
 #define CRYPTOPP_BLOWFISH_H
--- a/camellia.cpp
+++ b/camellia.cpp
@ -13,7 +13,10 @@ See comments at top of rijndael.cpp for more details.
 #include "config.h"
 #if CRYPTOPP_MSC_VERSION
-# pragma warning(disable: 4456 6246)
+# pragma warning(disable: 4456)
 # if (CRYPTOPP_MSC_VERSION >= 1400)
 #  pragma warning(disable: 6246)
 # endif
 #endif
 #include "camellia.h"
--- a/camellia.h
+++ b/camellia.h
@ -1,15 +1,11 @@
 // camellia.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file camellia.h
-//! \headerfile camellia.h
+//! \brief Classes for the Cameliia block cipher
 //! \brief Classes for Cameliia cipher
 #ifndef CRYPTOPP_CAMELLIA_H
 #define CRYPTOPP_CAMELLIA_H
 /** \file
 */
 #include "config.h"
 #include "seckey.h"
 #include "secblock.h"
--- a/cast.h
+++ b/cast.h
@ -1,15 +1,11 @@
 // cast.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file cast.h
-//! \headerfile cast.h
+//! \brief Classes for the CAST-128 and CAST-256 block ciphers
 //! \brief Classes for CAST cipher
 #ifndef CRYPTOPP_CAST_H
 #define CRYPTOPP_CAST_H
 /** \file
 */
 #include "seckey.h"
 #include "secblock.h"
--- a/config.h
+++ b/config.h
@ -1,7 +1,6 @@
 // config.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file config.h
 //! \headerfile config.h
 //! \brief Library configuration file
 #ifndef CRYPTOPP_CONFIG_H
--- a/config.recommend
+++ b/config.recommend
--- a/cryptest.sh
+++ b/cryptest.sh
@ -7,9 +7,9 @@
 # to automate building the library and running the self test with various
 # combinations of flags, options, and conditions.
-# Everything is tee'd into cryptest-result.txt. Change it to suite your taste.
+# Everything is tee'd into cryptest-result.txt. Change it to suite your taste. You
-# You should be able to use `egrep "(error|FAILED)" cryptest-result.txt` to
+# should be able to use `egrep -a "(Error|error|FAILED|Illegal)" cryptest-result.txt`
-# quickly find errors and failures.
+# to quickly find errors and failures.
 # Set to suite your taste
 TEST_RESULTS=cryptest-result.txt
@ -142,10 +142,6 @@ echo "User CXXFLAGS: $CXXFLAGS"
 echo "Retained CXXFLAGS: $ADD_CXXFLAGS"
 echo "Compiler:" $($CXX --version | head -1)
 # Remove previous test results
 rm -f "$TEST_RESULTS" > /dev/null 2>&1
 touch "$TEST_RESULTS"
 TEST_BEGIN=$(date)
 echo
 echo "Start time: $TEST_BEGIN"
@ -153,6 +149,16 @@ echo "Start time: $TEST_BEGIN"
 ############################################
 ############################################
 # Remove previous test results
 rm -f "$TEST_RESULTS" > /dev/null 2>&1
 touch "$TEST_RESULTS"
 rm -f "$BENCHMARK_RESULTS" > /dev/null 2>&1
 touch "$BENCHMARK_RESULTS"
 rm -f "$WARN_RESULTS" > /dev/null 2>&1
 touch "$WARN_RESULTS"
 ############################################
 # Basic debug build
 echo
--- a/cryptlib.h
+++ b/cryptlib.h
@ -7,22 +7,26 @@
 <dl>
 <dt>Abstract Base Classes<dd>
 	cryptlib.h
-<dt>Authenticated Encryption<dd>
+<dt>Authenticated Encryption Modes<dd>
-	AuthenticatedSymmetricCipherDocumentation
+	CCM, EAX, \ref GCM "GCM (2K tables)", \ref GCM "GCM (64K tables)"
-<dt>Symmetric Ciphers<dd>
+<dt>Block Ciphers<dd>
-	SymmetricCipherDocumentation
+	\ref Rijndael "AES", Weak::ARC4, Blowfish, BTEA, Camellia, CAST128, CAST256, DES, \ref DES_EDE2 "2-key Triple-DES", \ref DES_EDE3 "3-key Triple-DES",
 	\ref DES_XEX3 "DESX", GOST, IDEA, \ref LR "Luby-Rackoff", MARS, RC2, RC5, RC6, \ref SAFER_K "SAFER-K", \ref SAFER_SK "SAFER-SK", SEED, Serpent,
 	\ref SHACAL2 "SHACAL-2", SHARK, SKIPJACK,
 Square, TEA, \ref ThreeWay "3-Way", Twofish, XTEA
 <dt>Stream Ciphers<dd>
 	\ref Panama "Panama-LE", \ref Panama "Panama-BE", Salsa20, \ref SEAL "SEAL-LE", \ref SEAL "SEAL-BE", WAKE, XSalsa20
 <dt>Hash Functions<dd>
-	SHA1, SHA224, SHA256, SHA384, SHA512, Tiger, Whirlpool, RIPEMD160, RIPEMD320, RIPEMD128, RIPEMD256, Weak::MD2, Weak::MD4, Weak::MD5
+	SHA1, SHA224, SHA256, SHA384, SHA512, \ref SHA3 "SHA-3", Tiger, Whirlpool, RIPEMD160, RIPEMD320, RIPEMD128, RIPEMD256, Weak::MD2, Weak::MD4, Weak::MD5
 <dt>Non-Cryptographic Checksums<dd>
 	CRC32, Adler32
 <dt>Message Authentication Codes<dd>
-	VMAC, HMAC, CBC_MAC, CMAC, DMAC, TTMAC, GCM (GMAC)
+	VMAC, HMAC, CBC_MAC, CMAC, DMAC, TTMAC, \ref GCM "GCM (GMAC)"
 <dt>Random Number Generators<dd>
-	NullRNG(), LC_RNG, RandomPool, BlockingRng, NonblockingRng, AutoSeededRandomPool, AutoSeededX917RNG
+	NullRNG(), LC_RNG, RandomPool, BlockingRng, NonblockingRng, AutoSeededRandomPool, AutoSeededX917RNG,
-<dt>Key Derivation<dd>
+	\ref MersenneTwister "MersenneTwister (MT19937 and MT19937-AR)", RDRAND, RDSEED
-	HKDF
+<dt>Key Derivation and Password-based Cryptography<dd>
-<dt>Password-based Cryptography<dd>
+	HKDF, \ref PKCS12_PBKDF "PBKDF (PKCS #12)", \ref PKCS5_PBKDF1 "PBKDF-1 (PKCS #5)", \ref PKCS5_PBKDF2_HMAC "PBKDF-2/HMAC (PKCS #5)"
 	PasswordBasedKeyDerivationFunction
 <dt>Public Key Cryptosystems<dd>
 	DLIES, ECIES, LUCES, RSAES, RabinES, LUC_IES
 <dt>Public Key Signature Schemes<dd>
@ -31,8 +35,7 @@
 	DH, DH2, MQV, ECDH, ECMQV, XTR_DH
 <dt>Algebraic Structures<dd>
 	Integer, PolynomialMod2, PolynomialOver, RingOfPolynomialsOver,
-	ModularArithmetic, MontgomeryRepresentation, GFP2_ONB,
+	ModularArithmetic, MontgomeryRepresentation, GFP2_ONB, GF2NP, GF256, GF2_32, EC2N, ECP
 	GF2NP, GF256, GF2_32, EC2N, ECP
 <dt>Secret Sharing and Information Dispersal<dd>
 	SecretSharing, SecretRecovery, InformationDispersal, InformationRecovery
 <dt>Compression<dd>
@ -40,23 +43,23 @@
 <dt>Input Source Classes<dd>
 	StringSource, ArraySource, FileSource, SocketSource, WindowsPipeSource, RandomNumberSource
 <dt>Output Sink Classes<dd>
-	StringSinkTemplate, ArraySink, FileSink, SocketSink, WindowsPipeSink, RandomNumberSink
+	StringSinkTemplate, StringSink, ArraySink, FileSink, SocketSink, WindowsPipeSink, RandomNumberSink
 <dt>Filter Wrappers<dd>
 	StreamTransformationFilter, HashFilter, HashVerificationFilter, SignerFilter, SignatureVerificationFilter
 <dt>Binary to Text Encoders and Decoders<dd>
-	HexEncoder, HexDecoder, Base64Encoder, Base64Decoder, Base32Encoder, Base32Decoder
+	HexEncoder, HexDecoder, Base64Encoder, Base64Decoder, Base64URLEncoder, Base64URLDecoder, Base32Encoder, Base32Decoder
 <dt>Wrappers for OS features<dd>
 	Timer, Socket, WindowsHandle, ThreadLocalStorage, ThreadUserTimer
-<dt>FIPS 140 related<dd>
+<dt>FIPS 140 validated cryptography<dd>
 	fips140.h
 </dl>
 In the DLL version of Crypto++, only the following implementation class are available.
 <dl>
 <dt>Block Ciphers<dd>
-	AES, DES_EDE2, DES_EDE3, SKIPJACK
+	AES, \ref DES_EDE2 "2-key Triple-DES", \ref DES_EDE3 "3-key Triple-DES", SKIPJACK
 <dt>Cipher Modes (replace template parameter BC with one of the block ciphers above)<dd>
-	ECB_Mode\<BC\>, CTR_Mode\<BC\>, CBC_Mode\<BC\>, CFB_FIPS_Mode\<BC\>, OFB_Mode\<BC\>, GCM\<AES\>
+	\ref ECB_Mode "ECB_Mode<BC>", \ref CTR_Mode "CTR_Mode<BC>", \ref CBC_Mode "CBC_Mode<BC>", \ref CFB_FIPS_Mode "CFB_FIPS_Mode<BC>", \ref OFB_Mode "OFB_Mode<BC>", \ref GCM "GCM<AES>"
 <dt>Hash Functions<dd>
 	SHA1, SHA224, SHA256, SHA384, SHA512
 <dt>Public Key Signature Schemes (replace template parameter H with one of the hash functions above)<dd>
@ -226,15 +229,17 @@ struct CRYPTOPP_DLL DecodingResult
 	//! \brief Compare two DecodingResult
 	//! \param rhs the other DecodingResult
-	//! \returns  true if both isValidCoding and messageLength are equal,  false otherwise
+	//! \returns true if both isValidCoding and messageLength are equal, false otherwise
 	bool operator==(const DecodingResult &rhs) const {return isValidCoding == rhs.isValidCoding && messageLength == rhs.messageLength;}
 	//! \brief Compare two DecodingResult
 	//! \param rhs the other DecodingResult
-	//! \returns  true if both isValidCoding and messageLength are \a not equal,  false otherwise
+	//! \returns true if either isValidCoding or messageLength is \a not equal, false otherwise
 	//! \details Returns <tt>!operator==(rhs)</tt>.
 	bool operator!=(const DecodingResult &rhs) const {return !operator==(rhs);}
 	//! \brief Flag to indicate the decoding is valid
 	bool isValidCoding;
 	//! \brief Recovered message length if isValidCoding is true, undefined otherwise
 	size_t messageLength;
 #ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
@ -590,7 +595,7 @@ public:
 	}
 	//! \brief Gets a secure IV for the next message
-	//! \param rng a  RandomNumberGenerator to produce keying material
+	//! \param rng a RandomNumberGenerator to produce keying material
 	//! \param iv a block of bytes to receive the IV
 	//! \details This method should be called after you finish encrypting one message and are ready
 	//!    to start the next one. After calling it, you must call  SetKey() or  Resynchronize()
@ -735,7 +740,7 @@ public:
 	//! \sa IsForwardTransformation(), IsPermutation(), GetCipherDirection()
 	inline CipherDir GetCipherDirection() const {return IsForwardTransformation() ? ENCRYPTION : DECRYPTION;}
-	
+
 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
 	virtual ~BlockTransformation() {}
 #endif
@ -836,7 +841,7 @@ public:
 	//! \returns  true if DIR is ENCRYPTION,  false otherwise
 	//! \sa IsForwardTransformation(), IsPermutation(), GetCipherDirection()
 	virtual bool IsForwardTransformation() const =0;
-	
+
 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
 	virtual ~StreamTransformation() {}
 #endif
@ -991,7 +996,7 @@ public:
 	//! \details VerifyTruncatedDigest() restarts the hash for the next nmessage.
 	virtual bool VerifyTruncatedDigest(const byte *digest, size_t digestLength, const byte *input, size_t length)
 		{Update(input, length); return TruncatedVerify(digest, digestLength);}
-	
+
 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
 	virtual ~HashTransformation() {}
 #endif
@ -1057,7 +1062,7 @@ public:
 	// redeclare this to avoid compiler ambiguity errors
 	virtual std::string AlgorithmName() const =0;
-	
+
 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
 	virtual ~AuthenticatedSymmetricCipher() {}
 #endif
@ -1169,6 +1174,7 @@ public:
 	word16 GetShort(word16 a=0, word16 b=0xffff) {return (word16)GenerateWord32(a, b);}
 	void GetBlock(byte *output, size_t size) {GenerateBlock(output, size);}
 #endif
 };
 //! \brief Random Number Generator that does not produce random numbers
@ -1874,7 +1880,7 @@ public:
 		virtual void Attach(BufferedTransformation *newAttachment);
 	//@}
-		
+
 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
 	virtual ~BufferedTransformation() {}
 #endif
@ -1910,7 +1916,7 @@ public:
 	virtual void AssignFrom(const NameValuePairs &source) =0;
 	//! \brief Check this object for errors
-	//! \param rng a  RandomNumberGenerator for objects which use randominzed testing
+	//! \param rng a RandomNumberGenerator for objects which use randomized testing
 	//! \param level the level of thoroughness
 	//! \returns  true if the tests succeed,  false otherwise
 	//! \details There are four levels of thoroughness:
@ -1920,13 +1926,13 @@ public:
 	//!   <li>2 - ensure this object will function correctly, and perform reasonable security checks
 	//!   <li>3 - perform reasonable security checks, and do checks that may take a long time
 	//!   </ul>
-	//! \details Level 0 does not require a  RandomNumberGenerator. A  NullRNG () can be used for level 0.
+	//! \details Level 0 does not require a  RandomNumberGenerator. A  NullRNG() can be used for level 0.
 	//! \details Level 1 may not check for weak keys and such.
 	//! \details Levels 2 and 3 are recommended.
 	virtual bool Validate(RandomNumberGenerator &rng, unsigned int level) const =0;
 	//! \brief Check this object for errors
-	//! \param rng a  RandomNumberGenerator for objects which use randominzed testing
+	//! \param rng a RandomNumberGenerator for objects which use randomized testing
 	//! \param level the level of thoroughness
 	//! \throws InvalidMaterial
 	//! \details Internally,  ThrowIfInvalid() calls  Validate() and throws  InvalidMaterial if validation fails.
@ -1987,7 +1993,7 @@ public:
 	// for internal library use
 	void DoQuickSanityCheck() const	{ThrowIfInvalid(NullRNG(), 0);}
-	
+
 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
 	virtual ~CryptoMaterial() {}
 #endif
@ -2005,7 +2011,7 @@ class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE GeneratableCryptoMaterial : virtual public
 public:
 	//! \brief Generate a random key or crypto parameters
-	//! \param rng a  RandomNumberGenerator to produce keying material
+	//! \param rng a RandomNumberGenerator to produce keying material
 	//! \param params additional initialization parameters
 	//! \throws KeyingErr if a key can't be generated or algorithm parameters are invalid
 	//! \details If a derived class does not override  GenerateRandom, then the base class throws
@ -2016,13 +2022,13 @@ public:
 	}
 	//! \brief Generate a random key or crypto parameters
-	//! \param rng a  RandomNumberGenerator to produce keying material
+	//! \param rng a RandomNumberGenerator to produce keying material
 	//! \param keySize the size of the key, in bits
 	//! \throws KeyingErr if a key can't be generated or algorithm parameters are invalid	
 	//! \details GenerateRandomWithKeySize calls  GenerateRandom with a  NameValuePairs
 	//!    object with only "KeySize"
 	void GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize);
-	
+
 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
 	virtual ~GeneratableCryptoMaterial() {}
 #endif
@ -2062,7 +2068,7 @@ public:
 	//! for backwards compatibility, calls GetMaterial().Save(bt)
 	void DEREncode(BufferedTransformation &bt) const
 		{GetMaterial().Save(bt);}
-	
+
 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
 	virtual ~AsymmetricAlgorithm() {}
 #endif
@ -2079,7 +2085,7 @@ public:
 	virtual PublicKey & AccessPublicKey() =0;
 	virtual const PublicKey & GetPublicKey() const {return const_cast<PublicKeyAlgorithm *>(this)->AccessPublicKey();}
-	
+
 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
 	virtual ~PublicKeyAlgorithm() {}
 #endif
@ -2095,7 +2101,7 @@ public:
 	virtual PrivateKey & AccessPrivateKey() =0;
 	virtual const PrivateKey & GetPrivateKey() const {return const_cast<PrivateKeyAlgorithm *>(this)->AccessPrivateKey();}
-	
+
 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
 	virtual ~PrivateKeyAlgorithm() {}
 #endif
@ -2111,7 +2117,7 @@ public:
 	virtual CryptoParameters & AccessCryptoParameters() =0;
 	virtual const CryptoParameters & GetCryptoParameters() const {return const_cast<KeyAgreementAlgorithm *>(this)->AccessCryptoParameters();}
-	
+
 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
 	virtual ~KeyAgreementAlgorithm() {}
 #endif
@ -2146,49 +2152,65 @@ public:
 	//! return maximum plaintext length given the fixed ciphertext length, if one exists, otherwise return 0
 	virtual size_t FixedMaxPlaintextLength() const {return 0;}
-
+	
 #ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
 	size_t MaxPlainTextLength(size_t cipherTextLength) const {return MaxPlaintextLength(cipherTextLength);}
 	size_t CipherTextLength(size_t plainTextLength) const {return CiphertextLength(plainTextLength);}
 #endif
 };
 //! \class PK_Encryptor
 //! \brief Interface for public-key encryptors
 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Encryptor : public PK_CryptoSystem, public PublicKeyAlgorithm
 {
 public:
-	//! exception thrown when trying to encrypt plaintext of invalid length
+	//! \brief Exception thrown when trying to encrypt plaintext of invalid length
 	class CRYPTOPP_DLL InvalidPlaintextLength : public Exception
 	{
 	public:
 		InvalidPlaintextLength() : Exception(OTHER_ERROR, "PK_Encryptor: invalid plaintext length") {}
 	};
-	//! encrypt a byte string
+	//! \brief Encrypt a byte string
-	/*! re CiphertextLength(plaintextLength) != 0 (i.e., plaintext isn't too long)
+	//! \param rng a RandomNumberGenerator derived class
-		re size of ciphertext == CiphertextLength(plaintextLength)
+	//! \param plaintext the plaintext byte buffer
-	*/
+	//! \param plaintextLength the size of the plaintext byte buffer
 	//! \param ciphertext a byte buffer to hold the encrypted string
 	//! \param parameters additional configuration options
 	//! \pre <tt>CiphertextLength(plaintextLength) != 0</tt> ensures the plaintext isn't too large
 	//! \pre <tt>COUNTOF(ciphertext) == CiphertextLength(plaintextLength)</tt> ensures the output
 	//!   byte buffer is large enough.
 	//! \sa PK_Decryptor
 	virtual void Encrypt(RandomNumberGenerator &rng, 
 		const byte *plaintext, size_t plaintextLength, 
 		byte *ciphertext, const NameValuePairs &parameters = g_nullNameValuePairs) const =0;
-	//! create a new encryption filter
+	//! \brief Create a new encryption filter
-	/*! \note The caller is responsible for deleting the returned pointer.
+	//! \note The caller is responsible for deleting the returned pointer.
-		\note Encoding parameters should be passed in the "EP" channel.
+	//! \note Encoding parameters should be passed in the "EP" channel.
 	*/
 	virtual BufferedTransformation * CreateEncryptionFilter(RandomNumberGenerator &rng, 
 		BufferedTransformation *attachment=NULL, const NameValuePairs &parameters = g_nullNameValuePairs) const;
 };
 //! \class PK_Decryptor
 //! \brief Interface for public-key decryptors
 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Decryptor : public PK_CryptoSystem, public PrivateKeyAlgorithm
 {
 public:
-	//! decrypt a byte string, and return the length of plaintext
+	//! \brief Decrypt a byte string
-	/*! re size of plaintext == MaxPlaintextLength(ciphertextLength) bytes.
+	//! \param rng a RandomNumberGenerator derived class
-		\returns the actual length of the plaintext, indication that decryption failed.
+	//! \param ciphertext the encrypted byte buffer
-	*/
+	//! \param ciphertextLength the size of the encrypted byte buffer
 	//! \param plaintext a byte buffer to hold the decrypted string
 	//! \param parameters additional configuration options
 	//! \returns the result of the decryption operation
 	//! \pre <tt>COUNTOF(plaintext) == MaxPlaintextLength(ciphertextLength)</tt> ensures the output
 	//!   byte buffer is large enough
 	//! \details If DecodingResult::isValidCoding is true, then DecodingResult::messageLength
 	//!   is valid and holds the the actual length of the plaintext recovered.
 	//!   on success. The result is undefined if decryption failed. If DecodingResult::isValidCoding
 	//!   is false, then DecodingResult::messageLength is undefined.
 	//! \sa PK_Encryptor
 	virtual DecodingResult Decrypt(RandomNumberGenerator &rng, 
 		const byte *ciphertext, size_t ciphertextLength, 
 		byte *plaintext, const NameValuePairs &parameters = g_nullNameValuePairs) const =0;
@ -2295,30 +2317,30 @@ public:
 	virtual void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const =0;
 	//! sign and delete messageAccumulator (even in case of exception thrown)
-	/*! re size of signature == MaxSignatureLength()
+	/*! \pre size of signature == MaxSignatureLength()
 		\returns actual signature length
 	*/
 	virtual size_t Sign(RandomNumberGenerator &rng, PK_MessageAccumulator *messageAccumulator, byte *signature) const;
 	//! sign and restart messageAccumulator
-	/*! re size of signature == MaxSignatureLength()
+	/*! \pre size of signature == MaxSignatureLength()
 		\returns actual signature length
 	*/
 	virtual size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart=true) const =0;
 	//! sign a message
-	/*! re size of signature == MaxSignatureLength()
+	/*! \pre size of signature == MaxSignatureLength()
 		\returns actual signature length
 	*/
 	virtual size_t SignMessage(RandomNumberGenerator &rng, const byte *message, size_t messageLen, byte *signature) const;
 	//! sign a recoverable message
-	/*! re size of signature == MaxSignatureLength(recoverableMessageLength)
+	/*! \pre size of signature == MaxSignatureLength(recoverableMessageLength)
 		\returns actual signature length
 	*/
 	virtual size_t SignMessageWithRecovery(RandomNumberGenerator &rng, const byte *recoverableMessage, size_t recoverableMessageLength, 
 		const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, byte *signature) const;
-		
+
 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
 	virtual ~PK_Signer() {}
 #endif
@ -2351,17 +2373,17 @@ public:
 		const byte *signature, size_t signatureLength) const;
 	//! recover a message from its signature
-	/*! re size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
+	/*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
 	*/
 	virtual DecodingResult Recover(byte *recoveredMessage, PK_MessageAccumulator *messageAccumulator) const;
 	//! recover a message from its signature
-	/*! re size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
+	/*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
 	*/
 	virtual DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const =0;
 	//! recover a message from its signature
-	/*! re size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
+	/*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
 	*/
 	virtual DecodingResult RecoverMessage(byte *recoveredMessage, 
 		const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, 
@ -2388,7 +2410,7 @@ public:
 	//! return length of public keys in this domain
 	virtual unsigned int PublicKeyLength() const =0;
 	//! generate private key
-	/*! re size of privateKey == PrivateKeyLength() */
+	/*! \pre size of privateKey == PrivateKeyLength() */
 	virtual void GeneratePrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0;
 	//! generate public key
 	/*!	re size of publicKey == PublicKeyLength() */
@ -2399,8 +2421,8 @@ public:
 	//! derive agreed value from your private key and couterparty's public key, return false in case of failure
 	/*! \note If you have previously validated the public key, use validateOtherPublicKey=false to save time.
 		re size of agreedValue == AgreedValueLength()
-		re length of privateKey == PrivateKeyLength()
+		\pre length of privateKey == PrivateKeyLength()
-		re length of otherPublicKey == PublicKeyLength()
+		\pre length of otherPublicKey == PublicKeyLength()
 	*/
 	virtual bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const =0;
@ -2431,7 +2453,7 @@ public:
 	//! return length of static public keys in this domain
 	virtual unsigned int StaticPublicKeyLength() const =0;
 	//! generate static private key
-	/*! re size of privateKey == PrivateStaticKeyLength() */
+	/*! \pre size of privateKey == PrivateStaticKeyLength() */
 	virtual void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0;
 	//! generate static public key
 	/*!	re size of publicKey == PublicStaticKeyLength() */
@ -2444,25 +2466,26 @@ public:
 	virtual unsigned int EphemeralPrivateKeyLength() const =0;
 	//! return length of ephemeral public keys in this domain
 	virtual unsigned int EphemeralPublicKeyLength() const =0;
-	//! generate ephemeral private key
+	//! \brief Generate ephemeral private key
-	/*! re size of privateKey == PrivateEphemeralKeyLength() */
+	//! \pre size of privateKey == PrivateEphemeralKeyLength()
 	virtual void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0;
-	//! generate ephemeral public key
+	//! \brief Generate ephemeral public key
-	/*!	re size of publicKey == PublicEphemeralKeyLength() */
+	//! \pre size of publicKey == PublicEphemeralKeyLength()
 	virtual void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const =0;
-	//! generate private/public key pair
+	//! \brief Generate private/public key pair
 	/*! \note equivalent to calling GenerateEphemeralPrivateKey() and then GenerateEphemeralPublicKey() */
 	virtual void GenerateEphemeralKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const;
-	//! derive agreed value from your private keys and couterparty's public keys, return false in case of failure
+	//! \brief Derive agreed value
-	/*! \note The ephemeral public key will always be validated.
+	//! \returns true upon success, false in case of failure
-		      If you have previously validated the static public key, use validateStaticOtherPublicKey=false to save time.
+	//! \details Agree() derives an agreed value from your private keys and couterparty's public keys
-		re size of agreedValue == AgreedValueLength()
+	//! \details The ephemeral public key will always be validated. If you have previously validated the
-		re length of staticPrivateKey == StaticPrivateKeyLength()
+	//!   static public key, use validateStaticOtherPublicKey=false to save time.
-		re length of ephemeralPrivateKey == EphemeralPrivateKeyLength()
+	//! \pre size of agreedValue == AgreedValueLength()
-		re length of staticOtherPublicKey == StaticPublicKeyLength()
+	//! \pre length of staticPrivateKey == StaticPrivateKeyLength()
-		re length of ephemeralOtherPublicKey == EphemeralPublicKeyLength()
+	//! \pre length of ephemeralPrivateKey == EphemeralPrivateKeyLength()
-	*/
+	//! \pre length of staticOtherPublicKey == StaticPublicKeyLength()
 	//! \pre length of ephemeralOtherPublicKey == EphemeralPublicKeyLength()
 	virtual bool Agree(byte *agreedValue,
 		const byte *staticPrivateKey, const byte *ephemeralPrivateKey,
 		const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey,
--- a/datatest.cpp
+++ b/datatest.cpp
@ -610,10 +610,10 @@ void TestKeyDerivationFunction(TestData &v)
 	std::string salt = GetDecodedDatum(v, "Salt");
 	std::string info = GetDecodedDatum(v, "Info");
 	std::string derived = GetDecodedDatum(v, "DerivedKey");
-	std::string t = GetDecodedDatum(v, "DerivedLength");
+	std::string t = GetDecodedDatum(v, "DerivedKeyLength");
 	TestDataNameValuePairs pairs(v);
-	unsigned int length = pairs.GetIntValueWithDefault(Name::DerivedLength(), (int)derived.size());
+	unsigned int length = pairs.GetIntValueWithDefault(Name::DerivedKeyLength(), (int)derived.size());
 	member_ptr<KeyDerivationFunction> kdf;
 	kdf.reset(ObjectFactoryRegistry<KeyDerivationFunction>::Registry().CreateObject(name.c_str()));
--- a/default.cpp
+++ b/default.cpp
@ -20,8 +20,8 @@ NAMESPACE_BEGIN(CryptoPP)
 static const unsigned int MASH_ITERATIONS = 200;
 static const unsigned int SALTLENGTH = 8;
-static const unsigned int BLOCKSIZE = Default_BlockCipher::Encryption::BLOCKSIZE;
+static const unsigned int BLOCKSIZE = DefaultBlockCipher::Encryption::BLOCKSIZE;
-static const unsigned int KEYLENGTH = Default_BlockCipher::Encryption::DEFAULT_KEYLENGTH;
+static const unsigned int KEYLENGTH = DefaultBlockCipher::Encryption::DEFAULT_KEYLENGTH;
 // The purpose of this function Mash() is to take an arbitrary length input
 // string and *deterministicly* produce an arbitrary length output string such
@ -270,3 +270,4 @@ void DefaultDecryptorWithMAC::LastPut(const byte *inString, size_t length)
 }
 NAMESPACE_END
--- a/default.h
+++ b/default.h
@ -1,8 +1,7 @@
 // default.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file default.h
-//! \headerfile default.h
+//! \brief Classes for DefaultEncryptor, DefaultDecryptor, DefaultEncryptorWithMAC and DefaultDecryptorWithMAC
 //! \brief Classes for DefaultEncryptor, DefaultEncryptorWithMAC and decryptors
 #ifndef CRYPTOPP_DEFAULT_H
 #define CRYPTOPP_DEFAULT_H
@ -16,15 +15,29 @@
 NAMESPACE_BEGIN(CryptoPP)
-typedef DES_EDE2 Default_BlockCipher;
+//! \brief Default block cipher for DefaultEncryptor, DefaultDecryptor, DefaultEncryptorWithMAC and DefaultDecryptorWithMAC
 typedef DES_EDE2 DefaultBlockCipher;
 //! \brief Default hash for use with DefaultEncryptorWithMAC and DefaultDecryptorWithMAC
 typedef SHA DefaultHashModule;
 //! \brief Default HMAC for use withDefaultEncryptorWithMAC and DefaultDecryptorWithMAC
 typedef HMAC<DefaultHashModule> DefaultMAC;
-//! Password-Based Encryptor using DES-EDE2
+//! \class DefaultEncryptor
 //! \brief Password-Based Encryptor using TripleDES
 //! \details The class uses 2-key TripleDES (DES_EDE2) for encryption, which only
 //!   provides about 80-bits of security.
 class DefaultEncryptor : public ProxyFilter
 {
 public:
 	//! \brief Construct a DefaultEncryptor
 	//! \param passphrase a C-String password
 	//! \param attachment a BufferedTransformation to attach to this object
 	DefaultEncryptor(const char *passphrase, BufferedTransformation *attachment = NULL);
 	//! \brief Construct a DefaultEncryptor
 	//! \param passphrase a byte string password
 	//! \param passphraseLength the length of the byte string password
 	//! \param attachment a BufferedTransformation to attach to this object
 	DefaultEncryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL);
 protected:
@ -33,14 +46,34 @@ protected:
 private:
 	SecByteBlock m_passphrase;
-	CBC_Mode<Default_BlockCipher>::Encryption m_cipher;
+	CBC_Mode<DefaultBlockCipher>::Encryption m_cipher;
 };
-//! Password-Based Decryptor using DES-EDE2
+#if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20800)
 } __attribute__((deprecated ("DefaultEncryptor will be changing in the near future because the algorithms are no longer secure")));
 #elif (CRYPTOPP_GCC_VERSION)
 } __attribute__((deprecated));
 #else
 };
 #endif
 //! \class DefaultDecryptor
 //! \brief Password-Based Decryptor using TripleDES
 //! \details The class uses 2-key TripleDES (DES_EDE2) for encryption, which only
 //!   provides about 80-bits of security.
 class DefaultDecryptor : public ProxyFilter
 {
 public:
 	//! \brief Constructs a DefaultDecryptor
 	//! \param passphrase a C-String password
 	//! \param attachment a BufferedTransformation to attach to this object
 	//! \param throwException a flag specifiying whether an Exception should be thrown on error
 	DefaultDecryptor(const char *passphrase, BufferedTransformation *attachment = NULL, bool throwException=true);
 	//! \brief Constructs a DefaultDecryptor
 	//! \param passphrase a byte string password
 	//! \param passphraseLength the length of the byte string password
 	//! \param attachment a BufferedTransformation to attach to this object
 	//! \param throwException a flag specifiying whether an Exception should be thrown on error
 	DefaultDecryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL, bool throwException=true);
 	class Err : public Exception
@ -64,16 +97,39 @@ private:
 	void CheckKey(const byte *salt, const byte *keyCheck);
 	SecByteBlock m_passphrase;
-	CBC_Mode<Default_BlockCipher>::Decryption m_cipher;
+	CBC_Mode<DefaultBlockCipher>::Decryption m_cipher;
 	member_ptr<FilterWithBufferedInput> m_decryptor;
 	bool m_throwException;
 };
-//! Password-Based Encryptor using DES-EDE2 and HMAC/SHA-1
+#if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20800)
 } __attribute__((deprecated ("DefaultDecryptor will be changing in the near future because the algorithms are no longer secure")));
 #elif (CRYPTOPP_GCC_VERSION)
 } __attribute__((deprecated));
 #else
 };
 #endif
 //! \class DefaultEncryptorWithMAC
 //! \brief Password-Based encryptor using TripleDES and HMAC/SHA-1
 //! \details DefaultEncryptorWithMAC uses a non-standard mashup function called Mash() to derive key
 //!   bits from the password. The class also uses 2-key TripleDES (DES_EDE2) for encryption, which only
 //!   provides about 80-bits of security.
 //! \details The purpose of the function Mash() is to take an arbitrary length input string and
 //!   *deterministicly* produce an arbitrary length output string such that (1) it looks random,
 //!   (2) no information about the input is deducible from it, and (3) it contains as much entropy
 //!   as it can hold, or the amount of entropy in the input string, whichever is smaller.
 class DefaultEncryptorWithMAC : public ProxyFilter
 {
 public:
 	//! \brief Constructs a DefaultEncryptorWithMAC
 	//! \param passphrase a C-String password
 	//! \param attachment a BufferedTransformation to attach to this object
 	DefaultEncryptorWithMAC(const char *passphrase, BufferedTransformation *attachment = NULL);
 	//! \brief Constructs a DefaultEncryptorWithMAC
 	//! \param passphrase a byte string password
 	//! \param passphraseLength the length of the byte string password
 	//! \param attachment a BufferedTransformation to attach to this object
 	DefaultEncryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL);
 protected:
@ -82,15 +138,42 @@ protected:
 private:
 	member_ptr<DefaultMAC> m_mac;
 };
-//! Password-Based Decryptor using DES-EDE2 and HMAC/SHA-1
+#if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20800)
 } __attribute__((deprecated ("DefaultEncryptorWithMAC will be changing in the near future because the algorithms are no longer secure")));
 #elif (CRYPTOPP_GCC_VERSION)
 } __attribute__((deprecated));
 #else
 };
 #endif
 //! \class DefaultDecryptorWithMAC
 //! \brief Password-Based decryptor using TripleDES and HMAC/SHA-1
 //! \details DefaultDecryptorWithMAC uses a non-standard mashup function called Mash() to derive key
 //!   bits from the password. The class also uses 2-key TripleDES (DES_EDE2) for encryption, which only
 //!   provides about 80-bits of security.
 //! \details The purpose of the function Mash() is to take an arbitrary length input string and
 //!   *deterministicly* produce an arbitrary length output string such that (1) it looks random,
 //!   (2) no information about the input is deducible from it, and (3) it contains as much entropy
 //!   as it can hold, or the amount of entropy in the input string, whichever is smaller.
 class DefaultDecryptorWithMAC : public ProxyFilter
 {
 public:
 	//! \class MACBadErr
 	//! \brief Excpetion thrown when an incorrect MAC is encountered
 	class MACBadErr : public DefaultDecryptor::Err {public: MACBadErr() : DefaultDecryptor::Err("DefaultDecryptorWithMAC: MAC check failed") {}};
 	//! \brief Constructs a DefaultDecryptor
 	//! \param passphrase a C-String password
 	//! \param attachment a BufferedTransformation to attach to this object
 	//! \param throwException a flag specifiying whether an Exception should be thrown on error
 	DefaultDecryptorWithMAC(const char *passphrase, BufferedTransformation *attachment = NULL, bool throwException=true);
 	//! \brief Constructs a DefaultDecryptor
 	//! \param passphrase a byte string password
 	//! \param passphraseLength the length of the byte string password
 	//! \param attachment a BufferedTransformation to attach to this object
 	//! \param throwException a flag specifiying whether an Exception should be thrown on error
 	DefaultDecryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL, bool throwException=true);
 	DefaultDecryptor::State CurrentState() const;
@ -104,7 +187,14 @@ private:
 	member_ptr<DefaultMAC> m_mac;
 	HashVerifier *m_hashVerifier;
 	bool m_throwException;
 #if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20800)
 } __attribute__((deprecated ("DefaultDecryptorWithMAC will be changing in the near future because the algorithms are no longer secure")));
 #elif (CRYPTOPP_GCC_VERSION)
 } __attribute__((deprecated));
 #else
 };
 #endif
 NAMESPACE_END
--- a/des.h
+++ b/des.h
@ -1,8 +1,7 @@
 // des.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file des.h
-//! \headerfile des.h
+//! \brief Classes for DES, 2-key Triple-DES, 3-key Triple-DES and DESX
 //! \brief Classes for DES, 2-key and 3-key Triple-DES
 #ifndef CRYPTOPP_DES_H
 #define CRYPTOPP_DES_H
--- a/dsa.h
+++ b/dsa.h
@ -1,7 +1,6 @@
 // dsa.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file dsa.h
 //! \headerfile dsa.h
 //! \brief Classes for the DSA signature algorithm
 #ifndef CRYPTOPP_DSA_H
--- a/eccrypto.h
+++ b/eccrypto.h
@ -1,9 +1,11 @@
 // eccrypto.h - written and placed in the public domain by Wei Dai
 //! \file eccrypto.h
 //! \brief Classes and functions for Elliptic Curves over prime and binary fields
 #ifndef CRYPTOPP_ECCRYPTO_H
 #define CRYPTOPP_ECCRYPTO_H
 /*! \file
 */
 #include "config.h"
 #include "cryptlib.h"
 #include "pubkey.h"
@ -139,8 +141,8 @@ protected:
 	OID m_oid;			// set if parameters loaded from a recommended curve
 	Integer m_n;		// order of base point
 	bool m_compress, m_encodeAsOID;
 	mutable Integer m_k;		// cofactor
 	mutable bool m_compress, m_encodeAsOID;		// presentation details
 };
 //! EC public key
@ -473,8 +475,8 @@ protected:
 	OID m_oid;			// set if parameters loaded from a recommended curve
 	Integer m_n;		// order of base point
 	bool m_compress, m_encodeAsOID;
 	mutable Integer m_k;		// cofactor
 	mutable bool m_compress, m_encodeAsOID;		// presentation details
 };
 //! EC public key
--- a/ecp.h
+++ b/ecp.h
@ -1,7 +1,6 @@
 // ecp.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file ecp.h
 //! \headerfile ecp.h
 //! \brief Classes for Elliptic Curves over prime fields
 #ifndef CRYPTOPP_ECP_H
--- a/elgamal.h
+++ b/elgamal.h
@ -1,3 +1,8 @@
 // elgamal.h - written and placed in the public domain by Wei Dai
 //! \file elgamal.h
 //! \brief Classes and functions for ElGamal key agreement and encryption schemes
 #ifndef CRYPTOPP_ELGAMAL_H
 #define CRYPTOPP_ELGAMAL_H
@ -116,7 +121,8 @@ struct ElGamalKeys
 	typedef DL_PublicKey_GFP_OldFormat<DL_CryptoKeys_GFP::PublicKey> PublicKey;
 };
-//! ElGamal encryption scheme with non-standard padding
+//! \class ElGamal
 //! \brief ElGamal encryption scheme with non-standard padding
 struct ElGamal
 {
 	typedef DL_CryptoSchemeOptions<ElGamal, ElGamalKeys, int, int, int> SchemeOptions;
--- a/emsa2.h
+++ b/emsa2.h
@ -1,10 +1,11 @@
 // emsa2.h - written and placed in the public domain by Wei Dai
 //! \file emsa2.h
 //! \brief Classes and functions for various padding schemes used in public key algorithms
 #ifndef CRYPTOPP_EMSA2_H
 #define CRYPTOPP_EMSA2_H
 /** \file
 	This file contains various padding schemes for public key algorithms.
 */
 #include "cryptlib.h"
 #include "pubkey.h"
 #include "misc.h"
--- a/eprecomp.h
+++ b/eprecomp.h
@ -1,10 +1,15 @@
 // eprecomp.h - written and placed in the public domain by Wei Dai
 //! \file eprecomp.h
 //! \brief Classes for precomputation in a group
 #ifndef CRYPTOPP_EPRECOMP_H
 #define CRYPTOPP_EPRECOMP_H
 #include "cryptlib.h"
 #include "integer.h"
 #include "algebra.h"
-#include <vector>
+#include "stdcpp.h"
 NAMESPACE_BEGIN(CryptoPP)
--- a/gost.h
+++ b/gost.h
@ -1,9 +1,11 @@
 // gost.h - written and placed in the public domain by Wei Dai
 //! \file gost.h
 //! \brief Classes for the GIST block cipher
 #ifndef CRYPTOPP_GOST_H
 #define CRYPTOPP_GOST_H
 /** \file
 */
 #include "seckey.h"
 #include "secblock.h"
--- a/ida.h
+++ b/ida.h
@ -1,6 +1,6 @@
 // ida.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file ida.h
 //! \brief Classes for Information Dispersal Algorithm (IDA)
 #ifndef CRYPTOPP_IDA_H
--- a/idea.h
+++ b/idea.h
@ -1,9 +1,11 @@
 // idea.h - written and placed in the public domain by Wei Dai
 //! \file idea.h
 //! \brief Classes for the IDEA block cipher
 #ifndef CRYPTOPP_IDEA_H
 #define CRYPTOPP_IDEA_H
 /** \file
 */
 #include "seckey.h"
 #include "secblock.h"
--- a/lubyrack.h
+++ b/lubyrack.h
@ -1,10 +1,11 @@
 // lubyrack.h - written and placed in the public domain by Wei Dai
 //! \file lubyrack.h
 //! \brief Classes for the Luby-Rackoff block cipher
 #ifndef CRYPTOPP_LUBYRACK_H
 #define CRYPTOPP_LUBYRACK_H
 /** \file */
 #include "simple.h"
 #include "secblock.h"
--- a/mars.h
+++ b/mars.h
@ -1,8 +1,7 @@
 // mars.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file mars.h
-//! \brief Implementation of the MARS cipher (IBM AES submission)
+//! \brief Classes for the MARS block cipher (IBM AES submission)
 #ifndef CRYPTOPP_MARS_H
 #define CRYPTOPP_MARS_H
--- a/mersenne.h
+++ b/mersenne.h
@ -1,7 +1,9 @@
-// mersenne.h - written and placed in public domain by Jeffrey Walton. Copyright assigned to Crypto++ project.
+// mersenne.h - written and placed in public domain by Jeffrey Walton.
 //              Copyright assigned to Crypto++ project.
 //! \file
-//! \brief Implementation of the Mersenne Twister
+//! \brief Class file for Mersenne Twister
 //! \note Suitable for Monte Carlo simulations, and not cryptographic use
 #ifndef CRYPTOPP_MERSENNE_TWISTER_H
 #define CRYPTOPP_MERSENNE_TWISTER_H
@ -19,14 +21,16 @@ NAMESPACE_BEGIN(CryptoPP)
 //! \tparam N Size of the state vector
 //! \tparam F Multiplier constant
 //! \tparam S Sefault seed
-//! \details Provides the \p MersenneTwister implementation. The class is a header-only implementation
+//! \details Provides the MersenneTwister implementation. The class is a header-only implementation.
 //! \warning MersenneTwister is suitable for simulations, where uniformaly distrubuted numbers are
 //!   required quickly. It should not be used for cryptographic purposes.
 template <unsigned int K, unsigned int M, unsigned int N, unsigned int F, unsigned long S>
 class MersenneTwister : public RandomNumberGenerator
 {
 public:
 	//! \brief Construct a Mersenne Twister
-	//! \param seed 32 bit seed
+	//! \param seed 32-bit seed
-	//! \details Defaults to template parameter \p S due to changing algorithm
+	//! \details Defaults to template parameter S due to changing algorithm
 	//!   parameters over time
 	MersenneTwister(unsigned long seed = S) : m_seed(seed), m_idx(N)
 	{
@ -38,9 +42,9 @@ public:
 	//! \brief Generate random array of bytes
 	//! \param output byte buffer
 	//! \param size length of the buffer, in bytes
-	//! \details Bytes are written to \p output in big endian order. If \p output length
+	//! \details Bytes are written to output in big endian order. If output length
 	//!   is not a multiple of word32, then unused bytes are not accumulated for subsequent
-	//!   calls to \p GenerateBlock. Rather, the unused tail bytes are discarded, and the
+	//!   calls to GenerateBlock. Rather, the unused tail bytes are discarded, and the
 	//!   stream is continued at the next word32 boundary from the state array.
 	void GenerateBlock(byte *output, size_t size)
 	{
@ -84,8 +88,9 @@ public:
 		*((volatile word32*)&temp) = 0;
 	}
-	//! \brief Generate a random 32 bit word in the range min to max, inclusive
+	//! \brief Generate a random 32-bit word in the range min to max, inclusive
-	//! \details If the 32 bit candidate is not within the range, then it is discarded
+	//! \returns random 32-bit word in the range min to max, inclusive
 	//! \details If the 32-bit candidate is not within the range, then it is discarded
 	//!   and a new candidate is used.
 	word32 GenerateWord32(word32 min=0, word32 max=0xffffffffL)
 	{
@ -105,8 +110,8 @@ public:
 	//! \brief Generate and discard n bytes
 	//! \param n the number of bytes to discard, rounded up to a <tt>word32</tt> size
-	//! \details If \p n is not a multiple of <tt>word32</tt>, then unused bytes are
+	//! \details If n is not a multiple of <tt>word32</tt>, then unused bytes are
-	//!   not accumulated for subsequent calls to \p GenerateBlock. Rather, the unused
+	//!   not accumulated for subsequent calls to GenerateBlock. Rather, the unused
 	//!   tail bytes are discarded, and the stream is continued at the next
 	//!   <tt>word32</tt> boundary from the state array.
 	void DiscardBytes(size_t n)
@ -118,6 +123,7 @@ public:
 protected:
 	//! \brief Returns the next 32-bit word from the state array
 	//! \returns the next 32-bit word from the state array
 	//! \details fetches the next word frm the state array, performs bit operations on
 	//!   it, and then returns the value to the caller.
 	word32 NextMersenneWord()
@ -164,7 +170,7 @@ protected:
 private:
-	//! \brief 32-bit word state array of size \p N
+	//! \brief 32-bit word state array of size N
 	FixedSizeSecBlock<word32, N+1> m_state;
 	//! \brief the value used to seed the generator
 	unsigned int m_seed;
@ -178,7 +184,7 @@ typedef MersenneTwister<0x9908B0DF /*2567483615*/, 397, 624, 0x10DCD /*69069*/,
 //! \brief Updated MT19937 generator adapted to provide an array for initialization.
 //! \details Also see http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/MT2002/emt19937ar.html; uses 5489 as default initial seed.
-//! \note Use this generator when interoperating with C++11's \p mt19937 class.
+//! \note Use this generator when interoperating with C++11's mt19937 class.
 typedef MersenneTwister<0x9908B0DF /*2567483615*/, 397, 624, 0x6C078965 /*1812433253*/, 5489> MT19937ar;
 NAMESPACE_END
--- a/misc.cpp
+++ b/misc.cpp
@ -4,7 +4,10 @@
 #include "config.h"
 #if CRYPTOPP_MSC_VERSION
-# pragma warning(disable: 4189 6237)
+# pragma warning(disable: 4189)
 # if (CRYPTOPP_MSC_VERSION >= 1400)
 #  pragma warning(disable: 6237)
 # endif
 #endif
 #ifndef CRYPTOPP_IMPORTS
--- a/misc.h
+++ b/misc.h
@ -12,7 +12,10 @@
 #if CRYPTOPP_MSC_VERSION
 # pragma warning(push)
-# pragma warning(disable: 6326)
+# pragma warning(disable: 4146)
 # if (CRYPTOPP_MSC_VERSION >= 1400)
 #  pragma warning(disable: 6326)
 # endif
 #endif
 #include "cryptlib.h"
@ -129,8 +132,8 @@ struct CompileAssert
 //! \brief Counts elements in an array
 //! \param arr an array of elements
 //! \details COUNTOF counts elements in an array. On Windows COUNTOF(x) is deinfed
-//!   to _countof(x) to ensure correct results for pointers. Since the library code is
+//!   to <tt>_countof(x)</tt> to ensure correct results for pointers. Since the library code
-//!   cross-platform, Windows will ensure the safety on non-Windows platforms.
+//!   is cross-platform, Windows will ensure the safety on non-Windows platforms.
 //! \note COUNTOF does not produce correct results with pointers, and an array must be used.
 //!   The library ensures correct application of COUNTOF by enlisting _countof on Windows
 //!   platforms. Microsoft's _countof fails to compile using pointers.
@ -209,7 +212,7 @@ struct NewObject
 //!   <tt>_ReadWriteBarrier()</tt> or <tt>__asm__("" ::: "memory")</tt>.
 #define MEMORY_BARRIER ...
 #else
-#if defined(_MSC_VER)
+#if (_MSC_VER >= 1400)
 # pragma intrinsic(_ReadWriteBarrier)
 # define MEMORY_BARRIER() _ReadWriteBarrier()
 #elif defined(__INTEL_COMPILER)
@ -217,7 +220,7 @@ struct NewObject
 #elif defined(__GNUC__) || defined(__clang__)
 # define MEMORY_BARRIER() __asm__ __volatile__ ("" ::: "memory")
 #else
-// # error "Unknown compiler"
+# define MEMORY_BARRIER()
 #endif
 #endif // CRYPTOPP_DOXYGEN_PROCESSING
@ -306,7 +309,10 @@ inline void memcpy_s(void *dest, size_t sizeInBytes, const void *src, size_t cou
 #if CRYPTOPP_MSC_VERSION
 # pragma warning(push)
-# pragma warning(disable 4996 6386)
+# pragma warning(disable: 4996)
 # if (CRYPTOPP_MSC_VERSION >= 1400)
 #  pragma warning(disable: 6386)
 # endif
 #endif
 	memcpy(dest, src, count);
 #if CRYPTOPP_MSC_VERSION
@ -345,7 +351,10 @@ inline void memmove_s(void *dest, size_t sizeInBytes, const void *src, size_t co
 #if CRYPTOPP_MSC_VERSION
 # pragma warning(push)
-# pragma warning(disable 4996 6386)
+# pragma warning(disable: 4996)
 # if (CRYPTOPP_MSC_VERSION >= 1400)
 #  pragma warning(disable: 6386)
 # endif
 #endif
 	memmove(dest, src, count);
 #if CRYPTOPP_MSC_VERSION
--- a/mqv.h
+++ b/mqv.h
@ -1,9 +1,11 @@
 // mqv.h - written and placed in the public domain by Wei Dai
 //! \file mqv.h
 //! \brief Classes for Menezes–Qu–Vanstone (MQV) key agreement
 #ifndef CRYPTOPP_MQV_H
 #define CRYPTOPP_MQV_H
 /** \file
 */
 #include "cryptlib.h"
 #include "gfpcrypt.h"
 #include "modarith.h"
@ -12,7 +14,13 @@
 NAMESPACE_BEGIN(CryptoPP)
-//! _
+//! \class MQV_Domain
 //! \brief MQV domain for performing authenticated key agreement
 //! \tparam GROUP_PARAMETERS doamin parameters
 //! \tparam COFACTOR_OPTION cofactor option
 //! \details GROUP_PARAMETERS paramters include the curve coefcients and the base point.
 //!   Binary curves use a polynomial to represent its characteristic, while prime curves
 //!   use a prime number.
 template <class GROUP_PARAMETERS, class COFACTOR_OPTION = CPP_TYPENAME GROUP_PARAMETERS::DefaultCofactorOption>
 class MQV_Domain : public AuthenticatedKeyAgreementDomain
 {
--- a/nbtheory.h
+++ b/nbtheory.h
@ -1,5 +1,8 @@
 // nbtheory.h - written and placed in the public domain by Wei Dai
 //! \file nbtheory.h
 //! \brief Classes and functions  for number theoretic operations
 #ifndef CRYPTOPP_NBTHEORY_H
 #define CRYPTOPP_NBTHEORY_H
@ -14,14 +17,31 @@ CRYPTOPP_DLL const word16 * CRYPTOPP_API GetPrimeTable(unsigned int &size);
 // ************ primality testing ****************
-// generate a provable prime
+//! \brief Generates a provable prime
 //! \param rng a RandomNumberGenerator to produce keying material
 //! \param bits the number of bits in the prime number
 //! \returns Integer() meeting Maurer's tests for primality
 CRYPTOPP_DLL Integer CRYPTOPP_API MaurerProvablePrime(RandomNumberGenerator &rng, unsigned int bits);
 //! \brief Generates a provable prime
 //! \param rng a RandomNumberGenerator to produce keying material
 //! \param bits the number of bits in the prime number
 //! \returns Integer() meeting Mihailescu's tests for primality
 //! \details Mihailescu's methods performs a search using algorithmic progressions.
 CRYPTOPP_DLL Integer CRYPTOPP_API MihailescuProvablePrime(RandomNumberGenerator &rng, unsigned int bits);
 //! \brief Tests whether a number is a small prime
 //! \param p a candidate prime to test
 //! \returns true if p is a small prime, false otherwise
 //! \details Internally, the library maintains a table fo the first 32719 prime numbers
 //!   in sorted order. IsSmallPrime() searches the table and returns true if p is
 //!   in the table.
 CRYPTOPP_DLL bool CRYPTOPP_API IsSmallPrime(const Integer &p);
-// returns true if p is divisible by some prime less than bound
+//! 
-// bound not be greater than the largest entry in the prime table
+//! \returns true if p is divisible by some prime less than bound.
 //! \details TrialDivision() true if p is divisible by some prime less than bound. bound not be
 //!   greater than the largest entry in the prime table, which is 32719.
 CRYPTOPP_DLL bool CRYPTOPP_API TrialDivision(const Integer &p, unsigned bound);
 // returns true if p is NOT divisible by small primes
@ -38,12 +58,25 @@ CRYPTOPP_DLL bool CRYPTOPP_API IsStrongLucasProbablePrime(const Integer &n);
 // for several rounds with random bases
 CRYPTOPP_DLL bool CRYPTOPP_API RabinMillerTest(RandomNumberGenerator &rng, const Integer &w, unsigned int rounds);
-// primality test, used to generate primes
+//! \brief Verifies a prime number
 //! \param p a candidate prime to test
 //! \returns true if p is a probable prime, false otherwise
 //! \details IsPrime() is suitable for testing candidate primes when creating them. Internally,
 //!   IsPrime() utilizes SmallDivisorsTest(), IsStrongProbablePrime() and IsStrongLucasProbablePrime().
 CRYPTOPP_DLL bool CRYPTOPP_API IsPrime(const Integer &p);
-// more reliable than IsPrime(), used to verify primes generated by others
+//! \brief Verifies a prime number
 //! \param rng a RandomNumberGenerator for randomized testing
 //! \param p a candidate prime to test
 //! \param level the level of thoroughness of testing
 //! \returns true if p is a strong probable prime, false otherwise
 //! \details VerifyPrime() is suitable for testing candidate primes created by others. Internally,
 //!   VerifyPrime() utilizes IsPrime() and one-round RabinMillerTest(). If the candiate passes and
 //!   level is greater than 1, then 10 round RabinMillerTest() primality testing is performed.
 CRYPTOPP_DLL bool CRYPTOPP_API VerifyPrime(RandomNumberGenerator &rng, const Integer &p, unsigned int level = 1);
 //! \class PrimeSelector
 //! \brief Application callback to signal suitability of a cabdidate prime
 class CRYPTOPP_DLL PrimeSelector
 {
 public:
@ -51,8 +84,16 @@ public:
 	virtual bool IsAcceptable(const Integer &candidate) const =0;
 };
-// use a fast sieve to find the first probable prime in {x | p<=x<=max and x%mod==equiv}
+//! \brief Finds a random prime of special form
-// returns true iff successful, value of p is undefined if no such prime exists
+//! \param p an Integer reference to receive the prime
 //! \param max the maximum value
 //! \param equiv the equivalence class based on the parameter mod
 //! \param mod the modulus used to reduce the equivalence class
 //! \param pSelector pointer to a PrimeSelector function for the application to signal suitability
 //! \returns true if and only if FirstPrime() finds a prime and returns the prime through p. If FirstPrime()
 //!   returns false, then no such prime exists and the value of p is undefined
 //! \details FirstPrime() uses a fast sieve to find the first probable prime
 //!   in <tt>{x | p<=x<=max and x%mod==equiv}</tt>
 CRYPTOPP_DLL bool CRYPTOPP_API FirstPrime(Integer &p, const Integer &max, const Integer &equiv, const Integer &mod, const PrimeSelector *pSelector);
 CRYPTOPP_DLL unsigned int CRYPTOPP_API PrimeSearchInterval(const Integer &max);
--- a/osrng.h
+++ b/osrng.h
@ -123,6 +123,7 @@ protected:
 //! OS_GenerateRandomBlock
 //! \brief Generate random array of bytes
 //! \param blocking specifies whther a bobcking or non-blocking generator should be used
 //! \param output the byte buffer
 //! \param size the length of the buffer, in bytes
 //! \details OS_GenerateRandomBlock() uses the underlying operating system's
--- a/panama.h
+++ b/panama.h
@ -1,3 +1,8 @@
 // panama.h - written and placed in the public domain by Wei Dai
 //! \file panama.h
 //! \brief Classes for Panama stream cipher
 #ifndef CRYPTOPP_PANAMA_H
 #define CRYPTOPP_PANAMA_H
--- a/pubkey.h
+++ b/pubkey.h
@ -109,7 +109,7 @@ public:
 	virtual Integer ApplyRandomizedFunction(RandomNumberGenerator &rng, const Integer &x) const =0;
 	//! \brief Determines if the encryption algorithm is randomized
-	//! \returns \p true if the encryption algorithm is randominzed, \p false otherwise
+	//! \returns \p true if the encryption algorithm is randomized, \p false otherwise
 	//! \details If \p IsRandomized() returns \p false, then \p NullRNG() can be used.
 	virtual bool IsRandomized() const {return true;}
@ -170,7 +170,7 @@ public:
 	virtual Integer CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const =0;
 	//! \brief Determines if the decryption algorithm is randomized
-	//! \returns \p true if the decryption algorithm is randominzed, \p false otherwise
+	//! \returns \p true if the decryption algorithm is randomized, \p false otherwise
 	//! \details If \p IsRandomized() returns \p false, then \p NullRNG() can be used.
 	virtual bool IsRandomized() const {return true;}
 };
@ -197,7 +197,7 @@ public:
 		{return CalculateInverse(rng, x);}
 	//! \brief Determines if the decryption algorithm is randomized
-	//! \returns \p true if the decryption algorithm is randominzed, \p false otherwise
+	//! \returns \p true if the decryption algorithm is randomized, \p false otherwise
 	//! \details If \p IsRandomized() returns \p false, then \p NullRNG() can be used.
 	bool IsRandomized() const {return false;}
--- a/rc2.h
+++ b/rc2.h
@ -1,6 +1,7 @@
 // rc2.h - written and placed in the public domain by Wei Dai
 //! \file rc2.h
-//! \brief Class file for the RC2 stream cipher
+//! \brief Classes for the RC2 block cipher
 #ifndef CRYPTOPP_RC2_H
 #define CRYPTOPP_RC2_H
@ -91,3 +92,4 @@ typedef RC2::Decryption RC2Decryption;
 NAMESPACE_END
 #endif
--- a/rc5.h
+++ b/rc5.h
@ -1,9 +1,11 @@
 // rc5.h - written and placed in the public domain by Wei Dai
 //! \file rc5.h
 //! \brief Classes for the RC5 block cipher
 #ifndef CRYPTOPP_RC5_H
 #define CRYPTOPP_RC5_H
 /** \file
 */
 #include "seckey.h"
 #include "secblock.h"
--- a/rc6.h
+++ b/rc6.h
@ -1,9 +1,11 @@
 // rc6.h - written and placed in the public domain by Wei Dai
 //! \file rc6.h
 //! \brief Classes for the RC6 block cipher
 #ifndef CRYPTOPP_RC6_H
 #define CRYPTOPP_RC6_H
 /** \file
 */
 #include "seckey.h"
 #include "secblock.h"
--- a/rdrand.S
+++ b/rdrand.S
--- a/rdrand.h
+++ b/rdrand.h
@ -16,7 +16,7 @@
 //   to select an implementation or "throw NotImplemented". At runtime, the
 //   class uses the result of CPUID to determine if RDRAND or RDSEED are
 //   available. A lazy throw strategy is used in case the CPU does not support
-//   the instruction. I.e., the throw is deferred until GenerateBlock is called.
+//   the instruction. I.e., the throw is deferred until GenerateBlock() is called.
 // Microsoft added RDRAND in August 2012, VS2012. GCC added RDRAND in December 2010, GCC 4.6.
 // Clang added RDRAND in July 2012, Clang 3.2. Intel added RDRAND in September 2011, ICC 12.1.
@ -48,7 +48,7 @@ public:
 	virtual ~RDRAND() {}
 	//! \brief Retrieve the number of retries used by the generator
-	//! returns the number of times GenerateBlock will attempt to recover from a failed generation
+	//! \returns the number of times GenerateBlock() will attempt to recover from a failed generation
 	unsigned int GetRetries() const
 	{
 		return m_retries;
@ -127,7 +127,7 @@ public:
 	virtual ~RDSEED() {}
 	//! \brief Retrieve the number of retries used by the generator
-	//! returns the number of times GenerateBlock will attempt to recover from a failed generation
+	//! \returns the number of times GenerateBlock() will attempt to recover from a failed generation
 	unsigned int GetRetries() const
 	{
 		return m_retries;
--- a/rng.h
+++ b/rng.h
@ -16,10 +16,14 @@
 NAMESPACE_BEGIN(CryptoPP)
 //! \brief Linear Congruential Generator (LCG)
-//! \details Originally by William S. England, do not use for cryptographic purposes
+//! \details Originally propsed by William S. England.
 //! \warning LC_RNG is suitable for simulations, where uniformaly distrubuted numbers are
 //!   required quickly. It should not be used for cryptographic purposes.
 class LC_RNG : public RandomNumberGenerator
 {
 public:
 	//! \brief Construct a Linear Congruential Generator (LCG)
 	//! \param init_seed the initial value for the generator
 	LC_RNG(word32 init_seed)
 		: seed(init_seed) {}
--- a/safer.h
+++ b/safer.h
@ -1,9 +1,11 @@
 // safer.h - written and placed in the public domain by Wei Dai
 //! \file safer.h
 //! \brief Classes for the SAFER block cipher
 #ifndef CRYPTOPP_SAFER_H
 #define CRYPTOPP_SAFER_H
 /** \file
 */
 #include "seckey.h"
 #include "secblock.h"
--- a/salsa.h
+++ b/salsa.h
@ -1,8 +1,7 @@
 // salsa.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file salsa.h
-//! \headerfile salsa.h
+//! \brief Classes for Salsa and Salsa20 stream ciphers
 //! \brief Classes for Salsa encryption scheme
 #ifndef CRYPTOPP_SALSA_H
 #define CRYPTOPP_SALSA_H
--- a/seal.h
+++ b/seal.h
@ -1,8 +1,7 @@
 // seal.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file seal.h
-//! \headerfile seal.h
+//! \brief Classes for SEAL stream cipher
 //! \brief Classes for SEAL encryption scheme
 #ifndef CRYPTOPP_SEAL_H
 #define CRYPTOPP_SEAL_H
--- a/secblock.h
+++ b/secblock.h
@ -12,7 +12,10 @@
 #if CRYPTOPP_MSC_VERSION
 # pragma warning(push)
-# pragma warning(disable: 4700 6386)
+# pragma warning(disable: 4700)
 # if (CRYPTOPP_MSC_VERSION >= 1400)
 #  pragma warning(disable: 6386)
 # endif
 #endif
 NAMESPACE_BEGIN(CryptoPP)
--- a/seed.h
+++ b/seed.h
@ -1,8 +1,7 @@
 // seed.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file seed.h
-//! \headerfile seed.h
+//! \brief Classes for the SEED block cipher
 //! \brief Classes for SEED encryption scheme
 #ifndef CRYPTOPP_SEED_H
 #define CRYPTOPP_SEED_H
--- a/serpent.h
+++ b/serpent.h
@ -1,9 +1,11 @@
 // serpent.h - written and placed in the public domain by Wei Dai
 //! \file serpent.h
 //! \brief Classes for the Serpent block cipher
 #ifndef CRYPTOPP_SERPENT_H
 #define CRYPTOPP_SERPENT_H
 /** \file
 */
 #include "seckey.h"
 #include "secblock.h"
--- a/shacal2.h
+++ b/shacal2.h
@ -1,9 +1,11 @@
 // shacal.h - written and placed in the public domain by Wei Dai
 //! \file shacal.h
 //! \brief Classes for the SHACAL-2 block cipher
 #ifndef CRYPTOPP_SHACAL2_H
 #define CRYPTOPP_SHACAL2_H
 /** \file
 */
 #include "seckey.h"
 #include "secblock.h"
--- a/shark.h
+++ b/shark.h
@ -1,8 +1,7 @@
 // shark.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file shark.h
-//! \headerfile shark.h
+//! \brief Classes for the SHARK block cipher
 //! \brief Classes for SHARK encryption scheme
 #ifndef CRYPTOPP_SHARK_H
 #define CRYPTOPP_SHARK_H
--- a/skipjack.h
+++ b/skipjack.h
@ -1,7 +1,7 @@
 // skipjack.h - written and placed in the public domain by Wei Dai
 //! \file skipjack.h
-//! \brief Classes for Skipjack encryption algorithm
+//! \brief Classes for the SKIPJACK block cipher
 #ifndef CRYPTOPP_SKIPJACK_H
 #define CRYPTOPP_SKIPJACK_H
--- a/sosemanuk.h
+++ b/sosemanuk.h
@ -1,3 +1,8 @@
 // sosemanuk.h - written and placed in the public domain by Wei Dai
 //! \file sosemanuk.h
 //! \brief Classes for Sosemanuk stream cipher
 #ifndef CRYPTOPP_SOSEMANUK_H
 #define CRYPTOPP_SOSEMANUK_H
--- a/square.h
+++ b/square.h
@ -1,7 +1,7 @@
 // square.h - written and placed in the public domain by Wei Dai
 //! \file square.h
-//! \brief Classes for SQUARE encryption algorithm
+//! \brief Classes for the Square block cipher
 #ifndef CRYPTOPP_SQUARE_H
 #define CRYPTOPP_SQUARE_H
--- a/tea.h
+++ b/tea.h
@ -1,9 +1,11 @@
 // tea.h - written and placed in the public domain by Wei Dai
 //! \file tea.h
 //! \brief Classes for the TEA, BTEA and XTEA block ciphers
 #ifndef CRYPTOPP_TEA_H
 #define CRYPTOPP_TEA_H
 /** \file
 */
 #include "seckey.h"
 #include "secblock.h"
 #include "misc.h"
--- a/test.cpp
+++ b/test.cpp
@ -940,7 +940,7 @@ bool Validate(int alg, bool thorough, const char *seedInput)
 	}
 // Safer functions on Windows for C&A, https://github.com/weidai11/cryptopp/issues/55
-#if defined(CRYPTOPP_MSC_VERSION)
+#if (CRYPTOPP_MSC_VERSION >= 1400)
 	tm localTime = {};
 	char timeBuf[64];
 	errno_t err;
--- a/twofish.h
+++ b/twofish.h
@ -1,9 +1,11 @@
 // twofish.h - written and placed in the public domain by Wei Dai
 //! \file twofish.h
 //! \brief Classes for the Twofish block cipher
 #ifndef CRYPTOPP_TWOFISH_H
 #define CRYPTOPP_TWOFISH_H
 /** \file
 */
 #include "seckey.h"
 #include "secblock.h"
--- a/validat1.cpp
+++ b/validat1.cpp
@ -32,6 +32,8 @@
 #include "rc6.h"
 #include "mars.h"
 #include "aes.h"
 #include "cpu.h"
 #include "rng.h"
 #include "rijndael.h"
 #include "twofish.h"
 #include "serpent.h"
@ -42,8 +44,7 @@
 #include "rdrand.h"
 #include "zdeflate.h"
 #include "smartptr.h"
-#include "rng.h"
+#include "channels.h"
 #include "cpu.h"
 #include <time.h>
 #include <memory>
@ -460,42 +461,44 @@ bool TestAutoSeeded()
 bool TestRDRAND()
 {
 	RDRAND rdrand;
-	bool maurer = true, generate = true, discard = true;
+	bool entropy = true, compress = true, discard = true;
 	static const unsigned int SIZE = 10000;
 	if (HasRDRAND())
 	{
 		cout << "\nTesting RDRAND generator...\n\n";
-		vector_ptr<byte> rdbytes(SIZE);		
+		MeterFilter meter(new Redirector(TheBitBucket()));
-		RandomNumberSource rns(rdrand, SIZE, true, new ArraySink(rdbytes, rdbytes.size()));
+		Deflator deflator(new Redirector(meter));
-		ArraySource as(rdbytes, rdbytes.size(), true);
+		MaurerRandomnessTest maurer;
-		MaurerRandomnessTest mt;
+		ChannelSwitch chsw;
-		as.CopyTo(mt);
+		chsw.AddDefaultRoute(deflator);
-		
+		chsw.AddDefaultRoute(maurer);
-		const double mv = mt.GetTestValue();
+
 		RandomNumberSource rns(rdrand, SIZE, true, new Redirector(chsw));
 		deflator.Flush(true);
 		assert(0 == maurer.BytesNeeded());
 		const double mv = maurer.GetTestValue();
 		if (mv < 0.98f)
 		{
 			cout << "FAILED:";
-			maurer = false;
+			entropy = false;
 		}
 		else
 			cout << "passed:";
-		const std::streamsize oldp = cout.precision(5);
+		const std::streamsize oldp = cout.precision(6);
 		const std::ios::fmtflags oldf = cout.setf(std::ios::fixed, std::ios::floatfield);
-		cout << "  Maurer Randomness Test value of " << mv << endl;
+		cout << "  Maurer Randomness Test returned value " << mv << endl;
 		cout.precision(oldp);
 		cout.setf(oldf, std::ios::floatfield);
 		MeterFilter meter(new Redirector(TheBitBucket()));
 		as.CopyTo(meter);
 		if (meter.GetTotalBytes() < SIZE)
 		{
 			cout << "FAILED:";
-			generate = false;
+			compress = false;
 		}
 		else
 			cout << "passed:";
@ -519,10 +522,10 @@ bool TestRDRAND()
 	else
 		cout << "\nRDRAND generator not available, skipping test.\n";
-	if (!(maurer && generate && discard))
+	if (!(entropy && compress && discard))
 		cout.flush();
-	return maurer && generate && discard;
+	return entropy && compress && discard;
 }
 #endif
@ -530,42 +533,44 @@ bool TestRDRAND()
 bool TestRDSEED()
 {
 	RDSEED rdseed;
-	bool maurer = true, generate = true, discard = true;
+	bool entropy = true, compress = true, discard = true;
 	static const unsigned int SIZE = 10000;
 	if (HasRDSEED())
 	{
 		cout << "\nTesting RDSEED generator...\n\n";
-		vector_ptr<byte> rdbytes(SIZE);		
+		MeterFilter meter(new Redirector(TheBitBucket()));
-		RandomNumberSource rns(rdseed, SIZE, true, new ArraySink(rdbytes, rdbytes.size()));
+		Deflator deflator(new Redirector(meter));
-		ArraySource as(rdbytes, rdbytes.size(), true);
+		MaurerRandomnessTest maurer;
-		MaurerRandomnessTest mt;
+		ChannelSwitch chsw;
-		as.CopyTo(mt);
+		chsw.AddDefaultRoute(deflator);
-		
+		chsw.AddDefaultRoute(maurer);
-		const double mv = mt.GetTestValue();
+
 		RandomNumberSource rns(rdseed, SIZE, true, new Redirector(chsw));
 		deflator.Flush(true);
 		assert(0 == maurer.BytesNeeded());
 		const double mv = maurer.GetTestValue();
 		if (mv < 0.98f)
 		{
 			cout << "FAILED:";
-			maurer = false;
+			entropy = false;
 		}
 		else
 			cout << "passed:";
-		const std::streamsize oldp = cout.precision(5);
+		const std::streamsize oldp = cout.precision(6);
 		const std::ios::fmtflags oldf = cout.setf(std::ios::fixed, std::ios::floatfield);
-		cout << "  Maurer Randomness Test value of " << mv << endl;
+		cout << "  Maurer Randomness Test returned value " << mv << endl;
 		cout.precision(oldp);
 		cout.setf(oldf, std::ios::floatfield);
 		MeterFilter meter(new Redirector(TheBitBucket()));
 		as.CopyTo(meter);
 		if (meter.GetTotalBytes() < SIZE)
 		{
 			cout << "FAILED:";
-			generate = false;
+			compress = false;
 		}
 		else
 			cout << "passed:";
@ -589,10 +594,10 @@ bool TestRDSEED()
 	else
 		cout << "\nRDSEED generator not available, skipping test.\n";
-	if (!(maurer && generate && discard))
+	if (!(entropy && compress && discard))
 		cout.flush();
-	return maurer && generate && discard;
+	return entropy && compress && discard;
 }
 #endif
--- a/vs-clean.cmd
+++ b/vs-clean.cmd
@ -1,39 +0,0 @@
@echo OFFse
 REM set THIS_DIR=%~dp0
 set THIS_DIR=.
 attrib -R -A -S -H  "%THIS_DIR%\*.aps"
 attrib -R -A -S -H  "%THIS_DIR%\*.ncb"
 attrib -R -A -S -H  "%THIS_DIR%\*.suo"
 attrib -R -A -S -H  "%THIS_DIR%\*.sdf"
 attrib -R -A -S -H  "%THIS_DIR%\*.user"
 del "%THIS_DIR%\*.aps" /q
 del "%THIS_DIR%\*.ncb" /q
 del "%THIS_DIR%\*.suo" /q
 del "%THIS_DIR%\*.sdf" /q
 del "%THIS_DIR%\*.user" /q
 del "%THIS_DIR%\*.diff" /q
 del "%THIS_DIR%\adhoc.cpp" /q
 del "%THIS_DIR%\cryptopp.mac.done" /q
 del "%THIS_DIR%\adhoc.cpp.copied" /q
 REM Visual Studio build artifacts
 rmdir /Q /S "%THIS_DIR%\Debug\"
 rmdir /Q /S "%THIS_DIR%\Release\"
 rmdir /Q /S "%THIS_DIR%\Win32\"
 rmdir /Q /S "%THIS_DIR%\x64\"
 rmdir /Q /S "%THIS_DIR%\ipch\"
 rmdir /Q /S "%THIS_DIR%\.vs\"
 REM Visual Studio VCUpgrade artifacts
 del "%THIS_DIR%\*.old" /q
 del "%THIS_DIR%\UpgradeLog.htm" /q
 del "%THIS_DIR%\UpgradeLog.XML" /q
 rmdir /Q /S "%THIS_DIR%\_UpgradeReport_Files\"
 rmdir /Q /S "%THIS_DIR%\Backup\"
 REM New Visual Studio artifacts after a VCUpgrade 2010
 REM attrib -R -A -S -H  "%THIS_DIR%\*.filters"
 REM del "%THIS_DIR%\*.filters" /q
 REM del "%THIS_DIR%\*.vcxproj" /q
--- a/vs2010.zip
+++ b/vs2010.zip
--- a/wake.h
+++ b/wake.h
@ -1,3 +1,8 @@
 // wake.h - written and placed in the public domain by Wei Dai
 //! \file wake.h
 //! \brief Classes for WAKE stream cipher
 #ifndef CRYPTOPP_WAKE_H
 #define CRYPTOPP_WAKE_H