Merge branch 'master' of https://github.com/weidai11/cryptopp into version_shlib

2015-11-24 19:36:54 -08:00 · 2015-11-24 19:36:54 -08:00 · 67ba451c6a
parent 65849072f4 f90a940e2e
commit 67ba451c6a
236 changed files with 29816 additions and 26383 deletions
--- a/3way.cpp
+++ b/3way.cpp
@ -7,11 +7,13 @@
 NAMESPACE_BEGIN(CryptoPP)
 #if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
 void ThreeWay_TestInstantiations()
 {
 	ThreeWay::Encryption x1;
 	ThreeWay::Decryption x2;
 }
 #endif
 static const word32 START_E = 0x0b0b; // round constant of first encryption round
 static const word32 START_D = 0xb1b1; // round constant of first decryption round
--- a/3way.h
+++ b/3way.h
@ -1,12 +1,12 @@
 // 3way.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file 3way.h
-//! \headerfile 3way.h
+//! \brief Classes for the 3-Way block cipher
 //! \brief Class files for the 3way cipher
 #ifndef CRYPTOPP_THREEWAY_H
 #define CRYPTOPP_THREEWAY_H
 #include "config.h"
 #include "seckey.h"
 #include "secblock.h"
--- a/18
+++ b/18
@ -1,4 +1,4 @@
-# Doxyfile 1.8.9.1
+# Doxyfile 1.8.9
 # This file describes the settings to be used by the documentation system
 # doxygen (www.doxygen.org) for a project.
@ -47,14 +47,16 @@ PROJECT_NUMBER         = 5.6.3
 # for a project that appears at the top of each page and should give viewer a
 # quick idea about the purpose of the project. Keep the description short.
-PROJECT_BRIEF          =
+# Without the HTML escape characters, Doxygen concatenates the string below...
 PROJECT_BRIEF          = Free&nbsp;C&#43;&#43;&nbsp;class&nbsp;library&nbsp;of&nbsp;cryptographic&nbsp;schemes
 # With the PROJECT_LOGO tag one can specify a logo or an icon that is included
 # in the documentation. The maximum height of the logo should not exceed 55
 # pixels and the maximum width should not exceed 200 pixels. Doxygen will copy
 # the logo to the output directory.
-PROJECT_LOGO           =
+# The logo looks really bad here. Don't use it.
 # PROJECT_LOGO           = Logo-Steel.png
 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) path
 # into which the generated documentation will be written. If a relative path is
@ -219,7 +221,7 @@ SEPARATE_MEMBER_PAGES  = NO
 # uses this value to replace tabs by spaces in code fragments.
 # Minimum value: 1, maximum value: 16, default value: 4.
-TAB_SIZE               = 8
+TAB_SIZE               = 4
 # This tag can be used to specify a number of aliases that act as commands in
 # the documentation. An alias has the form:
@ -294,7 +296,7 @@ EXTENSION_MAPPING      =
 # case of backward compatibilities issues.
 # The default value is: YES.
-MARKDOWN_SUPPORT       = YES
+MARKDOWN_SUPPORT       = NO
 # When enabled doxygen tries to link words that correspond to documented
 # classes, or namespaces to their corresponding documentation. Such a link can
@ -312,7 +314,7 @@ AUTOLINK_SUPPORT       = YES
 # diagrams that involve STL classes more complete and accurate.
 # The default value is: NO.
-BUILTIN_STL_SUPPORT    = NO
+BUILTIN_STL_SUPPORT    = YES
 # If you use Microsoft's C++/CLI language, you should set this option to YES to
 # enable parsing support.
@ -336,7 +338,7 @@ SIP_SUPPORT            = NO
 # should set this option to NO.
 # The default value is: YES.
-IDL_PROPERTY_SUPPORT   = YES
+IDL_PROPERTY_SUPPORT   = NO
 # If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC
 # tag is set to YES then doxygen will reuse the documentation of the first
@ -625,7 +627,7 @@ GENERATE_DEPRECATEDLIST= YES
 # sections, marked by \if <section_label> ... \endif and \cond <section_label>
 # ... \endcond blocks.
-ENABLED_SECTIONS       =
+ENABLED_SECTIONS       = NO
 # The MAX_INITIALIZER_LINES tag determines the maximum number of lines that the
 # initial value of a variable or macro / define can have for it to appear in the
--- a/Filelist.txt
+++ b/Filelist.txt
@ -0,0 +1,393 @@
 3way.cpp
 3way.h
 adhoc.cpp.proto
 adler32.cpp
 adler32.h
 aes.h
 algebra.cpp
 algebra.h
 algparam.cpp
 algparam.h
 arc4.cpp
 arc4.h
 argnames.h
 asn.cpp
 asn.h
 authenc.cpp
 authenc.h
 base32.cpp
 base32.h
 base64.cpp
 base64.h
 basecode.cpp
 basecode.h
 bench.cpp
 bench.h
 bench2.cpp
 bfinit.cpp
 blowfish.cpp
 blowfish.h
 blumshub.cpp
 blumshub.h
 camellia.cpp
 camellia.h
 cast.cpp
 cast.h
 casts.cpp
 cbcmac.cpp
 cbcmac.h
 ccm.cpp
 ccm.h
 channels.cpp
 channels.h
 cmac.cpp
 cmac.h
 config.h
 config.recommend
 cpu.cpp
 cpu.h
 crc.cpp
 crc.h
 cryptdll.dsp
 cryptdll.vcproj
 cryptest.dsp
 cryptest.dsw
 cryptest.sh
 cryptest.sln
 cryptest.vcproj
 cryptest_bds.bdsgroup
 cryptest_bds.bdsproj
 cryptest_bds.bpf
 cryptlib.cpp
 cryptlib.dsp
 cryptlib.h
 cryptlib.vcproj
 cryptlib_bds.bdsproj
 cryptlib_bds.cpp
 cryptopp.rc
 cryptopp563.diff
 datatest.cpp
 default.cpp
 default.h
 des.cpp
 des.h
 dessp.cpp
 dh.cpp
 dh.h
 dh2.cpp
 dh2.h
 dll.cpp
 dll.h
 dlltest.cpp
 dlltest.dsp
 dlltest.vcproj
 dmac.h
 dsa.cpp
 dsa.h
 eax.cpp
 eax.h
 ec2n.cpp
 ec2n.h
 eccrypto.cpp
 eccrypto.h
 ecp.cpp
 ecp.h
 elgamal.cpp
 elgamal.h
 emsa2.cpp
 emsa2.h
 eprecomp.cpp
 eprecomp.h
 esign.cpp
 esign.h
 factory.h
 files.cpp
 files.h
 filters.cpp
 filters.h
 fips140.cpp
 fips140.h
 fipsalgt.cpp
 fipstest.cpp
 fltrimpl.h
 gcm.cpp
 gcm.h
 gf256.cpp
 gf256.h
 gf2_32.cpp
 gf2_32.h
 gf2n.cpp
 gf2n.h
 gfpcrypt.cpp
 gfpcrypt.h
 gost.cpp
 gost.h
 gzip.cpp
 gzip.h
 hex.cpp
 hex.h
 hkdf.h
 hmac.cpp
 hmac.h
 hrtimer.cpp
 hrtimer.h
 ida.cpp
 ida.h
 idea.cpp
 idea.h
 integer.cpp
 integer.h
 iterhash.cpp
 iterhash.h
 lubyrack.h
 luc.cpp
 luc.h
 mars.cpp
 mars.h
 marss.cpp
 md2.cpp
 md2.h
 md4.cpp
 md4.h
 md5.cpp
 md5.h
 mdc.h
 mersenne.h
 misc.cpp
 misc.h
 modarith.h
 modes.cpp
 modes.h
 modexppc.h
 mqueue.cpp
 mqueue.h
 mqv.cpp
 mqv.h
 nbtheory.cpp
 nbtheory.h
 network.cpp
 network.h
 nr.h
 oaep.cpp
 oaep.h
 oids.h
 osrng.cpp
 osrng.h
 panama.cpp
 panama.h
 pch.cpp
 pch.h
 pkcspad.cpp
 pkcspad.h
 polynomi.cpp
 polynomi.h
 pssr.cpp
 pssr.h
 pubkey.cpp
 pubkey.h
 pwdbased.h
 queue.cpp
 queue.h
 rabin.cpp
 rabin.h
 randpool.cpp
 randpool.h
 rc2.cpp
 rc2.h
 rc5.cpp
 rc5.h
 rc6.cpp
 rc6.h
 rdrand-masm.cmd
 rdrand-nasm.sh
 rdrand.S
 rdrand.asm
 rdrand.cpp
 rdrand.h
 rdtables.cpp
 regtest.cpp
 resource.h
 rijndael.cpp
 rijndael.h
 ripemd.cpp
 ripemd.h
 rng.cpp
 rng.h
 rsa.cpp
 rsa.h
 rw.cpp
 rw.h
 safer.cpp
 safer.h
 salsa.cpp
 salsa.h
 seal.cpp
 seal.h
 secblock.h
 seckey.h
 seed.cpp
 seed.h
 serpent.cpp
 serpent.h
 serpentp.h
 sha.cpp
 sha.h
 sha3.cpp
 sha3.h
 shacal2.cpp
 shacal2.h
 shark.cpp
 shark.h
 sharkbox.cpp
 simple.cpp
 simple.h
 skipjack.cpp
 skipjack.h
 smartptr.h
 socketft.cpp
 socketft.h
 sosemanuk.cpp
 sosemanuk.h
 square.cpp
 square.h
 squaretb.cpp
 stdcpp.h
 strciphr.cpp
 strciphr.h
 tea.cpp
 tea.h
 test.cpp
 tftables.cpp
 tiger.cpp
 tiger.h
 tigertab.cpp
 trdlocal.cpp
 trdlocal.h
 trunhash.h
 ttmac.cpp
 ttmac.h
 twofish.cpp
 twofish.h
 validat1.cpp
 validat2.cpp
 validat3.cpp
 validate.h
 vmac.cpp
 vmac.h
 vs2010.zip
 wait.cpp
 wait.h
 wake.cpp
 wake.h
 whrlpool.cpp
 whrlpool.h
 winpipes.cpp
 winpipes.h
 words.h
 x64dll.asm
 x64masm.asm
 xtr.cpp
 xtr.h
 xtrcrypt.cpp
 xtrcrypt.h
 zdeflate.cpp
 zdeflate.h
 zinflate.cpp
 zinflate.h
 zlib.cpp
 zlib.h
 Doxyfile
 GNUmakefile
 GNUmakefile-cross
 License.txt
 Readme.txt
 Install.txt
 Filelist.txt
 TestData/3desval.dat
 TestData/3wayval.dat
 TestData/camellia.dat
 TestData/cast128v.dat
 TestData/cast256v.dat
 TestData/descert.dat
 TestData/dh1024.dat
 TestData/dh2048.dat
 TestData/dlie1024.dat
 TestData/dlie2048.dat
 TestData/dsa1024.dat
 TestData/dsa1024b.dat
 TestData/dsa512.dat
 TestData/elgc1024.dat
 TestData/esig1023.dat
 TestData/esig1536.dat
 TestData/esig2046.dat
 TestData/gostval.dat
 TestData/ideaval.dat
 TestData/luc1024.dat
 TestData/luc2048.dat
 TestData/lucc1024.dat
 TestData/lucc512.dat
 TestData/lucd1024.dat
 TestData/lucd512.dat
 TestData/lucs1024.dat
 TestData/lucs512.dat
 TestData/marsval.dat
 TestData/mqv1024.dat
 TestData/mqv2048.dat
 TestData/nr1024.dat
 TestData/nr2048.dat
 TestData/rabi1024.dat
 TestData/rabi2048.dat
 TestData/rc2val.dat
 TestData/rc5val.dat
 TestData/rc6val.dat
 TestData/rijndael.dat
 TestData/rsa1024.dat
 TestData/rsa2048.dat
 TestData/rsa400pb.dat
 TestData/rsa400pv.dat
 TestData/rsa512a.dat
 TestData/rw1024.dat
 TestData/rw2048.dat
 TestData/saferval.dat
 TestData/serpentv.dat
 TestData/shacal2v.dat
 TestData/sharkval.dat
 TestData/skipjack.dat
 TestData/squareva.dat
 TestData/twofishv.dat
 TestData/usage.dat
 TestData/xtrdh171.dat
 TestData/xtrdh342.dat
 TestVectors/Readme.txt
 TestVectors/aes.txt
 TestVectors/all.txt
 TestVectors/camellia.txt
 TestVectors/ccm.txt
 TestVectors/cmac.txt
 TestVectors/dlies.txt
 TestVectors/dsa.txt
 TestVectors/dsa_1363.txt
 TestVectors/eax.txt
 TestVectors/esign.txt
 TestVectors/gcm.txt
 TestVectors/hkdf.txt
 TestVectors/hmac.txt
 TestVectors/mars.txt
 TestVectors/nr.txt
 TestVectors/panama.txt
 TestVectors/rsa_oaep.txt
 TestVectors/rsa_pkcs1_1_5.txt
 TestVectors/rsa_pss.txt
 TestVectors/rw.txt
 TestVectors/salsa.txt
 TestVectors/seal.txt
 TestVectors/seed.txt
 TestVectors/sha.txt
 TestVectors/sha3.txt
 TestVectors/shacal2.txt
 TestVectors/sosemanuk.txt
 TestVectors/tea.txt
 TestVectors/ttmac.txt
 TestVectors/vmac.txt
 TestVectors/wake.txt
 TestVectors/whrlpool.txt
--- a/145
+++ b/145
@ -23,6 +23,7 @@ LN ?= ln -sf
 UNAME := $(shell uname)
 IS_X86 := $(shell uname -m | $(EGREP) -i -c "i.86|x86|i86|amd64")
 IS_X86_64 := $(shell uname -m | $(EGREP) -i -c "(_64|d64)")
 IS_AARCH64 := $(shell uname -m | $(EGREP) -i -c "aarch64")
 IS_SUN := $(shell uname | $(EGREP) -i -c "SunOS")
 IS_LINUX := $(shell $(CXX) -dumpmachine 2>&1 | $(EGREP) -i -c "Linux")
@ -55,45 +56,42 @@ endif
 ifeq ($(IS_X86),1)
 IS_GCC_29 := $(shell $(CXX) -v 2>&1 | $(EGREP) -i -c gcc-9[0-9][0-9])
-IS_GCC_41 := $(shell $(CXX) -v 2>&1 | $(EGREP) -i -c "gcc version 4\.1\.")
+GCC42_OR_LATER := $(shell $(CXX) -v 2>&1 | $(EGREP) -i -c "gcc version (4\.[2-9]|[5-9]\.)")
-GCC42_OR_LATER := $(shell $(CXX) -v 2>&1 | $(EGREP) -i -c "gcc version (4\.[2-9]|[5-9])")
+GCC46_OR_LATER := $(shell $(CXX) -v 2>&1 | $(EGREP) -i -c "gcc version (4\.[6-9]|[5-9]\.)")
-GCC46_OR_LATER := $(shell $(CXX) -v 2>&1 | $(EGREP) -i -c "gcc version (4\.[6-9]|[5-9])")
+GCC48_OR_LATER := $(shell $(CXX) -v 2>&1 | $(EGREP) -i -c "gcc version (4\.[8-9]|[5-9]\.)")
-GCC48_OR_LATER := $(shell $(CXX) -v 2>&1 | $(EGREP) -i -c "gcc version (4\.[8-9]|[5-9])")
+GCC49_OR_LATER := $(shell $(CXX) -v 2>&1 | $(EGREP) -i -c "gcc version (4\.9|[5-9]\.)")
 GCC49_OR_LATER := $(shell $(CXX) -v 2>&1 | $(EGREP) -i -c "gcc version (4\.9|[5-9])")
 ICC111_OR_LATER := $(shell $(CXX) --version 2>&1 | $(EGREP) -c "\(ICC\) ([2-9][0-9]|1[2-9]|11\.[1-9])")
 GAS210_OR_LATER := $(shell $(CXX) -xc -c /dev/null -Wa,-v -o/dev/null 2>&1 | $(EGREP) -c "GNU assembler version (2\.[1-9][0-9]|[3-9])")
 GAS217_OR_LATER := $(shell $(CXX) -xc -c /dev/null -Wa,-v -o/dev/null 2>&1 | $(EGREP) -c "GNU assembler version (2\.1[7-9]|2\.[2-9]|[3-9])")
 GAS219_OR_LATER := $(shell $(CXX) -xc -c /dev/null -Wa,-v -o/dev/null 2>&1 | $(EGREP) -c "GNU assembler version (2\.19|2\.[2-9]|[3-9])")
-# Add -fPIC for x86_64, but not X32 or Cygwin
+# Add -fPIC for x86_64, but not X32, Cygwin or MinGW
 ifneq ($(IS_X86_64),0)
 IS_X32 := $(shell $(CXX) -dM -E - < /dev/null 2>&1 | $(EGREP) -c "ILP32")
- ifeq ($(IS_X32),0)
+ ifeq ($(IS_X32)$(IS_CYGWIN)$(IS_MINGW),000)
 ifeq ($(IS_CYGWIN),0)
 ifeq ($(findstring -fPIC,$(CXXFLAGS)),)
   CXXFLAGS += -fPIC
 endif
 endif
 endif
 endif
-# Work around GCC 4.1 bug.
+# Guard use of -march=native
-ifneq ($(IS_GCC_41),0)
+ifeq ($(GCC_COMPILER),0)
   CXXFLAGS += -march=native
 else ifneq ($(GCC42_OR_LATER),0)
   CXXFLAGS += -march=native
 else
  # GCC 3.3 and "unknown option -march="
  # GCC 4.1 compiler crash with -march=native.
  # Experienced on CentOS 5, which is still active.
  ifneq ($(IS_X86_64),0)
    CXXFLAGS += -m64
  else
    CXXFLAGS += -m32
  endif # X86/X32/X64
  # Not GCC 4.1, use default
 else
  CXXFLAGS += -march=native
 endif
 # Aligned access required at -O3 for GCC due to vectorization (circa 08/2008). Expect other compilers to do the same.
 GCC46_OR_LATER ?= 0
 UNALIGNED_ACCESS := $(shell $(EGREP) -c "^[[:space:]]*//[[:space:]]*\#[[:space:]]*define[[:space:]]*CRYPTOPP_NO_UNALIGNED_DATA_ACCESS" config.h)
 ifeq ($(findstring -O3,$(CXXFLAGS)),-O3)
 ifneq ($(UNALIGNED_ACCESS),0)
@ -114,13 +112,13 @@ CXXFLAGS += -DCRYPTOPP_DISABLE_ASM
 endif
 endif
-ifeq ($(GAS210_OR_LATER),0)	# .intel_syntax wasn't supported until GNU assembler 2.10
+ifeq ($(GCC_COMPILER)$(GAS210_OR_LATER),10)	# .intel_syntax wasn't supported until GNU assembler 2.10
 CXXFLAGS += -DCRYPTOPP_DISABLE_ASM
 else
-ifeq ($(GAS217_OR_LATER),0)
+ifeq ($(GCC_COMPILER)$(GAS217_OR_LATER),10)
 CXXFLAGS += -DCRYPTOPP_DISABLE_SSSE3
 else
-ifeq ($(GAS219_OR_LATER),0)
+ifeq ($(GCC_COMPILER)$(GAS219_OR_LATER),10)
 CXXFLAGS += -DCRYPTOPP_DISABLE_AESNI
 endif
 endif
@ -154,6 +152,13 @@ M32OR64 = -m64
 endif
 endif # IS_LINUX
 # And add it for ARM64, too
 ifneq ($(IS_AARCH64),0)
 ifeq ($(findstring -fPIC,$(CXXFLAGS)),)
   CXXFLAGS += -fPIC
 endif
 endif
 ifneq ($(IS_DARWIN),0)
 AR = libtool
 ARFLAGS = -static -o
@ -236,6 +241,11 @@ endif # GNU Debug build
 #  spills into POD data types, so cpu.cpp is the second candidate for explicit initialization order.
 SRCS := cryptlib.cpp cpu.cpp $(filter-out cryptlib.cpp cpu.cpp pch.cpp simple.cpp winpipes.cpp cryptlib_bds.cpp,$(wildcard *.cpp))
 # No need for CPU or RDRAND on non-X86 systems. X32 is represented with X64.
 ifeq ($(IS_X86)$(IS_X86_64),00)
  SRCS := $(filter-out cpu.cpp rdrand.cpp, $(SRCS))
 endif
 ifneq ($(IS_MINGW),0)
 SRCS += winpipes.cpp
 endif
@ -256,8 +266,6 @@ LIBIMPORTOBJS := $(LIBOBJS:.o=.import.o)
 TESTIMPORTOBJS := $(TESTOBJS:.o=.import.o)
 DLLTESTOBJS := dlltest.dllonly.o
 DIST_FILES := *.h *.cpp *.asm adhoc.cpp.proto License.txt Readme.txt GNUmakefile GNUmakefile-cross Doxyfile cryptest* cryptlib* dlltest* cryptdll* cryptopp.rc TestVectors/*.txt TestData/*.dat
 # For Shared Objects, Diff, Dist/Zip rules
 LIB_VER := $(shell $(EGREP) "define CRYPTOPP_VERSION" config.h | cut -d" " -f 3)
 LIB_MAJOR := $(shell echo $(LIB_VER) | cut -c 1)
@ -270,6 +278,10 @@ SOLIB_COMPAT_SUFFIX=.$(LIB_MAJOR).$(LIB_MINOR)
 SOLIB_FLAGS=-Wl,-soname,libcryptopp.so.$(LIB_MAJOR).$(LIB_MINOR)
 endif # HAS_SOLIB_VERSION
 ifeq ($(strip $(LIB_PATCH)),)
 LIB_PATCH := 0
 endif
 all: cryptest.exe
 ifneq ($(IS_DARWIN),0)
@ -291,17 +303,24 @@ asan ubsan align aligned: libcryptopp.a cryptest.exe
 test check: cryptest.exe
 	./cryptest.exe v
-DOC_DIRECTORY := $(shell $(EGREP) "OUTPUT_DIRECTORY" Doxyfile | grep -v "\#" | cut -d "=" -f 2)
+# Directory we want (can't specify on Doygen command line)
-ifeq ($(DOC_DIRECTORY),)
+DOCUMENT_DIRECTORY := ref$(LIB_VER)
-DOC_DIRECTORY := html-docs
+# Directory Doxygen uses (specified in Doygen config file)
 ifeq ($(wildcard Doxyfile),Doxyfile)
 DOXYGEN_DIRECTORY := $(strip $(shell $(EGREP) "OUTPUT_DIRECTORY" Doxyfile | grep -v "\#" | cut -d "=" -f 2))
 endif
 # Default directory (missing in config file)
 ifeq ($(strip $(DOXYGEN_DIRECTORY)),)
 DOXYGEN_DIRECTORY := html-docs
 endif
 .PHONY: docs html
 docs html:
-	-$(RM) -r $(DOC_DIRECTORY)/
+	-$(RM) -r $(DOXYGEN_DIRECTORY)/ $(DOCUMENT_DIRECTORY)/ html-docs/
 	doxygen Doxyfile -d CRYPTOPP_DOXYGEN_PROCESSING
 	mv $(DOXYGEN_DIRECTORY)/ $(DOCUMENT_DIRECTORY)/
 	-$(RM) CryptoPPRef.zip
-	zip -9 CryptoPPRef.zip -x ".*" -x "*/.*" -r $(DOC_DIRECTORY)/
+	zip -9 CryptoPPRef.zip -x ".*" -x "*/.*" -r $(DOCUMENT_DIRECTORY)/
 .PHONY: clean
 clean:
@ -310,14 +329,20 @@ ifeq ($(HAS_SOLIB_VERSION),1)
 	-$(RM) libcryptopp.so libcryptopp.so$(SOLIB_COMPAT_SUFFIX)
 endif
 	-$(RM) adhoc.cpp.o adhoc.cpp.proto.o $(LIBOBJS) $(TESTOBJS) $(DLLOBJS) $(LIBIMPORTOBJS) $(TESTIMPORTOBJS) $(DLLTESTOBJS) *.stackdump core-*
-	-$(RM) cryptest.exe dlltest.exe cryptest.import.exe ct
+	-$(RM) cryptest.exe dlltest.exe cryptest.import.exe ct rdrand-???.o
 ifneq ($(wildcard *.exe.dSYM),)
 	-$(RM) -r *.exe.dSYM/
 endif
 ifneq ($(wildcard $(DOCUMENT_DIRECTORY)/),)
 	-$(RM) -r $(DOCUMENT_DIRECTORY)/
 endif
 ifneq ($(wildcard cov-int/),)
 	-$(RM) -r cov-int/
 endif
 .PHONY: distclean
 distclean: clean
-	-$(RM) adhoc.cpp adhoc.cpp.copied GNUmakefile.deps cryptest-*result.txt *.o *.ii *.s
+	-$(RM) adhoc.cpp adhoc.cpp.copied GNUmakefile.deps benchmarks.html cryptest.txt cryptest-*.txt *.o *.ii *.s
 ifneq ($(wildcard cryptopp$(LIB_VER)\.*),)
 	-$(RM) cryptopp$(LIB_VER)\.*
 endif
@ -403,40 +428,50 @@ cryptest.import.exe: cryptopp.dll libcryptopp.import.a $(TESTIMPORTOBJS)
 dlltest.exe: cryptopp.dll $(DLLTESTOBJS)
 	$(CXX) -o $@ $(CXXFLAGS) $(DLLTESTOBJS) -L. -lcryptopp.dll $(LDFLAGS) $(LDLIBS)
-# This recipe requires a previous "svn co -r 541 https://svn.code.sf.net/p/cryptopp/code/trunk/c5"
+# This recipe requires a previous "svn co -r 541 http://svn.code.sf.net/p/cryptopp/code/trunk/c5"
 .PHONY: diff
 diff:
 	-$(RM) cryptopp$(LIB_VER).diff
 	-svn diff -r 541 > cryptopp$(LIB_VER).diff
 # This recipe prepares the distro files
-TEXT_FILES := *.h *.cpp *.asm adhoc.cpp.proto License.txt Readme.txt Doxyfile cryptest* cryptlib* dlltest* cryptdll* cryptopp.rc TestVectors/*.txt TestData/*.dat
+TEXT_FILES := *.h *.cpp adhoc.cpp.proto License.txt Readme.txt Install.txt Filelist.txt config.recommend Doxyfile cryptest* cryptlib* dlltest* cryptdll* *.sln *.vcproj *.dsw *.dsp cryptopp.rc TestVectors/*.txt TestData/*.dat
-EXEC_FILES := GNUmakefile GNUmakefile-cross TestData/ TestVectors/
+EXEC_FILES := GNUmakefile GNUmakefile-cross cryptest.sh rdrand-nasm.sh TestData/ TestVectors/
 ifeq ($(wildcard Filelist.txt),Filelist.txt)
 DIST_FILES := $(shell cat Filelist.txt)
 endif
 .PHONY: convert
 convert:
-	chmod a-x $(TEXT_FILES)
+	chmod 0700 TestVectors/ TestData/
-	chmod u+x $(EXEC_FILES)
+	chmod 0600 $(TEXT_FILES) *.zip
-	chmod u+x cryptest.sh
+	chmod 0700 $(EXEC_FILES)
-	unix2dos --keepdate --quiet $(TEXT_FILES)
+	chmod u+x *.cmd *.sh
-	unix2dos --keepdate --quiet *.sln *.vcproj
+	unix2dos --keepdate --quiet $(TEXT_FILES) *.asm *.cmd
-	dos2unix --keepdate --quiet GNUmakefile GNUmakefile-cross cryptest.sh
+	dos2unix --keepdate --quiet GNUmakefile GNUmakefile-cross *.S *.sh
 ifneq ($(IS_DARWIN),0)
 	xattr -c *
 endif
 .PHONY: zip dist
 zip dist: | distclean convert diff
 	zip -q -9 cryptopp$(LIB_VER).zip $(DIST_FILES)
-ifeq ($(wildcard cryptopp$(LIB_VER).diff),cryptopp$(LIB_VER).diff)
+
-	zip -q -9 -u cryptopp$(LIB_VER).zip cryptopp$(LIB_VER).diff
+.PHONY: bench benchmark benchmarks
-endif
+bench benchmark benchmarks: cryptest.exe
-ifeq ($(wildcard vs2010.zip),vs2010.zip)
+	rm -f benchmarks.html
-	zip -q -9 -u cryptopp$(LIB_VER).zip vs2010.zip
+	echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\" \"http://www.w3.org/TR/REC-html40/loose.dtd\">" >> benchmarks.html
-endif
+	echo "<HTML>" >> benchmarks.html
-ifeq ($(wildcard config.recommend),config.recommend)
+	echo "<HEAD>" >> benchmarks.html
-	zip -q -9 -u cryptopp$(LIB_VER).zip config.recommend
+	echo "<TITLE>Speed Comparison of Popular Crypto Algorithms</TITLE>" >> benchmarks.html
-endif
+	echo "</HEAD>" >> benchmarks.html
-ifeq ($(wildcard cryptest-sh.zip),cryptest-sh.zip)
+	echo "<BODY>" >> benchmarks.html
-	-zip -d cryptopp$(LIB_VER).zip cryptest-sh.zip
+	echo "<H1><a href=\"http://www.cryptopp.com\">Crypto++</a>" $(LIB_MAJOR).$(LIB_MINOR).$(LIB_REVISION) "Benchmarks</H1>" >> benchmarks.html
-endif
+	echo "<P>Here are speed benchmarks for some commonly used cryptographic algorithms.</P>"  >> benchmarks.html
 	./cryptest.exe b 3 2.4 >> benchmarks.html
 	echo "</BODY>" >> benchmarks.html
 	echo "</HTML>" >> benchmarks.html
 adhoc.cpp: adhoc.cpp.proto
 ifeq ($(wildcard adhoc.cpp),)
@ -450,10 +485,9 @@ ifeq ($(wildcard GNUmakefile.deps),GNUmakefile.deps)
 -include GNUmakefile.deps
 endif # Dependencies
-# Work around MacPorts/GCC issue with init_priority. Apple/GCC and Fink/GCC are fine; limit to MacPorts.
+# MacPorts/GCC issue with init_priority. Apple/GCC and Fink/GCC are fine; limit to MacPorts.
-#     Also see https://lists.macosforge.org/pipermail/macports-users/2015-September/039223.html
+#   Also see http://lists.macosforge.org/pipermail/macports-users/2015-September/039223.html
-ifneq ($(MACPORTS_COMPILER),0)
+ifeq ($(GCC_COMPILER)$(MACPORTS_COMPILER),11)
 ifneq ($(GCC_COMPILER),0)
 ifeq ($(findstring -DMACPORTS_GCC_COMPILER,$(CXXFLAGS)),)
 cryptlib.o:
 	$(CXX) $(CXXFLAGS) -DMACPORTS_GCC_COMPILER=1 -c cryptlib.cpp
@ -461,7 +495,6 @@ cpu.o:
 	$(CXX) $(CXXFLAGS) -DMACPORTS_GCC_COMPILER=1 -c cpu.cpp
 endif
 endif
 endif
 %.dllonly.o : %.cpp
 	$(CXX) $(CXXFLAGS) -DCRYPTOPP_DLL_ONLY -c $< -o $@
@ -475,7 +508,7 @@ endif
 %.o : %.cpp
 	$(CXX) $(CXXFLAGS) -c $<
-# Warn of potential configurations issues. This will go away after 5.6.3
+# Warn of potential configurations issues. They will go away after 5.6.3.
 UNALIGNED_ACCESS := $(shell $(EGREP) -c "^[[:space:]]*//[[:space:]]*\#[[:space:]]*define[[:space:]]*CRYPTOPP_NO_UNALIGNED_DATA_ACCESS" config.h)
 NO_INIT_PRIORITY := $(shell $(EGREP) -c "^[[:space:]]*//[[:space:]]*\#[[:space:]]*define[[:space:]]*CRYPTOPP_INIT_PRIORITY" config.h)
 COMPATIBILITY_562 := $(shell $(EGREP) -c "^[[:space:]]*\#[[:space:]]*define[[:space:]]*CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562" config.h)
@ -490,7 +523,7 @@ endif
 ifneq ($(COMPATIBILITY_562),0)
 	$(info WARNING: CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 is defined in config.h.)
 endif
-ifneq (x$(UNALIGNED_ACCESS)$(NO_INIT_PRIORITY)$(COMPATIBILITY_562),x000)
+ifneq ($(UNALIGNED_ACCESS)$(NO_INIT_PRIORITY)$(COMPATIBILITY_562),000)
 	$(info WARNING: You should make these changes in config.h, and not CXXFLAGS.)
 	$(info WARNING: You can 'mv config.recommend config.h', but it breaks versioning.)
 	$(info WARNING: See http://cryptopp.com/wiki/config.h for more details.)
--- a/47
+++ b/47
@ -3,7 +3,6 @@ CXXFLAGS ?= -DNDEBUG -g2 -Os -fPIC -pipe
 # The following options reduce code size, but breaks link or makes link very slow on some systems
 # CXXFLAGS += -ffunction-sections -fdata-sections
 # LDFLAGS += -Wl,--gc-sections
 CXXFLAGS += -Wno-unused-function -Wno-unused-parameter -Wno-unused-variable
 ARFLAGS = -cr	# ar needs the dash on OpenBSD
 RANLIB ?= ranlib
@ -64,11 +63,7 @@ ifeq ($(IS_ARM_EMBEDDED),1)
 endif
 # List cryptlib.cpp first in an attempt to tame C++ static initialization problems
-SRCS := cryptlib.cpp $(filter-out cryptlib.cpp pch.cpp simple.cpp winpipes.cpp cryptlib_bds.cpp,$(wildcard *.cpp))
+SRCS := cryptlib.cpp cpu.cpp $(filter-out cryptlib.cpp cpu.cpp pch.cpp simple.cpp winpipes.cpp cryptlib_bds.cpp,$(wildcard *.cpp))
 ifneq ($(IS_MINGW),0)
 SRCS += winpipes.cpp
 endif
 # List of objects with crytlib.o at the first index position
 OBJS := $(SRCS:.cpp=.o)
@ -78,7 +73,7 @@ TESTOBJS := bench.o bench2.o test.o validat1.o validat2.o validat3.o adhoc.o dat
 LIBOBJS := $(filter-out $(TESTOBJS),$(OBJS))
 # List cryptlib.cpp first in an attempt to tame C++ static initialization problems
-DLLSRCS := cryptlib.cpp algebra.cpp algparam.cpp asn.cpp basecode.cpp cbcmac.cpp channels.cpp des.cpp dessp.cpp dh.cpp dll.cpp dsa.cpp ec2n.cpp eccrypto.cpp ecp.cpp eprecomp.cpp files.cpp filters.cpp fips140.cpp fipstest.cpp gf2n.cpp gfpcrypt.cpp hex.cpp hmac.cpp integer.cpp iterhash.cpp misc.cpp modes.cpp modexppc.cpp mqueue.cpp nbtheory.cpp oaep.cpp osrng.cpp pch.cpp pkcspad.cpp pubkey.cpp queue.cpp randpool.cpp rdtables.cpp rijndael.cpp rng.cpp rsa.cpp sha.cpp simple.cpp skipjack.cpp strciphr.cpp trdlocal.cpp
+DLLSRCS := cryptlib.cpp cpu.cpp algebra.cpp algparam.cpp asn.cpp basecode.cpp cbcmac.cpp channels.cpp des.cpp dessp.cpp dh.cpp dll.cpp dsa.cpp ec2n.cpp eccrypto.cpp ecp.cpp eprecomp.cpp files.cpp filters.cpp fips140.cpp fipstest.cpp gf2n.cpp gfpcrypt.cpp hex.cpp hmac.cpp integer.cpp iterhash.cpp misc.cpp modes.cpp modexppc.cpp mqueue.cpp nbtheory.cpp oaep.cpp osrng.cpp pch.cpp pkcspad.cpp pubkey.cpp queue.cpp randpool.cpp rdtables.cpp rijndael.cpp rng.cpp rsa.cpp sha.cpp simple.cpp skipjack.cpp strciphr.cpp trdlocal.cpp
 DLLOBJS := $(DLLSRCS:.cpp=.export.o)
 # Import lib testing
@ -140,14 +135,14 @@ else
 	-$(RM) $(PREFIX)/lib/libcryptopp.so
 endif
-libcryptopp.a: $(LIBOBJS)
+libcryptopp.a: public_service | $(LIBOBJS)
 	$(AR) $(ARFLAGS) $@ $(LIBOBJS)
 	$(RANLIB) $@
-libcryptopp.so: $(LIBOBJS)
+libcryptopp.so: public_service | $(LIBOBJS)
 	$(CXX) $(CXXFLAGS) -shared -o $@ $(LIBOBJS) $(LDFLAGS) $(LDLIBS)
-cryptest.exe: libcryptopp.a $(TESTOBJS)
+cryptest.exe: public_service | libcryptopp.a $(TESTOBJS)
 	$(CXX) -o $@ $(CXXFLAGS) $(TESTOBJS) ./libcryptopp.a $(LDFLAGS) $(LDLIBS)
 adhoc.cpp: adhoc.cpp.proto
@ -157,13 +152,35 @@ else
 	touch adhoc.cpp
 endif
 # Include dependencies, if present. You must issue `make deps` to create them.
 ifeq ($(wildcard GNUmakefile.deps),GNUmakefile.deps)
 -include GNUmakefile.deps
 endif # Dependencies
 %.o : %.cpp
 	$(CXX) $(CXXFLAGS) -c $<
 # Do not build dependencies when cleaning
 ifneq ($(findstring clean,$(MAKECMDGOALS)),clean)
 -include GNUmakefile.deps
 endif
 GNUmakefile.deps:
 	$(CXX) $(CXXFLAGS) -MM *.cpp > GNUmakefile.deps
 # Warn of potential configurations issues. This will go away after 5.6.3
 UNALIGNED_ACCESS := $(shell $(EGREP) -c "^[[:space:]]*//[[:space:]]*\#[[:space:]]*define[[:space:]]*CRYPTOPP_NO_UNALIGNED_DATA_ACCESS" config.h)
 NO_INIT_PRIORITY := $(shell $(EGREP) -c "^[[:space:]]*//[[:space:]]*\#[[:space:]]*define[[:space:]]*CRYPTOPP_INIT_PRIORITY" config.h)
 COMPATIBILITY_562 := $(shell $(EGREP) -c "^[[:space:]]*\#[[:space:]]*define[[:space:]]*CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562" config.h)
 .PHONY: public_service
 public_service:
 ifneq ($(UNALIGNED_ACCESS),0)
 	$(info WARNING: CRYPTOPP_NO_UNALIGNED_DATA_ACCESS is not defined in config.h.)
 endif
 ifneq ($(NO_INIT_PRIORITY),0)
 	$(info WARNING: CRYPTOPP_INIT_PRIORITY is not defined in config.h.)
 endif
 ifneq ($(COMPATIBILITY_562),0)
 	$(info WARNING: CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 is defined in config.h.)
 endif
 ifneq (x$(UNALIGNED_ACCESS)$(NO_INIT_PRIORITY)$(COMPATIBILITY_562),x000)
 	$(info WARNING: You should make these changes in config.h, and not CXXFLAGS.)
 	$(info WARNING: You can 'mv config.recommend config.h', but it breaks versioning.)
 	$(info WARNING: See http://cryptopp.com/wiki/config.h for more details.)
 	$(info )
 endif
--- a/Install.txt
+++ b/Install.txt
@ -39,14 +39,6 @@ Or:
    make libcryptopp.a libcryptopp.so cryptest.exe
 On Mac OS X, you can build fat binaries by setting MULTIARCH=1:
    make MULTIARCH=1
 Or
    export MULTIARCH=1
    make
 If you would like to use a different compiler, the set CXX:
@ -67,21 +59,6 @@ LLVM's libc++ is also supported, so you can:
    CXXFLAGS="-std=c++11 -stdlib=libc++"
    make
 If you are experimenting with Clang and its integrated assembler, then you can:
    make FORCE_ASM=1
 If you are experimenting with NASM, then you can:
    export AS=nasm
    make
 Or
    make AS=nasm
 Be aware that the Clang assembler has a number of open issues, and trying to build with it will probably result in a compile failure or runtime test failure.
 INSTALLING THE LIBRARY
 ----------------------
@ -190,4 +167,3 @@ REPORTING PROBLEMS
 Dirty compiles and failures in the validation suite or test vectors should be reported at the Crypto++ User Group. The User Group is located at https://groups.google.com/forum/#!forum/cryptopp-users.
 Also see http://www.cryptopp.com/wiki/Bug_Report.
--- a/Readme.txt
+++ b/Readme.txt
@ -1,5 +1,5 @@
 Crypto++: a C++ Class Library of Cryptographic Schemes
-Version 5.6.3 - NOV/01/2015
+Version 5.6.3 - NOV/20/2015
 Crypto++ Library is a free C++ class library of cryptographic schemes.
 Currently the library contains the following algorithms:
@ -454,14 +454,14 @@ the mailing list.
      - fixed CVE-2015-2141
      - cleared most Undefined Behavior Sanitizer (UBsan) findings
      - cleared all Address Sanitizer (Asan) findings
-      - cleared most Valgrind findings
+      - cleared all Valgrind findings
      - cleared all Coverity findings
      - cleared all Enterprise Analysis (/analyze) findings
      - cleared most GCC warnings with -Wall
      - cleared most Clang warnings with -Wall
      - cleared most MSVC warnings with /W4
-      - added -fPIC for x86_64/amd64 builds. Off by default for i386
+      - added -fPIC 64-bit builds. Off by default for i386
-      - added HKDF class for RFC 5868
+      - added HKDF class from RFC 5868
      - added generic DeviceState interface and RDRAND/RDSEED classes
      - switched to member_ptr due to C++ 11 warnings for auto_ptr
      - initialization of C++ static objects, off by default
          * GCC and init_priotirty/constructor attributes
@ -469,12 +469,11 @@ the mailing list.
          * CRYPTOPP_INIT_PRIORITY disabled by default, but available
      - improved OS X support
      - improved GNUmakefile support for Testing and QA
-      - added additional self tests for improved Testing and QA
+      - added self tests for additional Testing and QA
      - added cryptest.sh for systematic Testing and QA
      - added GNU Gold linker support
      - added Visual Studio 2010 solution and project files in vs2010.zip
-      - added more complete ARM, ARM64, MIPS, MIPS64, S/390 and X32 (ILP32) support
+      - added Clang integrated assembler support
      - __ARM_FEATURE_UNALIGNED and definition of CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS
      - unconditionally define CRYPTOPP_NO_UNALIGNED_DATA_ACCESS for Makefile
        target 'ubsan' and at -O3 due to GCC vectorization on x86 and x86_64
      - workaround ARMEL/GCC 5.2 bug and failed self test
@ -486,13 +485,15 @@ the mailing list.
      - fixed X32 (ILP32) feature detection
      - removed  _CRT_SECURE_NO_DEPRECATE for Microsoft platforms
      - utilized bound checking interfaces from ISO/IEC TR 24772 when available
      - improved ARM, ARM64, MIPS, MIPS64, S/390 and X32 (ILP32) support
      - introduced CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
-      - added additional Doxygen documentation
+      - added additional Doxygen-based documentation
      - ported to MSVC 2015, Xcode 7.2, GCC 5.2, Clang 3.7, Intel C++ 16.00
 5.7  - nearly identical to 5.6.3
-     - minor breaks to the ABI and ABI
+     - minor breaks to the ABI and API
     - cleared remaining Undefined Behavior Sanitizer (UBsan) findings
-     - cleared remaining Valgrind findings
+     - cleared remaining GCC and Visual Studio warnings
     - removed CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
 Written by Wei Dai and the Crypto++ Project
--- a/TestVectors/Readme.txt
+++ b/TestVectors/Readme.txt
@ -52,6 +52,10 @@ Signature - encoded string, signature to be verified or compared
 with
 Plaintext - encoded string
 Ciphertext - encoded string
 Header - encoded string
 Footer - encoded string
 DerivedKey - encoded string
 DerivedLength - encoded string
 Digest - encoded string
 TruncatedSize - int, size of truncated digest in bytes
 Seek - int, seek location for random access ciphers
--- a/TestVectors/aes.txt
+++ b/TestVectors/aes.txt
--- a/TestVectors/all.txt
+++ b/TestVectors/all.txt
@ -29,3 +29,4 @@ Test: TestVectors/gcm.txt
 Test: TestVectors/cmac.txt
 Test: TestVectors/eax.txt
 Test: TestVectors/mars.txt
 Test: TestVectors/hkdf.txt
--- a/TestVectors/hkdf.txt
+++ b/TestVectors/hkdf.txt
@ -5,7 +5,7 @@ Comment: Test Case 4
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b
 Salt: 0x000102030405060708090a0b0c
 Info: 0xf0f1f2f3f4f5f6f7f8f9
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896
 Test: Verify
@ -16,7 +16,7 @@ Comment: Test Case 5
 Key: 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
 Salt: 0x606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
 Info: 0xb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-DerivedLength: 82
+DerivedKeyLength: 82
 DerivedKey: 0x0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4
 Test: Verify
@ -27,7 +27,7 @@ Comment: Test Case 6
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Salt: ""
 Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918
 Test: Verify
@ -38,7 +38,7 @@ Comment: Test Case 7
 Key: 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
 Salt: ""
 Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48
 Test: Verify
@ -49,7 +49,7 @@ Comment: Test Case 1
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Salt: 0x000102030405060708090a0b0c
 Info: 0xf0f1f2f3f4f5f6f7f8f9
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865
 Test: Verify
@ -60,7 +60,7 @@ Comment: Test Case 2
 Key: 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
 Salt: 0x606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
 Info: 0xb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-DerivedLength: 82
+DerivedKeyLength: 82
 DerivedKey: 0xb11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87
 Test: Verify
@ -71,7 +71,7 @@ Comment: Test Case 3
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Salt: ""
 Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8
 Test: Verify
@ -82,7 +82,7 @@ Comment: Test Case 8 (Mirror Tests 1 and 4)
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Salt: 0x000102030405060708090a0b0c
 Info: 0xf0f1f2f3f4f5f6f7f8f9
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x832390086CDA71FB47625BB5CEB168E4C8E26A1A16ED34D9FC7FE92C1481579338DA362CB8D9F925D7CB
 Test: Verify
@ -93,7 +93,7 @@ Comment: Test Case 9 (Mirror Tests 2 and 5)
 Key: 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
 Salt: 0x606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
 Info: 0xb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-DerivedLength: 82
+DerivedKeyLength: 82
 DerivedKey: 0xCE6C97192805B346E6161E821ED165673B84F400A2B514B2FE23D84CD189DDF1B695B48CBD1C8388441137B3CE28F16AA64BA33BA466B24DF6CFCB021ECFF235F6A2056CE3AF1DE44D572097A8505D9E7A93
 Test: Verify
@ -104,7 +104,7 @@ Comment: Test Case 10 (Mirror Test 3 and 6)
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Salt: ""
 Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0xF5FA02B18298A72A8C23898A8703472C6EB179DC204C03425C970E3B164BF90FFF22D04836D0E2343BAC
 Test: Verify
@ -115,7 +115,7 @@ Comment: Test Case 11
 Key: 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
 Salt: ""
 Info:
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x1407D46013D98BC6DECEFCFEE55F0F90B0C7F63D68EB1A80EAF07E953CFC0A3A5240A155D6E4DAA965BB
 Test: Verify
@ -126,7 +126,7 @@ Comment: Test Case 12 (Mirror Tests 3 and 6)
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Salt: ""
 Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0xF5FA02B18298A72A8C23898A8703472C6EB179DC204C03425C970E3B164BF90FFF22D04836D0E2343BAC
 Test: Verify
@ -137,7 +137,7 @@ Comment: Test Case 13 (Mirror Tests 1 and 4)
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Salt: 0x000102030405060708090a0b0c
 Info: 0xf0f1f2f3f4f5f6f7f8f9
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x0D29F74CCD8640F44B0DD9638111C1B5766EFED752AF358109E2E7C9CD4A28EF2F90B2AD461FBA0744D4
 Test: Verify
@ -148,7 +148,7 @@ Comment: Test Case 14 (Mirror Tests 2 and 5)
 Key: 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
 Salt: 0x606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
 Info: 0xb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-DerivedLength: 82
+DerivedKeyLength: 82
 DerivedKey: 0x4EBE4FE2DCCEC42661699500BE279A993FED90351E19373B3926FAA3A410700B2BBF77E254CF1451AE6068D64A0904D966F4FF25498445A501B88F50D21E3A68A890E09445DC5886DD00E7F4F7C58A512170
 Test: Verify
@ -159,7 +159,7 @@ Comment: Test Case 15 (Mirror Tests 3 and 6)
 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Salt: ""
 Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x110632D0F7AEFAC31771FC66C22BB3462614B81E4B04BA7F2B662E0BD694F56458615F9A9CB56C57ECF2
 Test: Verify
@ -170,6 +170,6 @@ Comment: Test Case 16 (Mirror Test 7)
 Key: 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
 Salt: r64 0x00
 Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
 DerivedKey: 0x4089286EBFB23DD8A02F0C9DAA35D538EB09CD0A8CBAB203F39083AA3E0BD313E6F91E64F21A187510B0
 Test: Verify
--- a/TestVectors/panama.txt
+++ b/TestVectors/panama.txt
--- a/TestVectors/salsa.txt
+++ b/TestVectors/salsa.txt
--- a/TestVectors/sosemanuk.txt
+++ b/TestVectors/sosemanuk.txt
--- a/TestVectors/vmac.txt
+++ b/TestVectors/vmac.txt
--- a/adler32.cpp
+++ b/adler32.cpp
@ -61,14 +61,19 @@ void Adler32::TruncatedFinal(byte *hash, size_t size)
 	{
 	default:
 		hash[3] = byte(m_s1);
 		// fall through
 	case 3:
 		hash[2] = byte(m_s1 >> 8);
 		// fall through
 	case 2:
 		hash[1] = byte(m_s2);
 		// fall through
 	case 1:
 		hash[0] = byte(m_s2 >> 8);
 		// fall through
 	case 0:
-		;
+		;;
 		// fall through
 	}
 	Reset();
--- a/adler32.h
+++ b/adler32.h
@ -1,7 +1,8 @@
 // adler32.h - written and placed in the public domain by Wei Dai
 //! \file
-//! \brief Class files for ADLER-32 checksum calculations
+//! \headerfile adler32.h
 //! \brief Class file for ADLER-32 checksum calculations
 #ifndef CRYPTOPP_ADLER32_H
 #define CRYPTOPP_ADLER32_H
--- a/algebra.cpp
+++ b/algebra.cpp
@ -206,7 +206,8 @@ template <class Element, class Iterator> Element GeneralCascadeMultiplication(co
 struct WindowSlider
 {
 	WindowSlider(const Integer &expIn, bool fastNegate, unsigned int windowSizeIn=0)
-		: exp(expIn), windowModulus(Integer::One()), windowSize(windowSizeIn), windowBegin(0), fastNegate(fastNegate), negateNext(false), firstTime(true), finished(false)
+		: exp(expIn), windowModulus(Integer::One()), windowSize(windowSizeIn), windowBegin(0), expWindow(0)
 		, fastNegate(fastNegate), negateNext(false), firstTime(true), finished(false)
 	{
 		if (windowSize == 0)
 		{
--- a/algebra.h
+++ b/algebra.h
@ -1,14 +1,15 @@
 // algebra.h - written and placed in the public domain by Wei Dai
 //! \file
-//! \brief Classes and functions for performing mathematics over different fields
+//! \headerfile algebra.h
 //! \brief Classes for performing mathematics over different fields
 #ifndef CRYPTOPP_ALGEBRA_H
 #define CRYPTOPP_ALGEBRA_H
 #include "config.h"
 #include "integer.h"
 #include "misc.h"
 #include "integer.h"
 NAMESPACE_BEGIN(CryptoPP)
--- a/algparam.h
+++ b/algparam.h
@ -1,7 +1,8 @@
 // algparam.h - written and placed in the public domain by Wei Dai
 //! \file
-//! \brief Classes and functions for working with NameValuePairs
+//! \headerfile algparam.h
 //! \brief Classes for working with NameValuePairs
 #ifndef CRYPTOPP_ALGPARAM_H
@ -11,7 +12,7 @@
 #include "config.h"
 // TODO: fix 6011 when the API/ABI can change
-#if CRYPTOPP_MSC_VERSION
+#if (CRYPTOPP_MSC_VERSION >= 1400)
 # pragma warning(push)
 # pragma warning(disable: 6011 28193)
 #endif
@ -30,21 +31,26 @@ class ConstByteArrayParameter
 {
 public:
 	ConstByteArrayParameter(const char *data = NULL, bool deepCopy = false)
 		: m_deepCopy(false), m_data(NULL), m_size(0)
 	{
 		Assign((const byte *)data, data ? strlen(data) : 0, deepCopy);
 	}
 	ConstByteArrayParameter(const byte *data, size_t size, bool deepCopy = false)
 		: m_deepCopy(false), m_data(NULL), m_size(0)
 	{
 		Assign(data, size, deepCopy);
 	}
 	template <class T> ConstByteArrayParameter(const T &string, bool deepCopy = false)
 		: m_deepCopy(false), m_data(NULL), m_size(0)
 	{
-        CRYPTOPP_COMPILE_ASSERT(sizeof(CPP_TYPENAME T::value_type) == 1);
+		CRYPTOPP_COMPILE_ASSERT(sizeof(CPP_TYPENAME T::value_type) == 1);
 		Assign((const byte *)string.data(), string.size(), deepCopy);
 	}
 	void Assign(const byte *data, size_t size, bool deepCopy)
 	{
 		// This fires, which means: no data with a size, or data with no size.
 		// assert((data && size) || !(data || size));
 		if (deepCopy)
 			m_block.Assign(data, size);
 		else
@ -400,6 +406,19 @@ CRYPTOPP_DLL_TEMPLATE_CLASS AlgorithmParametersTemplate<bool>;
 CRYPTOPP_DLL_TEMPLATE_CLASS AlgorithmParametersTemplate<int>;
 CRYPTOPP_DLL_TEMPLATE_CLASS AlgorithmParametersTemplate<ConstByteArrayParameter>;
 //! \class AlgorithmParameters
 //! \brief An object that implements NameValuePairs
 //! \tparam T the class or type
 //! \param name the name of the object or value to retrieve
 //! \param value reference to a variable that receives the value
 //! \param throwIfNotUsed if true, the object will throw an exception if the value is not accessed
 //! \note throwIfNotUsed is ignored if using a compiler that does not support std::uncaught_exception(),
 //!   such as MSVC 7.0 and earlier.
 //! \note A NameValuePairs object containing an arbitrary number of name value pairs may be constructed by
 //!   repeatedly using operator() on the object returned by MakeParameters, for example:
 //!   <pre>
 //!     AlgorithmParameters parameters = MakeParameters(name1, value1)(name2, value2)(name3, value3);
 //!   </pre>
 class CRYPTOPP_DLL AlgorithmParameters : public NameValuePairs
 {
 public:
@ -418,6 +437,10 @@ public:
 	AlgorithmParameters & operator=(const AlgorithmParameters &x);
 	//! \tparam T the class or type
 	//! \param name the name of the object or value to retrieve
 	//! \param value reference to a variable that receives the value
 	//! \param throwIfNotUsed if true, the object will throw an exception if the value is not accessed
 	template <class T>
 	AlgorithmParameters & operator()(const char *name, const T &value, bool throwIfNotUsed)
 	{
@ -428,6 +451,10 @@ public:
 		return *this;
 	}
 	//! \brief Appends a NameValuePair to a collection of NameValuePairs
 	//! \tparam T the class or type
 	//! \param name the name of the object or value to retrieve
 	//! \param value reference to a variable that receives the value
 	template <class T>
 	AlgorithmParameters & operator()(const char *name, const T &value)
 	{
@ -441,23 +468,23 @@ protected:
 	bool m_defaultThrowIfNotUsed;
 };
-//! Create an object that implements NameValuePairs for passing parameters
+//! \brief Create an object that implements NameValuePairs
-/*! \param throwIfNotUsed if true, the object will throw an exception if the value is not accessed
+//! \tparam T the class or type
-	\note throwIfNotUsed is ignored if using a compiler that does not support std::uncaught_exception(),
+//! \param name the name of the object or value to retrieve
-	such as MSVC 7.0 and earlier.
+//! \param value reference to a variable that receives the value
-	\note A NameValuePairs object containing an arbitrary number of name value pairs may be constructed by
+//! \param throwIfNotUsed if true, the object will throw an exception if the value is not accessed
-	repeatedly using operator() on the object returned by MakeParameters, for example:
+//! \note throwIfNotUsed is ignored if using a compiler that does not support std::uncaught_exception(),
-	AlgorithmParameters parameters = MakeParameters(name1, value1)(name2, value2)(name3, value3);
+//!   such as MSVC 7.0 and earlier.
-*/
+//! \note A NameValuePairs object containing an arbitrary number of name value pairs may be constructed by
 //!   repeatedly using \p operator() on the object returned by \p MakeParameters, for example:
 //!   <pre>
 //!     AlgorithmParameters parameters = MakeParameters(name1, value1)(name2, value2)(name3, value3);
 //!   </pre>
 #ifdef __BORLANDC__
 typedef AlgorithmParameters MakeParameters;
 #else
 template <class T>
 #if __APPLE__
 AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed = false)
 #else
 AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed = true)
 #endif
 {
 	return AlgorithmParameters()(name, value, throwIfNotUsed);
 }
@ -467,6 +494,11 @@ AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwI
 #define CRYPTOPP_SET_FUNCTION_ENTRY(name)		(Name::name(), &ThisClass::Set##name)
 #define CRYPTOPP_SET_FUNCTION_ENTRY2(name1, name2)	(Name::name1(), Name::name2(), &ThisClass::Set##name1##And##name2)
 // TODO: fix 6011 when the API/ABI can change
 #if (CRYPTOPP_MSC_VERSION >= 1400)
 # pragma warning(pop)
 #endif
 NAMESPACE_END
 #endif
--- a/arc4.cpp
+++ b/arc4.cpp
@ -13,10 +13,12 @@
 NAMESPACE_BEGIN(CryptoPP)
 namespace Weak1 {
 #if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
 void ARC4_TestInstantiations()
 {
 	ARC4 x;
 }
 #endif
 ARC4_Base::~ARC4_Base()
 {
--- a/arc4.h
+++ b/arc4.h
@ -1,7 +1,7 @@
 // arc4.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file arc4.h
-//! \brief Implementation of ARC4
+//! \brief Classes for ARC4 cipher
 #ifndef CRYPTOPP_ARC4_H
 #define CRYPTOPP_ARC4_H
@ -16,7 +16,8 @@ NAMESPACE_BEGIN(CryptoPP)
 namespace Weak1 {
 //! \class ARC4_Base
-//! \brief Allegedly RC4
+//! \brief Class specific methods used to operate the cipher.
 //! \details Implementations and overrides in \p Base apply to both \p ENCRYPTION and \p DECRYPTION directions
 class CRYPTOPP_NO_VTABLE ARC4_Base : public VariableKeyLength<16, 1, 256>, public RandomNumberGenerator, public SymmetricCipher, public SymmetricCipherDocumentation
 {
 public:
@ -47,7 +48,10 @@ protected:
 //! <a href="http://www.weidai.com/scan-mirror/cs.html#RC4">Alleged RC4</a>
 DOCUMENTED_TYPEDEF(SymmetricCipherFinal<ARC4_Base>, ARC4)
-//! _
+//! \class MARC4_Base
 //! \brief Class specific methods used to operate the cipher.
 //! \details Implementations and overrides in \p Base apply to both \p ENCRYPTION and \p DECRYPTION directions
 //! \details MARC4 discards the first 256 bytes of keystream, which may be weaker than the rest
 class CRYPTOPP_NO_VTABLE MARC4_Base : public ARC4_Base
 {
 public:
@ -60,7 +64,6 @@ protected:
 	unsigned int GetDefaultDiscardBytes() const {return 256;}
 };
 //! Modified ARC4: it discards the first 256 bytes of keystream which may be weaker than the rest
 DOCUMENTED_TYPEDEF(SymmetricCipherFinal<MARC4_Base>, MARC4)
 }
--- a/argnames.h
+++ b/argnames.h
@ -1,7 +1,7 @@
 // argnames.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file argnames.h
-//! \brief Standard names for retrieving values when working with \p NameValuePairs
+//! \brief Standard names for retrieving values by name when working with \p NameValuePairs
 #ifndef CRYPTOPP_ARGNAMES_H
 #define CRYPTOPP_ARGNAMES_H
@ -78,9 +78,9 @@ CRYPTOPP_DEFINE_NAME_STRING(MaxLineLength)		//< int
 CRYPTOPP_DEFINE_NAME_STRING(DigestSize)			//!< int, in bytes
 CRYPTOPP_DEFINE_NAME_STRING(L1KeyLength)		//!< int, in bytes
 CRYPTOPP_DEFINE_NAME_STRING(TableSize)			//!< int, in bytes
-CRYPTOPP_DEFINE_NAME_STRING(DerivedKey)			//< ByteArrayParameter, key derivation, derived key
+CRYPTOPP_DEFINE_NAME_STRING(Blinding)			//!< bool, timing attack mitigations, ON by default
-CRYPTOPP_DEFINE_NAME_STRING(DerivedLength)		//< int, key derivation, derived key length in bytes
+CRYPTOPP_DEFINE_NAME_STRING(DerivedKey)			//!< ByteArrayParameter, key derivation, derived key
-
+CRYPTOPP_DEFINE_NAME_STRING(DerivedKeyLength)	//!< int, key derivation, derived key length in bytes
 DOCUMENTED_NAMESPACE_END
 NAMESPACE_END
--- a/asn.h
+++ b/asn.h
@ -1,6 +1,7 @@
 // asn.h - written and placed in the public domain by Wei Dai
 //! \file
 //! \headerfile asn.h
 //! \brief Classes and functions for working with ANS.1 objects
 #ifndef CRYPTOPP_ASN_H
@ -348,7 +349,9 @@ void BERDecodeUnsigned(BufferedTransformation &in, T &w, byte asnTag = INTEGER,
 		BERDecodeError();
 	size_t bc;
-	BERLengthDecode(in, bc);
+	bool definite = BERLengthDecode(in, bc);
 	if (!definite)
 		BERDecodeError();
 	SecByteBlock buf(bc);
--- a/authenc.h
+++ b/authenc.h
@ -1,6 +1,7 @@
 // authenc.h - written and placed in the public domain by Wei Dai
 //! \file
 //! \headerfile authenc.h
 //! \brief Base classes for working with authenticated encryption modes of encryption
 #ifndef CRYPTOPP_AUTHENC_H
@ -16,7 +17,8 @@ NAMESPACE_BEGIN(CryptoPP)
 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AuthenticatedSymmetricCipherBase : public AuthenticatedSymmetricCipher
 {
 public:
-	AuthenticatedSymmetricCipherBase() : m_state(State_Start) {}
+	AuthenticatedSymmetricCipherBase() : m_state(State_Start), m_bufferedDataLength(0),
 		m_totalHeaderLength(0), m_totalMessageLength(0), m_totalFooterLength(0) {}
 	bool IsRandomAccess() const {return false;}
 	bool IsSelfInverting() const {return true;}
--- a/base32.h
+++ b/base32.h
@ -1,7 +1,7 @@
 // base32.h - written and placed in the public domain by Wei Dai
 //! \file
-//! \brief Class files for the Base32 encoder and decoder
+//! \brief Classes for Base32Encoder and Base32Decoder
 #ifndef CRYPTOPP_BASE32_H
 #define CRYPTOPP_BASE32_H
@ -18,12 +18,32 @@ NAMESPACE_BEGIN(CryptoPP)
 class Base32Encoder : public SimpleProxyFilter
 {
 public:
-	Base32Encoder(BufferedTransformation *attachment = NULL, bool uppercase = true, int outputGroupSize = 0, const std::string &separator = ":", const std::string &terminator = "")
+	//! \brief Construct a Base32Encoder
 	//! \param attachment a BufferedTrasformation to attach to this object
 	//! \param uppercase a flag indicating uppercase output
 	//! \param groupSize the size of the grouping
 	//! \param separator the separator to use between groups
 	//! \param terminator the terminator appeand after processing
 	//! \details Base32Encoder() constructs a default encoder. The constructor lacks fields for padding and
 	//!   line breaks. You must use IsolatedInitialize() to change the default padding character or suppress it.
 	//! \sa IsolatedInitialize() for an example of modifying a Base32Encoder after construction.
 	Base32Encoder(BufferedTransformation *attachment = NULL, bool uppercase = true, int groupSize = 0, const std::string &separator = ":", const std::string &terminator = "")
 		: SimpleProxyFilter(new BaseN_Encoder(new Grouper), attachment)
 	{
-		IsolatedInitialize(MakeParameters(Name::Uppercase(), uppercase)(Name::GroupSize(), outputGroupSize)(Name::Separator(), ConstByteArrayParameter(separator))(Name::Terminator(), ConstByteArrayParameter(terminator)));
+		IsolatedInitialize(MakeParameters(Name::Uppercase(), uppercase)(Name::GroupSize(), groupSize)(Name::Separator(), ConstByteArrayParameter(separator))(Name::Terminator(), ConstByteArrayParameter(terminator)));
 	}
 	//! \brief Initialize or reinitialize this object, without signal propagation
 	//! \param parameters a set of NameValuePairs used to initialize this object
 	//! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable
 	//!   number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on attached
 	//!   transformations. If initialization should be propagated, then use the Initialize() function.
 	//! \details The following code modifies the padding and line break parameters for an encoder:
 	//!   <pre>
 	//!     Base32Encoder encoder;
 	//!     AlgorithmParameters params = MakeParameters(Pad(), false)(InsertLineBreaks(), false);
 	//!     encoder.IsolatedInitialize(params);
 	//!   </pre>
 	void IsolatedInitialize(const NameValuePairs &parameters);
 };
@ -34,6 +54,8 @@ public:
 class Base32Decoder : public BaseN_Decoder
 {
 public:
 	//! \brief Construct a Base32Decoder
 	//! \param attachment a BufferedTrasformation to attach to this object
 	Base32Decoder(BufferedTransformation *attachment = NULL)
 		: BaseN_Decoder(GetDefaultDecodingLookupArray(), 5, attachment) {}
--- a/base64.cpp
+++ b/base64.cpp
@ -5,7 +5,6 @@
 NAMESPACE_BEGIN(CryptoPP)
 // Base64
 static const byte s_stdVec[] =
    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
--- a/base64.h
+++ b/base64.h
@ -1,7 +1,7 @@
-// .h - written and placed in the public domain by Wei Dai
+// base64.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file base64.h
-//! \brief Class files for the Base64Encoder, Base64Decoder, Base64URLEncoder and Base64URLDecoder
+//! \brief Classes for the Base64Encoder, Base64Decoder, Base64URLEncoder and Base64URLDecoder
 #ifndef CRYPTOPP_BASE64_H
 #define CRYPTOPP_BASE64_H
@ -18,12 +18,30 @@ NAMESPACE_BEGIN(CryptoPP)
 class Base64Encoder : public SimpleProxyFilter
 {
 public:
 	//! \brief Construct a Base64Encoder
 	//! \param attachment a BufferedTrasformation to attach to this object
 	//! \param insertLineBreaks a BufferedTrasformation to attach to this object
 	//! \param maxLineLength the lenght of a line if line breaks are used
 	//! \details Base64Encoder() constructs a default encoder. The constructor lacks parameters for padding.
 	//!    You must use IsolatedInitialize() to modify the Base64Encoder after construction.
 	//! \sa IsolatedInitialize() for an example of modifying a Base64Encoder after construction.
 	Base64Encoder(BufferedTransformation *attachment = NULL, bool insertLineBreaks = true, int maxLineLength = 72)
 		: SimpleProxyFilter(new BaseN_Encoder(new Grouper), attachment)
 	{
 		IsolatedInitialize(MakeParameters(Name::InsertLineBreaks(), insertLineBreaks)(Name::MaxLineLength(), maxLineLength));
 	}
 	//! \brief Initialize or reinitialize this object, without signal propagation
 	//! \param parameters a set of NameValuePairs used to initialize this object
 	//! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable
 	//!   number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on attached
 	//!   transformations. If initialization should be propagated, then use the Initialize() function.
 	//! \details The following code modifies the padding and line break parameters for an encoder:
 	//!   <pre>
 	//!     Base64Encoder encoder;
 	//!     AlgorithmParameters params = MakeParameters(Pad(), false)(InsertLineBreaks(), false);
 	//!     encoder.IsolatedInitialize(params);
 	//!   </pre>
 	void IsolatedInitialize(const NameValuePairs &parameters);
 };
@ -34,9 +52,16 @@ public:
 class Base64Decoder : public BaseN_Decoder
 {
 public:
 	//! \brief Construct a Base64Decoder
 	//! \param attachment a BufferedTrasformation to attach to this object
 	Base64Decoder(BufferedTransformation *attachment = NULL)
 		: BaseN_Decoder(GetDecodingLookupArray(), 6, attachment) {}
 	//! \brief Initialize or reinitialize this object, without signal propagation
 	//! \param parameters a set of NameValuePairs used to initialize this object
 	//! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable
 	//!   number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on
 	//!  attached transformations. If initialization should be propagated, then use the Initialize() function.
 	void IsolatedInitialize(const NameValuePairs &parameters)
 		{CRYPTOPP_UNUSED(parameters);}
@ -51,12 +76,33 @@ private:
 class Base64URLEncoder : public SimpleProxyFilter
 {
 public:
 	//! \brief Construct a Base64URLEncoder
 	//! \param attachment a BufferedTrasformation to attach to this object
 	//! \param insertLineBreaks a BufferedTrasformation to attach to this object
 	//! \param maxLineLength the lenght of a line if line breaks are used
 	//! \details Base64URLEncoder() constructs a default encoder. The constructor ignores insertLineBreaks
 	//!   and maxLineLength because the web and URL safe specifications don't use them. They are present
 	//!   in the constructor for API compatibility with Base64Encoder (drop-in replacement). The
 	//!   constructor also disables padding on the encoder for the same reason.
 	//! \details If you need line breaks or padding, then you must use IsolatedInitialize() to set them
 	//!   after constructing a Base64URLEncoder.
 	//! \sa IsolatedInitialize() for an example of modifying a Base64URLEncoder after construction.
 	Base64URLEncoder(BufferedTransformation *attachment = NULL, bool insertLineBreaks = false, int maxLineLength = -1)
 		: SimpleProxyFilter(new BaseN_Encoder(new Grouper), attachment)
 	{
-		IsolatedInitialize(MakeParameters(Name::InsertLineBreaks(), insertLineBreaks)(Name::MaxLineLength(), maxLineLength));
+		CRYPTOPP_UNUSED(insertLineBreaks), CRYPTOPP_UNUSED(maxLineLength);
 		IsolatedInitialize(MakeParameters(Name::InsertLineBreaks(), false)(Name::MaxLineLength(), -1)(Name::Pad(),false));
 	}
 	//! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable
 	//!   number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on attached
 	//!   transformations. If initialization should be propagated, then use the Initialize() function.
 	//! \details The following code modifies the padding and line break parameters for an encoder:
 	//!   <pre>
 	//!     Base64URLEncoder encoder;
 	//!     AlgorithmParameters params = MakeParameters(Name::Pad(), true)(Name::InsertLineBreaks(), true);
 	//!     encoder.IsolatedInitialize(params);
 	//!   </pre>
 	void IsolatedInitialize(const NameValuePairs &parameters);
 };
@ -67,9 +113,16 @@ public:
 class Base64URLDecoder : public BaseN_Decoder
 {
 public:
 	//! \brief Construct a Base64URLDecoder
 	//! \param attachment a BufferedTrasformation to attach to this object
 	Base64URLDecoder(BufferedTransformation *attachment = NULL)
 		: BaseN_Decoder(GetDecodingLookupArray(), 6, attachment) {}
 	//! \brief Initialize or reinitialize this object, without signal propagation
 	//! \param parameters a set of NameValuePairs used to initialize this object
 	//! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable
 	//!   number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on
 	//!  attached transformations. If initialization should be propagated, then use the Initialize() function.
 	void IsolatedInitialize(const NameValuePairs &parameters)
 		{CRYPTOPP_UNUSED(parameters);}
--- a/basecode.h
+++ b/basecode.h
@ -1,7 +1,7 @@
 // basecode.h - written and placed in the public domain by Wei Dai
 //! \file
-//! \brief Base class files for working with encoders and decoders.
+//! \brief Base classes for working with encoders and decoders.
 #ifndef CRYPTOPP_BASECODE_H
 #define CRYPTOPP_BASECODE_H
@ -14,14 +14,27 @@
 NAMESPACE_BEGIN(CryptoPP)
 //! \class BaseN_Encoder
-//! \details base n encoder, where n is a power of 2
+//! \brief Encoder for bases that are a power of 2
 class CRYPTOPP_DLL BaseN_Encoder : public Unflushable<Filter>
 {
 public:
 	//! \brief Construct a BaseN_Encoder
 	//! \param attachment a BufferedTransformation to attach to this object
 	BaseN_Encoder(BufferedTransformation *attachment=NULL)
-		{Detach(attachment);}
+		: m_alphabet(NULL), m_padding(0), m_bitsPerChar(0)
 		, m_outputBlockSize(0), m_bytePos(0), m_bitPos(0)
 			{Detach(attachment);}
 	//! \brief Construct a BaseN_Encoder
 	//! \param alphabet table of ASCII characters to use as the alphabet
 	//! \param log2base the log<sub>2</sub>base
 	//! \param attachment a BufferedTransformation to attach to this object
 	//! \param padding the character to use as padding
 	//! \pre log2base must be between 1 and 7 inclusive
 	//! \throws InvalidArgument if log2base is not between 1 and 7
 	BaseN_Encoder(const byte *alphabet, int log2base, BufferedTransformation *attachment=NULL, int padding=-1)
 		: m_alphabet(NULL), m_padding(0), m_bitsPerChar(0)
 		, m_outputBlockSize(0), m_bytePos(0), m_bitPos(0)
 	{
 		Detach(attachment);
 		IsolatedInitialize(MakeParameters(Name::EncodingLookupArray(), alphabet)
@ -41,14 +54,30 @@ private:
 };
 //! \class BaseN_Decoder
-//! \details base n encoder, where n is a power of 2
+//! \brief Decoder for bases that are a power of 2
 class CRYPTOPP_DLL BaseN_Decoder : public Unflushable<Filter>
 {
 public:
 	//! \brief Construct a BaseN_Decoder
 	//! \param attachment a BufferedTransformation to attach to this object
 	//! \details padding is set to -1, which means use default padding. If not
 	//!   required, then the value must be set via IsolatedInitialize().
 	BaseN_Decoder(BufferedTransformation *attachment=NULL)
-		{Detach(attachment);}
+		: m_lookup(0), m_padding(0), m_bitsPerChar(0)
 		, m_outputBlockSize(0), m_bytePos(0), m_bitPos(0)
 			{Detach(attachment);}
 	//! \brief Construct a BaseN_Decoder
 	//! \param lookup table of values
 	//! \param log2base the log<sub>2</sub>base
 	//! \param attachment a BufferedTransformation to attach to this object
 	//! \details log2base is the exponent (like 5 in 2<sup>5</sup>), and not
 	//!   the number of elements (like 32).
 	//! \details padding is set to -1, which means use default padding. If not
 	//!   required, then the value must be set via IsolatedInitialize().
 	BaseN_Decoder(const int *lookup, int log2base, BufferedTransformation *attachment=NULL)
 		: m_lookup(0), m_padding(0), m_bitsPerChar(0)
 		, m_outputBlockSize(0), m_bytePos(0), m_bitPos(0)
 	{
 		Detach(attachment);
 		IsolatedInitialize(MakeParameters(Name::DecodingLookupArray(), lookup)(Name::Log2Base(), log2base));
@ -57,6 +86,16 @@ public:
 	void IsolatedInitialize(const NameValuePairs &parameters);
 	size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking);
 	//! \brief Intializes BaseN lookup array
 	//! \param lookup table of values
 	//! \param alphabet table of ASCII characters
 	//! \param base the base for the encoder
 	//! \param caseInsensitive flag indicating whether the alpabet is case sensitivie
 	//! \pre COUNTOF(lookup) == 256
 	//! \pre COUNTOF(alphabet) == base
 	//! \details Internally, the function sets the first 256 elements in the lookup table to
 	//   their value from the alphabet array or -1. base is the number of element (like 32),
 	//!  and not an exponent (like 5 in 2<sup>5</sup>)
 	static void CRYPTOPP_API InitializeDecodingLookupArray(int *lookup, const byte *alphabet, unsigned int base, bool caseInsensitive);
 private:
@ -66,14 +105,23 @@ private:
 	SecByteBlock m_outBuf;
 };
-//! filter that breaks input stream into groups of fixed size
+//! \class Grouper
 //! \brief Filter that breaks input stream into groups of fixed size
 class CRYPTOPP_DLL Grouper : public Bufferless<Filter>
 {
 public:
 	//! \brief Construct a Grouper
 	//! \param attachment a BufferedTransformation to attach to this object
 	Grouper(BufferedTransformation *attachment=NULL)
-		{Detach(attachment);}
+		: m_groupSize(0), m_counter(0) {Detach(attachment);}
 	//! \brief Construct a Grouper
 	//! \param groupSize the size of the grouping
 	//! \param separator the separator to use between groups
 	//! \param terminator the terminator appeand after processing
 	//! \param attachment a BufferedTransformation to attach to this object
 	Grouper(int groupSize, const std::string &separator, const std::string &terminator, BufferedTransformation *attachment=NULL)
 		: m_groupSize(0), m_counter(0)
 	{
 		Detach(attachment);
 		IsolatedInitialize(MakeParameters(Name::GroupSize(), groupSize)
--- a/bench.cpp
+++ b/bench.cpp
@ -17,6 +17,7 @@
 #include <time.h>
 #include <math.h>
 #include <iostream>
 #include <sstream>
 #include <iomanip>
 // These are noisy enoguh due to test.cpp. Turn them off here.
@ -35,46 +36,72 @@ const double CLOCK_TICKS_PER_SECOND = (double)CLK_TCK;
 const double CLOCK_TICKS_PER_SECOND = 1000000.0;
 #endif
-double logtotal = 0, g_allocatedTime, g_hertz;
+double logtotal = 0.0, g_allocatedTime = 0, g_hertz = 0;
 unsigned int logcount = 0;
-static const byte defaultKey[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000";
+static const byte defaultKey[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
 	"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000";
 void OutputResultBytes(const char *name, double length, double timeTaken)
 {
 	// Coverity finding (http://stackoverflow.com/a/30968371 does not squash the finding)
 	std::ostringstream out;
 	out.copyfmt(cout);
 	// Coverity finding
 	if (length < 0.0000000001f) length = 0.000001f;
 	if (timeTaken < 0.0000000001f) timeTaken = 0.000001f;
 	double mbs = length / timeTaken / (1024*1024);
-	cout << "\n<TR><TH>" << name;
+	out << "\n<TR><TH>" << name;
-//	cout << "<TD>" << setprecision(3) << length / (1024*1024);
+//	out << "<TD>" << setprecision(3) << length / (1024*1024);
-	cout << setiosflags(ios::fixed);
+	out << setiosflags(ios::fixed);
-//	cout << "<TD>" << setprecision(3) << timeTaken;
+//	out << "<TD>" << setprecision(3) << timeTaken;
-	cout << "<TD>" << setprecision(0) << setiosflags(ios::fixed) << mbs;
+	out << "<TD>" << setprecision(0) << setiosflags(ios::fixed) << mbs;
 	if (g_hertz)
-		cout << "<TD>" << setprecision(1) << setiosflags(ios::fixed) << timeTaken * g_hertz / length;
+		out << "<TD>" << setprecision(1) << setiosflags(ios::fixed) << timeTaken * g_hertz / length;
 	cout << resetiosflags(ios::fixed);
 	logtotal += log(mbs);
 	logcount++;
 	cout << out.str(); 
 }
 void OutputResultKeying(double iterations, double timeTaken)
 {
-	cout << "<TD>" << setprecision(3) << setiosflags(ios::fixed) << (1000*1000*timeTaken/iterations);
+	// Coverity finding (http://stackoverflow.com/a/30968371 does not squash the finding)
 	std::ostringstream out;
 	out.copyfmt(cout);
 	// Coverity finding
 	if (iterations < 0.0000000001f) iterations = 0.000001f;
 	if (timeTaken < 0.0000000001f) timeTaken = 0.000001f;
 	out << "<TD>" << setprecision(3) << setiosflags(ios::fixed) << (1000*1000*timeTaken/iterations);
 	if (g_hertz)
-		cout << "<TD>" << setprecision(0) << setiosflags(ios::fixed) << timeTaken * g_hertz / iterations;
+		out << "<TD>" << setprecision(0) << setiosflags(ios::fixed) << timeTaken * g_hertz / iterations;
 	cout << out.str(); 
 }
 void OutputResultOperations(const char *name, const char *operation, bool pc, unsigned long iterations, double timeTaken)
 {
-	cout << "\n<TR><TH>" << name << " " << operation << (pc ? " with precomputation" : "");
+	// Coverity finding (http://stackoverflow.com/a/30968371 does not squash the finding)
-//	cout << "<TD>" << iterations;
+	std::ostringstream out;
-//	cout << setiosflags(ios::fixed);
+	out.copyfmt(cout);
-//	cout << "<TD>" << setprecision(3) << timeTaken;
+	
-	cout << "<TD>" << setprecision(2) << setiosflags(ios::fixed) << (1000*timeTaken/iterations);
+	// Coverity finding
 	if (!iterations) iterations++;
 	if (timeTaken < 0.0000000001f) timeTaken = 0.000001f;
 	out << "\n<TR><TH>" << name << " " << operation << (pc ? " with precomputation" : "");
 	out << "<TD>" << setprecision(2) << setiosflags(ios::fixed) << (1000*timeTaken/iterations);
 	if (g_hertz)
-		cout << "<TD>" << setprecision(2) << setiosflags(ios::fixed) << timeTaken * g_hertz / iterations / 1000000;
+		out << "<TD>" << setprecision(2) << setiosflags(ios::fixed) << timeTaken * g_hertz / iterations / 1000000;
 	cout << resetiosflags(ios::fixed);
 	logtotal += log(iterations/timeTaken);
 	logcount++;
 	cout << out.str(); 
 }
 /*
@ -196,14 +223,16 @@ void BenchMarkByName2(const char *factoryName, size_t keyLength = 0, const char
 	CRYPTOPP_UNUSED(x), CRYPTOPP_UNUSED(y), CRYPTOPP_UNUSED(params);
 	std::string name(factoryName ? factoryName : "");
 	member_ptr<T_FactoryOutput> obj(ObjectFactoryRegistry<T_FactoryOutput>::Registry().CreateObject(name.c_str()));
 	if (!keyLength)
 		keyLength = obj->DefaultKeyLength();
 	if (displayName)
 		name = displayName;
 	else if (keyLength)
 		name += " (" + IntToString(keyLength * 8) + "-bit key)";
 	member_ptr<T_FactoryOutput> obj(ObjectFactoryRegistry<T_FactoryOutput>::Registry().CreateObject(factoryName));
 	if (!keyLength)
 		keyLength = obj->DefaultKeyLength();
 	obj->SetKey(defaultKey, keyLength, CombinedNameValuePairs(params, MakeParameters(Name::IV(), ConstByteArrayParameter(defaultKey, obj->IVSize()), false)));
 	BenchMark(name.c_str(), *static_cast<T_Interface *>(obj.get()), g_allocatedTime);
 	BenchMarkKeying(*obj, keyLength, CombinedNameValuePairs(params, MakeParameters(Name::IV(), ConstByteArrayParameter(defaultKey, obj->IVSize()), false)));
@ -347,11 +376,10 @@ void BenchmarkAll(double t, double hertz)
 	cout << "</TABLE>" << endl;
 	BenchmarkAll2(t, hertz);
-
+	cout << "Throughput Geometric Average: " << setiosflags(ios::fixed) << exp(logtotal/(logcount ? logcount : 1)) << endl;
 	cout << "Throughput Geometric Average: " << setiosflags(ios::fixed) << exp(logtotal/logcount) << endl;
 // Safer functions on Windows for C&A, https://github.com/weidai11/cryptopp/issues/55
-#if defined(CRYPTOPP_MSC_VERSION)
+#if (CRYPTOPP_MSC_VERSION >= 1400)
 	tm localTime = {};
 	char timeBuf[64];
 	errno_t err;
--- a/bench.h
+++ b/bench.h
@ -1,3 +1,5 @@
 // bench.h - written and placed in the public domain by Wei Dai
 #ifndef CRYPTOPP_BENCH_H
 #define CRYPTOPP_BENCH_H
--- a/bench2.cpp
+++ b/bench2.cpp
@ -48,7 +48,7 @@ void BenchMarkEncryption(const char *name, PK_Encryptor &key, double timeTotal,
 	SecByteBlock plaintext(len), ciphertext(key.CiphertextLength(len));
 	GlobalRNG().GenerateBlock(plaintext, len);
-	clock_t start = clock();
+	const clock_t start = clock();
 	unsigned int i;
 	double timeTaken;
 	for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++)
@ -71,7 +71,7 @@ void BenchMarkDecryption(const char *name, PK_Decryptor &priv, PK_Encryptor &pub
 	GlobalRNG().GenerateBlock(plaintext, len);
 	pub.Encrypt(GlobalRNG(), plaintext, len, ciphertext);
-	clock_t start = clock();
+	const clock_t start = clock();
 	unsigned int i;
 	double timeTaken;
 	for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++)
@ -86,7 +86,7 @@ void BenchMarkSigning(const char *name, PK_Signer &key, double timeTotal, bool p
 	AlignedSecByteBlock message(len), signature(key.SignatureLength());
 	GlobalRNG().GenerateBlock(message, len);
-	clock_t start = clock();
+	const clock_t start = clock();
 	unsigned int i;
 	double timeTaken;
 	for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++)
@ -108,11 +108,15 @@ void BenchMarkVerification(const char *name, const PK_Signer &priv, PK_Verifier
 	GlobalRNG().GenerateBlock(message, len);
 	priv.SignMessage(GlobalRNG(), message, len, signature);
-	clock_t start = clock();
+	const clock_t start = clock();
 	unsigned int i;
 	double timeTaken;
 	for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++)
-		pub.VerifyMessage(message, len, signature, signature.size());
+	{
 		// The return value is ignored because we are interested in throughput
 		bool unused = pub.VerifyMessage(message, len, signature, signature.size());
 		CRYPTOPP_UNUSED(unused);
 	}
 	OutputResultOperations(name, "Verification", pc, i, timeTaken);
@ -127,7 +131,7 @@ void BenchMarkKeyGen(const char *name, SimpleKeyAgreementDomain &d, double timeT
 {
 	SecByteBlock priv(d.PrivateKeyLength()), pub(d.PublicKeyLength());
-	clock_t start = clock();
+	const clock_t start = clock();
 	unsigned int i;
 	double timeTaken;
 	for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++)
@ -146,7 +150,7 @@ void BenchMarkKeyGen(const char *name, AuthenticatedKeyAgreementDomain &d, doubl
 {
 	SecByteBlock priv(d.EphemeralPrivateKeyLength()), pub(d.EphemeralPublicKeyLength());
-	clock_t start = clock();
+	const clock_t start = clock();
 	unsigned int i;
 	double timeTaken;
 	for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++)
@ -169,7 +173,7 @@ void BenchMarkAgreement(const char *name, SimpleKeyAgreementDomain &d, double ti
 	d.GenerateKeyPair(GlobalRNG(), priv2, pub2);
 	SecByteBlock val(d.AgreedValueLength());
-	clock_t start = clock();
+	const clock_t start = clock();
 	unsigned int i;
 	double timeTaken;
 	for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i+=2)
@ -193,7 +197,7 @@ void BenchMarkAgreement(const char *name, AuthenticatedKeyAgreementDomain &d, do
 	d.GenerateEphemeralKeyPair(GlobalRNG(), epriv2, epub2);
 	SecByteBlock val(d.AgreedValueLength());
-	clock_t start = clock();
+	const clock_t start = clock();
 	unsigned int i;
 	double timeTaken;
 	for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i+=2)
--- a/blowfish.h
+++ b/blowfish.h
@ -1,7 +1,7 @@
 // blowfish.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file blowfish.h
-//! \brief Class files for the Blowfish algorithm
+//! \brief Classes for the Blowfish block cipher
 #ifndef CRYPTOPP_BLOWFISH_H
 #define CRYPTOPP_BLOWFISH_H
--- a/blumshub.cpp
+++ b/blumshub.cpp
@ -8,10 +8,10 @@ NAMESPACE_BEGIN(CryptoPP)
 PublicBlumBlumShub::PublicBlumBlumShub(const Integer &n, const Integer &seed)
 	: modn(n),
-	  maxBits(BitPrecision(n.BitCount())-1)
+	  current(modn.Square(modn.Square(seed))),
 	  maxBits(BitPrecision(n.BitCount())-1),
 	  bitsLeft(maxBits)
 {
 	current = modn.Square(modn.Square(seed));
 	bitsLeft = maxBits;
 }
 unsigned int PublicBlumBlumShub::GenerateBit()
--- a/blumshub.h
+++ b/blumshub.h
@ -1,3 +1,9 @@
 // blumshub.h - written and placed in the public domain by Wei Dai
 //! \file
 //! \headerfile blumshub.h
 //! \brief Classes for Blum Blum Shub generator
 #ifndef CRYPTOPP_BLUMSHUB_H
 #define CRYPTOPP_BLUMSHUB_H
@ -22,13 +28,14 @@ public:
 	bool IsSelfInverting() const {return true;}
 	bool IsForwardTransformation() const {return true;}
 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
 	virtual ~PublicBlumBlumShub() {}
 #endif
 protected:
 	ModularArithmetic modn;
 	word maxBits, bitsLeft;
 	Integer current;
-
+	word maxBits, bitsLeft;
 	friend class BlumGoldwasserPublicKey;
 	friend class BlumGoldwasserPrivateKey;
 };
 //! BlumBlumShub with factorization of the modulus
@ -42,6 +49,10 @@ public:
 	bool IsRandomAccess() const {return true;}
 	void Seek(lword index);
 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
 	virtual ~BlumBlumShub() {}
 #endif
 protected:
 	const Integer p, q;
 	const Integer x0;
--- a/camellia.cpp
+++ b/camellia.cpp
@ -13,7 +13,10 @@ See comments at top of rijndael.cpp for more details.
 #include "config.h"
 #if CRYPTOPP_MSC_VERSION
-# pragma warning(disable: 4456 6246)
+# pragma warning(disable: 4456)
 # if (CRYPTOPP_MSC_VERSION >= 1400)
 #  pragma warning(disable: 6246)
 # endif
 #endif
 #include "camellia.h"
--- a/camellia.h
+++ b/camellia.h
@ -1,9 +1,11 @@
 // camellia.h - written and placed in the public domain by Wei Dai
 //! \file camellia.h
 //! \brief Classes for the Cameliia block cipher
 #ifndef CRYPTOPP_CAMELLIA_H
 #define CRYPTOPP_CAMELLIA_H
 /** \file
 */
 #include "config.h"
 #include "seckey.h"
 #include "secblock.h"
--- a/cast.h
+++ b/cast.h
@ -1,9 +1,11 @@
 // cast.h - written and placed in the public domain by Wei Dai
 //! \file cast.h
 //! \brief Classes for the CAST-128 and CAST-256 block ciphers
 #ifndef CRYPTOPP_CAST_H
 #define CRYPTOPP_CAST_H
 /** \file
 */
 #include "seckey.h"
 #include "secblock.h"
--- a/cbcmac.h
+++ b/cbcmac.h
@ -1,3 +1,9 @@
 // cbcmac.h - written and placed in the public domain by Wei Dai
 //! \file
 //! \headerfile cbcmac.h
 //! \brief Classes for CBC MAC
 #ifndef CRYPTOPP_CBCMAC_H
 #define CRYPTOPP_CBCMAC_H
@ -10,7 +16,7 @@ NAMESPACE_BEGIN(CryptoPP)
 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CBC_MAC_Base : public MessageAuthenticationCode
 {
 public:
-	CBC_MAC_Base() {}
+	CBC_MAC_Base() : m_counter(0) {}
 	void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params);
 	void Update(const byte *input, size_t length);
--- a/ccm.h
+++ b/ccm.h
@ -1,3 +1,9 @@
 // ccm.h - written and placed in the public domain by Wei Dai
 //! \file
 //! \headerfile ccm.h
 //! \brief CCM block cipher mode of operation
 #ifndef CRYPTOPP_CCM_H
 #define CRYPTOPP_CCM_H
@ -10,7 +16,7 @@ class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CCM_Base : public AuthenticatedSymmetricCi
 {
 public:
 	CCM_Base()
-		: m_digestSize(0), m_L(0) {}
+		: m_digestSize(0), m_L(0), m_messageLength(0), m_aadLength(0) {}
 	// AuthenticatedSymmetricCipher
 	std::string AlgorithmName() const
--- a/channels.h
+++ b/channels.h
@ -1,11 +1,16 @@
 // channels.h - written and placed in the public domain by Wei Dai
 //! \file
 //! \headerfile channels.h
 //! \brief Classes for multiple named channels
 #ifndef CRYPTOPP_CHANNELS_H
 #define CRYPTOPP_CHANNELS_H
 #include "cryptlib.h"
 #include "simple.h"
 #include "smartptr.h"
-#include <map>
+#include "stdcpp.h"
 #include <list>
 NAMESPACE_BEGIN(CryptoPP)
@ -64,18 +69,23 @@ class ChannelSwitch;
 class ChannelRouteIterator : public ChannelSwitchTypedefs
 {
 public:
 	ChannelRouteIterator(ChannelSwitch &cs) : m_cs(cs), m_useDefault(false) {}
 	void Reset(const std::string &channel);
 	bool End() const;
 	void Next();
 	BufferedTransformation & Destination();
 	const std::string & Channel();
 	ChannelSwitch& m_cs;
 	std::string m_channel;
 	bool m_useDefault;
 	MapIterator m_itMapCurrent, m_itMapEnd;
 	ListIterator m_itListCurrent, m_itListEnd;
-	ChannelRouteIterator(ChannelSwitch &cs) : m_cs(cs) {}
+protected:
-	void Reset(const std::string &channel);
+	// Hide this to see if we break something...
-	bool End() const;
+	ChannelRouteIterator();
 	void Next();
 	BufferedTransformation & Destination();
 	const std::string & Channel();
 };
 //! Route input to different and/or multiple channels based on channel ID
--- a/cmac.cpp
+++ b/cmac.cpp
@ -57,6 +57,7 @@ void CMAC_Base::UncheckedSetKey(const byte *key, unsigned int length, const Name
 void CMAC_Base::Update(const byte *input, size_t length)
 {
 	assert((input && length) || !(input || length));
 	if (!length)
 		return;
@ -65,11 +66,14 @@ void CMAC_Base::Update(const byte *input, size_t length)
 	if (m_counter > 0)
 	{
-		unsigned int len = UnsignedMin(blockSize - m_counter, length);
+		const unsigned int len = UnsignedMin(blockSize - m_counter, length);
-		xorbuf(m_reg+m_counter, input, len);
+		if (len)
-		length -= len;
+		{
-		input += len;
+			xorbuf(m_reg+m_counter, input, len);
-		m_counter += len;
+			length -= len;
 			input += len;
 			m_counter += len;
 		}
 		if (m_counter == blockSize && length > 0)
 		{
--- a/cmac.h
+++ b/cmac.h
@ -1,3 +1,9 @@
 // cmac.h - written and placed in the public domain by Wei Dai
 //! \file
 //! \headerfile cmac.h
 //! \brief Classes for CMAC message authentication code
 #ifndef CRYPTOPP_CMAC_H
 #define CRYPTOPP_CMAC_H
@ -10,7 +16,7 @@ NAMESPACE_BEGIN(CryptoPP)
 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CMAC_Base : public MessageAuthenticationCode
 {
 public:
-	CMAC_Base() {}
+	CMAC_Base() : m_counter(0) {}
 	void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params);
 	void Update(const byte *input, size_t length);
--- a/config.h
+++ b/config.h
@ -1,3 +1,8 @@
 // config.h - written and placed in the public domain by Wei Dai
 //! \file config.h
 //! \brief Library configuration file
 #ifndef CRYPTOPP_CONFIG_H
 #define CRYPTOPP_CONFIG_H
@ -54,8 +59,16 @@
 # endif
 #endif
 // Define this if you want or need the library's memcpy_s and memmove_s.
 //   See http://github.com/weidai11/cryptopp/issues/28.
 // #if !defined(CRYPTOPP_WANT_SECURE_LIB)
 // # define CRYPTOPP_WANT_SECURE_LIB
 // #endif
 // File system code to write to GZIP archive.
-#define GZIP_OS_CODE 0
+#if !defined(GZIP_OS_CODE)
 # define GZIP_OS_CODE 0
 #endif
 // Try this if your CPU has 256K internal cache or a slow multiply instruction
 // and you want a (possibly) faster IDEA implementation using log tables
@ -90,7 +103,7 @@
 #if defined(CRYPTOPP_INIT_PRIORITY) && (CRYPTOPP_INIT_PRIORITY > 0)
 # define CRYPTOPP_USER_PRIORITY (CRYPTOPP_INIT_PRIORITY + 101)
 #else
-# define CRYPTOPP_USER_PRIORITY 500
+# define CRYPTOPP_USER_PRIORITY 250
 #endif
 // ***************** Important Settings Again ********************
@ -113,8 +126,8 @@
 //! \details Nearly all classes are located in the CryptoPP namespace. Within
 //!   the namespace, there are two additional namespaces.
 //!   <ul>
-//!     <li>Name - the namespace for names used with \p NameValuePairs and documented in argnames.h
+//!     <li>Name - namespace for names used with \p NameValuePairs and documented in argnames.h
-//!     <li>Weak - the namespace for weak and wounded algorithms, like ARC4, MD5 and Pananma
+//!     <li>Weak - namespace for weak and wounded algorithms, like ARC4, MD5 and Pananma
 //!   </ul>
 namespace CryptoPP { }
 // Bring in the symbols fund in the weak namespace; and fold Weak1 into Weak
@ -126,12 +139,15 @@ namespace CryptoPP { }
 #       define NAMESPACE_END
 // Get Doxygen to generate better documentation for these typedefs
 #       define DOCUMENTED_TYPEDEF(x, y) class y : public x {};
 // Make "protected" "private" so the functions and members are not documented
 #		define protected private
 #else
 #       define NAMESPACE_BEGIN(x) namespace x {
 #       define NAMESPACE_END }
 #       define DOCUMENTED_TYPEDEF(x, y) typedef x y;
 #endif
 #define ANONYMOUS_NAMESPACE_BEGIN namespace {
 #define ANONYMOUS_NAMESPACE_END }
 #define USING_NAMESPACE(x) using namespace x;
 #define DOCUMENTED_NAMESPACE_BEGIN(x) namespace x {
 #define DOCUMENTED_NAMESPACE_END }
@ -175,32 +191,31 @@ const lword LWORD_MAX = W64LIT(0xffffffffffffffff);
 	#define CRYPTOPP_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
 #endif
-#ifdef __clang__
+// Apple and LLVM's Clang. Apple Clang version 7.0 roughly equals LLVM Clang version 3.7
 #if defined(__clang__ ) && !defined(__apple_build_version__)
 	#define CRYPTOPP_CLANG_VERSION (__clang_major__ * 10000 + __clang_minor__ * 100 + __clang_patchlevel__)
 #elif defined(__clang__ ) && defined(__apple_build_version__)
 	#define CRYPTOPP_APPLE_CLANG_VERSION (__clang_major__ * 10000 + __clang_minor__ * 100 + __clang_patchlevel__)
 #endif
 #ifdef _MSC_VER
 	#define CRYPTOPP_MSC_VERSION (_MSC_VER)
 #endif
-// Need GCC 4.6/Clang 1.7 or above due to "GCC diagnostic {push|pop}"
+// Need GCC 4.6/Clang 1.7/Apple Clang 2.0 or above due to "GCC diagnostic {push|pop}"
-#if (CRYPTOPP_GCC_VERSION >= 40600) || (CRYPTOPP_CLANG_VERSION >= 10700)
+#if (CRYPTOPP_GCC_VERSION >= 40600) || (CRYPTOPP_CLANG_VERSION >= 10700) || (CRYPTOPP_APPLE_CLANG_VERSION >= 20000)
 	#define CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE 1
 #endif
-// Detect availabliltiy of int128_t and uint128_t in preprocessor, http://gcc.gnu.org/ml/gcc-help/2015-08/msg00185.html.
+// Clang due to "Inline assembly operands don't work with .intel_syntax", http://llvm.org/bugs/show_bug.cgi?id=24232
-// Both GCC and Clang respond to it.
+//   TODO: supply the upper version when LLVM fixes it. We set it to 20.0 for compilation purposes.
-#if ((defined(__GNUC__) || defined(__clang__) || defined(_INTEL_COMPILER)) && (__SIZEOF_INT128__ >= 16))
+#if (defined(CRYPTOPP_CLANG_VERSION) && CRYPTOPP_CLANG_VERSION <= 200000) || (defined(CRYPTOPP_APPLE_CLANG_VERSION) && CRYPTOPP_APPLE_CLANG_VERSION <= 200000)
-	#define CRYPTOPP_NATIVE_DWORD_AVAILABLE
+	#define CRYPTOPP_DISABLE_INTEL_ASM 1
-	#define CRYPTOPP_WORD128_AVAILABLE
+#endif
 	typedef word32 hword;
 	typedef word64 word;
 	typedef __uint128_t dword;
 	typedef __uint128_t word128;
 // define hword, word, and dword. these are used for multiprecision integer arithmetic
 // Intel compiler won't have _umul128 until version 10.0. See http://softwarecommunity.intel.com/isn/Community/en-US/forums/thread/30231625.aspx
-#elif (defined(_MSC_VER) && (!defined(__INTEL_COMPILER) || __INTEL_COMPILER >= 1000) && (defined(_M_X64) || defined(_M_IA64))) || (defined(__DECCXX) && defined(__alpha__)) || (defined(__INTEL_COMPILER) && defined(__x86_64__)) || (defined(__SUNPRO_CC) && defined(__x86_64__))
+#if (defined(_MSC_VER) && (!defined(__INTEL_COMPILER) || __INTEL_COMPILER >= 1000) && (defined(_M_X64) || defined(_M_IA64))) || (defined(__DECCXX) && defined(__alpha__)) || (defined(__INTEL_COMPILER) && (__INTEL_COMPILER < 1000) && defined(__x86_64__)) || (defined(__SUNPRO_CC) && defined(__x86_64__))
 	typedef word32 hword;
 	typedef word64 word;
 #else
@ -214,12 +229,26 @@ const lword LWORD_MAX = W64LIT(0xffffffffffffffff);
 			typedef word64 word;
 			typedef __uint128_t dword;
 			typedef __uint128_t word128;
 		#elif defined(__GNUC__) && (__SIZEOF_INT128__ >= 16)
 			// Detect availabliltiy of int128_t and uint128_t in preprocessor, http://gcc.gnu.org/ml/gcc-help/2015-08/msg00185.html.
 			#define CRYPTOPP_WORD128_AVAILABLE
 			typedef word32 hword;
 			typedef word64 word;
 			typedef __uint128_t dword;
 			typedef __uint128_t word128;	
 		#else
 			// if we're here, it means we're on a 64-bit CPU but we don't have a way to obtain 128-bit multiplication results
 			typedef word16 hword;
 			typedef word32 word;
 			typedef word64 dword;
 		#endif
 	#elif defined(__GNUC__) && (__SIZEOF_INT128__ >= 16)
 		// Detect availabliltiy of int128_t and uint128_t in preprocessor, http://gcc.gnu.org/ml/gcc-help/2015-08/msg00185.html.
 		#define CRYPTOPP_WORD128_AVAILABLE
 		typedef word32 hword;
 		typedef word64 word;
 		typedef __uint128_t dword;
 		typedef __uint128_t word128;	
 	#else
 		// being here means the native register size is probably 32 bits or less
 		#define CRYPTOPP_BOOL_SLOW_WORD64 1
@ -233,7 +262,7 @@ const lword LWORD_MAX = W64LIT(0xffffffffffffffff);
 #endif
 // Produce a compiler error. It can be commented out, but you may not get the benefit of the fastest integers.
-#if (__SIZEOF_INT128__ >= 16) && !defined(CRYPTOPP_WORD128_AVAILABLE)
+#if (__SIZEOF_INT128__ >= 16) && !defined(CRYPTOPP_WORD128_AVAILABLE) && !defined(__aarch64__)
 # error "An int128_t and uint128_t are available, but CRYPTOPP_WORD128_AVAILABLE is not defined"
 #endif
@ -352,6 +381,11 @@ NAMESPACE_END
 #define CRYPTOPP_DISABLE_SSE2
 #endif
 // Apple's Clang prior to 5.0 cannot handle SSE2 (and Apple does not use LLVM Clang numbering...)
 #if defined(CRYPTOPP_APPLE_CLANG_VERSION) && (CRYPTOPP_APPLE_CLANG_VERSION < 50000)
 # define CRYPTOPP_DISABLE_ASM
 #endif
 #if !defined(CRYPTOPP_DISABLE_ASM) && ((defined(_MSC_VER) && defined(_M_IX86)) || (defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__))))
 	// C++Builder 2010 does not allow "call label" where label is defined within inline assembly
 	#define CRYPTOPP_X86_ASM_AVAILABLE
@ -380,7 +414,7 @@ NAMESPACE_END
 	#define CRYPTOPP_X64_ASM_AVAILABLE
 #endif
-#if !defined(CRYPTOPP_DISABLE_SSE2) && (defined(CRYPTOPP_MSVC6PP_OR_LATER) || defined(__SSE2__) || defined(__AES__))
+#if !defined(CRYPTOPP_DISABLE_SSE2) && (defined(CRYPTOPP_MSVC6PP_OR_LATER) || defined(__SSE2__))
 	#define CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE 1
 #else
 	#define CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE 0
@ -401,6 +435,8 @@ NAMESPACE_END
 // how to allocate 16-byte aligned memory (for SSE2)
 #if defined(CRYPTOPP_MSVC6PP_OR_LATER)
 	#define CRYPTOPP_MM_MALLOC_AVAILABLE
 #elif defined(__APPLE__)
 	#define CRYPTOPP_APPLE_MALLOC_AVAILABLE
 #elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
 	#define CRYPTOPP_MALLOC_ALIGNMENT_IS_16
 #elif defined(__linux__) || defined(__sun__) || defined(__CYGWIN__)
@ -409,6 +445,9 @@ NAMESPACE_END
 	#define CRYPTOPP_NO_ALIGNED_ALLOC
 #endif
 // Apple always provides 16-byte aligned, and tells us to use calloc
 // http://developer.apple.com/library/mac/documentation/Performance/Conceptual/ManagingMemory/Articles/MemoryAlloc.html
 // how to disable inlining
 #if defined(_MSC_VER) && _MSC_VER >= 1300
 #	define CRYPTOPP_NOINLINE_DOTDOTDOT
@ -462,13 +501,6 @@ NAMESPACE_END
 #endif
 #endif
 // For use in template parameters; also see CRYPTOPP_BOOL_ALIGN16 for MMX and above.
 #if defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS)
 	#define CRYPTOPP_BOOL_ALIGN 0
 #else
 	#define CRYPTOPP_BOOL_ALIGN 1
 #endif
 // ***************** determine availability of OS features ********************
 #ifndef NO_OS_DEPENDENCE
@ -547,7 +579,7 @@ NAMESPACE_END
 #define CRYPTOPP_API __cdecl
-#else	// CRYPTOPP_WIN32_AVAILABLE
+#else	// not CRYPTOPP_WIN32_AVAILABLE
 #define CRYPTOPP_DLL
 #define CRYPTOPP_API
@ -583,12 +615,14 @@ NAMESPACE_END
 #endif
 // ************** Unused variable ***************
-// Portable way to suppress warning
+
 // Portable way to suppress warnings.
 //   Moved from misc.h due to circular depenedencies.
 #define CRYPTOPP_UNUSED(x) ((void)x)
 // ***************** C++11 related ********************
-// Visual Studio and C++11 language features began at Visual Studio 2010, http://msdn.microsoft.com/en-us/library/hh567368%28v=vs.110%29.aspx.
+// Visual Studio began at VS2010, http://msdn.microsoft.com/en-us/library/hh567368%28v=vs.110%29.aspx.
 // Intel and C++11 language features, http://software.intel.com/en-us/articles/c0x-features-supported-by-intel-c-compiler
 // GCC and C++11 language features, http://gcc.gnu.org/projects/cxx0x.html
 // Clang and C++11 language features, http://clang.llvm.org/cxx_status.html
@ -601,8 +635,8 @@ NAMESPACE_END
 //   way. However, modern standard libraries have <forward_list>, so we test for it instead.
 //   Thanks to Jonathan Wakely for devising the clever test for modern/ancient versions.
 // TODO: test under Xcode 3, where g++ is really g++.
-#if defined(__clang__)
+#if defined(__APPLE__) && defined(__clang__)
-#  if !(__has_include(<forward_list>))
+#  if !(defined(__has_include) && __has_include(<forward_list>))
 #    undef CRYPTOPP_CXX11
 #  endif
 #endif
@ -610,18 +644,22 @@ NAMESPACE_END
 // C++11 or C++14 is available
 #if defined(CRYPTOPP_CXX11) 
-// alignof/alignas: MS at VS2013 (18.00); GCC at 4.8; Clang at 3.3; and Intel 15.0.
+// alignof/alignas: MS at VS2013 (19.00); GCC at 4.8; Clang at 3.3; and Intel 15.0.
-#if (CRYPTOPP_MSC_VERSION >= 1800)
+#if (CRYPTOPP_MSC_VERSION >= 1900)
 #  define CRYPTOPP_CXX11_ALIGNAS 1
 #  define CRYPTOPP_CXX11_ALIGNOF 1
 #elif defined(__INTEL_COMPILER) && (__INTEL_COMPILER >= 1500)
 #  define CRYPTOPP_CXX11_ALIGNAS 1
 #  define CRYPTOPP_CXX11_ALIGNOF 1
 #elif defined(__clang__)
 #  if __has_feature(cxx_alignof)
-#    define CRYPTOPP_CXX11_ALIGNOF 1
+#  define CRYPTOPP_CXX11_ALIGNAS 1
 #  define CRYPTOPP_CXX11_ALIGNOF 1
 #  endif
 #elif (CRYPTOPP_GCC_VERSION >= 40800)
 #  define CRYPTOPP_CXX11_ALIGNAS 1
 #  define CRYPTOPP_CXX11_ALIGNOF 1
-#endif
+#endif // alignof/alignas
 // noexcept: MS at VS2015 (19.00); GCC at 4.6; Clang at 3.0; and Intel 14.0.
 #if (CRYPTOPP_MSC_VERSION >= 1900)
@ -647,7 +685,7 @@ NAMESPACE_END
 #  endif
 #elif (CRYPTOPP_GCC_VERSION >= 40300)
 #  define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1
-#endif // noexcept compilers
+#endif // variadic templates
 // TODO: Emplacement, R-values and Move semantics
 // Needed because we are catching warnings with GCC and MSC
--- a/config.recommend
+++ b/config.recommend
@ -1,3 +1,8 @@
 // config.h - written and placed in the public domain by Wei Dai
 //! \file config.h
 //! \brief Library configuration file
 #ifndef CRYPTOPP_CONFIG_H
 #define CRYPTOPP_CONFIG_H
@ -54,8 +59,16 @@
 # endif
 #endif
 // Define this if you want or need the library's memcpy_s and memmove_s.
 //   See http://github.com/weidai11/cryptopp/issues/28.
 // #if !defined(CRYPTOPP_WANT_SECURE_LIB)
 // # define CRYPTOPP_WANT_SECURE_LIB
 // #endif
 // File system code to write to GZIP archive.
-#define GZIP_OS_CODE 0
+#if !defined(GZIP_OS_CODE)
 # define GZIP_OS_CODE 0
 #endif
 // Try this if your CPU has 256K internal cache or a slow multiply instruction
 // and you want a (possibly) faster IDEA implementation using log tables
@ -66,9 +79,14 @@
 // CACM paper.
 // #define LCRNG_ORIGINAL_NUMBERS
-// choose which style of sockets to wrap (mostly useful for cygwin which has both)
+// choose which style of sockets to wrap (mostly useful for MinGW which has both)
-#define PREFER_BERKELEY_STYLE_SOCKETS
+#if !defined(NO_BERKELEY_STYLE_SOCKETS) && !defined(PREFER_BERKELEY_STYLE_SOCKETS)
-// #define PREFER_WINDOWS_STYLE_SOCKETS
+# define PREFER_BERKELEY_STYLE_SOCKETS
 #endif
 // #if !defined(NO_WINDOWS_STYLE_SOCKETS) && !defined(PREFER_WINDOWS_STYLE_SOCKETS)
 // # define PREFER_WINDOWS_STYLE_SOCKETS
 // #endif
 // set the name of Rijndael cipher, was "Rijndael" before version 5.3
 #define CRYPTOPP_RIJNDAEL_NAME "AES"
@ -85,7 +103,7 @@
 #if defined(CRYPTOPP_INIT_PRIORITY) && (CRYPTOPP_INIT_PRIORITY > 0)
 # define CRYPTOPP_USER_PRIORITY (CRYPTOPP_INIT_PRIORITY + 101)
 #else
-# define CRYPTOPP_USER_PRIORITY 500
+# define CRYPTOPP_USER_PRIORITY 250
 #endif
 // ***************** Important Settings Again ********************
@ -102,18 +120,34 @@
 #define WORKAROUND_MS_BUG_Q258000
 #ifdef CRYPTOPP_DOXYGEN_PROCESSING
 // Document the namespce exists. Put it here before CryptoPP is undefined below.
 //! \namespace CryptoPP
 //! \brief Crypto++ library namespace
 //! \details Nearly all classes are located in the CryptoPP namespace. Within
 //!   the namespace, there are two additional namespaces.
 //!   <ul>
 //!     <li>Name - namespace for names used with \p NameValuePairs and documented in argnames.h
 //!     <li>Weak - namespace for weak and wounded algorithms, like ARC4, MD5 and Pananma
 //!   </ul>
 namespace CryptoPP { }
 // Bring in the symbols fund in the weak namespace; and fold Weak1 into Weak
 #		define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
 #		define Weak1 Weak
 // Avoid putting "CryptoPP::" in front of everything in Doxygen output
-#	define CryptoPP
+#       define CryptoPP
-#	define NAMESPACE_BEGIN(x)
+#       define NAMESPACE_BEGIN(x)
-#	define NAMESPACE_END
+#       define NAMESPACE_END
 // Get Doxygen to generate better documentation for these typedefs
-#	define DOCUMENTED_TYPEDEF(x, y) class y : public x {};
+#       define DOCUMENTED_TYPEDEF(x, y) class y : public x {};
 // Make "protected" "private" so the functions and members are not documented
 #		define protected private
 #else
-#	define NAMESPACE_BEGIN(x) namespace x {
+#       define NAMESPACE_BEGIN(x) namespace x {
-#	define NAMESPACE_END }
+#       define NAMESPACE_END }
-#	define DOCUMENTED_TYPEDEF(x, y) typedef x y;
+#       define DOCUMENTED_TYPEDEF(x, y) typedef x y;
 #endif
 #define ANONYMOUS_NAMESPACE_BEGIN namespace {
 #define ANONYMOUS_NAMESPACE_END }
 #define USING_NAMESPACE(x) using namespace x;
 #define DOCUMENTED_NAMESPACE_BEGIN(x) namespace x {
 #define DOCUMENTED_NAMESPACE_END }
@ -157,32 +191,31 @@ const lword LWORD_MAX = W64LIT(0xffffffffffffffff);
 	#define CRYPTOPP_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
 #endif
-#ifdef __clang__
+// Apple and LLVM's Clang. Apple Clang version 7.0 roughly equals LLVM Clang version 3.7
 #if defined(__clang__ ) && !defined(__apple_build_version__)
 	#define CRYPTOPP_CLANG_VERSION (__clang_major__ * 10000 + __clang_minor__ * 100 + __clang_patchlevel__)
 #elif defined(__clang__ ) && defined(__apple_build_version__)
 	#define CRYPTOPP_APPLE_CLANG_VERSION (__clang_major__ * 10000 + __clang_minor__ * 100 + __clang_patchlevel__)
 #endif
 #ifdef _MSC_VER
 	#define CRYPTOPP_MSC_VERSION (_MSC_VER)
 #endif
-// Need GCC 4.6/Clang 1.7 or above due to "GCC diagnostic {push|pop}"
+// Need GCC 4.6/Clang 1.7/Apple Clang 2.0 or above due to "GCC diagnostic {push|pop}"
-#if (CRYPTOPP_GCC_VERSION >= 40600) || (CRYPTOPP_CLANG_VERSION >= 10700)
+#if (CRYPTOPP_GCC_VERSION >= 40600) || (CRYPTOPP_CLANG_VERSION >= 10700) || (CRYPTOPP_APPLE_CLANG_VERSION >= 20000)
 	#define CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE 1
 #endif
-// Detect availabliltiy of int128_t and uint128_t in preprocessor, http://gcc.gnu.org/ml/gcc-help/2015-08/msg00185.html.
+// Clang due to "Inline assembly operands don't work with .intel_syntax", http://llvm.org/bugs/show_bug.cgi?id=24232
-// Both GCC and Clang respond to it.
+//   TODO: supply the upper version when LLVM fixes it. We set it to 20.0 for compilation purposes.
-#if ((defined(__GNUC__) || defined(__clang__) || defined(_INTEL_COMPILER)) && (__SIZEOF_INT128__ >= 16))
+#if (defined(CRYPTOPP_CLANG_VERSION) && CRYPTOPP_CLANG_VERSION <= 200000) || (defined(CRYPTOPP_APPLE_CLANG_VERSION) && CRYPTOPP_APPLE_CLANG_VERSION <= 200000)
-	#define CRYPTOPP_NATIVE_DWORD_AVAILABLE
+	#define CRYPTOPP_DISABLE_INTEL_ASM 1
-	#define CRYPTOPP_WORD128_AVAILABLE
+#endif
 	typedef word32 hword;
 	typedef word64 word;
 	typedef __uint128_t dword;
 	typedef __uint128_t word128;
 // define hword, word, and dword. these are used for multiprecision integer arithmetic
 // Intel compiler won't have _umul128 until version 10.0. See http://softwarecommunity.intel.com/isn/Community/en-US/forums/thread/30231625.aspx
-#elif (defined(_MSC_VER) && (!defined(__INTEL_COMPILER) || __INTEL_COMPILER >= 1000) && (defined(_M_X64) || defined(_M_IA64))) || (defined(__DECCXX) && defined(__alpha__)) || (defined(__INTEL_COMPILER) && defined(__x86_64__)) || (defined(__SUNPRO_CC) && defined(__x86_64__))
+#if (defined(_MSC_VER) && (!defined(__INTEL_COMPILER) || __INTEL_COMPILER >= 1000) && (defined(_M_X64) || defined(_M_IA64))) || (defined(__DECCXX) && defined(__alpha__)) || (defined(__INTEL_COMPILER) && (__INTEL_COMPILER < 1000) && defined(__x86_64__)) || (defined(__SUNPRO_CC) && defined(__x86_64__))
 	typedef word32 hword;
 	typedef word64 word;
 #else
@ -196,12 +229,26 @@ const lword LWORD_MAX = W64LIT(0xffffffffffffffff);
 			typedef word64 word;
 			typedef __uint128_t dword;
 			typedef __uint128_t word128;
 		#elif defined(__GNUC__) && (__SIZEOF_INT128__ >= 16)
 			// Detect availabliltiy of int128_t and uint128_t in preprocessor, http://gcc.gnu.org/ml/gcc-help/2015-08/msg00185.html.
 			#define CRYPTOPP_WORD128_AVAILABLE
 			typedef word32 hword;
 			typedef word64 word;
 			typedef __uint128_t dword;
 			typedef __uint128_t word128;	
 		#else
 			// if we're here, it means we're on a 64-bit CPU but we don't have a way to obtain 128-bit multiplication results
 			typedef word16 hword;
 			typedef word32 word;
 			typedef word64 dword;
 		#endif
 	#elif defined(__GNUC__) && (__SIZEOF_INT128__ >= 16)
 		// Detect availabliltiy of int128_t and uint128_t in preprocessor, http://gcc.gnu.org/ml/gcc-help/2015-08/msg00185.html.
 		#define CRYPTOPP_WORD128_AVAILABLE
 		typedef word32 hword;
 		typedef word64 word;
 		typedef __uint128_t dword;
 		typedef __uint128_t word128;	
 	#else
 		// being here means the native register size is probably 32 bits or less
 		#define CRYPTOPP_BOOL_SLOW_WORD64 1
@ -215,7 +262,7 @@ const lword LWORD_MAX = W64LIT(0xffffffffffffffff);
 #endif
 // Produce a compiler error. It can be commented out, but you may not get the benefit of the fastest integers.
-#if (__SIZEOF_INT128__ >= 16) && !defined(CRYPTOPP_WORD128_AVAILABLE)
+#if (__SIZEOF_INT128__ >= 16) && !defined(CRYPTOPP_WORD128_AVAILABLE) && !defined(__aarch64__)
 # error "An int128_t and uint128_t are available, but CRYPTOPP_WORD128_AVAILABLE is not defined"
 #endif
@ -334,6 +381,11 @@ NAMESPACE_END
 #define CRYPTOPP_DISABLE_SSE2
 #endif
 // Apple's Clang prior to 5.0 cannot handle SSE2 (and Apple does not use LLVM Clang numbering...)
 #if defined(CRYPTOPP_APPLE_CLANG_VERSION) && (CRYPTOPP_APPLE_CLANG_VERSION < 50000)
 # define CRYPTOPP_DISABLE_ASM
 #endif
 #if !defined(CRYPTOPP_DISABLE_ASM) && ((defined(_MSC_VER) && defined(_M_IX86)) || (defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__))))
 	// C++Builder 2010 does not allow "call label" where label is defined within inline assembly
 	#define CRYPTOPP_X86_ASM_AVAILABLE
@ -362,7 +414,7 @@ NAMESPACE_END
 	#define CRYPTOPP_X64_ASM_AVAILABLE
 #endif
-#if !defined(CRYPTOPP_DISABLE_SSE2) && (defined(CRYPTOPP_MSVC6PP_OR_LATER) || defined(__SSE2__) || defined(__AES__))
+#if !defined(CRYPTOPP_DISABLE_SSE2) && (defined(CRYPTOPP_MSVC6PP_OR_LATER) || defined(__SSE2__))
 	#define CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE 1
 #else
 	#define CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE 0
@ -383,6 +435,8 @@ NAMESPACE_END
 // how to allocate 16-byte aligned memory (for SSE2)
 #if defined(CRYPTOPP_MSVC6PP_OR_LATER)
 	#define CRYPTOPP_MM_MALLOC_AVAILABLE
 #elif defined(__APPLE__)
 	#define CRYPTOPP_APPLE_MALLOC_AVAILABLE
 #elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
 	#define CRYPTOPP_MALLOC_ALIGNMENT_IS_16
 #elif defined(__linux__) || defined(__sun__) || defined(__CYGWIN__)
@ -391,6 +445,9 @@ NAMESPACE_END
 	#define CRYPTOPP_NO_ALIGNED_ALLOC
 #endif
 // Apple always provides 16-byte aligned, and tells us to use calloc
 // http://developer.apple.com/library/mac/documentation/Performance/Conceptual/ManagingMemory/Articles/MemoryAlloc.html
 // how to disable inlining
 #if defined(_MSC_VER) && _MSC_VER >= 1300
 #	define CRYPTOPP_NOINLINE_DOTDOTDOT
@ -444,13 +501,6 @@ NAMESPACE_END
 #endif
 #endif
 // For use in template parameters; also see CRYPTOPP_BOOL_ALIGN16_ENABLED.
 #if defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS)
 	#define CRYPTOPP_BOOL_ALIGN 0
 #else
 	#define CRYPTOPP_BOOL_ALIGN 1
 #endif
 // ***************** determine availability of OS features ********************
 #ifndef NO_OS_DEPENDENCE
@ -463,6 +513,10 @@ NAMESPACE_END
 #define CRYPTOPP_UNIX_AVAILABLE
 #endif
 #if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
 #define CRYPTOPP_BSD_AVAILABLE
 #endif
 #if defined(CRYPTOPP_WIN32_AVAILABLE) || defined(CRYPTOPP_UNIX_AVAILABLE)
 #	define HIGHRES_TIMER_AVAILABLE
 #endif
@ -525,7 +579,7 @@ NAMESPACE_END
 #define CRYPTOPP_API __cdecl
-#else	// CRYPTOPP_WIN32_AVAILABLE
+#else	// not CRYPTOPP_WIN32_AVAILABLE
 #define CRYPTOPP_DLL
 #define CRYPTOPP_API
@ -561,14 +615,16 @@ NAMESPACE_END
 #endif
 // ************** Unused variable ***************
-// Portable way to suppress warning
+
 // Portable way to suppress warnings.
 //   Moved from misc.h due to circular depenedencies.
 #define CRYPTOPP_UNUSED(x) ((void)x)
 // ***************** C++11 related ********************
-// Visual Studio and C++11 language features began at Visual Studio 2010, https://msdn.microsoft.com/en-us/library/hh567368%28v=vs.110%29.aspx.
+// Visual Studio began at VS2010, http://msdn.microsoft.com/en-us/library/hh567368%28v=vs.110%29.aspx.
-// Intel and C++11 language features, https://software.intel.com/en-us/articles/c0x-features-supported-by-intel-c-compiler
+// Intel and C++11 language features, http://software.intel.com/en-us/articles/c0x-features-supported-by-intel-c-compiler
-// GCC and C++11 language features, https://gcc.gnu.org/projects/cxx0x.html
+// GCC and C++11 language features, http://gcc.gnu.org/projects/cxx0x.html
 // Clang and C++11 language features, http://clang.llvm.org/cxx_status.html
 #if (_MSC_VER >= 1600) || (__cplusplus >= 201103L)
 # define CRYPTOPP_CXX11 1
@ -579,8 +635,8 @@ NAMESPACE_END
 //   way. However, modern standard libraries have <forward_list>, so we test for it instead.
 //   Thanks to Jonathan Wakely for devising the clever test for modern/ancient versions.
 // TODO: test under Xcode 3, where g++ is really g++.
-#if defined(__clang__)
+#if defined(__APPLE__) && defined(__clang__)
-#  if !(__has_include(<forward_list>))
+#  if !(defined(__has_include) && __has_include(<forward_list>))
 #    undef CRYPTOPP_CXX11
 #  endif
 #endif
@ -588,17 +644,54 @@ NAMESPACE_END
 // C++11 or C++14 is available
 #if defined(CRYPTOPP_CXX11) 
 // alignof/alignas: MS at VS2013 (19.00); GCC at 4.8; Clang at 3.3; and Intel 15.0.
 #if (CRYPTOPP_MSC_VERSION >= 1900)
 #  define CRYPTOPP_CXX11_ALIGNAS 1
 #  define CRYPTOPP_CXX11_ALIGNOF 1
 #elif defined(__INTEL_COMPILER) && (__INTEL_COMPILER >= 1500)
 #  define CRYPTOPP_CXX11_ALIGNAS 1
 #  define CRYPTOPP_CXX11_ALIGNOF 1
 #elif defined(__clang__)
 #  if __has_feature(cxx_alignof)
 #  define CRYPTOPP_CXX11_ALIGNAS 1
 #  define CRYPTOPP_CXX11_ALIGNOF 1
 #  endif
 #elif (CRYPTOPP_GCC_VERSION >= 40800)
 #  define CRYPTOPP_CXX11_ALIGNAS 1
 #  define CRYPTOPP_CXX11_ALIGNOF 1
 #endif // alignof/alignas
 // noexcept: MS at VS2015 (19.00); GCC at 4.6; Clang at 3.0; and Intel 14.0.
-#if (_MSC_VER >= 1900) || (__INTEL_COMPILER >= 1400)
+#if (CRYPTOPP_MSC_VERSION >= 1900)
 #  define CRYPTOPP_CXX11_NOEXCEPT 1
 #elif defined(__INTEL_COMPILER) && (__INTEL_COMPILER >= 1400)
 #  define CRYPTOPP_CXX11_NOEXCEPT 1
 #elif defined(__clang__)
 #  if __has_feature(cxx_noexcept)
 #    define CRYPTOPP_CXX11_NOEXCEPT 1
 #  endif
-#elif (__GNUC__ >= 5 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
+#elif (CRYPTOPP_GCC_VERSION >= 40600)
 #  define CRYPTOPP_CXX11_NOEXCEPT 1
 #endif // noexcept compilers
 // variadic templates: MS at VS2013 (18.00); GCC at 4.3; Clang at 2.9; and Intel 12.1.
 #if (CRYPTOPP_MSC_VERSION >= 1800)
 #  define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1
 #elif defined(__INTEL_COMPILER) && (__INTEL_COMPILER >= 1210)
 #  define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1
 #elif defined(__clang__)
 #  if __has_feature(cxx_variadic_templates)
 #    define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1
 #  endif
 #elif (CRYPTOPP_GCC_VERSION >= 40300)
 #  define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1
 #endif // variadic templates
 // TODO: Emplacement, R-values and Move semantics
 // Needed because we are catching warnings with GCC and MSC
 #endif // CRYPTOPP_CXX11
 #if defined(CRYPTOPP_CXX11_NOEXCEPT)
 #  define CRYPTOPP_THROW noexcept(false)
 #  define CRYPTOPP_NO_THROW noexcept(true)
@ -607,13 +700,6 @@ NAMESPACE_END
 #  define CRYPTOPP_NO_THROW
 #endif // CRYPTOPP_CXX11_NOEXCEPT
 #endif // CRYPTOPP_CXX11
 #if !defined(CRYPTOPP_CXX11_NOEXCEPT)
 #  define CRYPTOPP_THROW
 #  define CRYPTOPP_NO_THROW
 #endif
 // OK to comment the following out, but please report it so we can fix it.
 #if (defined(__cplusplus) && (__cplusplus >= 199711L)) && !defined(CRYPTOPP_UNCAUGHT_EXCEPTION_AVAILABLE)
 # error "std::uncaught_exception is not available. This is likely a configuration error."
--- a/cpu.cpp
+++ b/cpu.cpp
@ -83,11 +83,15 @@ bool CpuId(word32 input, word32 output[4])
 	return true;
 #else
 	// longjmp and clobber warnings. Volatile is required.
 	// http://github.com/weidai11/cryptopp/issues/24
 	// http://stackoverflow.com/q/7721854
 	volatile bool result = true;
 	SigHandler oldHandler = signal(SIGILL, SigIllHandlerCPUID);
 	if (oldHandler == SIG_ERR)
-		return false;
+		result = false;
 	bool result = true;
 	if (setjmp(s_jmpNoCPUID))
 		result = false;
 	else
@ -134,13 +138,17 @@ static bool TrySSE2()
 	}
 	return true;
 #else
 	// longjmp and clobber warnings. Volatile is required.
 	// http://github.com/weidai11/cryptopp/issues/24
 	// http://stackoverflow.com/q/7721854
 	volatile bool result = true;
 	SigHandler oldHandler = signal(SIGILL, SigIllHandlerSSE2);
 	if (oldHandler == SIG_ERR)
 		return false;
 	bool result = true;
 	if (setjmp(s_jmpNoSSE2))
-		result = false;
+		result = true;
 	else
 	{
 #if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
@ -156,20 +164,30 @@ static bool TrySSE2()
 #endif
 }
 #if 0
 static bool g_x86DetectionDone = false;
 static bool g_hasMMX = false, g_hasISSE = false, g_hasSSE2 = false, g_hasSSSE3 = false, g_hasAESNI = false, g_hasCLMUL = false, g_isP4 = false;
 static word32 g_cacheLineSize = CRYPTOPP_L1_CACHE_LINE_SIZE;
 #else
 bool g_x86DetectionDone = false;
-bool g_hasMMX = false, g_hasISSE = false, g_hasSSE2 = false, g_hasSSSE3 = false, g_hasAESNI = false, g_hasCLMUL = false, g_isP4 = false;
+bool g_hasMMX = false, g_hasISSE = false, g_hasSSE2 = false, g_hasSSSE3 = false, g_hasAESNI = false, g_hasCLMUL = false, g_isP4 = false, g_hasRDRAND = false, g_hasRDSEED = false;
 word32 g_cacheLineSize = CRYPTOPP_L1_CACHE_LINE_SIZE;
 #endif
 // MacPorts/GCC does not provide constructor(priority). Apple/GCC and Fink/GCC do provide it.
-#define HAVE_GCC_CONSTRUCTOR1 (__GNUC__ && (CRYPTOPP_INIT_PRIORITY > 0) && ((CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20900) || (_INTEL_COMPILER >= 1000)) && !(MACPORTS_GCC_COMPILER > 0))
+#define HAVE_GCC_CONSTRUCTOR1 (__GNUC__ && (CRYPTOPP_INIT_PRIORITY > 0) && ((CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20900) || (_INTEL_COMPILER >= 300)) && !(MACPORTS_GCC_COMPILER > 0))
 #define HAVE_GCC_CONSTRUCTOR0 (__GNUC__ && (CRYPTOPP_INIT_PRIORITY > 0) && !(MACPORTS_GCC_COMPILER > 0))
 static inline bool IsIntel(const word32 output[4])
 {
 	// This is the "GenuineIntel" string
 	return (output[1] /*EBX*/ == 0x756e6547) &&
 		(output[2] /*ECX*/ == 0x6c65746e) &&
 		(output[3] /*EDX*/ == 0x49656e69);
 }
 static inline bool IsAMD(const word32 output[4])
 {
 	// This is the "AuthenticAMD" string
 	return (output[1] /*EBX*/ == 0x68747541) &&
 		(output[2] /*ECX*/ == 0x69746E65) &&
 		(output[3] /*EDX*/ == 0x444D4163);
 }
 #if HAVE_GCC_CONSTRUCTOR1
 void __attribute__ ((constructor (CRYPTOPP_INIT_PRIORITY + 50))) DetectX86Features()
 #elif HAVE_GCC_CONSTRUCTOR0
@ -204,22 +222,32 @@ void DetectX86Features()
 		}
 	}
-	std::swap(cpuid[2], cpuid[3]);
+	static const unsigned int RDRAND_FLAG = (1 << 30);
-	if (memcmp(cpuid+1, "GenuineIntel", 12) == 0)
+	static const unsigned int RDSEED_FLAG = (1 << 18);
 	if (IsIntel(cpuid))
 	{
 		g_isP4 = ((cpuid1[0] >> 8) & 0xf) == 0xf;
 		g_cacheLineSize = 8 * GETBYTE(cpuid1[1], 1);
 		g_hasRDRAND = !!(cpuid1[2] /*ECX*/ & RDRAND_FLAG);
 		if (cpuid[0] /*EAX*/ >= 7)
 		{
 			word32 cpuid3[4];
 			if (CpuId(7, cpuid3))
 				g_hasRDSEED = !!(cpuid3[1] /*EBX*/ & RDSEED_FLAG);
 		}
 	}
-	else if (memcmp(cpuid+1, "AuthenticAMD", 12) == 0)
+	else if (IsAMD(cpuid))
 	{
 		CpuId(0x80000005, cpuid);
 		g_cacheLineSize = GETBYTE(cpuid[2], 0);
 		g_hasRDRAND = !!(cpuid[2] /*ECX*/ & RDRAND_FLAG);
 	}
 	if (!g_cacheLineSize)
 		g_cacheLineSize = CRYPTOPP_L1_CACHE_LINE_SIZE;
-	g_x86DetectionDone = true;
+	*((volatile bool*)&g_x86DetectionDone) = true;
 }
 #endif
--- a/cpu.h
+++ b/cpu.h
@ -1,3 +1,9 @@
 // cpu.h - written and placed in the public domain by Wei Dai
 //! \file
 //! \headerfile cpu.h
 //! \brief Classes, functions, intrinsics and features for X86, X32 nd X64 assembly
 #ifndef CRYPTOPP_CPU_H
 #define CRYPTOPP_CPU_H
@ -20,16 +26,19 @@
 #if !defined(__GNUC__) || defined(__SSSE3__) || defined(__INTEL_COMPILER)
 #include <tmmintrin.h>
 #else
 NAMESPACE_BEGIN(CryptoPP)
 __inline __m128i __attribute__((__gnu_inline__, __always_inline__, __artificial__))
 _mm_shuffle_epi8 (__m128i a, __m128i b)
 {
 	asm ("pshufb %1, %0" : "+x"(a) : "xm"(b));
  	return a;
 }
-#endif
+NAMESPACE_END
 #endif // tmmintrin.h
 #if !defined(__GNUC__) || defined(__SSE4_1__) || defined(__INTEL_COMPILER)
 #include <smmintrin.h>
 #else
 NAMESPACE_BEGIN(CryptoPP)
 __inline int __attribute__((__gnu_inline__, __always_inline__, __artificial__))
 _mm_extract_epi32 (__m128i a, const int i)
 {
@ -43,10 +52,12 @@ _mm_insert_epi32 (__m128i a, int b, const int i)
 	asm ("pinsrd %2, %1, %0" : "+x"(a) : "rm"(b), "i"(i));
  	return a;
 }
-#endif
+NAMESPACE_END
 #endif // smmintrin.h
 #if !defined(__GNUC__) || (defined(__AES__) && defined(__PCLMUL__)) || defined(__INTEL_COMPILER)
 #include <wmmintrin.h>
 #else
 NAMESPACE_BEGIN(CryptoPP)
 __inline __m128i __attribute__((__gnu_inline__, __always_inline__, __artificial__))
 _mm_clmulepi64_si128 (__m128i a, __m128i b, const int i)
 {
@ -91,8 +102,9 @@ _mm_aesdeclast_si128 (__m128i a, __m128i b)
 	asm ("aesdeclast %1, %0" : "+x"(a) : "xm"(b));
  	return a;
 }
-#endif
+NAMESPACE_END
-#endif
+#endif // wmmintrin.h
 #endif // CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE
 NAMESPACE_BEGIN(CryptoPP)
@ -109,6 +121,8 @@ extern CRYPTOPP_DLL bool g_hasSSSE3;
 extern CRYPTOPP_DLL bool g_hasAESNI;
 extern CRYPTOPP_DLL bool g_hasCLMUL;
 extern CRYPTOPP_DLL bool g_isP4;
 extern CRYPTOPP_DLL bool g_hasRDRAND;
 extern CRYPTOPP_DLL bool g_hasRDSEED;
 extern CRYPTOPP_DLL word32 g_cacheLineSize;
 CRYPTOPP_DLL void CRYPTOPP_API DetectX86Features();
@ -175,6 +189,20 @@ inline bool IsP4()
 	return g_isP4;
 }
 inline bool HasRDRAND()
 {
 	if (!g_x86DetectionDone)
 		DetectX86Features();
 	return g_hasRDRAND;
 }
 inline bool HasRDSEED()
 {
 	if (!g_x86DetectionDone)
 		DetectX86Features();
 	return g_hasRDSEED;
 }
 inline int GetCacheLineSize()
 {
 	if (!g_x86DetectionDone)
@ -215,12 +243,27 @@ inline int GetCacheLineSize()
 	#define AS_HEX(y) 0x##y
 #else
 	#define CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
 #if defined(CRYPTOPP_CLANG_VERSION) || defined(CRYPTOPP_APPLE_CLANG_VERSION)
 	#define NEW_LINE "\n"
 	#define INTEL_PREFIX ".intel_syntax;"
 	#define INTEL_NOPREFIX ".intel_syntax;"
 	#define ATT_PREFIX ".att_syntax;"
 	#define ATT_NOPREFIX ".att_syntax;"
 #else
 	#define NEW_LINE
 	#define INTEL_PREFIX ".intel_syntax prefix;"
 	#define INTEL_NOPREFIX ".intel_syntax noprefix;"
 	#define ATT_PREFIX ".att_syntax prefix;"
 	#define ATT_NOPREFIX ".att_syntax noprefix;"
 #endif
 	// define these in two steps to allow arguments to be expanded
-	#define GNU_AS1(x) #x ";"
+	#define GNU_AS1(x) #x ";" NEW_LINE
-	#define GNU_AS2(x, y) #x ", " #y ";"
+	#define GNU_AS2(x, y) #x ", " #y ";" NEW_LINE
-	#define GNU_AS3(x, y, z) #x ", " #y ", " #z ";"
+	#define GNU_AS3(x, y, z) #x ", " #y ", " #z ";" NEW_LINE
-	#define GNU_ASL(x) "\n" #x ":"
+	#define GNU_ASL(x) "\n" #x ":" NEW_LINE
-	#define GNU_ASJ(x, y, z) #x " " #y #z ";"
+	#define GNU_ASJ(x, y, z) #x " " #y #z ";" NEW_LINE
 	#define AS1(x) GNU_AS1(x)
 	#define AS2(x, y) GNU_AS2(x, y)
 	#define AS3(x, y, z) GNU_AS3(x, y, z)
--- a/crc.h
+++ b/crc.h
@ -1,3 +1,9 @@
 // crc.h - written and placed in the public domain by Wei Dai
 //! \file
 //! \headerfile crc.h
 //! \brief Classes for CRC-32 checksum algorithm
 #ifndef CRYPTOPP_CRC32_H
 #define CRYPTOPP_CRC32_H
--- a/cryptest.sh
+++ b/cryptest.sh
@ -7,12 +7,13 @@
 # to automate building the library and running the self test with various
 # combinations of flags, options, and conditions.
-# Everything is tee'd into cryptest-result.txt. Change it to suite your taste.
+# Everything is tee'd into cryptest-result.txt. Change it to suite your taste. You
-# You should be able to use `egrep "(error|FAILED)" cryptest-result.txt` to
+# should be able to use `egrep -a "(Error|error|FAILED|Illegal)" cryptest-result.txt`
-# quickly find errors and failures.
+# to quickly find errors and failures.
 # Set to suite your taste
 TEST_RESULTS=cryptest-result.txt
 BENCHMARK_RESULTS=cryptest-bench.txt
 WARN_TEST_RESULTS=cryptest-warn-result.txt
 # Respect user's preferred flags, but filter the stuff we expliclty test
@ -58,6 +59,10 @@ else
 	MAKE=make
 fi
 if [ -z "$TMP" ]; then
 	TMP=/tmp
 fi
 # Use the compiler driver, and not cpp, to tell us if the flag is consumed.
 $CXX -x c++ -dM -E -std=c++11 - < /dev/null > /dev/null 2>&1
 if [ "$?" -eq "0" ]; then
@ -75,7 +80,7 @@ else
 fi
 # Set to 0 if you don't have UBsan
-$CXX -x c++ -dM -E -fsanitize=undefined -std=c++11 - < /dev/null > /dev/null 2>&1
+$CXX -x c++ -fsanitize=undefined adhoc.cpp.proto -o $TMP/adhoc > /dev/null 2>&1
 if [ "$?" -eq "0" ]; then
 	HAVE_UBSAN=1
 else
@ -88,7 +93,7 @@ if [ "$IS_CYGWIN" -ne "0" ] || [ "$IS_MINGW" -ne "0" ]; then
 fi
 # Set to 0 if you don't have Asan
-$CXX -x c++ -dM -E -fsanitize=address -std=c++11 - < /dev/null > /dev/null 2>&1
+$CXX -x c++ -fsanitize=undefined adhoc.cpp.proto -o $TMP/adhoc > /dev/null 2>&1
 if [ "$?" -eq "0" ]; then
 	HAVE_ASAN=1
 else
@ -100,6 +105,12 @@ if [ "$IS_CYGWIN" -ne "0" ] || [ "$IS_MINGW" -ne "0" ]; then
 	HAVE_ASAN=0
 fi
 #Final fixups for compilers liek GCC on ARM64
 if [ "$HAVE_UBSAN" -eq "0" ] || [ "$HAVE_ASAN" -eq "0" ]; then
 	HAVE_UBAN=0
 	HAVE_ASAN=0
 fi
 # Set to 0 if you don't have Valgrind. Valgrind tests take a long time...
 HAVE_VALGRIND=$(which valgrind 2>&1 | grep -v "no valgrind" | grep -i -c valgrind)
@ -115,6 +126,7 @@ if [ "$HAVE_VALGRIND" -ne "0" ]; then
 fi
 if [ "$IS_DARWIN" -ne "0" ]; then
 	echo "IS_DARWIN: $IS_DARWIN"
 	unset MallocScribble MallocPreScribble MallocGuardEdges
 fi
 if [ "$IS_LINUX" -ne "0" ]; then
 	echo "IS_LINUX: $IS_LINUX"
@ -130,10 +142,6 @@ echo "User CXXFLAGS: $CXXFLAGS"
 echo "Retained CXXFLAGS: $ADD_CXXFLAGS"
 echo "Compiler:" $($CXX --version | head -1)
 # Remove previous test results
 rm -f "$TEST_RESULTS" > /dev/null 2>&1
 touch "$TEST_RESULTS"
 TEST_BEGIN=$(date)
 echo
 echo "Start time: $TEST_BEGIN"
@ -141,6 +149,16 @@ echo "Start time: $TEST_BEGIN"
 ############################################
 ############################################
 # Remove previous test results
 rm -f "$TEST_RESULTS" > /dev/null 2>&1
 touch "$TEST_RESULTS"
 rm -f "$BENCHMARK_RESULTS" > /dev/null 2>&1
 touch "$BENCHMARK_RESULTS"
 rm -f "$WARN_RESULTS" > /dev/null 2>&1
 touch "$WARN_RESULTS"
 ############################################
 # Basic debug build
 echo
@ -593,6 +611,98 @@ if [ "$IS_DARWIN" -ne "0" ] && [ "$HAVE_CXX11" -ne "0" ]; then
 	./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
 fi
 ############################################
 # Darwin, c++03, Malloc Guards
 if [ "$IS_DARWIN" -ne "0" ] && [ "$HAVE_CXX03" -ne "0" ]; then
 	echo
 	echo "************************************" | tee -a "$TEST_RESULTS"
 	echo "Testing: Darwin, c++03, Malloc Guards" | tee -a "$TEST_RESULTS"
 	echo
 	unset CXXFLAGS
 	"$MAKE" clean > /dev/null 2>&1
 	export CXXFLAGS="-DNDEBUG -g2 -O2 -std=c++03 $ADD_CXXFLAGS"
 	"$MAKE" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
 	export MallocScribble=1
 	export MallocPreScribble=1
 	export MallocGuardEdges=1
 	./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
 	./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
 	unset MallocScribble MallocPreScribble MallocGuardEdges
 fi
 ############################################
 # Darwin, c++11, Malloc Guards
 if [ "$IS_DARWIN" -ne "0" ] && [ "$HAVE_CXX11" -ne "0" ]; then
 	echo
 	echo "************************************" | tee -a "$TEST_RESULTS"
 	echo "Testing: Darwin, c++11, Malloc Guards" | tee -a "$TEST_RESULTS"
 	echo
 	unset CXXFLAGS
 	"$MAKE" clean > /dev/null 2>&1
 	export CXXFLAGS="-DNDEBUG -g2 -O2 -std=c++11 $ADD_CXXFLAGS"
 	"$MAKE" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
 	export MallocScribble=1
 	export MallocPreScribble=1
 	export MallocGuardEdges=1
 	./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
 	./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
 	unset MallocScribble MallocPreScribble MallocGuardEdges
 fi
 # Try to locate a Xcode compiler for testing under Darwin
 XCODE_COMPILER=$(find /Applications/Xcode*.app/Contents/Developer -name clang++ | head -1)
 ############################################
 # Xcode compiler
 if [ "$IS_DARWIN" -ne "0" ] && [ -z "$XCODE_COMPILER" ]; then
 	echo
 	echo "************************************" | tee -a "$TEST_RESULTS"
 	echo "Testing: Xcode Clang compiler" | tee -a "$TEST_RESULTS"
 	echo
 	unset CXXFLAGS
 	"$MAKE" clean > /dev/null 2>&1
 	expot CXX="$XCODE_COMPILER"
 	export CXXFLAGS="-DNDEBUG -g2 -O2 -std=c++11 $ADD_CXXFLAGS"
 	"$MAKE" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
 	./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS"
 	./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS"
 fi
 ############################################
 # Benchmarks, c++03
 if [ "$HAVE_CXX03" -ne "0" ]; then
 	echo
 	echo "************************************" | tee -a "$TEST_RESULTS"
 	echo "Testing: Benchmarks, c++03" | tee -a "$TEST_RESULTS"
 	echo
 	unset CXXFLAGS
 	"$MAKE" clean > /dev/null 2>&1
 	export CXXFLAGS="-DNDEBUG -O3 -std=c++03 $ADD_CXXFLAGS"
 	"$MAKE" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
 	./cryptest.exe b 3 2.4+1e9 2>&1 | tee -a "$BENCHMARK_RESULTS"
 fi
 ############################################
 # Benchmarks, c++11
 if [ "$HAVE_CXX11" -ne "0" ]; then
 	echo
 	echo "************************************" | tee -a "$TEST_RESULTS"
 	echo "Testing: Benchmarks, c++11" | tee -a "$TEST_RESULTS"
 	echo
 	unset CXXFLAGS
 	"$MAKE" clean > /dev/null 2>&1
 	export CXXFLAGS="-DNDEBUG -O3 -std=c++11 $ADD_CXXFLAGS"
 	"$MAKE" static cryptest.exe 2>&1 | tee -a "$TEST_RESULTS"
 	./cryptest.exe b 3 2.4+1e9 2>&1 | tee -a "$BENCHMARK_RESULTS"
 fi
 # For Cygwin, we need to test both PREFER_BERKELEY_STYLE_SOCKETS
 #   and PREFER_WINDOWS_STYLE_SOCKETS
@ -674,7 +784,7 @@ if [ "$CXX" == "g++" ] && [ "$HAVE_CXX11" -ne "0" ]; then
 	unset CXXFLAGS
 	"$MAKE" clean > /dev/null 2>&1
-	export CXXFLAGS="-DDEBUG -g2 -O2 -std=c++11 -DCRYPTOPP_NO_BACKWARDS_COMPATIBILITY_562 -Wall -Wextra -Wno-unknown-pragmas"
+	export CXXFLAGS="-DDEBUG -g2 -O2 -std=c++11 -DCRYPTOPP_NO_BACKWARDS_COMPATIBILITY_562 -Wall -Wextra -Wno-unknown-pragmas -Wstrict-aliasing=3 -Wstrict-overflow -Waggressive-loop-optimizations"
 	"$MAKE" static dynamic cryptest.exe 2>&1 | tee -a "$WARN_TEST_RESULTS"
 	############################################
@ -686,7 +796,7 @@ if [ "$CXX" == "g++" ] && [ "$HAVE_CXX11" -ne "0" ]; then
 	unset CXXFLAGS
 	"$MAKE" clean > /dev/null 2>&1
-	export CXXFLAGS="-DNDEBUG -g2 -O2 -std=c++11 -DCRYPTOPP_NO_BACKWARDS_COMPATIBILITY_562 -Wall -Wextra -Wno-unknown-pragmas"
+	export CXXFLAGS="-DNDEBUG -g2 -O2 -std=c++11 -DCRYPTOPP_NO_BACKWARDS_COMPATIBILITY_562 -Wall -Wextra -Wno-unknown-pragmas -Wstrict-aliasing=3 -Wstrict-overflow -Waggressive-loop-optimizations"
 	"$MAKE" static dynamic cryptest.exe 2>&1 | tee -a "$WARN_TEST_RESULTS"
 fi
@ -712,15 +822,16 @@ fi
 echo | tee -a "$TEST_RESULTS"
 # "FAILED" is from Crypto++
 # "Error" is from the GNU assembler
 # "error" is from the sanitizers
 # "Illegal", "0 errors" and "suppressed errors" are from Valgrind.
-COUNT=$(egrep -a '(error|FAILED|Illegal)' cryptest-result.txt | egrep -v "( 0 errors|suppressed errors|memory error detector)" | wc -l)
+COUNT=$(egrep -a '(Error|error|FAILED|Illegal)' cryptest-result.txt | egrep -v "( 0 errors|suppressed errors|memory error detector)" | wc -l)
 if [ "$COUNT" -eq "0" ]; then
 	echo "No failures detected" | tee -a "$TEST_RESULTS"
 else
 	echo "$COUNT errors detected" | tee -a "$TEST_RESULTS"
 	echo
-	egrep -an "(error|FAILED|Illegal)" cryptest-result.txt
+	egrep -an "(Error|error|FAILED|Illegal)" cryptest-result.txt
 fi
 echo | tee -a "$TEST_RESULTS"
--- a/cryptlib.cpp
+++ b/cryptlib.cpp
@ -180,6 +180,10 @@ void SimpleKeyingInterface::GetNextIV(RandomNumberGenerator &rng, byte *IV)
 size_t BlockTransformation::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const
 {
 	assert(inBlocks);
 	assert(outBlocks);
 	assert(length);
 	size_t blockSize = BlockSize();
 	size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize;
 	size_t xorIncrement = xorBlocks ? blockSize : 0;
@ -200,11 +204,20 @@ size_t BlockTransformation::AdvancedProcessBlocks(const byte *inBlocks, const by
 	{
 		if (flags & BT_XorInput)
 		{
 			// Coverity finding. However, xorBlocks is never NULL if BT_XorInput.
 			assert(xorBlocks);
 #if defined(__COVERITY__)
 			if (xorBlocks)
 #endif
 			xorbuf(outBlocks, xorBlocks, inBlocks, blockSize);
 			ProcessBlock(outBlocks);
 		}
 		else
 		{
 			// xorBlocks can be NULL. See, for example, ECB_OneWay::ProcessData.
 			ProcessAndXorBlock(inBlocks, xorBlocks, outBlocks);
 		}
 		if (flags & BT_InBlockIsCounter)
 			const_cast<byte *>(inBlocks)[blockSize-1]++;
 		inBlocks += inIncrement;
@ -344,16 +357,49 @@ void RandomNumberGenerator::GenerateIntoBufferedTransformation(BufferedTransform
 	}
 }
-//! see NullRNG()
+//! \class ClassNullRNG
 //! \brief Random Number Generator that does not produce random numbers
 //! \details ClassNullRNG can be used for functions that require a RandomNumberGenerator
 //!   but don't actually use it. The class throws NotImplemented when a generation function is called.
 //! \sa NullRNG()
 class ClassNullRNG : public RandomNumberGenerator
 {
 public:
 	//! \brief The name of the generator
 	//! \returns the string \a NullRNGs
 	std::string AlgorithmName() const {return "NullRNG";}
 #if defined(CRYPTOPP_DOXYGEN_PROCESSING)
 	//! \brief An implementation that throws NotImplemented
 	byte GenerateByte () {}
 	//! \brief An implementation that throws NotImplemented
 	unsigned int GenerateBit () {}
 	//! \brief An implementation that throws NotImplemented
 	word32 GenerateWord32 (word32 min, word32 max) {}
 #endif
 	//! \brief An implementation that throws NotImplemented
 	void GenerateBlock(byte *output, size_t size)
 	{
 		CRYPTOPP_UNUSED(output); CRYPTOPP_UNUSED(size);
 		throw NotImplemented("NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes");
 	}
 #if defined(CRYPTOPP_DOXYGEN_PROCESSING)
 	//! \brief An implementation that throws NotImplemented
 	void GenerateIntoBufferedTransformation (BufferedTransformation &target, const std::string &channel, lword length) {}
 	//! \brief An implementation that throws NotImplemented
 	void IncorporateEntropy (const byte *input, size_t length) {}
 	//! \brief An implementation that returns \p false
 	bool CanIncorporateEntropy () const {}
 	//! \brief An implementation that does nothing
 	void DiscardBytes (size_t n) {}
 	//! \brief An implementation that does nothing
 	void Shuffle (IT begin, IT end) {}
 private:
 	Clonable* Clone () const { return NULL; }
 #endif
 };
 RandomNumberGenerator & NullRNG()
--- a/cryptlib.h
+++ b/cryptlib.h
--- a/datatest.cpp
+++ b/datatest.cpp
@ -23,6 +23,10 @@
 # pragma strict_gs_check (on)
 #endif
 #if defined(__COVERITY__)
 extern "C" void __coverity_tainted_data_sanitize__(void *);  
 #endif
 USING_NAMESPACE(CryptoPP)
 USING_NAMESPACE(std)
@ -579,7 +583,7 @@ void TestDigestOrMAC(TestData &v, bool testDigest)
 	{
 		int digestSize = -1;
 		if (test == "VerifyTruncated")
-			pairs.GetIntValue(Name::DigestSize(), digestSize);
+			digestSize = pairs.GetIntValueWithDefault(Name::DigestSize(), digestSize);
 		HashVerificationFilter verifierFilter(*pHash, NULL, HashVerificationFilter::HASH_AT_BEGIN, digestSize);
 		PutDecodedDatumInto(v, digestName, verifierFilter);
 		PutDecodedDatumInto(v, "Message", verifierFilter);
@ -606,10 +610,10 @@ void TestKeyDerivationFunction(TestData &v)
 	std::string salt = GetDecodedDatum(v, "Salt");
 	std::string info = GetDecodedDatum(v, "Info");
 	std::string derived = GetDecodedDatum(v, "DerivedKey");
-	std::string t = GetDecodedDatum(v, "DerivedLength");
+	std::string t = GetDecodedDatum(v, "DerivedKeyLength");
 	TestDataNameValuePairs pairs(v);
-	unsigned int length = pairs.GetIntValueWithDefault(Name::DerivedLength(), (int)derived.size());
+	unsigned int length = pairs.GetIntValueWithDefault(Name::DerivedKeyLength(), (int)derived.size());
 	member_ptr<KeyDerivationFunction> kdf;
 	kdf.reset(ObjectFactoryRegistry<KeyDerivationFunction>::Registry().CreateObject(name.c_str()));
@ -628,6 +632,12 @@ bool GetField(std::istream &is, std::string &name, std::string &value)
 {
 	name.resize(0);		// GCC workaround: 2.95.3 doesn't have clear()
 	is >> name;
 #if defined(__COVERITY__)
 	// The datafile being read is in /usr/share, and it protected by filesystem ACLs
 	// __coverity_tainted_data_sanitize__(reinterpret_cast<void*>(&name));
 #endif
 	if (name.empty())
 		return false;
--- a/default.cpp
+++ b/default.cpp
@ -20,8 +20,8 @@ NAMESPACE_BEGIN(CryptoPP)
 static const unsigned int MASH_ITERATIONS = 200;
 static const unsigned int SALTLENGTH = 8;
-static const unsigned int BLOCKSIZE = Default_BlockCipher::Encryption::BLOCKSIZE;
+static const unsigned int BLOCKSIZE = DefaultBlockCipher::Encryption::BLOCKSIZE;
-static const unsigned int KEYLENGTH = Default_BlockCipher::Encryption::DEFAULT_KEYLENGTH;
+static const unsigned int KEYLENGTH = DefaultBlockCipher::Encryption::DEFAULT_KEYLENGTH;
 // The purpose of this function Mash() is to take an arbitrary length input
 // string and *deterministicly* produce an arbitrary length output string such
@ -270,3 +270,4 @@ void DefaultDecryptorWithMAC::LastPut(const byte *inString, size_t length)
 }
 NAMESPACE_END
--- a/default.h
+++ b/default.h
@ -1,3 +1,8 @@
 // default.h - written and placed in the public domain by Wei Dai
 //! \file default.h
 //! \brief Classes for DefaultEncryptor, DefaultDecryptor, DefaultEncryptorWithMAC and DefaultDecryptorWithMAC
 #ifndef CRYPTOPP_DEFAULT_H
 #define CRYPTOPP_DEFAULT_H
@ -10,15 +15,29 @@
 NAMESPACE_BEGIN(CryptoPP)
-typedef DES_EDE2 Default_BlockCipher;
+//! \brief Default block cipher for DefaultEncryptor, DefaultDecryptor, DefaultEncryptorWithMAC and DefaultDecryptorWithMAC
 typedef DES_EDE2 DefaultBlockCipher;
 //! \brief Default hash for use with DefaultEncryptorWithMAC and DefaultDecryptorWithMAC
 typedef SHA DefaultHashModule;
 //! \brief Default HMAC for use withDefaultEncryptorWithMAC and DefaultDecryptorWithMAC
 typedef HMAC<DefaultHashModule> DefaultMAC;
-//! Password-Based Encryptor using DES-EDE2
+//! \class DefaultEncryptor
 //! \brief Password-Based Encryptor using TripleDES
 //! \details The class uses 2-key TripleDES (DES_EDE2) for encryption, which only
 //!   provides about 80-bits of security.
 class DefaultEncryptor : public ProxyFilter
 {
 public:
 	//! \brief Construct a DefaultEncryptor
 	//! \param passphrase a C-String password
 	//! \param attachment a BufferedTransformation to attach to this object
 	DefaultEncryptor(const char *passphrase, BufferedTransformation *attachment = NULL);
 	//! \brief Construct a DefaultEncryptor
 	//! \param passphrase a byte string password
 	//! \param passphraseLength the length of the byte string password
 	//! \param attachment a BufferedTransformation to attach to this object
 	DefaultEncryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL);
 protected:
@ -27,14 +46,34 @@ protected:
 private:
 	SecByteBlock m_passphrase;
-	CBC_Mode<Default_BlockCipher>::Encryption m_cipher;
+	CBC_Mode<DefaultBlockCipher>::Encryption m_cipher;
 };
-//! Password-Based Decryptor using DES-EDE2
+#if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20800)
 } __attribute__((deprecated ("DefaultEncryptor will be changing in the near future because the algorithms are no longer secure")));
 #elif (CRYPTOPP_GCC_VERSION)
 } __attribute__((deprecated));
 #else
 };
 #endif
 //! \class DefaultDecryptor
 //! \brief Password-Based Decryptor using TripleDES
 //! \details The class uses 2-key TripleDES (DES_EDE2) for encryption, which only
 //!   provides about 80-bits of security.
 class DefaultDecryptor : public ProxyFilter
 {
 public:
 	//! \brief Constructs a DefaultDecryptor
 	//! \param passphrase a C-String password
 	//! \param attachment a BufferedTransformation to attach to this object
 	//! \param throwException a flag specifiying whether an Exception should be thrown on error
 	DefaultDecryptor(const char *passphrase, BufferedTransformation *attachment = NULL, bool throwException=true);
 	//! \brief Constructs a DefaultDecryptor
 	//! \param passphrase a byte string password
 	//! \param passphraseLength the length of the byte string password
 	//! \param attachment a BufferedTransformation to attach to this object
 	//! \param throwException a flag specifiying whether an Exception should be thrown on error
 	DefaultDecryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL, bool throwException=true);
 	class Err : public Exception
@ -58,16 +97,39 @@ private:
 	void CheckKey(const byte *salt, const byte *keyCheck);
 	SecByteBlock m_passphrase;
-	CBC_Mode<Default_BlockCipher>::Decryption m_cipher;
+	CBC_Mode<DefaultBlockCipher>::Decryption m_cipher;
 	member_ptr<FilterWithBufferedInput> m_decryptor;
 	bool m_throwException;
 };
-//! Password-Based Encryptor using DES-EDE2 and HMAC/SHA-1
+#if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20800)
 } __attribute__((deprecated ("DefaultDecryptor will be changing in the near future because the algorithms are no longer secure")));
 #elif (CRYPTOPP_GCC_VERSION)
 } __attribute__((deprecated));
 #else
 };
 #endif
 //! \class DefaultEncryptorWithMAC
 //! \brief Password-Based encryptor using TripleDES and HMAC/SHA-1
 //! \details DefaultEncryptorWithMAC uses a non-standard mashup function called Mash() to derive key
 //!   bits from the password. The class also uses 2-key TripleDES (DES_EDE2) for encryption, which only
 //!   provides about 80-bits of security.
 //! \details The purpose of the function Mash() is to take an arbitrary length input string and
 //!   *deterministicly* produce an arbitrary length output string such that (1) it looks random,
 //!   (2) no information about the input is deducible from it, and (3) it contains as much entropy
 //!   as it can hold, or the amount of entropy in the input string, whichever is smaller.
 class DefaultEncryptorWithMAC : public ProxyFilter
 {
 public:
 	//! \brief Constructs a DefaultEncryptorWithMAC
 	//! \param passphrase a C-String password
 	//! \param attachment a BufferedTransformation to attach to this object
 	DefaultEncryptorWithMAC(const char *passphrase, BufferedTransformation *attachment = NULL);
 	//! \brief Constructs a DefaultEncryptorWithMAC
 	//! \param passphrase a byte string password
 	//! \param passphraseLength the length of the byte string password
 	//! \param attachment a BufferedTransformation to attach to this object
 	DefaultEncryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL);
 protected:
@ -76,15 +138,42 @@ protected:
 private:
 	member_ptr<DefaultMAC> m_mac;
 };
-//! Password-Based Decryptor using DES-EDE2 and HMAC/SHA-1
+#if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20800)
 } __attribute__((deprecated ("DefaultEncryptorWithMAC will be changing in the near future because the algorithms are no longer secure")));
 #elif (CRYPTOPP_GCC_VERSION)
 } __attribute__((deprecated));
 #else
 };
 #endif
 //! \class DefaultDecryptorWithMAC
 //! \brief Password-Based decryptor using TripleDES and HMAC/SHA-1
 //! \details DefaultDecryptorWithMAC uses a non-standard mashup function called Mash() to derive key
 //!   bits from the password. The class also uses 2-key TripleDES (DES_EDE2) for encryption, which only
 //!   provides about 80-bits of security.
 //! \details The purpose of the function Mash() is to take an arbitrary length input string and
 //!   *deterministicly* produce an arbitrary length output string such that (1) it looks random,
 //!   (2) no information about the input is deducible from it, and (3) it contains as much entropy
 //!   as it can hold, or the amount of entropy in the input string, whichever is smaller.
 class DefaultDecryptorWithMAC : public ProxyFilter
 {
 public:
 	//! \class MACBadErr
 	//! \brief Excpetion thrown when an incorrect MAC is encountered
 	class MACBadErr : public DefaultDecryptor::Err {public: MACBadErr() : DefaultDecryptor::Err("DefaultDecryptorWithMAC: MAC check failed") {}};
 	//! \brief Constructs a DefaultDecryptor
 	//! \param passphrase a C-String password
 	//! \param attachment a BufferedTransformation to attach to this object
 	//! \param throwException a flag specifiying whether an Exception should be thrown on error
 	DefaultDecryptorWithMAC(const char *passphrase, BufferedTransformation *attachment = NULL, bool throwException=true);
 	//! \brief Constructs a DefaultDecryptor
 	//! \param passphrase a byte string password
 	//! \param passphraseLength the length of the byte string password
 	//! \param attachment a BufferedTransformation to attach to this object
 	//! \param throwException a flag specifiying whether an Exception should be thrown on error
 	DefaultDecryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL, bool throwException=true);
 	DefaultDecryptor::State CurrentState() const;
@ -98,7 +187,14 @@ private:
 	member_ptr<DefaultMAC> m_mac;
 	HashVerifier *m_hashVerifier;
 	bool m_throwException;
 #if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20800)
 } __attribute__((deprecated ("DefaultDecryptorWithMAC will be changing in the near future because the algorithms are no longer secure")));
 #elif (CRYPTOPP_GCC_VERSION)
 } __attribute__((deprecated));
 #else
 };
 #endif
 NAMESPACE_END
--- a/des.h
+++ b/des.h
@ -1,9 +1,11 @@
 // des.h - written and placed in the public domain by Wei Dai
 //! \file des.h
 //! \brief Classes for DES, 2-key Triple-DES, 3-key Triple-DES and DESX
 #ifndef CRYPTOPP_DES_H
 #define CRYPTOPP_DES_H
 /** \file
 */
 #include "seckey.h"
 #include "secblock.h"
--- a/dh.cpp
+++ b/dh.cpp
@ -8,11 +8,13 @@
 NAMESPACE_BEGIN(CryptoPP)
 #if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
 void DH_TestInstantiations()
 {
 	DH dh1;
 	DH dh2(NullRNG(), 10);
 }
 #endif
 NAMESPACE_END
--- a/dh.h
+++ b/dh.h
@ -1,9 +1,12 @@
 // dh.h - written and placed in the public domain by Wei Dai
 //! \file
 //! \headerfile dh.h
 //! \brief Classes for Diffie-Hellman key exchange
 #ifndef CRYPTOPP_DH_H
 #define CRYPTOPP_DH_H
 /** \file
 */
 #include "cryptlib.h"
 #include "gfpcrypt.h"
--- a/dh2.cpp
+++ b/dh2.cpp
@ -5,10 +5,12 @@
 NAMESPACE_BEGIN(CryptoPP)
 #if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
 void DH2_TestInstantiations()
 {
 	DH2 dh(*(SimpleKeyAgreementDomain*)NULL);
 }
 #endif
 bool DH2::Agree(byte *agreedValue,
 		const byte *staticSecretKey, const byte *ephemeralSecretKey, 
--- a/dh2.h
+++ b/dh2.h
@ -1,9 +1,12 @@
 // dh2.h - written and placed in the public domain by Wei Dai
 //! \file
 //! \headerfile dh2.h
 //! \brief Classes for Diffie-Hellman authenticated key exchange
 #ifndef CRYPTOPP_DH2_H
 #define CRYPTOPP_DH2_H
 /** \file
 */
 #include "cryptlib.h"
 NAMESPACE_BEGIN(CryptoPP)
--- a/dll.h
+++ b/dll.h
@ -1,3 +1,9 @@
 // dll.h - written and placed in the public domain by Wei Dai
 //! \file
 //! \headerfile dll.h
 //! \brief Functions and definitions required for building the FIPS-140 DLL on Windows
 #ifndef CRYPTOPP_DLL_H
 #define CRYPTOPP_DLL_H
--- a/dmac.h
+++ b/dmac.h
@ -1,3 +1,9 @@
 // dmac.h - written and placed in the public domain by Wei Dai
 //! \file
 //! \headerfile dmac.h
 //! \brief Classes for DMAC message authentication code
 #ifndef CRYPTOPP_DMAC_H
 #define CRYPTOPP_DMAC_H
@ -14,7 +20,7 @@ public:
 	CRYPTOPP_CONSTANT(DIGESTSIZE=T::BLOCKSIZE)
-	DMAC_Base() {}
+	DMAC_Base() : m_subkeylength(0), m_counter(0) {}
 	void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params);
 	void Update(const byte *input, size_t length);
--- a/dsa.h
+++ b/dsa.h
@ -1,18 +1,38 @@
 // dsa.h - written and placed in the public domain by Wei Dai
 //! \file dsa.h
 //! \brief Classes for the DSA signature algorithm
 #ifndef CRYPTOPP_DSA_H
 #define CRYPTOPP_DSA_H
 /** \file
 */
 #include "cryptlib.h"
 #include "gfpcrypt.h"
 NAMESPACE_BEGIN(CryptoPP)
-/*! The DSA signature format used by Crypto++ is as defined by IEEE P1363.
+//! \brief DSA Signature Format
-  Java uses the DER format, and OpenPGP uses the OpenPGP format. */
+//! \details The DSA signature format used by Crypto++ is as defined by IEEE P1363.
-enum DSASignatureFormat {DSA_P1363, DSA_DER, DSA_OPENPGP};
+//!   Java nad .Net use the DER format, and OpenPGP uses the OpenPGP format.
-/** This function converts between these formats, and returns length of signature in the target format.
+enum DSASignatureFormat {
-	If toFormat == DSA_P1363, bufferSize must equal publicKey.SignatureLength() */
+	//! \brief Crypto++ native signature encoding format
 	DSA_P1363,
 	//! \brief signature encoding format used by Java and .Net
 	DSA_DER,
 	//! \brief OpenPGP signature encoding format
 	DSA_OPENPGP
 };
 //! \brief Converts between signature encoding formats
 //! \param buffer byte buffer for the converted signature encoding
 //! \param bufferSize the length of the converted signature encoding buffer
 //! \param toFormat the source signature format
 //! \param signature byte buffer for the existing signature encoding
 //! \param signatureLen the length of the existing signature encoding buffer
 //! \param fromFormat the source signature format
 //! \details This function converts between these formats, and returns length
 //!   of signature in the target format. If <tt>toFormat == DSA_P1363</tt>, then
 //!   <tt>bufferSize</tt> must equal <tt>publicKey.SignatureLength()</tt>
 size_t DSAConvertSignatureFormat(byte *buffer, size_t bufferSize, DSASignatureFormat toFormat, 
 	const byte *signature, size_t signatureLen, DSASignatureFormat fromFormat);
--- a/eax.h
+++ b/eax.h
@ -1,3 +1,9 @@
 // eax.h - written and placed in the public domain by Wei Dai
 //! \file
 //! \headerfile eax.h
 //! \brief EAX block cipher mode of operation
 #ifndef CRYPTOPP_EAX_H
 #define CRYPTOPP_EAX_H
@ -7,7 +13,9 @@
 NAMESPACE_BEGIN(CryptoPP)
-//! .
+//! \class EAX_Base
 //! \brief EAX block cipher mode of operation
 //! \details Implementations and overrides in \p EAX_Base apply to both \p ENCRYPTION and \p DECRYPTION directions
 class CRYPTOPP_NO_VTABLE EAX_Base : public AuthenticatedSymmetricCipherBase
 {
 public:
@ -59,7 +67,13 @@ protected:
 	CTR_Mode_ExternalCipher::Encryption m_ctr;
 };
-//! .
+//! \class EAX_Final
 //! \brief Class specific methods used to operate the cipher.
 //! \tparam T_BlockCipher block cipher
 //! \tparam T_IsEncryption direction in which to operate the cipher
 //! \details Implementations and overrides in \p GCM_Final apply to either
 //!   \p ENCRYPTION or \p DECRYPTION, depending on the template parameter \p T_IsEncryption.
 //! \details \p EAX_Final does not use inner classes \p Enc and \p Dec.
 template <class T_BlockCipher, bool T_IsEncryption>
 class EAX_Final : public EAX_Base
 {
@ -78,7 +92,14 @@ private:
 #undef EAX
 #endif
-/// <a href="http://www.cryptolounge.org/wiki/EAX">EAX</a>
+//! \class EAX
 //! \brief The EAX block cipher mode of operation
 //! \details EAX is an Authenticated Encryption with Associated Data (AEAD) block
 //!   cipher mode of operation designed to simultaneously provide both authentication
 //!   and privacy of the message.
 //! \tparam T_BlockCipher block cipher
 //! \details \p EAX provides the \p Encryption and \p Decryption typedef.
 //! \sa <a href="http://www.cryptolounge.org/wiki/EAX">EAX</a> at the Crypto Lounge
 template <class T_BlockCipher>
 struct EAX : public AuthenticatedSymmetricCipherDocumentation
 {
--- a/ec2n.h
+++ b/ec2n.h
@ -1,3 +1,10 @@
 // ec2n.h - written and placed in the public domain by Wei Dai
 //! \file
 //! \headerfile ec2n.h
 //! \brief Classes for Elliptic Curves over binary fields
 #ifndef CRYPTOPP_EC2N_H
 #define CRYPTOPP_EC2N_H
--- a/eccrypto.cpp
+++ b/eccrypto.cpp
@ -31,6 +31,7 @@
 NAMESPACE_BEGIN(CryptoPP)
 #if 0
 #if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
 static void ECDSA_TestInstantiations()
 {
 	ECDSA<EC2N>::Signer t1;
@ -43,6 +44,7 @@ static void ECDSA_TestInstantiations()
 	ECMQV<ECP>::Domain t8;
 }
 #endif
 #endif
 // VC60 workaround: complains when these functions are put into an anonymous namespace
 static Integer ConvertToInteger(const PolynomialMod2 &x)
--- a/eccrypto.h
+++ b/eccrypto.h
@ -1,9 +1,11 @@
 // eccrypto.h - written and placed in the public domain by Wei Dai
 //! \file eccrypto.h
 //! \brief Classes and functions for Elliptic Curves over prime and binary fields
 #ifndef CRYPTOPP_ECCRYPTO_H
 #define CRYPTOPP_ECCRYPTO_H
 /*! \file
 */
 #include "config.h"
 #include "cryptlib.h"
 #include "pubkey.h"
@ -139,8 +141,8 @@ protected:
 	OID m_oid;			// set if parameters loaded from a recommended curve
 	Integer m_n;		// order of base point
 	bool m_compress, m_encodeAsOID;
 	mutable Integer m_k;		// cofactor
 	mutable bool m_compress, m_encodeAsOID;		// presentation details
 };
 //! EC public key
@ -299,7 +301,7 @@ struct ECIES
 	virtual ~ECIES() {}
 #endif
-#if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20800) 
+#if (CRYPTOPP_GCC_VERSION >= 40500) || (CRYPTOPP_CLANG_VERSION >= 30000) 
 } __attribute__((deprecated ("ECIES will be changing in the near future due to (1) an implementation bug and (2) an interop issue.")));
 #elif (CRYPTOPP_GCC_VERSION )
 } __attribute__((deprecated));
@ -473,8 +475,8 @@ protected:
 	OID m_oid;			// set if parameters loaded from a recommended curve
 	Integer m_n;		// order of base point
 	bool m_compress, m_encodeAsOID;
 	mutable Integer m_k;		// cofactor
 	mutable bool m_compress, m_encodeAsOID;		// presentation details
 };
 //! EC public key
--- a/ecp.cpp
+++ b/ecp.cpp
@ -8,6 +8,7 @@
 #include "asn.h"
 #include "integer.h"
 #include "nbtheory.h"
 #include "modarith.h"
 #include "filters.h"
 #include "algebra.cpp"
--- a/ecp.h
+++ b/ecp.h
@ -1,3 +1,8 @@
 // ecp.h - written and placed in the public domain by Wei Dai
 //! \file ecp.h
 //! \brief Classes for Elliptic Curves over prime fields
 #ifndef CRYPTOPP_ECP_H
 #define CRYPTOPP_ECP_H
--- a/elgamal.cpp
+++ b/elgamal.cpp
@ -7,11 +7,13 @@
 NAMESPACE_BEGIN(CryptoPP)
 #if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
 void ElGamal_TestInstantiations()
 {
 	ElGamalEncryptor test1(1, 1, 1);
 	ElGamalDecryptor test2(NullRNG(), 123);
 	ElGamalEncryptor test3(test2);
 }
 #endif
 NAMESPACE_END
--- a/elgamal.h
+++ b/elgamal.h
@ -1,3 +1,8 @@
 // elgamal.h - written and placed in the public domain by Wei Dai
 //! \file elgamal.h
 //! \brief Classes and functions for ElGamal key agreement and encryption schemes
 #ifndef CRYPTOPP_ELGAMAL_H
 #define CRYPTOPP_ELGAMAL_H
@ -116,7 +121,8 @@ struct ElGamalKeys
 	typedef DL_PublicKey_GFP_OldFormat<DL_CryptoKeys_GFP::PublicKey> PublicKey;
 };
-//! ElGamal encryption scheme with non-standard padding
+//! \class ElGamal
 //! \brief ElGamal encryption scheme with non-standard padding
 struct ElGamal
 {
 	typedef DL_CryptoSchemeOptions<ElGamal, ElGamalKeys, int, int, int> SchemeOptions;
--- a/emsa2.h
+++ b/emsa2.h
@ -1,10 +1,11 @@
 // emsa2.h - written and placed in the public domain by Wei Dai
 //! \file emsa2.h
 //! \brief Classes and functions for various padding schemes used in public key algorithms
 #ifndef CRYPTOPP_EMSA2_H
 #define CRYPTOPP_EMSA2_H
 /** \file
 	This file contains various padding schemes for public key algorithms.
 */
 #include "cryptlib.h"
 #include "pubkey.h"
 #include "misc.h"
--- a/eprecomp.h
+++ b/eprecomp.h
@ -1,10 +1,15 @@
 // eprecomp.h - written and placed in the public domain by Wei Dai
 //! \file eprecomp.h
 //! \brief Classes for precomputation in a group
 #ifndef CRYPTOPP_EPRECOMP_H
 #define CRYPTOPP_EPRECOMP_H
 #include "cryptlib.h"
 #include "integer.h"
 #include "algebra.h"
-#include <vector>
+#include "stdcpp.h"
 NAMESPACE_BEGIN(CryptoPP)
--- a/esign.cpp
+++ b/esign.cpp
@ -18,6 +18,7 @@
 NAMESPACE_BEGIN(CryptoPP)
 #if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
 void ESIGN_TestInstantiations()
 {
 	ESIGN<SHA>::Verifier x1(1, 1);
@ -31,6 +32,7 @@ void ESIGN_TestInstantiations()
 	x3 = ESIGN<SHA>::Verifier(x2);
 	x4 = x2.GetKey();
 }
 #endif
 void ESIGNFunction::BERDecode(BufferedTransformation &bt)
 {
--- a/esign.h
+++ b/esign.h
@ -45,7 +45,8 @@ public:
 	void SetPublicExponent(const Integer &e) {m_e = e;}
 protected:
-	unsigned int GetK() const {return m_n.BitCount()/3-1;}
+	// Covertiy finding on overflow. The library allows small values for research purposes.
 	unsigned int GetK() const {return SaturatingSubtract(m_n.BitCount()/3, 1U);}
 	Integer m_n, m_e;
 };
--- a/files.cpp
+++ b/files.cpp
@ -10,7 +10,7 @@
 NAMESPACE_BEGIN(CryptoPP)
-#ifndef NDEBUG
+#if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
 void Files_TestInstantiations()
 {
 	FileStore f0;
--- a/files.h
+++ b/files.h
@ -23,11 +23,11 @@ public:
 	class OpenErr : public Err {public: OpenErr(const std::string &filename) : Err("FileStore: error opening file for reading: " + filename) {}};
 	class ReadErr : public Err {public: ReadErr() : Err("FileStore: error reading file") {}};
-	FileStore() : m_stream(NULL) {}
+	FileStore() : m_stream(NULL), m_space(NULL), m_len(0), m_waiting(0) {}
-	FileStore(std::istream &in)
+	FileStore(std::istream &in) : m_stream(NULL), m_space(NULL), m_len(0), m_waiting(0)
 		{StoreInitialize(MakeParameters(Name::InputStreamPointer(), &in));}
-	FileStore(const char *filename)
+	FileStore(const char *filename) : m_stream(NULL), m_space(NULL), m_len(0), m_waiting(0)
-		{StoreInitialize(MakeParameters(Name::InputFileName(), filename));}
+		{StoreInitialize(MakeParameters(Name::InputFileName(), filename ? filename : ""));}
 #if defined(CRYPTOPP_UNIX_AVAILABLE) || _MSC_VER >= 1400
 	//! specify file with Unicode name. On non-Windows OS, this function assumes that setlocale() has been called.
 	FileStore(const wchar_t *filename)
--- a/filters.cpp
+++ b/filters.cpp
@ -18,10 +18,9 @@
 #include "fltrimpl.h"
 #include "argnames.h"
 #include "smartptr.h"
 #include "stdcpp.h"
 #include "misc.h"
 #include <functional>
 NAMESPACE_BEGIN(CryptoPP)
 Filter::Filter(BufferedTransformation *attachment)
@ -83,9 +82,12 @@ bool Filter::Flush(bool hardFlush, int propagation, bool blocking)
 	case 0:
 		if (IsolatedFlush(hardFlush, blocking))
 			return true;
 		// fall through
 	case 1:
 		if (OutputFlush(1, hardFlush, propagation, blocking))
 			return true;
 		// fall through
 	default: ;;
 	}
 	return false;
 }
@ -97,9 +99,12 @@ bool Filter::MessageSeriesEnd(int propagation, bool blocking)
 	case 0:
 		if (IsolatedMessageSeriesEnd(blocking))
 			return true;
 		// fall through
 	case 1:
 		if (ShouldPropagateMessageSeriesEnd() && OutputMessageSeriesEnd(1, propagation, blocking))
 			return true;
 		// fall through
 	default: ;;
 	}
 	return false;
 }
@ -434,7 +439,8 @@ size_t FilterWithBufferedInput::PutMaybeModifiable(byte *inString, size_t length
 		m_firstInputDone = false;
 		m_queue.ResetQueue(1, m_firstSize);
-		Output(1, NULL, 0, messageEnd, blocking);
+		// Cast to void to supress Coverity finding
 		(void)Output(1, NULL, 0, messageEnd, blocking);
 	}
 	return 0;
 }
@ -581,8 +587,8 @@ size_t ArrayXorSink::Put2(const byte *begin, size_t length, int messageEnd, bool
 // *************************************************************
 StreamTransformationFilter::StreamTransformationFilter(StreamTransformation &c, BufferedTransformation *attachment, BlockPaddingScheme padding, bool allowAuthenticatedSymmetricCipher)
-   : FilterWithBufferedInput(attachment)
+	: FilterWithBufferedInput(attachment)
-	, m_cipher(c)
+	, m_cipher(c), m_padding(DEFAULT_PADDING), m_optimalBufferSize(0)
 {
 	assert(c.MinLastBlockSize() == 0 || c.MinLastBlockSize() > c.MandatoryBlockSize());
@ -755,7 +761,8 @@ void StreamTransformationFilter::LastPut(const byte *inString, size_t length)
 // *************************************************************
 HashFilter::HashFilter(HashTransformation &hm, BufferedTransformation *attachment, bool putMessage, int truncatedDigestSize, const std::string &messagePutChannel, const std::string &hashPutChannel)
-	: m_hashModule(hm), m_putMessage(putMessage), m_messagePutChannel(messagePutChannel), m_hashPutChannel(hashPutChannel)
+	: m_hashModule(hm), m_putMessage(putMessage), m_digestSize(0), m_space(NULL)
 	, m_messagePutChannel(messagePutChannel), m_hashPutChannel(hashPutChannel)
 {
 	m_digestSize = truncatedDigestSize < 0 ? m_hashModule.DigestSize() : truncatedDigestSize;
 	Detach(attachment);
@ -790,7 +797,7 @@ size_t HashFilter::Put2(const byte *inString, size_t length, int messageEnd, boo
 HashVerificationFilter::HashVerificationFilter(HashTransformation &hm, BufferedTransformation *attachment, word32 flags, int truncatedDigestSize)
 	: FilterWithBufferedInput(attachment)
-	, m_hashModule(hm)
+	, m_hashModule(hm), m_flags(0), m_digestSize(0), m_verified(false)
 {
 	IsolatedInitialize(MakeParameters(Name::HashVerificationFilterFlags(), flags)(Name::TruncatedDigestSize(), truncatedDigestSize));
 }
@ -980,7 +987,7 @@ size_t SignerFilter::Put2(const byte *inString, size_t length, int messageEnd, b
 SignatureVerificationFilter::SignatureVerificationFilter(const PK_Verifier &verifier, BufferedTransformation *attachment, word32 flags)
 	: FilterWithBufferedInput(attachment)
-	, m_verifier(verifier)
+	, m_verifier(verifier), m_flags(0), m_verified(0)
 {
 	IsolatedInitialize(MakeParameters(Name::SignatureVerificationFilterFlags(), flags));
 }
--- a/filters.h
+++ b/filters.h
@ -1,3 +1,9 @@
 // filters.h - written and placed in the public domain by Wei Dai
 //! \file filters.h
 //! \brief Implementation of BufferedTransformation's attachment interface in cryptlib.h.
 //! \nosubgrouping
 #ifndef CRYPTOPP_FILTERS_H
 #define CRYPTOPP_FILTERS_H
@ -21,24 +27,55 @@
 NAMESPACE_BEGIN(CryptoPP)
-/// provides an implementation of BufferedTransformation's attachment interface
+//! \class Filter
 //! \brief Implementation of BufferedTransformation's attachment interface
 //! \details Filter is a cornerstone of the Pipeline trinitiy. Data flows from
 //!   Sources, through Filters, and then terminates in Sinks. The difference
 //!   between a Source and Filter is a Source \a pumps data, while a Filter does
 //!   not. The difference between a Filter and a Sink is a Filter allows an
 //!   attached transformation, while a Sink does not.
 //! \details See the discussion of BufferedTransformation in cryptlib.h for
 //!   more details.
 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Filter : public BufferedTransformation, public NotCopyable
 {
 public:
 	//! \brief Construct a Filter
 	//! \param attachment the filter's attached transformation
 	//! \details attachment can be \p NULL.
 	Filter(BufferedTransformation *attachment = NULL);
 	//! \brief Determine if attachable
 	//! \returns \p true if the object allows attached transformations, \p false otherwise.
 	//! \note Source and Filter offer attached transformations; while Sink does not.
 	bool Attachable() {return true;}
 	//! \brief Retrieve attached transformation
 	//! \returns pointer to a BufferedTransformation if there is an attached transformation, \p NULL otherwise.
 	BufferedTransformation *AttachedTransformation();
 	//! \brief Retrieve attached transformation
 	//! \returns pointer to a BufferedTransformation if there is an attached transformation, \p NULL otherwise.
 	const BufferedTransformation *AttachedTransformation() const;
 	//! \brief Replace an attached transformation
 	//! \param newAttachment pointer to a new BufferedTransformation
 	//! \details newAttachment cab ne a single filter, a chain of filters or \p NULL.
 	//!    Pass \p NULL to remove an existing BufferedTransformation or chain of filters
 	void Detach(BufferedTransformation *newAttachment = NULL);
 	// See the documentation for BufferedTransformation in cryptlib.h
 	size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true);
 	size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const;
 	// See the documentation for BufferedTransformation in cryptlib.h
 	void Initialize(const NameValuePairs &parameters=g_nullNameValuePairs, int propagation=-1);
 	bool Flush(bool hardFlush, int propagation=-1, bool blocking=true);
 	bool MessageSeriesEnd(int propagation=-1, bool blocking=true);
 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
 	virtual ~Filter() {}
 #endif
 protected:
 	virtual BufferedTransformation * NewDefaultAttachment() const;
 	void Insert(Filter *nextFilter);	// insert filter after this one
@ -48,10 +85,65 @@ protected:
 	void PropagateInitialize(const NameValuePairs &parameters, int propagation);
 	//! \brief Forward processed data on to attached transformation
 	//! \param outputSite unknown, system crash between keyboard and chair...
 	//! \param inString the byte buffer to process
 	//! \param length the size of the string, in bytes
 	//! \param messageEnd means how many filters to signal MessageEnd() to, including this one
 	//! \param blocking specifies whether the object should block when processing input
 	//! \param channel the channel to process the data
 	//! \returns 0 indicates all bytes were processed during the call. Non-0 indicates the
 	//!   number of bytes that were \a not processed.
 	size_t Output(int outputSite, const byte *inString, size_t length, int messageEnd, bool blocking, const std::string &channel=DEFAULT_CHANNEL);
 	//! \brief Output multiple bytes that may be modified by callee.
 	//! \param outputSite unknown, system crash between keyboard and chair...
 	//! \param inString the byte buffer to process
 	//! \param length the size of the string, in bytes
 	//! \param messageEnd means how many filters to signal MessageEnd() to, including this one
 	//! \param blocking specifies whether the object should block when processing input
 	//! \param channel the channel to process the data
 	//! \returns 0 indicates all bytes were processed during the call. Non-0 indicates the
 	//!   number of bytes that were \a not processed	
 	size_t OutputModifiable(int outputSite, byte *inString, size_t length, int messageEnd, bool blocking, const std::string &channel=DEFAULT_CHANNEL);
 	//! \brief Signals the end of messages to the object
 	//! \param outputSite unknown, system crash between keyboard and chair...
 	//! \param propagation the number of attached transformations the  MessageEnd() signal should be passed
 	//! \param blocking specifies whether the object should block when processing input
 	//! \param channel the channel to process the data
 	//! \details propagation count includes this object. Setting  propagation to <tt>1</tt> means this
 	//!   object only. Setting propagation to <tt>-1</tt> means unlimited propagation.
 	bool OutputMessageEnd(int outputSite, int propagation, bool blocking, const std::string &channel=DEFAULT_CHANNEL);
 	//! \brief Flush buffered input and/or output, with signal propagation
 	//! \param outputSite unknown, system crash between keyboard and chair...
 	//! \param hardFlush is used to indicate whether all data should be flushed
 	//! \param propagation the number of attached transformations the  Flush() signal should be passed
 	//! \param blocking specifies whether the object should block when processing input
 	//! \param channel the channel to process the data
 	//! \details propagation count includes this object. Setting  propagation to <tt>1</tt> means this
 	//!   object only. Setting  propagation to <tt>-1</tt> means unlimited propagation.
 	//! \note Hard flushes must be used with care. It means try to process and output everything, even if
 	//!   there may not be enough data to complete the action. For example, hard flushing a  HexDecoder
 	//!   would cause an error if you do it after inputing an odd number of hex encoded characters.
 	//! \note For some types of filters, like  ZlibDecompressor, hard flushes can only
 	//!   be done at "synchronization points". These synchronization points are positions in the data
 	//!   stream that are created by hard flushes on the corresponding reverse filters, in this
 	//!   example ZlibCompressor. This is useful when zlib compressed data is moved across a
 	//!   network in packets and compression state is preserved across packets, as in the SSH2 protocol.
 	bool OutputFlush(int outputSite, bool hardFlush, int propagation, bool blocking, const std::string &channel=DEFAULT_CHANNEL);
 	//! \brief Marks the end of a series of messages, with signal propagation
 	//! \param outputSite unknown, system crash between keyboard and chair...
 	//! \param propagation the number of attached transformations the  MessageSeriesEnd() signal should be passed
 	//! \param blocking specifies whether the object should block when processing input
 	//! \param channel the channel to process the data
 	//! \details Each object that receives the signal will perform its processing, decrement
 	//!    propagation, and then pass the signal on to attached transformations if the value is not 0.
 	//! \details propagation count includes this object. Setting  propagation to <tt>1</tt> means this
 	//!   object only. Setting  propagation to <tt>-1</tt> means unlimited propagation.
 	//! \note There should be a MessageEnd() immediately before MessageSeriesEnd().	
 	bool OutputMessageSeriesEnd(int outputSite, int propagation, bool blocking, const std::string &channel=DEFAULT_CHANNEL);
 private:
@ -62,6 +154,8 @@ protected:
 	int m_continueAt;
 };
 //! \struct FilterPutSpaceHelper
 struct CRYPTOPP_DLL FilterPutSpaceHelper
 {
 	// desiredSize is how much to ask target, bufferSize is how much to allocate in m_tempSpace
@ -112,7 +206,7 @@ public:
 	byte * CreatePutSpace(size_t &size)
 		{return AttachedTransformation()->CreatePutSpace(size);}
-	size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking);
+	size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking);
 	size_t PutModifiable2(byte *inString, size_t length, int messageEnd, bool blocking);
 	bool IsolatedMessageSeriesEnd(bool blocking);
@ -275,18 +369,35 @@ protected:
 	ByteQueue m_inQueue;
 };
 //! \struct BlockPaddingSchemeDef
 //! \details Padding schemes used for block ciphers.
 struct BlockPaddingSchemeDef
 {
-	enum BlockPaddingScheme {NO_PADDING, ZEROS_PADDING, PKCS_PADDING, ONE_AND_ZEROS_PADDING, DEFAULT_PADDING};
+	//! \enum BlockPaddingScheme
 	//! \details Padding schemes used for block ciphers.
 	//! \details DEFAULT_PADDING means PKCS_PADDING if <tt>cipher.MandatoryBlockSize() > 1 &&
 	//!   cipher.MinLastBlockSize() == 0</tt>, which holds for ECB or CBC mode. Otherwise,
 	//!   NO_PADDING for modes like OFB, CFB, CTR, CBC-CTS.
 	//! \sa <A HREF="http://www.weidai.com/scan-mirror/csp.html">Block Cipher Padding</A> for
 	//!   additional details.
 	enum BlockPaddingScheme {
 		//! \brief No padding added to a block
 		NO_PADDING,
 		//! \brief 0's padding added to a block
 		ZEROS_PADDING,
 		//! \brief PKCS #5 padding added to a block
 		PKCS_PADDING,
 		//! \brief 1 and 0's padding added to a block
 		ONE_AND_ZEROS_PADDING,
 		//! \brief Default padding acheme
 		DEFAULT_PADDING
 	};
 };
 //! Filter Wrapper for StreamTransformation, optionally handling padding/unpadding when needed
 class CRYPTOPP_DLL StreamTransformationFilter : public FilterWithBufferedInput, public BlockPaddingSchemeDef, private FilterPutSpaceHelper
 {
 public:
 	/*! DEFAULT_PADDING means PKCS_PADDING if c.MandatoryBlockSize() > 1 && c.MinLastBlockSize() == 0 (e.g. ECB or CBC mode),
 		otherwise NO_PADDING (OFB, CFB, CTR, CBC-CTS modes).
 		See http://www.weidai.com/scan-mirror/csp.html for details of the padding schemes. */
 	StreamTransformationFilter(StreamTransformation &c, BufferedTransformation *attachment = NULL, BlockPaddingScheme padding = DEFAULT_PADDING, bool allowAuthenticatedSymmetricCipher = false);
 	std::string AlgorithmName() const {return m_cipher.AlgorithmName();}
@ -317,7 +428,7 @@ public:
 	std::string AlgorithmName() const {return m_hashModule.AlgorithmName();}
 	void IsolatedInitialize(const NameValuePairs &parameters);
-	size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking);
+	size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking);
 	byte * CreatePutSpace(size_t &size) {return m_hashModule.CreateUpdateSpace(size);}
 private:
@ -415,7 +526,7 @@ public:
 	std::string AlgorithmName() const {return m_signer.AlgorithmName();}
 	void IsolatedInitialize(const NameValuePairs &parameters);
-	size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking);
+	size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking);
 private:
 	RandomNumberGenerator &m_rng;
@ -463,11 +574,17 @@ typedef SignatureVerificationFilter VerifierFilter;	// for backwards compatibili
 class CRYPTOPP_DLL Redirector : public CustomSignalPropagation<Sink>
 {
 public:
 	//! \brief Controls signal propagation behavior
 	enum Behavior
 	{
 		//! \brief Pass data only
 		DATA_ONLY = 0x00,
 		//! \brief Pass signals
 		PASS_SIGNALS = 0x01,
 		//! \brief Pass wait events
 		PASS_WAIT_OBJECTS = 0x02,
 		//! \brief Pass everything
 		//! \details PASS_EVERYTHING is default
 		PASS_EVERYTHING = PASS_SIGNALS | PASS_WAIT_OBJECTS
 	};
@ -491,8 +608,8 @@ public:
 	void Initialize(const NameValuePairs &parameters, int propagation);
 	byte * CreatePutSpace(size_t &size)
 		{return m_target ? m_target->CreatePutSpace(size) : (byte *)(size=0, NULL);}
-	size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking)
+	size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking)
-		{return m_target ? m_target->Put2(begin, length, GetPassSignals() ? messageEnd : 0, blocking) : 0;}
+		{return m_target ? m_target->Put2(inString, length, GetPassSignals() ? messageEnd : 0, blocking) : 0;}
 	bool Flush(bool hardFlush, int propagation=-1, bool blocking=true)
 		{return m_target && GetPassSignals() ? m_target->Flush(hardFlush, propagation, blocking) : false;}
 	bool MessageSeriesEnd(int propagation=-1, bool blocking=true)
@ -530,8 +647,8 @@ public:
 	byte * CreatePutSpace(size_t &size)
 		{return m_owner.AttachedTransformation()->CreatePutSpace(size);}
-	size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking)
+	size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking)
-		{return m_owner.AttachedTransformation()->Put2(begin, length, m_passSignal ? messageEnd : 0, blocking);}
+		{return m_owner.AttachedTransformation()->Put2(inString, length, m_passSignal ? messageEnd : 0, blocking);}
 	size_t PutModifiable2(byte *begin, size_t length, int messageEnd, bool blocking)
 		{return m_owner.AttachedTransformation()->PutModifiable2(begin, length, m_passSignal ? messageEnd : 0, blocking);}
 	void Initialize(const NameValuePairs &parameters=g_nullNameValuePairs, int propagation=-1)
@ -616,7 +733,7 @@ public:
 	void IsolatedInitialize(const NameValuePairs &parameters)
 		{if (!parameters.GetValue("OutputStringPointer", m_output)) throw InvalidArgument("StringSink: OutputStringPointer not specified");}
-	size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking)
+	size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking)
 	{
 		CRYPTOPP_UNUSED(messageEnd); CRYPTOPP_UNUSED(blocking);
 		if (length > 0)
@ -624,7 +741,7 @@ public:
 			typename T::size_type size = m_output->size();
 			if (length < size && size + length > m_output->capacity())
 				m_output->reserve(2*size);
-		m_output->append((const char_type *)begin, (const char_type *)begin+length);
+		m_output->append((const char_type *)inString, (const char_type *)inString+length);
 		}
 		return 0;
 	}
@ -648,7 +765,7 @@ public:
 		: m_rng(&rng) {}
 	void IsolatedInitialize(const NameValuePairs &parameters);
-	size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking);
+	size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking);
 private:
 	RandomNumberGenerator *m_rng;
@ -668,7 +785,7 @@ public:
 	void IsolatedInitialize(const NameValuePairs &parameters);
 	byte * CreatePutSpace(size_t &size);
-	size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking);
+	size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking);
 protected:
 	byte *m_buf;
@ -683,7 +800,7 @@ public:
 	ArrayXorSink(byte *buf, size_t size)
 		: ArraySink(buf, size) {}
-	size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking);
+	size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking);
 	byte * CreatePutSpace(size_t &size) {return BufferedTransformation::CreatePutSpace(size);}
 };
@ -750,13 +867,25 @@ private:
 	lword m_size;
 };
-//! A Filter that pumps data into its attachment as input
+//! \class Source
 //! \brief Implementation of BufferedTransformation's attachment interface
 //! \details Source is a cornerstone of the Pipeline trinitiy. Data flows from
 //!   Sources, through Filters, and then terminates in Sinks. The difference
 //!   between a Source and Filter is a Source \a pumps data, while a Filter does
 //!   not. The difference between a Filter and a Sink is a Filter allows an
 //!   attached transformation, while a Sink does not.
 //! \details See the discussion of BufferedTransformation in cryptlib.h for
 //!   more details.
 //! \sa Store and SourceTemplate
 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Source : public InputRejecting<Filter>
 {
 public:
 	Source(BufferedTransformation *attachment = NULL)
 		{Source::Detach(attachment);}
 	//!	\name PIPELINE
 	//@{
 	lword Pump(lword pumpMax=size_t(SIZE_MAX))
 		{Pump2(pumpMax); return pumpMax;}
 	unsigned int PumpMessages(unsigned int count=UINT_MAX)
@ -768,6 +897,12 @@ public:
 	virtual size_t PumpAll2(bool blocking=true);
 	virtual bool SourceExhausted() const =0;
 	//@}
 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
 	virtual ~Source() {}
 #endif
 protected:
 	void SourceInitialize(bool pumpAll, const NameValuePairs &parameters)
 	{
@ -777,7 +912,9 @@ protected:
 	}
 };
-//! Turn a Store into a Source
+//! \class SourceTemplate
 //! \brief Transform a Store into a Source
 //! \tparam T the class or type
 template <class T>
 class SourceTemplate : public Source
 {
@ -803,7 +940,8 @@ protected:
 	T m_store;
 };
-//! string-based implementation of Source interface
+//! \class SourceTemplate
 //! \brief String-based implementation of the Source interface
 class CRYPTOPP_DLL StringSource : public SourceTemplate<StringStore>
 {
 public:
--- a/fips140.h
+++ b/fips140.h
@ -1,46 +1,94 @@
 // fips140.h - written and placed in the public domain by Wei Dai
 //! \file fips140.h
 //! \brief Classes and functions for the FIPS 140-2 validated library
 //! \details The FIPS validated library is only available on Windows as a DLL. Once compiled,
 //!   the library is always in FIPS mode contingent upon successful execution of
 //!   DoPowerUpSelfTest() or DoDllPowerUpSelfTest().
 //! \sa <A HREF="http://cryptopp.com/wiki/Visual_Studio">Visual Studio</A> and
 //!   <A HREF="http://cryptopp.com/wiki/config.h">config.h</A> on the Crypto++ wiki.
 #ifndef CRYPTOPP_FIPS140_H
 #define CRYPTOPP_FIPS140_H
 /*! \file
 	FIPS 140 related functions and classes.
 */
 #include "cryptlib.h"
 #include "secblock.h"
 NAMESPACE_BEGIN(CryptoPP)
-//! exception thrown when a crypto algorithm is used after a self test fails
+//! \class SelfTestFailure
 //! Exception thrown when a crypto algorithm is used after a self test fails
 //! \details The self tests for an algorithm are performed by Algortihm class
 //!   when CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 is defined.
 class CRYPTOPP_DLL SelfTestFailure : public Exception
 {
 public:
 	explicit SelfTestFailure(const std::string &s) : Exception(OTHER_ERROR, s) {}
 };
-//! returns whether FIPS 140-2 compliance features were enabled at compile time
+//! \brief Determines whether the library provides FIPS validated cryptography
 //! \returns true if FIPS 140-2 validated features were enabled at compile time.
 //! \details true if FIPS 140-2 validated features were enabled at compile time,
 //!   false otherwise.
 //! \note FIPS mode is enabled at compile time. A program or other module cannot
 //!   arbitrarily enter or exit the mode.
 CRYPTOPP_DLL bool CRYPTOPP_API FIPS_140_2_ComplianceEnabled();
-//! enum values representing status of the power-up self test
+//! \brief Status of the power-up self test
-enum PowerUpSelfTestStatus {POWER_UP_SELF_TEST_NOT_DONE, POWER_UP_SELF_TEST_FAILED, POWER_UP_SELF_TEST_PASSED};
+enum PowerUpSelfTestStatus {
-//! perform the power-up self test, and set the self test status
+	//! \brief The self tests have not been performed.
 	POWER_UP_SELF_TEST_NOT_DONE,
 	//! \brief The self tests were executed via DoPowerUpSelfTest() or
 	//!   DoDllPowerUpSelfTest(), but the result was failure.
 	POWER_UP_SELF_TEST_FAILED,
 	//! \brief The self tests were executed via DoPowerUpSelfTest() or
 	//!   DoDllPowerUpSelfTest(), and the result was success.
 	POWER_UP_SELF_TEST_PASSED
 };
 //! \brief Performs the power-up self test
 //! \param moduleFilename the fully qualified name of the module
 //! \param expectedModuleMac the expected MAC of the components protected by the integrity check
 //! \details Performs the power-up self test, and sets the self test status to
 //!   POWER_UP_SELF_TEST_PASSED or POWER_UP_SELF_TEST_FAILED.
 //! \details The self tests for an algorithm are performed by the Algortihm class
 //!   when CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 is defined.
 CRYPTOPP_DLL void CRYPTOPP_API DoPowerUpSelfTest(const char *moduleFilename, const byte *expectedModuleMac);
-//! perform the power-up self test using the filename of this DLL and the embedded module MAC
+//! \brief Performs the power-up self test on the DLL
 //! \details Performs the power-up self test using the filename of this DLL and the
 //!   embedded module MAC, and sets the self test status to POWER_UP_SELF_TEST_PASSED or
 //!   POWER_UP_SELF_TEST_FAILED.
 //! \details The self tests for an algorithm are performed by the Algortihm class
 //!   when CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 is defined.
 CRYPTOPP_DLL void CRYPTOPP_API DoDllPowerUpSelfTest();
-//! set the power-up self test status to POWER_UP_SELF_TEST_FAILED
+//! \brief Sets the power-up self test status to POWER_UP_SELF_TEST_FAILED
 //! \details Sets the power-up self test status to POWER_UP_SELF_TEST_FAILED to simulate failure.
 CRYPTOPP_DLL void CRYPTOPP_API SimulatePowerUpSelfTestFailure();
-//! return the current power-up self test status
+//! \brief Provides the current power-up self test status
 //! \returns the current power-up self test status
 CRYPTOPP_DLL PowerUpSelfTestStatus CRYPTOPP_API GetPowerUpSelfTestStatus();
 #ifndef CRYPTOPP_DOXYGEN_PROCESSING
 typedef PowerUpSelfTestStatus (CRYPTOPP_API * PGetPowerUpSelfTestStatus)();
 #endif
 //! \brief Class object that calculates the MAC on the module
 //! \returns the MAC for the module
 CRYPTOPP_DLL MessageAuthenticationCode * CRYPTOPP_API NewIntegrityCheckingMAC();
 //! \brief Verifies the MAC on the module
 //! \param moduleFilename the fully qualified name of the module
 //! \param expectedModuleMac the expected MAC of the components protected by the integrity check
 //! \param pActualMac the actual MAC of the components calculated by the integrity check
 //! \param pMacFileLocation the offest of the MAC in the PE/PE+ module
 //! \returns true if the MAC is valid, false otherwise
 CRYPTOPP_DLL bool CRYPTOPP_API IntegrityCheckModule(const char *moduleFilename, const byte *expectedModuleMac, SecByteBlock *pActualMac = NULL, unsigned long *pMacFileLocation = NULL);
 #ifndef CRYPTOPP_DOXYGEN_PROCESSING
 // this is used by Algorithm constructor to allow Algorithm objects to be constructed for the self test
 bool PowerUpSelfTestInProgressOnThisThread();
@ -51,7 +99,13 @@ void EncryptionPairwiseConsistencyTest(const PK_Encryptor &encryptor, const PK_D
 void SignaturePairwiseConsistencyTest_FIPS_140_Only(const PK_Signer &signer, const PK_Verifier &verifier);
 void EncryptionPairwiseConsistencyTest_FIPS_140_Only(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor);
 #endif
 //! \brief The placeholder used prior to embedding the actual MAC in the module.
 //! \details After the DLL is built but before it is MAC'd, the string CRYPTOPP_DUMMY_DLL_MAC
 //!   is used as a placeholder for the actual MAC. A post-build step is performed which calculates
 //!   the MAC of the DLL and embeds it in the module. The actual MAC is written by the
 //!   <tt>cryptest.exe</tt> program using the <tt>mac_dll</tt> subcommand.
 #define CRYPTOPP_DUMMY_DLL_MAC "MAC_51f34b8db820ae8"
 NAMESPACE_END
--- a/gcm.cpp
+++ b/gcm.cpp
@ -145,7 +145,8 @@ void GCM_Base::SetKeyWithoutResync(const byte *userKey, size_t keylength, const
 #if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE
 	if (HasCLMUL())
 	{
-		params.GetIntValue(Name::TableSize(), tableSize);	// avoid "parameter not used" error
+		// Avoid "parameter not used" error and suppress Coverity finding
 		(void)params.GetIntValue(Name::TableSize(), tableSize);
 		tableSize = s_clmulTableSizeInBlocks * REQUIRED_BLOCKSIZE;
 	}
 	else
@ -579,7 +580,7 @@ size_t GCM_Base::AuthenticateBlocks(const byte *data, size_t len)
 		#ifdef __GNUC__
 			__asm__ __volatile__
 			(
-			".intel_syntax noprefix;"
+			INTEL_NOPREFIX
 		#elif defined(CRYPTOPP_GENERATE_X64_MASM)
 			ALIGN   8
 			GCM_AuthenticateBlocks_2K	PROC FRAME
@ -683,7 +684,13 @@ size_t GCM_Base::AuthenticateBlocks(const byte *data, size_t len)
 		AS2(	pxor	xmm5, xmm2						)
 		AS2(	psrldq	xmm0, 15						)
-		AS2(	movd	WORD_REG(di), xmm0					)
+#if (CRYPTOPP_CLANG_VERSION >= 30600) || (CRYPTOPP_APPLE_CLANG_VERSION >= 70000)
 		AS2(	movd	edi, xmm0						)
 #elif defined(CRYPTOPP_CLANG_VERSION) || defined(CRYPTOPP_APPLE_CLANG_VERSION)
 		AS2(	mov		WORD_REG(di), xmm0				)
 #else	// GNU Assembler
 		AS2(	movd	WORD_REG(di), xmm0				)
 #endif
 		AS2(	movzx	eax, WORD PTR [RED_TABLE + WORD_REG(di)*2]	)
 		AS2(	shl		eax, 8							)
@ -692,21 +699,33 @@ size_t GCM_Base::AuthenticateBlocks(const byte *data, size_t len)
 		AS2(	pxor	xmm4, xmm5						)
 		AS2(	psrldq	xmm1, 15						)
-		AS2(	movd	WORD_REG(di), xmm1					)
+#if (CRYPTOPP_CLANG_VERSION >= 30600) || (CRYPTOPP_APPLE_CLANG_VERSION >= 70000)
 		AS2(	movd	edi, xmm1						)
 #elif defined(CRYPTOPP_CLANG_VERSION) || defined(CRYPTOPP_APPLE_CLANG_VERSION)
 		AS2(	mov		WORD_REG(di), xmm1				)
 #else
 		AS2(	movd	WORD_REG(di), xmm1				)
 #endif
 		AS2(	xor		ax, WORD PTR [RED_TABLE + WORD_REG(di)*2]	)
 		AS2(	shl		eax, 8							)
 		AS2(	psrldq	xmm0, 15						)
-		AS2(	movd	WORD_REG(di), xmm0					)
+#if (CRYPTOPP_CLANG_VERSION >= 30600) || (CRYPTOPP_APPLE_CLANG_VERSION >= 70000)
 		AS2(	movd	edi, xmm0						)	
 #elif defined(CRYPTOPP_CLANG_VERSION) || defined(CRYPTOPP_APPLE_CLANG_VERSION)		
 		AS2(	mov		WORD_REG(di), xmm0				)
 #else
 		AS2(	movd	WORD_REG(di), xmm0				)
 #endif
 		AS2(	xor		ax, WORD PTR [RED_TABLE + WORD_REG(di)*2]	)
 		AS2(	movd	xmm0, eax						)
 		AS2(	pxor	xmm0, xmm4						)
-		AS2(	add		WORD_REG(cx), 16					)
+		AS2(	add		WORD_REG(cx), 16				)
-		AS2(	sub		WORD_REG(dx), 1						)
+		AS2(	sub		WORD_REG(dx), 1					)
 		ASJ(	jnz,	0, b							)
-		AS2(	movdqa	[WORD_REG(si)], xmm0				)
+		AS2(	movdqa	[WORD_REG(si)], xmm0			)
 		#if CRYPTOPP_BOOL_X32
 			AS1(pop		rbp)
@ -717,7 +736,7 @@ size_t GCM_Base::AuthenticateBlocks(const byte *data, size_t len)
 		#endif
 		#ifdef __GNUC__
-				".att_syntax prefix;"
+				ATT_PREFIX
 					: 
 					: "c" (data), "d" (len/16), "S" (hashBuffer), "D" (s_reductionTable)
 					: "memory", "cc", "%eax"
@ -740,7 +759,7 @@ size_t GCM_Base::AuthenticateBlocks(const byte *data, size_t len)
 		#ifdef __GNUC__
 			__asm__ __volatile__
 			(
-			".intel_syntax noprefix;"
+			INTEL_NOPREFIX
 		#elif defined(CRYPTOPP_GENERATE_X64_MASM)
 			ALIGN   8
 			GCM_AuthenticateBlocks_64K	PROC FRAME
@ -794,7 +813,7 @@ size_t GCM_Base::AuthenticateBlocks(const byte *data, size_t len)
 		AS2(	movdqa	[WORD_REG(si)], xmm0				)
 		#ifdef __GNUC__
-				".att_syntax prefix;"
+				ATT_PREFIX
 					: 
 					: "c" (data), "d" (len/16), "S" (hashBuffer)
 					: "memory", "cc", "%edi", "%eax"
--- a/gcm.h
+++ b/gcm.h
@ -1,3 +1,9 @@
 // gcm.h - written and placed in the public domain by Wei Dai
 //! \file
 //! \headerfile gcm.h
 //! \brief GCM block cipher mode of operation
 #ifndef CRYPTOPP_GCM_H
 #define CRYPTOPP_GCM_H
@ -6,10 +12,13 @@
 NAMESPACE_BEGIN(CryptoPP)
-//! .
+//! \enum GCM_TablesOption
 //! \brief Use either 2K or 64K size tables.
 enum GCM_TablesOption {GCM_2K_Tables, GCM_64K_Tables};
-//! .
+//! \class GCM_Base
 //! \brief CCM block cipher mode of operation.
 //! \details Implementations and overrides in \p GCM_Base apply to both \p ENCRYPTION and \p DECRYPTION directions
 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE GCM_Base : public AuthenticatedSymmetricCipherBase
 {
 public:
@ -77,7 +86,14 @@ protected:
 	enum {REQUIRED_BLOCKSIZE = 16, HASH_BLOCKSIZE = 16};
 };
-//! .
+//! \class GCM_Final
 //! \brief Class specific methods used to operate the cipher.
 //! \tparam T_BlockCipher block cipher
 //! \tparam T_TablesOption table size, either \p GCM_2K_Tables or \p GCM_64K_Tables
 //! \tparam T_IsEncryption direction in which to operate the cipher
 //! \details Implementations and overrides in \p GCM_Final apply to either
 //!   \p ENCRYPTION or \p DECRYPTION, depending on the template parameter \p T_IsEncryption.
 //! \details \p GCM_Final does not use inner classes \p Enc and \p Dec.
 template <class T_BlockCipher, GCM_TablesOption T_TablesOption, bool T_IsEncryption>
 class GCM_Final : public GCM_Base
 {
@ -93,7 +109,12 @@ private:
 	typename T_BlockCipher::Encryption m_cipher;
 };
-//! <a href="http://www.cryptolounge.org/wiki/GCM">GCM</a>
+//! \class GCM
 //! \brief The GCM mode of operation
 //! \tparam T_BlockCipher block cipher
 //! \tparam T_TablesOption table size, either \p GCM_2K_Tables or \p GCM_64K_Tables
 //! \details \p GCM provides the \p Encryption and \p Decryption typedef.
 //! \sa <a href="http://www.cryptolounge.org/wiki/GCM">GCM</a> at the Crypto Lounge
 template <class T_BlockCipher, GCM_TablesOption T_TablesOption=GCM_2K_Tables>
 struct GCM : public AuthenticatedSymmetricCipherDocumentation
 {
--- a/gf2n.cpp
+++ b/gf2n.cpp
@ -7,10 +7,11 @@
 #include "cryptlib.h"
 #include "algebra.h"
 #include "words.h"
 #include "randpool.h"
 #include "filters.h"
 #include "smartptr.h"
 #include "words.h"
 #include "misc.h"
 #include "gf2n.h"
 #include "asn.h"
 #include "oids.h"
@ -324,6 +325,11 @@ PolynomialMod2 PolynomialMod2::Modulo(const PolynomialMod2 &b) const
 PolynomialMod2& PolynomialMod2::operator<<=(unsigned int n)
 {
 #if !defined(NDEBUG)
 	int x; CRYPTOPP_UNUSED(x);
 	assert(SafeConvert(n,x));
 #endif
 	if (!reg.size())
 		return *this;
@ -352,8 +358,8 @@ PolynomialMod2& PolynomialMod2::operator<<=(unsigned int n)
 		return *this;
 	}
-	int shiftWords = n / WORD_BITS;
+	const int shiftWords = n / WORD_BITS;
-	int shiftBits = n % WORD_BITS;
+	const int shiftBits = n % WORD_BITS;
 	if (shiftBits)
 	{
@ -369,8 +375,10 @@ PolynomialMod2& PolynomialMod2::operator<<=(unsigned int n)
 	if (carry)
 	{
-		reg.Grow(reg.size()+shiftWords+1);
+		// Thanks to Apatryda, http://github.com/weidai11/cryptopp/issues/64
-		reg[reg.size()-1] = carry;
+		const size_t carryIndex = reg.size();
 		reg.Grow(reg.size()+shiftWords+!!shiftBits);
 		reg[carryIndex] = carry;
 	}
 	else
 		reg.Grow(reg.size()+shiftWords);
@ -677,6 +685,8 @@ const GF2NT::Element& GF2NT::MultiplicativeInverse(const Element &a) const
 			b[i] = b[i+1];
 		b[BitsToWords(m)-1] = 0;
 		// TODO: the shift by "t1+j" (64-bits) is being flagged as potential UB
 		//   temp ^= ((temp >> j) & 1) << ((t1 + j) & (sizeof(temp)*8-1));
 		if (t1 < WORD_BITS)
 			for (unsigned int j=0; j<WORD_BITS-t1; j++)
 				temp ^= ((temp >> j) & 1) << (t1 + j);
@ -703,10 +713,18 @@ const GF2NT::Element& GF2NT::MultiplicativeInverse(const Element &a) const
 		ShiftWordsRightByBits(b, BitsToWords(m), k);
 		if (t1 < WORD_BITS)
 		{
 			for (unsigned int j=0; j<WORD_BITS-t1; j++)
 			{
 				// Coverity finding on shift amount of 'word x << (t1+j)'.
 				assert(t1+j < WORD_BITS);
 				temp ^= ((temp >> j) & 1) << (t1 + j);
 			}
 		}
 		else
 		{
 			b[t1/WORD_BITS-1] ^= temp << t1%WORD_BITS;
 		}
 		if (t1 % WORD_BITS)
 			b[t1/WORD_BITS] ^= temp >> (WORD_BITS - t1%WORD_BITS);
--- a/gf2n.h
+++ b/gf2n.h
@ -112,7 +112,7 @@ public:
 		byte GetByte(size_t n) const;
 		//! the zero polynomial will return a degree of -1
-		signed int Degree() const {return BitCount()-1;}
+		signed int Degree() const {return (signed int)(BitCount()-1U);}
 		//! degree + 1
 		unsigned int CoefficientCount() const {return BitCount();}
 		//! return coefficient for x^i
--- a/gfpcrypt.cpp
+++ b/gfpcrypt.cpp
@ -11,14 +11,16 @@
 #ifndef CRYPTOPP_IMPORTS
 #include "gfpcrypt.h"
 #include "integer.h"
 #include "nbtheory.h"
 #include "modarith.h"
 #include "integer.h"
 #include "asn.h"
 #include "oids.h"
 #include "misc.h"
 NAMESPACE_BEGIN(CryptoPP)
 #if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
 void TestInstantiations_gfpcrypt()
 {
 	GDSA<SHA>::Signer test;
@ -30,6 +32,7 @@ void TestInstantiations_gfpcrypt()
 	DLIES<>::Encryptor test6;
 	DLIES<>::Decryptor test7;
 }
 #endif
 void DL_GroupParameters_DSA::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg)
 {
--- a/gfpcrypt.h
+++ b/gfpcrypt.h
@ -524,7 +524,9 @@ public:
 		ConstByteArrayParameter encodingParameters;
 		parameters.GetValue(Name::EncodingParameters(), encodingParameters);
-		xorbuf(ciphertext, plaintext, cipherKey, plaintextLength);
+		if (plaintextLength)	// Coverity finding
 			xorbuf(ciphertext, plaintext, cipherKey, plaintextLength);
 		MAC mac(macKey);
 		mac.Update(ciphertext, plaintextLength);
 		mac.Update(encodingParameters.begin(), encodingParameters.size());
@ -566,7 +568,9 @@ public:
 		if (!mac.Verify(ciphertext + plaintextLength))
 			return DecodingResult();
-		xorbuf(plaintext, ciphertext, cipherKey, plaintextLength);
+		if (plaintextLength)	// Coverity finding
 			xorbuf(plaintext, ciphertext, cipherKey, plaintextLength);
 		return DecodingResult(plaintextLength);
 	}
--- a/gost.h
+++ b/gost.h
@ -1,9 +1,11 @@
 // gost.h - written and placed in the public domain by Wei Dai
 //! \file gost.h
 //! \brief Classes for the GIST block cipher
 #ifndef CRYPTOPP_GOST_H
 #define CRYPTOPP_GOST_H
 /** \file
 */
 #include "seckey.h"
 #include "secblock.h"
--- a/gzip.cpp
+++ b/gzip.cpp
@ -37,7 +37,7 @@ void Gzip::WritePoststreamTail()
 // *************************************************************
 Gunzip::Gunzip(BufferedTransformation *attachment, bool repeat, int propagation)
-	: Inflator(attachment, repeat, propagation)
+	: Inflator(attachment, repeat, propagation), m_length(0)
 {
 }
--- a/gzip.h
+++ b/gzip.h
@ -13,9 +13,9 @@ class Gzip : public Deflator
 {
 public:
 	Gzip(BufferedTransformation *attachment=NULL, unsigned int deflateLevel=DEFAULT_DEFLATE_LEVEL, unsigned int log2WindowSize=DEFAULT_LOG2_WINDOW_SIZE, bool detectUncompressible=true)
-		: Deflator(attachment, deflateLevel, log2WindowSize, detectUncompressible) {}
+		: Deflator(attachment, deflateLevel, log2WindowSize, detectUncompressible), m_totalLen(0) {}
 	Gzip(const NameValuePairs &parameters, BufferedTransformation *attachment=NULL)
-		: Deflator(parameters, attachment) {}
+		: Deflator(parameters, attachment), m_totalLen(0) {}
 protected:
 	enum {MAGIC1=0x1f, MAGIC2=0x8b,   // flags for the header
--- a/hex.h
+++ b/hex.h
@ -1,3 +1,8 @@
 // hex.h - written and placed in the public domain by Wei Dai
 //! \file
 //! \brief Classes for HexEncoder and HexDecoder
 #ifndef CRYPTOPP_HEX_H
 #define CRYPTOPP_HEX_H
--- a/hmac.h
+++ b/hmac.h
@ -1,5 +1,8 @@
 // hmac.h - written and placed in the public domain by Wei Dai
 //! \file
 //! \brief Classes for HMAC message authentication codes
 #ifndef CRYPTOPP_HMAC_H
 #define CRYPTOPP_HMAC_H
--- a/hrtimer.h
+++ b/hrtimer.h
@ -19,7 +19,9 @@ class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TimerBase
 {
 public:
 	enum Unit {SECONDS = 0, MILLISECONDS, MICROSECONDS, NANOSECONDS};
-	TimerBase(Unit unit, bool stuckAtZero)	: m_timerUnit(unit), m_stuckAtZero(stuckAtZero), m_started(false) {}
+	TimerBase(Unit unit, bool stuckAtZero)
 		: m_timerUnit(unit), m_stuckAtZero(stuckAtZero), m_started(false)
 		, m_start(0), m_last(0) {}
 	virtual TimerWord GetCurrentTimerValue() =0;	// GetCurrentTime is a macro in MSVC 6.0
 	virtual TimerWord TicksPerSecond() =0;	// this is not the resolution, just a conversion factor into seconds
--- a/ida.h
+++ b/ida.h
@ -1,3 +1,8 @@
 // ida.h - written and placed in the public domain by Wei Dai
 //! \file ida.h
 //! \brief Classes for Information Dispersal Algorithm (IDA)
 #ifndef CRYPTOPP_IDA_H
 #define CRYPTOPP_IDA_H
@ -6,11 +11,9 @@
 #include "filters.h"
 #include "channels.h"
 #include "secblock.h"
 #include "stdcpp.h"
 #include "misc.h"
 #include <map>
 #include <vector>
 NAMESPACE_BEGIN(CryptoPP)
 /// base class for secret sharing and information dispersal
@ -18,7 +21,8 @@ class RawIDA : public AutoSignaling<Unflushable<Multichannel<Filter> > >
 {
 public:
 	RawIDA(BufferedTransformation *attachment=NULL)
-		{Detach(attachment);}
+		: m_threshold (0), m_channelsReady(0), m_channelsFinished(0)
 			{Detach(attachment);}
 	unsigned int GetThreshold() const {return m_threshold;}
 	void AddOutputChannel(word32 channelId);
@ -100,7 +104,7 @@ class InformationDispersal : public CustomFlushPropagation<Filter>
 {
 public:
 	InformationDispersal(int threshold, int nShares, BufferedTransformation *attachment=NULL, bool addPadding=true)
-		: m_ida(new OutputProxy(*this, true))
+		: m_ida(new OutputProxy(*this, true)), m_pad(false), m_nextChannel(0)
 	{
 		Detach(attachment);
 		IsolatedInitialize(MakeParameters("RecoveryThreshold", threshold)("NumberOfShares", nShares)("AddPadding", addPadding));
@ -121,7 +125,7 @@ class InformationRecovery : public RawIDA
 {
 public:
 	InformationRecovery(int threshold, BufferedTransformation *attachment=NULL, bool removePadding=true)
-		: RawIDA(attachment)
+		: RawIDA(attachment), m_pad(false)
 		{IsolatedInitialize(MakeParameters("RecoveryThreshold", threshold)("RemovePadding", removePadding));}
 	void IsolatedInitialize(const NameValuePairs &parameters=g_nullNameValuePairs);
@ -138,7 +142,7 @@ class PaddingRemover : public Unflushable<Filter>
 {
 public:
 	PaddingRemover(BufferedTransformation *attachment=NULL)
-		: m_possiblePadding(false) {Detach(attachment);}
+		: m_possiblePadding(false), m_zeroCount(0) {Detach(attachment);}
 	void IsolatedInitialize(const NameValuePairs &parameters)
 		{CRYPTOPP_UNUSED(parameters); m_possiblePadding = false;}
--- a/idea.h
+++ b/idea.h
@ -1,9 +1,11 @@
 // idea.h - written and placed in the public domain by Wei Dai
 //! \file idea.h
 //! \brief Classes for the IDEA block cipher
 #ifndef CRYPTOPP_IDEA_H
 #define CRYPTOPP_IDEA_H
 /** \file
 */
 #include "seckey.h"
 #include "secblock.h"
--- a/integer.cpp
+++ b/integer.cpp
@ -19,12 +19,12 @@
 #include "secblock.h"
 #include "modarith.h"
 #include "nbtheory.h"
 #include "filters.h"
 #include "smartptr.h"
 #include "algparam.h"
 #include "filters.h"
 #include "asn.h"
 #include "oids.h"
 #include "words.h"
 #include "algparam.h"
 #include "pubkey.h"		// for P1363_KDF2
 #include "sha.h"
 #include "cpu.h"
@ -44,24 +44,42 @@
 	#pragma message("You do not seem to have the Visual C++ Processor Pack installed, so use of SSE2 instructions will be disabled.")
 #endif
-#define CRYPTOPP_INTEGER_SSE2 (CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && (CRYPTOPP_BOOL_X86 || (CRYPTOPP_BOOL_X32 && !defined(CRYPTOPP_DISABLE_INTEGER_ASM))))
+// "Inline assembly operands don't work with .intel_syntax",
 //   http://llvm.org/bugs/show_bug.cgi?id=24232
 #if CRYPTOPP_BOOL_X32 || defined(CRYPTOPP_DISABLE_INTEL_ASM)
 # undef CRYPTOPP_X86_ASM_AVAILABLE
 # undef CRYPTOPP_X32_ASM_AVAILABLE
 # undef CRYPTOPP_X64_ASM_AVAILABLE
 # undef CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
 # undef CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE
 # define CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE 0
 # define CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE 0
 #else
 # define CRYPTOPP_INTEGER_SSE2 (CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86)
 #endif
 NAMESPACE_BEGIN(CryptoPP)
-// Debian QEMU/ARMEL issue in MultiplyTop; see https://github.com/weidai11/cryptopp/issues/31.
+// Debian QEMU/ARMEL issue in MultiplyTop; see http://github.com/weidai11/cryptopp/issues/31.
 // The symptoms speak to undefined behavior, but we have not been able to locate it. It could
 // also be a compiler or linker issue (very possible because it only surfaces for ARMEL and
 // GCC 5.2, and not other Debian cross-compilers, like ARM64 and ARMHF).
 // TODO: revisit this in the future
 #if __ARMEL__ && (CRYPTOPP_GCC_VERSION >= 50200) && (CRYPTOPP_GCC_VERSION < 50300) && __OPTIMIZE__
 # define WORKAROUND_ARMEL_BUG 1
 #endif
 // Debian QEMU/ARM64 issue in Integer or ModularArithmetic; see http://github.com/weidai11/cryptopp/issues/61.
 #if (__aarch64__ || __AARCH64EL__) && (CRYPTOPP_GCC_VERSION >= 50200) && (CRYPTOPP_GCC_VERSION < 50300)
 # define WORKAROUND_ARM64_BUG 1
 #endif
 #if WORKAROUND_ARMEL_BUG
 # pragma GCC push_options
 # pragma GCC optimize("O1")
 #endif
 #if WORKAROUND_ARM64_BUG
 # pragma GCC push_options
 # pragma GCC optimize("no-devirtualize")
 #endif
 bool AssignIntToInteger(const std::type_info &valueType, void *pInteger, const void *pInt)
 {
 	if (valueType != typeid(Integer))
@ -197,13 +215,20 @@ static word AtomicInverseModPower2(word A)
 class DWord
 {
 public:
 	// Converity finding on default ctor. We've isntrumented the code,
 	//   and cannot uncover a case where it affects a result.
 #if (defined(__COVERITY__) || !defined(NDEBUG)) && defined(CRYPTOPP_NATIVE_DWORD_AVAILABLE)
 	// Repeating pattern of 1010 for debug builds to break things...
 	DWord() : m_whole(0) {memset(&m_whole, 0xa, sizeof(m_whole));}
 #elif (defined(__COVERITY__) || !defined(NDEBUG)) && !defined(CRYPTOPP_NATIVE_DWORD_AVAILABLE)
 	// Repeating pattern of 1010 for debug builds to break things...
 	DWord() : m_halfs() {memset(&m_halfs, 0xa, sizeof(m_halfs));}
 #else
 	DWord() {}
 #endif
 #ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE
-	explicit DWord(word low)
+	explicit DWord(word low) : m_whole(low) {}
 	{
 		m_whole = low;
 	}
 #else
 	explicit DWord(word low)
 	{
@ -225,6 +250,8 @@ public:
 			r.m_whole = (dword)a * b;
 		#elif defined(MultiplyWordsLoHi)
 			MultiplyWordsLoHi(r.m_halfs.low, r.m_halfs.high, a, b);
 		#else
 			assert(0);
 		#endif
 		return r;
 	}
@ -322,17 +349,19 @@ private:
 class Word
 {
 public:
 	// Converity finding on default ctor. We've isntrumented the code,
 	//   and cannot uncover a case where it affects a result.
 #if defined(__COVERITY__)
 	Word() : m_whole(0) {}
 #elif !defined(NDEBUG)
 	// Repeating pattern of 1010 for debug builds to break things...
 	Word() : m_whole(0) {memset(&m_whole, 0xa, sizeof(m_whole));}
 #else
 	Word() {}
 #endif
-	Word(word value)
+	Word(word value) : m_whole(value) {}
-	{
+	Word(hword low, hword high) : m_whole(low | (word(high) << (WORD_BITS/2))) {}
 		m_whole = value;
 	}
 	Word(hword low, hword high)
 	{
 		m_whole = low | (word(high) << (WORD_BITS/2));
 	}
 	static Word Multiply(hword a, hword b)
 	{
@ -469,13 +498,13 @@ inline word DWord::operator%(word a)
 // ********************************************************
-// use some tricks to share assembly code between MSVC and GCC
+// Use some tricks to share assembly code between MSVC and GCC
 #if defined(__GNUC__)
 	#define AddPrologue \
 		int result;	\
 		__asm__ __volatile__ \
 		( \
-			".intel_syntax noprefix;"
+			INTEL_NOPREFIX
 	#define AddEpilogue \
 			".att_syntax prefix;" \
 					: "=a" (result)\
@ -563,7 +592,7 @@ int Baseline_Add(size_t N, word *C, const word *A, const word *B)
 	word result;
 	__asm__ __volatile__
 	(
-	".intel_syntax;"
+	INTEL_NOPREFIX
 	AS1(	neg		%1)
 	ASJ(	jz,		1, f)
 	AS2(	mov		%0,[%3+8*%1])
@ -582,7 +611,7 @@ int Baseline_Add(size_t N, word *C, const word *A, const word *B)
 	ASL(1)
 	AS2(	mov		%0, 0)
 	AS2(	adc		%0, %0)
-	".att_syntax;"
+	ATT_NOPREFIX
 	: "=&r" (result), "+c" (N)
 	: "r" (C+N), "r" (A+N), "r" (B+N)
 	: "memory", "cc"
@ -595,7 +624,7 @@ int Baseline_Sub(size_t N, word *C, const word *A, const word *B)
 	word result;
 	__asm__ __volatile__
 	(
-	".intel_syntax;"
+	INTEL_NOPREFIX
 	AS1(	neg		%1)
 	ASJ(	jz,		1, f)
 	AS2(	mov		%0,[%3+8*%1])
@ -614,7 +643,7 @@ int Baseline_Sub(size_t N, word *C, const word *A, const word *B)
 	ASL(1)
 	AS2(	mov		%0, 0)
 	AS2(	adc		%0, %0)
-	".att_syntax;"
+	ATT_NOPREFIX
 	: "=&r" (result), "+c" (N)
 	: "r" (C+N), "r" (A+N), "r" (B+N)
 	: "memory", "cc"
@ -3446,8 +3475,8 @@ std::ostream& operator<<(std::ostream& out, const Integer &a)
 	static const char lower[]="0123456789abcdef";
 	const char* vec = (out.flags() & std::ios::uppercase) ? upper : lower;
-	unsigned i=0;
+	unsigned int i=0;
-	SecBlock<char> s(a.BitCount() / (BitPrecision(base)-1) + 1);
+	SecBlock<char> s(a.BitCount() / (SaturatingSubtract1(BitPrecision(base),1U)) + 1);
 	while (!!temp1)
 	{
@ -3463,6 +3492,7 @@ std::ostream& operator<<(std::ostream& out, const Integer &a)
 //		if (i && !(i%block))
 //			out << ",";
 	}
 	return out << suffix;
 }
@ -4271,10 +4301,104 @@ const Integer& MontgomeryRepresentation::MultiplicativeInverse(const Integer &a)
 	return m_result;
 }
 // Specialization declared in misc.h to allow us to print integers
 //  with additional control options, like arbirary bases and uppercase.
 template <> CRYPTOPP_DLL
 std::string IntToString<Integer>(Integer value, unsigned int base)
 {
 	// Hack... set the high bit for uppercase. Set the next bit fo a suffix.
 	static const unsigned int BIT_32 = (1U << 31);
 	const bool UPPER = !!(base & BIT_32);
 	static const unsigned int BIT_31 = (1U << 30);
 	const bool BASE = !!(base & BIT_31);
 	const char CH = UPPER ? 'A' : 'a';
 	base &= ~(BIT_32|BIT_31);
 	assert(base >= 2 && base <= 32);
 	if (value == 0)
 		return "0";
 	bool negative = false, zero = false;
 	if (value.IsNegative())
 	{
 		negative = true;
 		value.Negate();
 	}
 	if (!value)
 		zero = true;
 	SecBlock<char> s(value.BitCount() / (SaturatingSubtract1(BitPrecision(base),1U)) + 1);
 	Integer temp;
 	unsigned int i=0;
 	while (!!value)
 	{
 		word digit;
 		Integer::Divide(digit, temp, value, word(base));
 		s[i++]=char((digit < 10 ? '0' : (CH - 10)) + digit);
 		value.swap(temp);
 	}
 	std::string result;
 	result.reserve(i+2);
 	if (negative)
 		result += '-';
 	if (zero)
 		result += '0';
 	while (i--)
 		result += s[i];
 	if (BASE)
 	{
 		if (base == 10)
 			result += '.';
 		else if (base == 16)
 			result += 'h';
 		else if (base == 8)
 			result += 'o';
 		else if (base == 2)
 			result += 'b';
 	}
 	return result;
 }
 // Specialization declared in misc.h to avoid Coverity findings.
 template <> CRYPTOPP_DLL
 std::string IntToString<unsigned long long>(unsigned long long value, unsigned int base)
 {
 	// Hack... set the high bit for uppercase.
 	static const unsigned int HIGH_BIT = (1U << 31);
 	const char CH = !!(base & HIGH_BIT) ? 'A' : 'a';
 	base &= ~HIGH_BIT;
 	assert(base >= 2);
 	if (value == 0)
 		return "0";
 	std::string result;
 	while (value > 0)
 	{
 		unsigned long long digit = value % base;
 		result = char((digit < 10 ? '0' : (CH - 10)) + digit) + result;
 		value /= base;
 	}
 	return result;
 }
 NAMESPACE_END
 #if WORKAROUND_ARMEL_BUG
 # pragma GCC pop_options
 #endif
 #if WORKAROUND_ARM64_BUG
 # pragma GCC pop_options
 #endif
 #endif
--- a/integer.h
+++ b/integer.h
@ -5,174 +5,262 @@
 #include "cryptlib.h"
 #include "secblock.h"
 #include "stdcpp.h"
 #include <iosfwd>
 #include <algorithm>
 #if CRYPTOPP_BOOL_X32
 # define CRYPTOPP_DISABLE_INTEGER_ASM
 #endif
 NAMESPACE_BEGIN(CryptoPP)
-struct InitializeInteger	// used to initialize static variables
+//! \struct InitializeInteger
 //! Performs static intialization of the Integer class
 struct InitializeInteger
 {
 	InitializeInteger();
 };
 typedef SecBlock<word, AllocatorWithCleanup<word, CRYPTOPP_BOOL_X86> > IntegerSecBlock;
-//! multiple precision integer and basic arithmetics
+//! \brief Multiple precision integer with arithmetic operations
-/*! This class can represent positive and negative integers
+//! \details The Integer class can represent positive and negative integers
-	with absolute value less than (256**sizeof(word)) ** (256**sizeof(int)).
+//!   with absolute value less than (256**sizeof(word))<sup>(256**sizeof(int))</sup>.
-	\nosubgrouping
+//! \details Internally, the library uses a sign magnitude representation, and the class
-*/
+//!   has two data members. The first is a IntegerSecBlock (a SecBlock<word>) and it i
 //!   used to hold the representation. The second is a Sign, and its is used to track
 //!   the sign of the Integer.
 //! \nosubgrouping
 class CRYPTOPP_DLL Integer : private InitializeInteger, public ASN1Object
 {
 public:
 	//! \name ENUMS, EXCEPTIONS, and TYPEDEFS
 	//@{
-		//! division by zero exception
+		//! \brief Exception thrown when division by 0 is encountered
 		class DivideByZero : public Exception
 		{
 		public:
 			DivideByZero() : Exception(OTHER_ERROR, "Integer: division by zero") {}
 		};
-		//!
+		//! \brief Exception thrown when a random number cannot be found that
 		//!   satisfies the condition
 		class RandomNumberNotFound : public Exception
 		{
 		public:
 			RandomNumberNotFound() : Exception(OTHER_ERROR, "Integer: no integer satisfies the given parameters") {}
 		};
-		//!
+		//! \enum Sign
-		enum Sign {POSITIVE=0, NEGATIVE=1};
+		//! \brief Used internally to represent the integer
 		//! \details Sign is used internally to represent the integer. It is also used in a few API functions.
 		//! \sa Signedness
 		enum Sign {
 			//! \brief the value is positive or 0
 			POSITIVE=0,
 			//! \brief the value is negative
 			NEGATIVE=1};
-		//!
+		//! \enum Signedness
 		//! \brief Used when importing and exporting integers
 		//! \details Signedness is usually used in API functions.
 		//! \sa Sign
 		enum Signedness {
-		//!
+			//! \brief an unsigned value
 			UNSIGNED,
-		//!
+			//! \brief a signed value
 			SIGNED};
-		//!
+		//! \enum RandomNumberType
 		//! \brief Properties of a random integer
 		enum RandomNumberType {
-		//!
+			//! \brief a number with no special properties
 			ANY,
-		//!
+			//! \brief a number which is probabilistically prime
 			PRIME};
 	//@}
 	//! \name CREATORS
 	//@{
-		//! creates the zero integer
+		//! \brief Creates the zero integer
 		Integer();
 		//! copy constructor
 		Integer(const Integer& t);
-		//! convert from signed long
+		//! \brief Convert from signed long
 		Integer(signed long value);
-		//! convert from lword
+		//! \brief Convert from lword
-		Integer(Sign s, lword value);
+		//! \param sign enumeration indicating Sign
 		//! \param value the long word
 		Integer(Sign sign, lword value);
-		//! convert from two words
+		//! \brief Convert from two words
-		Integer(Sign s, word highWord, word lowWord);
+		//! \param sign enumeration indicating Sign
 		//! \param highWord the high word
 		//! \param lowWord the low word
 		Integer(Sign sign, word highWord, word lowWord);
-		//! convert from string
+		//! \brief Convert from a C-string
-		/*! str can be in base 2, 8, 10, or 16.  Base is determined by a
+		//! \param str C-string value
-			case insensitive suffix of 'h', 'o', or 'b'.  No suffix means base 10.
+		//! \details \p str can be in base 2, 8, 10, or 16. Base is determined by a case
-		*/
+		//!   insensitive suffix of 'h', 'o', or 'b'.  No suffix means base 10.
 		explicit Integer(const char *str);
 		//! \brief Convert from a wide C-string
 		//! \param str wide C-string value
 		//! \details \p str can be in base 2, 8, 10, or 16. Base is determined by a case
 		//!   insensitive suffix of 'h', 'o', or 'b'.  No suffix means base 10.
 		explicit Integer(const wchar_t *str);
-		//! convert from big-endian byte array
+		//! \brief Convert from a big-endian byte array
-		Integer(const byte *encodedInteger, size_t byteCount, Signedness s=UNSIGNED);
+		//! \param encodedInteger big-endian byte array
 		//! \param byteCount length of the byte array
 		//! \param sign enumeration indicating Signedness
 		Integer(const byte *encodedInteger, size_t byteCount, Signedness sign=UNSIGNED);
-		//! convert from big-endian form stored in a BufferedTransformation
+		//! \brief Convert from a big-endian array
-		Integer(BufferedTransformation &bt, size_t byteCount, Signedness s=UNSIGNED);
+		//! \param bt BufferedTransformation object with big-endian byte array
 		//! \param byteCount length of the byte array
 		//! \param sign enumeration indicating Signedness
 		Integer(BufferedTransformation &bt, size_t byteCount, Signedness sign=UNSIGNED);
-		//! convert from BER encoded byte array stored in a BufferedTransformation object
+		//! \brief Convert from a BER encoded byte array
 		//! \param bt BufferedTransformation object with BER encoded byte array
 		explicit Integer(BufferedTransformation &bt);
-		//! create a random integer
+		//! \brief Create a random integer
-		/*! The random integer created is uniformly distributed over [0, 2**bitcount). */
+		//! \param rng RandomNumberGenerator used to generate material
-		Integer(RandomNumberGenerator &rng, size_t bitcount);
+		//! \param bitCount the number of bits in the resulting integer
 		//! \details The random integer created is uniformly distributed over <tt>[0, 2<sup>bitCount</sup>]</tt>.
 		Integer(RandomNumberGenerator &rng, size_t bitCount);
-		//! avoid calling constructors for these frequently used integers
+		//! \brief Integer representing 0
 		//! \returns an Integer representing 0
 		//! \details Zero() avoids calling constructors for frequently used integers
 		static const Integer & CRYPTOPP_API Zero();
-		//! avoid calling constructors for these frequently used integers
+		//! \brief Integer representing 1
 		//! \returns an Integer representing 1
 		//! \details One() avoids calling constructors for frequently used integers
 		static const Integer & CRYPTOPP_API One();
-		//! avoid calling constructors for these frequently used integers
+		//! \brief Integer representing 2
 		//! \returns an Integer representing 2
 		//! \details Two() avoids calling constructors for frequently used integers
 		static const Integer & CRYPTOPP_API Two();
-		//! create a random integer of special type
+		//! \brief Create a random integer of special form
-		/*! Ideally, the random integer created should be uniformly distributed
+		//! \param rng RandomNumberGenerator used to generate material
-			over {x | min <= x <= max and x is of rnType and x % mod == equiv}.
+		//! \param min the minimum value
-			However the actual distribution may not be uniform because sequential
+		//! \param max the maximum value
-			search is used to find an appropriate number from a random starting
+		//! \param rnType RandomNumberType to specify the type
-			point.
+		//! \param equiv the equivalence class based on the parameter \p mod
-			May return (with very small probability) a pseudoprime when a prime
+		//! \param mod the modulus used to reduce the equivalence class
-			is requested and max > lastSmallPrime*lastSmallPrime (lastSmallPrime
+		//! \throw RandomNumberNotFound if the set is empty.
-			is declared in nbtheory.h).
+		//! \details Ideally, the random integer created should be uniformly distributed
-			\throw RandomNumberNotFound if the set is empty.
+		//!   over <tt>{x | min \<= x \<= max</tt> and \p x is of rnType and <tt>x \% mod == equiv}</tt>.
-		*/
+		//!   However the actual distribution may not be uniform because sequential
 		//!   search is used to find an appropriate number from a random starting
 		//!   point.
 		//! \details May return (with very small probability) a pseudoprime when a prime
 		//!   is requested and <tt>max \> lastSmallPrime*lastSmallPrime</tt>. \p lastSmallPrime
 		//!   is declared in nbtheory.h.
 		Integer(RandomNumberGenerator &rng, const Integer &min, const Integer &max, RandomNumberType rnType=ANY, const Integer &equiv=Zero(), const Integer &mod=One());
-		//! return the integer 2**e
+		//! \brief Exponentiates to a power of 2
 		//! \returns the Integer 2<sup>e</sup>
 		//! \sa a_times_b_mod_c() and a_exp_b_mod_c()
 		static Integer CRYPTOPP_API Power2(size_t e);
 	//@}
 	//! \name ENCODE/DECODE
 	//@{
-		//! minimum number of bytes to encode this integer
+		//! \brief The minimum number of bytes to encode this integer
-		/*! MinEncodedSize of 0 is 1 */
+		//! \param sign enumeration indicating Signedness
-		size_t MinEncodedSize(Signedness=UNSIGNED) const;
+		//! \note The MinEncodedSize() of 0 is 1.
-		//! encode in big-endian format
+		size_t MinEncodedSize(Signedness sign=UNSIGNED) const;
 		/*! unsigned means encode absolute value, signed means encode two's complement if negative.
 			if outputLen < MinEncodedSize, the most significant bytes will be dropped
 			if outputLen > MinEncodedSize, the most significant bytes will be padded
 		*/
 		void Encode(byte *output, size_t outputLen, Signedness=UNSIGNED) const;
 		//!
 		void Encode(BufferedTransformation &bt, size_t outputLen, Signedness=UNSIGNED) const;
-		//! encode using Distinguished Encoding Rules, put result into a BufferedTransformation object
+		//! \brief Encode in big-endian format
 		//! \param output big-endian byte array
 		//! \param outputLen length of the byte array
 		//! \param sign enumeration indicating Signedness
 		//! \details Unsigned means encode absolute value, signed means encode two's complement if negative.
 		//! \details outputLen can be used to ensure an Integer is encoded to an exact size (rather than a
 		//!   minimum size). An exact size is useful, for example, when encoding to a field element size.
 		void Encode(byte *output, size_t outputLen, Signedness sign=UNSIGNED) const;
 		//! \brief Encode in big-endian format
 		//! \param bt BufferedTransformation object
 		//! \param outputLen length of the encoding
 		//! \param sign enumeration indicating Signedness
 		//! \details Unsigned means encode absolute value, signed means encode two's complement if negative.
 		//! \details outputLen can be used to ensure an Integer is encoded to an exact size (rather than a
 		//!   minimum size). An exact size is useful, for example, when encoding to a field element size.
 		void Encode(BufferedTransformation &bt, size_t outputLen, Signedness sign=UNSIGNED) const;
 		//! \brief Encode in DER format
 		//! \param bt BufferedTransformation object
 		//! \details Encodes the Integer using Distinguished Encoding Rules
 		//!   The result is placed into a BufferedTransformation object
 		void DEREncode(BufferedTransformation &bt) const;
 		//! encode absolute value as big-endian octet string
 		//! \param bt BufferedTransformation object
 		//! \param length the number of mytes to decode
 		void DEREncodeAsOctetString(BufferedTransformation &bt, size_t length) const;
-		//! encode absolute value in OpenPGP format, return length of output
+		//! \brief Encode absolute value in OpenPGP format
 		//! \param output big-endian byte array
 		//! \param bufferSize length of the byte array
 		//! \returns length of the output
 		//! \details OpenPGPEncode places result into a BufferedTransformation object and returns the
 		//!   number of bytes used for the encoding
 		size_t OpenPGPEncode(byte *output, size_t bufferSize) const;
-		//! encode absolute value in OpenPGP format, put result into a BufferedTransformation object
+	
 		//! \brief Encode absolute value in OpenPGP format	
 		//! \param bt BufferedTransformation object
 		//! \returns length of the output
 		//! \details OpenPGPEncode places result into a BufferedTransformation object and returns the
 		//!   number of bytes used for the encoding
 		size_t OpenPGPEncode(BufferedTransformation &bt) const;
-		//!
+		//! \brief Decode from big-endian byte array
-		void Decode(const byte *input, size_t inputLen, Signedness=UNSIGNED);
+		//! \param input big-endian byte array
-		//! 
+		//! \param inputLen length of the byte array
-		//* Precondition: bt.MaxRetrievable() >= inputLen
+		//! \param sign enumeration indicating Signedness
-		void Decode(BufferedTransformation &bt, size_t inputLen, Signedness=UNSIGNED);
+		void Decode(const byte *input, size_t inputLen, Signedness sign=UNSIGNED);
-		//!
+		//! \brief Decode nonnegative value from big-endian byte array
 		//! \param bt BufferedTransformation object
 		//! \param inputLen length of the byte array
 		//! \param sign enumeration indicating Signedness
 		//! \note <tt>bt.MaxRetrievable() \>= inputLen</tt>.
 		void Decode(BufferedTransformation &bt, size_t inputLen, Signedness sign=UNSIGNED);
 		//! \brief Decode from BER format
 		//! \param input big-endian byte array
 		//! \param inputLen length of the byte array
 		void BERDecode(const byte *input, size_t inputLen);
-		//!
+
 		//! \brief Decode from BER format
 		//! \param bt BufferedTransformation object
 		void BERDecode(BufferedTransformation &bt);
-		//! decode nonnegative value as big-endian octet string
+		//! \brief Decode nonnegative value from big-endian octet string
 		//! \param bt BufferedTransformation object
 		//! \param length length of the byte array
 		void BERDecodeAsOctetString(BufferedTransformation &bt, size_t length);
 		//! \brief Exception thrown when an error is encountered decoding an OpenPGP integer
 		class OpenPGPDecodeErr : public Exception
 		{
 		public: 
 			OpenPGPDecodeErr() : Exception(INVALID_DATA_FORMAT, "OpenPGP decode error") {}
 		};
-		//!
+		//! \brief Decode from OpenPGP format
 		//! \param input big-endian byte array
 		//! \param inputLen length of the byte array
 		void OpenPGPDecode(const byte *input, size_t inputLen);
-		//!
+		//! \brief Decode from OpenPGP format
 		//! \param bt BufferedTransformation object
 		void OpenPGPDecode(BufferedTransformation &bt);
 	//@}
@ -225,14 +313,17 @@ public:
 		//!
 		Integer&  operator-=(const Integer& t);
 		//!
 		//! \sa a_times_b_mod_c() and a_exp_b_mod_c()
 		Integer&  operator*=(const Integer& t)	{return *this = Times(t);}
 		//!
 		Integer&  operator/=(const Integer& t)	{return *this = DividedBy(t);}
 		//!
 		//! \sa a_times_b_mod_c() and a_exp_b_mod_c()
 		Integer&  operator%=(const Integer& t)	{return *this = Modulo(t);}
 		//!
 		Integer&  operator/=(word t)  {return *this = DividedBy(t);}
 		//!
 		//! \sa a_times_b_mod_c() and a_exp_b_mod_c()
 		Integer&  operator%=(word t)  {return *this = Integer(POSITIVE, 0, Modulo(t));}
 		//!
@ -240,12 +331,35 @@ public:
 		//!
 		Integer&  operator>>=(size_t);
-		//!
+		//! \brief Set this Integer to random integer
-		void Randomize(RandomNumberGenerator &rng, size_t bitcount);
+		//! \param rng RandomNumberGenerator used to generate material
-		//!
+		//! \param bitCount the number of bits in the resulting integer
 		//! \details The random integer created is uniformly distributed over <tt>[0, 2<sup>bitCount</sup>]</tt>.
 		void Randomize(RandomNumberGenerator &rng, size_t bitCount);
 		//! \brief Set this Integer to random integer
 		//! \param rng RandomNumberGenerator used to generate material
 		//! \param min the minimum value
 		//! \param max the maximum value
 		//! \details The random integer created is uniformly distributed over <tt>[min, max]</tt>.
 		void Randomize(RandomNumberGenerator &rng, const Integer &min, const Integer &max);
-		//! set this Integer to a random element of {x | min <= x <= max and x is of rnType and x % mod == equiv}
+
-		/*! returns false if the set is empty */
+		//! \brief Set this Integer to random integer of special form
 		//! \param rng RandomNumberGenerator used to generate material
 		//! \param min the minimum value
 		//! \param max the maximum value
 		//! \param rnType RandomNumberType to specify the type
 		//! \param equiv the equivalence class based on the parameter \p mod
 		//! \param mod the modulus used to reduce the equivalence class
 		//! \throw RandomNumberNotFound if the set is empty.
 		//! \details Ideally, the random integer created should be uniformly distributed
 		//!   over <tt>{x | min \<= x \<= max</tt> and \p x is of rnType and <tt>x \% mod == equiv}</tt>.
 		//!   However the actual distribution may not be uniform because sequential
 		//!   search is used to find an appropriate number from a random starting
 		//!   point.
 		//! \details May return (with very small probability) a pseudoprime when a prime
 		//!   is requested and <tt>max \> lastSmallPrime*lastSmallPrime</tt>. \p lastSmallPrime
 		//!   is declared in nbtheory.h.
 		bool Randomize(RandomNumberGenerator &rng, const Integer &min, const Integer &max, RandomNumberType rnType, const Integer &equiv=Zero(), const Integer &mod=One());
 		bool GenerateRandomNoThrow(RandomNumberGenerator &rng, const NameValuePairs &params = g_nullNameValuePairs);
@ -255,19 +369,24 @@ public:
 				throw RandomNumberNotFound();
 		}
-		//! set the n-th bit to value
+		//! \brief Set the n-th bit to value
 		//! \details 0-based numbering.
 		void SetBit(size_t n, bool value=1);
-		//! set the n-th byte to value
+
 		//! \brief Set the n-th byte to value
 		//! \details 0-based numbering.
 		void SetByte(size_t n, byte value);
-		//!
+		//! \brief Reverse the Sign of the Integer
 		void Negate();
-		//!
+		
 		//! \brief Sets the Integer to positive
 		void SetPositive() {sign = POSITIVE;}
-		//!
+		
 		//! \brief Sets the Integer to negative
 		void SetNegative() {if (!!(*this)) sign = NEGATIVE;}
-		//!
+		//! \brief Swaps this Integer with another Integer
 		void swap(Integer &a);
 	//@}
@ -291,11 +410,11 @@ public:
 	//! \name BINARY OPERATORS
 	//@{
-		//! signed comparison
+		//! \brief Perform signed comparison
-		/*! \retval -1 if *this < a
+		//! \param a the Integer to comapre
-			\retval  0 if *this = a
+		//!   \retval -1 if <tt>*this < a</tt>
-			\retval  1 if *this > a
+		//!   \retval  0 if <tt>*this = a</tt>
-		*/
+		//!   \retval  1 if <tt>*this > a</tt>
 		int Compare(const Integer& a) const;
 		//!
@ -303,14 +422,17 @@ public:
 		//!
 		Integer Minus(const Integer &b) const;
 		//!
 		//! \sa a_times_b_mod_c() and a_exp_b_mod_c()
 		Integer Times(const Integer &b) const;
 		//!
 		Integer DividedBy(const Integer &b) const;
 		//!
 		//! \sa a_times_b_mod_c() and a_exp_b_mod_c()
 		Integer Modulo(const Integer &b) const;
 		//!
 		Integer DividedBy(word b) const;
 		//!
 		//! \sa a_times_b_mod_c() and a_exp_b_mod_c()
 		word Modulo(word b) const;
 		//!
@ -326,6 +448,7 @@ public:
 		//!
 		Integer Doubled() const {return Plus(*this);}
 		//!
 		//! \sa a_times_b_mod_c() and a_exp_b_mod_c()
 		Integer Squared() const {return Times(*this);}
 		//! extract square root, if negative return 0, else return floor of square root
 		Integer SquareRoot() const;
@ -337,11 +460,6 @@ public:
 		//! return inverse if 1 or -1, otherwise return 0
 		Integer MultiplicativeInverse() const;
 		//! modular multiplication
 		CRYPTOPP_DLL friend Integer CRYPTOPP_API a_times_b_mod_c(const Integer &x, const Integer& y, const Integer& m);
 		//! modular exponentiation
 		CRYPTOPP_DLL friend Integer CRYPTOPP_API a_exp_b_mod_c(const Integer &x, const Integer& e, const Integer& m);
 		//! calculate r and q such that (a == d*q + r) && (0 <= r < abs(d))
 		static void CRYPTOPP_API Divide(Integer &r, Integer &q, const Integer &a, const Integer &d);
 		//! use a faster division algorithm when divisor is short
@ -353,34 +471,59 @@ public:
 		//! greatest common divisor
 		static Integer CRYPTOPP_API Gcd(const Integer &a, const Integer &n);
 		//! calculate multiplicative inverse of *this mod n
 		//! \sa a_times_b_mod_c() and a_exp_b_mod_c()
 		Integer InverseMod(const Integer &n) const;
 		//!
 		//! \sa a_times_b_mod_c() and a_exp_b_mod_c()
 		word InverseMod(word n) const;
 	//@}
 	//! \name INPUT/OUTPUT
 	//@{
-		//!
+		//! \brief Extraction operator
 		//! \param in a reference to a std::istream
 		//! \param a a reference to an Integer
 		//! \returns a reference to a std::istream reference
 		friend CRYPTOPP_DLL std::istream& CRYPTOPP_API operator>>(std::istream& in, Integer &a);
 		//!
 		//! \brief Insertion operator
 		//! \param out a reference to a std::ostream
 		//! \param a a constant reference to an Integer
 		//! \returns a reference to a std::ostream reference
 		//! \details The output integer responds to std::hex, std::oct, std::hex, std::upper and
 		//!   std::lower. The output includes the suffix \a \b h (for hex), \a \b . (\a \b dot, for dec)
 		//!   and \a \b o (for octal). There is currently no way to supress the suffix.
 		//! \details If you want to print an Integer without the suffix or using an arbitrary base, then
 		//!   use IntToString<Integer>().
 		//! \sa IntToString<Integer>
 		friend CRYPTOPP_DLL std::ostream& CRYPTOPP_API operator<<(std::ostream& out, const Integer &a);
 	//@}
 #ifndef CRYPTOPP_DOXYGEN_PROCESSING
 	//! modular multiplication
 	CRYPTOPP_DLL friend Integer CRYPTOPP_API a_times_b_mod_c(const Integer &x, const Integer& y, const Integer& m);
 	//! modular exponentiation
 	CRYPTOPP_DLL friend Integer CRYPTOPP_API a_exp_b_mod_c(const Integer &x, const Integer& e, const Integer& m);
 #endif
 private:
 	Integer(word value, size_t length);
 	int PositiveCompare(const Integer &t) const;
 	IntegerSecBlock reg;
 	Sign sign;
 #ifndef CRYPTOPP_DOXYGEN_PROCESSING
 	friend class ModularArithmetic;
 	friend class MontgomeryRepresentation;
 	friend class HalfMontgomeryRepresentation;
 	Integer(word value, size_t length);
 	int PositiveCompare(const Integer &t) const;
 	friend void PositiveAdd(Integer &sum, const Integer &a, const Integer &b);
 	friend void PositiveSubtract(Integer &diff, const Integer &a, const Integer &b);
 	friend void PositiveMultiply(Integer &product, const Integer &a, const Integer &b);
 	friend void PositiveDivide(Integer &remainder, Integer &quotient, const Integer &dividend, const Integer &divisor);
-
+#endif
 	IntegerSecBlock reg;
 	Sign sign;
 };
 //!
@ -400,14 +543,17 @@ inline CryptoPP::Integer operator+(const CryptoPP::Integer &a, const CryptoPP::I
 //!
 inline CryptoPP::Integer operator-(const CryptoPP::Integer &a, const CryptoPP::Integer &b) {return a.Minus(b);}
 //!
 //! \sa a_times_b_mod_c() and a_exp_b_mod_c()
 inline CryptoPP::Integer operator*(const CryptoPP::Integer &a, const CryptoPP::Integer &b) {return a.Times(b);}
 //!
 inline CryptoPP::Integer operator/(const CryptoPP::Integer &a, const CryptoPP::Integer &b) {return a.DividedBy(b);}
 //!
 //! \sa a_times_b_mod_c() and a_exp_b_mod_c()
 inline CryptoPP::Integer operator%(const CryptoPP::Integer &a, const CryptoPP::Integer &b) {return a.Modulo(b);}
 //!
 inline CryptoPP::Integer operator/(const CryptoPP::Integer &a, CryptoPP::word b) {return a.DividedBy(b);}
 //!
 //! \sa a_times_b_mod_c() and a_exp_b_mod_c()
 inline CryptoPP::word    operator%(const CryptoPP::Integer &a, CryptoPP::word b) {return a.Modulo(b);}
 NAMESPACE_END
--- a/iterhash.cpp
+++ b/iterhash.cpp
@ -18,7 +18,7 @@ template <class T, class BASE> void IteratedHashBase<T, BASE>::Update(const byte
 	if (m_countHi < oldCountHi || SafeRightShift<2*8*sizeof(HashWordType)>(len) != 0)
 		throw HashInputTooLong(this->AlgorithmName());
-	unsigned int blockSize = this->BlockSize();
+	const unsigned int blockSize = this->BlockSize();
 	unsigned int num = ModPowerOf2(oldCountLo, blockSize);
 	T* dataBuf = this->DataBuf();
--- a/lubyrack.h
+++ b/lubyrack.h
@ -1,10 +1,11 @@
 // lubyrack.h - written and placed in the public domain by Wei Dai
 //! \file lubyrack.h
 //! \brief Classes for the Luby-Rackoff block cipher
 #ifndef CRYPTOPP_LUBYRACK_H
 #define CRYPTOPP_LUBYRACK_H
 /** \file */
 #include "simple.h"
 #include "secblock.h"
--- a/luc.cpp
+++ b/luc.cpp
@ -10,12 +10,14 @@
 NAMESPACE_BEGIN(CryptoPP)
 #if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
 void LUC_TestInstantiations()
 {
 	LUC_HMP<SHA>::Signer t1;
 	LUCFunction t2;
 	InvertibleLUCFunction t3;
 }
 #endif
 void DL_Algorithm_LUC_HMP::Sign(const DL_GroupParameters<Integer> &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
 {
--- a/mars.h
+++ b/mars.h
@ -1,8 +1,7 @@
 // mars.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file mars.h
-//! \brief Implementation of the MARS cipher (IBM AES submission)
+//! \brief Classes for the MARS block cipher (IBM AES submission)
 #ifndef CRYPTOPP_MARS_H
 #define CRYPTOPP_MARS_H
--- a/Show More
+++ b/Show More