From b1df5736a7191eb14adb178cfff2c8ea3daf638e Mon Sep 17 00:00:00 2001
From: Jeffrey Walton <noloader@gmail.com>
Date: Wed, 15 Jun 2016 05:02:28 -0400
Subject: [PATCH] Merge 'solaris' dev branch into 'master'

---
 GNUmakefile      |  46 +++++++++-----
 blake2.cpp       |   5 ++
 config.h         |  35 +++++++++--
 config.recommend |  35 +++++++++--
 gcm.cpp          |  22 +++----
 integer.cpp      | 156 ++++++++++++++++++++++++++++++++++-------------
 6 files changed, 217 insertions(+), 82 deletions(-)

diff --git a/GNUmakefile b/GNUmakefile
index 9dfa8f4ad..17c76990e 100755
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -35,6 +35,10 @@ CLANG_COMPILER := $(shell $(CXX) --version 2>&1 | $(EGREP) -i -c "clang")
 INTEL_COMPILER := $(shell $(CXX) --version 2>&1 | $(EGREP) -c "\(ICC\)")
 MACPORTS_COMPILER := $(shell $(CXX) --version 2>&1 | $(EGREP) -i -c "macports")
 
+# Sun Studio 12.0 (0x0510) and 12.3 (0x0512)
+SUNCC_120_OR_LATER := $(shell $(CXX) -V 2>&1 | $(EGREP) -c "CC: Sun .* (5\.1[0-9]|5\.[2-9]|6\.)")
+SUNCC_123_OR_LATER := $(shell $(CXX) -V 2>&1 | $(EGREP) -c "CC: Sun .* (5\.1[2-9]|5\.[2-9]|6\.)")
+
 HAS_SOLIB_VERSION := $(IS_LINUX)
 
 # Fixup SunOS
@@ -49,7 +53,11 @@ endif
 
 # Base CXXFLAGS used if the user did not specify them
 ifeq ($(SUN_COMPILER),1)
-  CXXFLAGS ?= -DNDEBUG -g3 -xO2
+  ifeq ($(SUNCC_123_OR_LATER),1)
+    CXXFLAGS ?= -DNDEBUG -g3 -xO2
+  else
+    CXXFLAGS ?= -DNDEBUG -g -xO2
+  endif
 else
   CXXFLAGS ?= -DNDEBUG -g2 -O2
 endif
@@ -111,18 +119,16 @@ endif
 # Guard use of -march=native
 ifeq ($(GCC42_OR_LATER)$(IS_NETBSD),10)
    CXXFLAGS += -march=native
-else ifeq ($(CLANG_COMPILER),1)
-   CXXFLAGS += -march=native
-else ifeq ($(INTEL_COMPILER),1)
+else ifneq ($(CLANG_COMPILER)$(INTEL_COMPILER),00)
    CXXFLAGS += -march=native
 else
   # GCC 3.3 and "unknown option -march="
   # Ubuntu GCC 4.1 compiler crash with -march=native
   # NetBSD GCC 4.8 compiler and "bad value (native) for -march= switch"
-  # Sun compiler from legacy and handled below
+  # Sun compiler is handled below
   ifeq ($(SUN_COMPILER)$(IS_X64),01)
     CXXFLAGS += -m64
-  else ifeq ($(SUN_COMPILER)$(IS_X32),01)
+  else ifeq ($(SUN_COMPILER)$(IS_X86),01)
     CXXFLAGS += -m32
   endif # X86/X32/X64
 endif
@@ -161,11 +167,11 @@ endif
 endif
 
 # Allow use of "/" operator for GNU Assembler
-ifeq ($(findstring -DCRYPTOPP_DISABLE_ASM,$(CXXFLAGS)),)
-ifeq ($(IS_GAS),1)
-CXXFLAGS += -Wa,--divide
-endif
-endif
+# ifeq ($(findstring -DCRYPTOPP_DISABLE_ASM,$(CXXFLAGS)),)
+# ifeq ($(IS_GAS),1)
+# CXXFLAGS += -Wa,--divide
+# endif
+# endif
 
 ifeq ($(UNAME),)	# for DJGPP, where uname doesn't exist
 CXXFLAGS += -mbnu210
@@ -230,20 +236,26 @@ endif
 # Add -errtags=yes to get the name for a warning suppression
 ifneq ($(SUN_COMPILER),0)	# override flags for CC Sun C++ compiler
 IS_64 := $(shell isainfo -b 2>/dev/null | grep -i -c "64")
-ifeq ($(SUN_COMPILER)$(IS_64),11)
-CXXFLAGS += -native -template=no%extdef -w -erroff=wvarhidemem -erroff=voidretw -m64
-else ifeq ($(SUN_COMPILER)$(IS_64),10)
-CXXFLAGS += -native -template=no%extdef -w -erroff=wvarhidemem -erroff=voidretw -m32
+ifeq ($(IS_64),1)
+CXXFLAGS += -native -m64
+else ifeq ($(IS_64),0)
+CXXFLAGS += -native -m32
 endif
+# Add for non-i386
 ifneq ($(IS_X86),1)
 CXXFLAGS += -KPIC
 endif
+# Add to all Solaris
+CXXFLAGS += -template=no%extdef -w -erroff=wvarhidemem -erroff=voidretw
 SUN_CC10_BUGGY := $(shell $(CXX) -V 2>&1 | $(EGREP) -c "CC: Sun .* 5\.10 .* (2009|2010/0[1-4])")
 ifneq ($(SUN_CC10_BUGGY),0)
 # -DCRYPTOPP_INCLUDE_VECTOR_CC is needed for Sun Studio 12u1 Sun C++ 5.10 SunOS_i386 128229-02 2009/09/21 and was fixed in May 2010
 # remove it if you get "already had a body defined" errors in vector.cc
 CXXFLAGS += -DCRYPTOPP_INCLUDE_VECTOR_CC
 endif
+#ifneq ($SUNCC_123_OR_LATER),0)
+#CXXFLAGS += -xarch=aes -D__AES__=1 -xarch=no%sse4_1 -xarch=no%sse4_2
+#endif
 AR = $(CXX)
 ARFLAGS = -xar -o
 RANLIB = true
@@ -553,7 +565,9 @@ endif
 
 libcryptopp.a: $(LIBOBJS) | config_warning
 	$(AR) $(ARFLAGS) $@ $(LIBOBJS)
+ifeq ($(IS_SUN),0)
 	$(RANLIB) $@
+endif
 
 ifeq ($(HAS_SOLIB_VERSION),1)
 .PHONY: libcryptopp.so
@@ -584,7 +598,9 @@ cryptopp.dll: $(DLLOBJS)
 
 libcryptopp.import.a: $(LIBIMPORTOBJS)
 	$(AR) $(ARFLAGS) $@ $(LIBIMPORTOBJS)
+ifeq ($(IS_SUN),0)
 	$(RANLIB) $@
+endif
 
 cryptest.import.exe: cryptopp.dll libcryptopp.import.a $(TESTIMPORTOBJS)
 	$(CXX) -o $@ $(CXXFLAGS) $(TESTIMPORTOBJS) -L. -lcryptopp.dll -lcryptopp.import $(LDFLAGS) $(LDLIBS)
diff --git a/blake2.cpp b/blake2.cpp
index d580647a7..cacff6230 100644
--- a/blake2.cpp
+++ b/blake2.cpp
@@ -22,6 +22,11 @@ NAMESPACE_BEGIN(CryptoPP)
 # undef CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
 #endif
 
+// Testing shows Sun CC needs 12.4 for _mm_set_epi64x
+#if (__SUNPRO_CC <= 0x5130)
+# undef CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
+#endif
+
 // Visual Studio needs VS2008 (1500); no dependency on _mm_set_epi64x()
 //   http://msdn.microsoft.com/en-us/library/bb892950%28v=vs.90%29.aspx
 #if defined(_MSC_VER) && (_MSC_VER < 1500)
diff --git a/config.h b/config.h
index d502437d3..9fa466ef3 100644
--- a/config.h
+++ b/config.h
@@ -404,6 +404,12 @@ NAMESPACE_END
 # define CRYPTOPP_DISABLE_ASM
 #endif
 
+// Sun Studio 12 provides GCC inline assembly, http://blogs.oracle.com/x86be/entry/gcc_style_asm_inlining_support
+// We can enable SSE2 for Sun Studio in the makefile with -D__SSE2__, but users may not compile with it.
+#if !defined(CRYPTOPP_DISABLE_ASM) && defined(__x86_64__) && (__SUNPRO_CC >= 0x5100) && !defined(__SSE2__)
+# define __SSE2__ 1
+#endif
+
 #if !defined(CRYPTOPP_DISABLE_ASM) && ((defined(_MSC_VER) && defined(_M_IX86)) || (defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__))))
 	// C++Builder 2010 does not allow "call label" where label is defined within inline assembly
 	#define CRYPTOPP_X86_ASM_AVAILABLE
@@ -417,7 +423,7 @@ NAMESPACE_END
 	// SSE3 was actually introduced in GNU as 2.17, which was released 6/23/2006, but we can't tell what version of binutils is installed.
 	// GCC 4.1.2 was released on 2/13/2007, so we'll use that as a proxy for the binutils version. Also see the output of
 	// `gcc -dM -E -march=native - < /dev/null | grep -i SSE` for preprocessor defines available.
-	#if !defined(CRYPTOPP_DISABLE_SSSE3) && (_MSC_VER >= 1400 || CRYPTOPP_GCC_VERSION >= 40102 || defined(__SSSE3__) || defined(__SSE3__))
+	#if !defined(CRYPTOPP_DISABLE_SSSE3) && (_MSC_VER >= 1400 || CRYPTOPP_GCC_VERSION >= 40102 || defined(__SSSE3__))
 		#define CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE 1
 	#else
 		#define CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE 0
@@ -746,7 +752,7 @@ NAMESPACE_END
 // C++11 or C++14 is available
 #if defined(CRYPTOPP_CXX11)
 
-// atomics: MS at VS2012 (17.00); GCC at 4.4; Clang at 3.1/3.2; and Intel 13.0.
+// atomics: MS at VS2012 (17.00); GCC at 4.4; Clang at 3.1/3.2; Intel 13.0; SunCC 12.5.
 #if (CRYPTOPP_MSC_VERSION >= 1700)
 #  define CRYPTOPP_CXX11_ATOMICS 1
 #elif defined(__INTEL_COMPILER) && (__INTEL_COMPILER >= 1300)
@@ -757,9 +763,11 @@ NAMESPACE_END
 #  endif
 #elif (CRYPTOPP_GCC_VERSION >= 40400)
 #  define CRYPTOPP_CXX11_ATOMICS 1
+#elif (__SUNPRO_CC >= 0x5140)
+#  define CRYPTOPP_CXX11_ATOMICS 1
 #endif // atomics
 
-// synchronization: MS at VS2012 (17.00); GCC at 4.4; Clang at 3.3; Xcode 5.0; and Intel 12.0.
+// synchronization: MS at VS2012 (17.00); GCC at 4.4; Clang at 3.3; Xcode 5.0; Intel 12.0; SunCC 12.4.
 // TODO: verify Clang and Intel versions; find __has_feature(x) extension for Clang
 #if (CRYPTOPP_MSC_VERSION >= 1700)
 #  define CRYPTOPP_CXX11_SYNCHRONIZATION 1
@@ -769,9 +777,11 @@ NAMESPACE_END
 #  define CRYPTOPP_CXX11_SYNCHRONIZATION 1
 #elif (CRYPTOPP_GCC_VERSION >= 40400)
 #  define CRYPTOPP_CXX11_SYNCHRONIZATION 1
+#elif (__SUNPRO_CC >= 0x5130)
+#  define CRYPTOPP_CXX11_SYNCHRONIZATION 1
 #endif // synchronization
 
-// alignof/alignas: MS at VS2015 (19.00); GCC at 4.8; Clang at 3.3; and Intel 15.0.
+// alignof/alignas: MS at VS2015 (19.00); GCC at 4.8; Clang at 3.3; Intel 15.0; SunCC 12.4.
 #if (CRYPTOPP_MSC_VERSION >= 1900)
 #  define CRYPTOPP_CXX11_ALIGNAS 1
 #  define CRYPTOPP_CXX11_ALIGNOF 1
@@ -788,9 +798,12 @@ NAMESPACE_END
 #elif (CRYPTOPP_GCC_VERSION >= 40800)
 #  define CRYPTOPP_CXX11_ALIGNAS 1
 #  define CRYPTOPP_CXX11_ALIGNOF 1
+#elif (__SUNPRO_CC >= 0x5130)
+#  define CRYPTOPP_CXX11_ALIGNAS 1
+#  define CRYPTOPP_CXX11_ALIGNOF 1
 #endif // alignof/alignas
 
-// noexcept: MS at VS2015 (19.00); GCC at 4.6; Clang at 3.0; and Intel 14.0.
+// noexcept: MS at VS2015 (19.00); GCC at 4.6; Clang at 3.0; Intel 14.0; SunCC 12.4.
 #if (CRYPTOPP_MSC_VERSION >= 1900)
 #  define CRYPTOPP_CXX11_NOEXCEPT 1
 #elif defined(__INTEL_COMPILER) && (__INTEL_COMPILER >= 1400)
@@ -801,9 +814,11 @@ NAMESPACE_END
 #  endif
 #elif (CRYPTOPP_GCC_VERSION >= 40600)
 #  define CRYPTOPP_CXX11_NOEXCEPT 1
+#elif (__SUNPRO_CC >= 0x5130)
+#  define CRYPTOPP_CXX11_NOEXCEPT 1
 #endif // noexcept compilers
 
-// variadic templates: MS at VS2013 (18.00); GCC at 4.3; Clang at 2.9; and Intel 12.1.
+// variadic templates: MS at VS2013 (18.00); GCC at 4.3; Clang at 2.9; Intel 12.1; SunCC 12.4.
 #if (CRYPTOPP_MSC_VERSION >= 1800)
 #  define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1
 #elif defined(__INTEL_COMPILER) && (__INTEL_COMPILER >= 1210)
@@ -814,6 +829,8 @@ NAMESPACE_END
 #  endif
 #elif (CRYPTOPP_GCC_VERSION >= 40300)
 #  define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1
+#elif (__SUNPRO_CC >= 0x5130)
+#  define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1
 #endif // variadic templates
 
 // TODO: Emplacement, R-values and Move semantics
@@ -821,6 +838,12 @@ NAMESPACE_END
 
 #endif // CRYPTOPP_CXX11
 
+// Hack... CRYPTOPP_ALIGN_DATA is defined earlier, before C++11 alignas available
+#if defined(CRYPTOPP_CXX11_ALIGNAS)
+# undef CRYPTOPP_ALIGN_DATA
+# define CRYPTOPP_ALIGN_DATA(x) alignas(x)
+#endif  // CRYPTOPP_CXX11_ALIGNAS
+
 #if defined(CRYPTOPP_CXX11_NOEXCEPT)
 #  define CRYPTOPP_THROW noexcept(false)
 #  define CRYPTOPP_NO_THROW noexcept(true)
diff --git a/config.recommend b/config.recommend
index be30f54dc..86f2812f4 100644
--- a/config.recommend
+++ b/config.recommend
@@ -404,6 +404,12 @@ NAMESPACE_END
 # define CRYPTOPP_DISABLE_ASM
 #endif
 
+// Sun Studio 12 provides GCC inline assembly, http://blogs.oracle.com/x86be/entry/gcc_style_asm_inlining_support
+// We can enable SSE2 for Sun Studio in the makefile with -D__SSE2__, but users may not compile with it.
+#if !defined(CRYPTOPP_DISABLE_ASM) && defined(__x86_64__) && (__SUNPRO_CC >= 0x5100) && !defined(__SSE2__)
+# define __SSE2__ 1
+#endif
+
 #if !defined(CRYPTOPP_DISABLE_ASM) && ((defined(_MSC_VER) && defined(_M_IX86)) || (defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__))))
 	// C++Builder 2010 does not allow "call label" where label is defined within inline assembly
 	#define CRYPTOPP_X86_ASM_AVAILABLE
@@ -417,7 +423,7 @@ NAMESPACE_END
 	// SSE3 was actually introduced in GNU as 2.17, which was released 6/23/2006, but we can't tell what version of binutils is installed.
 	// GCC 4.1.2 was released on 2/13/2007, so we'll use that as a proxy for the binutils version. Also see the output of
 	// `gcc -dM -E -march=native - < /dev/null | grep -i SSE` for preprocessor defines available.
-	#if !defined(CRYPTOPP_DISABLE_SSSE3) && (_MSC_VER >= 1400 || CRYPTOPP_GCC_VERSION >= 40102 || defined(__SSSE3__) || defined(__SSE3__))
+	#if !defined(CRYPTOPP_DISABLE_SSSE3) && (_MSC_VER >= 1400 || CRYPTOPP_GCC_VERSION >= 40102 || defined(__SSSE3__))
 		#define CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE 1
 	#else
 		#define CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE 0
@@ -744,7 +750,7 @@ NAMESPACE_END
 // C++11 or C++14 is available
 #if defined(CRYPTOPP_CXX11)
 
-// atomics: MS at VS2012 (17.00); GCC at 4.4; Clang at 3.1/3.2; and Intel 13.0.
+// atomics: MS at VS2012 (17.00); GCC at 4.4; Clang at 3.1/3.2; Intel 13.0; SunCC 12.5.
 #if (CRYPTOPP_MSC_VERSION >= 1700)
 #  define CRYPTOPP_CXX11_ATOMICS 1
 #elif defined(__INTEL_COMPILER) && (__INTEL_COMPILER >= 1300)
@@ -755,9 +761,11 @@ NAMESPACE_END
 #  endif
 #elif (CRYPTOPP_GCC_VERSION >= 40400)
 #  define CRYPTOPP_CXX11_ATOMICS 1
+#elif (__SUNPRO_CC >= 0x5140)
+#  define CRYPTOPP_CXX11_ATOMICS 1
 #endif // atomics
 
-// synchronization: MS at VS2012 (17.00); GCC at 4.4; Clang at 3.3; Xcode 5.0; and Intel 12.0.
+// synchronization: MS at VS2012 (17.00); GCC at 4.4; Clang at 3.3; Xcode 5.0; Intel 12.0; SunCC 12.4.
 // TODO: verify Clang and Intel versions; find __has_feature(x) extension for Clang
 #if (CRYPTOPP_MSC_VERSION >= 1700)
 #  define CRYPTOPP_CXX11_SYNCHRONIZATION 1
@@ -767,9 +775,11 @@ NAMESPACE_END
 #  define CRYPTOPP_CXX11_SYNCHRONIZATION 1
 #elif (CRYPTOPP_GCC_VERSION >= 40400)
 #  define CRYPTOPP_CXX11_SYNCHRONIZATION 1
+#elif (__SUNPRO_CC >= 0x5130)
+#  define CRYPTOPP_CXX11_SYNCHRONIZATION 1
 #endif // synchronization
 
-// alignof/alignas: MS at VS2015 (19.00); GCC at 4.8; Clang at 3.3; and Intel 15.0.
+// alignof/alignas: MS at VS2015 (19.00); GCC at 4.8; Clang at 3.3; Intel 15.0; SunCC 12.4.
 #if (CRYPTOPP_MSC_VERSION >= 1900)
 #  define CRYPTOPP_CXX11_ALIGNAS 1
 #  define CRYPTOPP_CXX11_ALIGNOF 1
@@ -786,9 +796,12 @@ NAMESPACE_END
 #elif (CRYPTOPP_GCC_VERSION >= 40800)
 #  define CRYPTOPP_CXX11_ALIGNAS 1
 #  define CRYPTOPP_CXX11_ALIGNOF 1
+#elif (__SUNPRO_CC >= 0x5130)
+#  define CRYPTOPP_CXX11_ALIGNAS 1
+#  define CRYPTOPP_CXX11_ALIGNOF 1
 #endif // alignof/alignas
 
-// noexcept: MS at VS2015 (19.00); GCC at 4.6; Clang at 3.0; and Intel 14.0.
+// noexcept: MS at VS2015 (19.00); GCC at 4.6; Clang at 3.0; Intel 14.0; SunCC 12.4.
 #if (CRYPTOPP_MSC_VERSION >= 1900)
 #  define CRYPTOPP_CXX11_NOEXCEPT 1
 #elif defined(__INTEL_COMPILER) && (__INTEL_COMPILER >= 1400)
@@ -799,9 +812,11 @@ NAMESPACE_END
 #  endif
 #elif (CRYPTOPP_GCC_VERSION >= 40600)
 #  define CRYPTOPP_CXX11_NOEXCEPT 1
+#elif (__SUNPRO_CC >= 0x5130)
+#  define CRYPTOPP_CXX11_NOEXCEPT 1
 #endif // noexcept compilers
 
-// variadic templates: MS at VS2013 (18.00); GCC at 4.3; Clang at 2.9; and Intel 12.1.
+// variadic templates: MS at VS2013 (18.00); GCC at 4.3; Clang at 2.9; Intel 12.1; SunCC 12.4.
 #if (CRYPTOPP_MSC_VERSION >= 1800)
 #  define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1
 #elif defined(__INTEL_COMPILER) && (__INTEL_COMPILER >= 1210)
@@ -812,6 +827,8 @@ NAMESPACE_END
 #  endif
 #elif (CRYPTOPP_GCC_VERSION >= 40300)
 #  define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1
+#elif (__SUNPRO_CC >= 0x5130)
+#  define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1
 #endif // variadic templates
 
 // TODO: Emplacement, R-values and Move semantics
@@ -819,6 +836,12 @@ NAMESPACE_END
 
 #endif // CRYPTOPP_CXX11
 
+// Hack... CRYPTOPP_ALIGN_DATA is defined earlier, before C++11 alignas available
+#if defined(CRYPTOPP_CXX11_ALIGNAS)
+# undef CRYPTOPP_ALIGN_DATA
+# define CRYPTOPP_ALIGN_DATA(x) alignas(x)
+#endif  // CRYPTOPP_CXX11_ALIGNAS
+
 #if defined(CRYPTOPP_CXX11_NOEXCEPT)
 #  define CRYPTOPP_THROW noexcept(false)
 #  define CRYPTOPP_NO_THROW noexcept(true)
diff --git a/gcm.cpp b/gcm.cpp
index ecbfb0c9a..fd82bddbf 100644
--- a/gcm.cpp
+++ b/gcm.cpp
@@ -45,7 +45,7 @@ void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *
 	typedef BlockGetAndPut<word64, BigEndian> Block;
 	Block::Get(a)(V0)(V1);
 
-	for (int i=0; i<16; i++) 
+	for (int i=0; i<16; i++)
 	{
 		for (int j=0x80; j!=0; j>>=1)
 		{
@@ -110,8 +110,8 @@ static const unsigned int s_clmulTableSizeInBlocks = 8;
 
 inline __m128i CLMUL_Reduce(__m128i c0, __m128i c1, __m128i c2, const __m128i &r)
 {
-	/* 
-	The polynomial to be reduced is c0 * x^128 + c1 * x^64 + c2. c0t below refers to the most 
+	/*
+	The polynomial to be reduced is c0 * x^128 + c1 * x^64 + c2. c0t below refers to the most
 	significant half of c0 as a polynomial, which, due to GCM's bit reflection, are in the
 	rightmost bit positions, and the lowest byte addresses.
 
@@ -219,7 +219,7 @@ void GCM_Base::SetKeyWithoutResync(const byte *userKey, size_t keylength, const
 			k = i%8;
 			Block::Put(NULL, table+(i/8)*256*16+(size_t(1)<<(11-k)))(V0)(V1);
 
-			int x = (int)V1 & 1; 
+			int x = (int)V1 & 1;
 			V1 = (V1>>1) | (V0<<63);
 			V0 = (V0>>1) ^ (x ? W64LIT(0xe1) << 56 : 0);
 		}
@@ -264,7 +264,7 @@ void GCM_Base::SetKeyWithoutResync(const byte *userKey, size_t keylength, const
 			else if (k < 8)
 				Block::Put(NULL, table+(i/32)*256+(size_t(1)<<(11-k)))(V0)(V1);
 
-			int x = (int)V1 & 1; 
+			int x = (int)V1 & 1;
 			V1 = (V1>>1) | (V0<<63);
 			V0 = (V0>>1) ^ (x ? W64LIT(0xe1) << 56 : 0);
 		}
@@ -351,9 +351,9 @@ void GCM_Base::Resync(const byte *iv, size_t len)
 
 unsigned int GCM_Base::OptimalDataAlignment() const
 {
-	return 
+	return
 #if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE)
-		HasSSE2() ? 16 : 
+		HasSSE2() ? 16 :
 #endif
 		GetBlockCipher().OptimalDataAlignment();
 }
@@ -730,8 +730,8 @@ size_t GCM_Base::AuthenticateBlocks(const byte *data, size_t len)
 
 		AS2(	psrldq	xmm0, 15						)
 #if (CRYPTOPP_CLANG_VERSION >= 30600) || (CRYPTOPP_APPLE_CLANG_VERSION >= 70000)
-		AS2(	movd	edi, xmm0						)	
-#elif (defined(CRYPTOPP_CLANG_VERSION) || defined(CRYPTOPP_APPLE_CLANG_VERSION)) && defined(CRYPTOPP_X64_ASM_AVAILABLE)	
+		AS2(	movd	edi, xmm0						)
+#elif (defined(CRYPTOPP_CLANG_VERSION) || defined(CRYPTOPP_APPLE_CLANG_VERSION)) && defined(CRYPTOPP_X64_ASM_AVAILABLE)
 		AS2(	mov		WORD_REG(di), xmm0				)
 #else
 		AS2(	movd	WORD_REG(di), xmm0				)
@@ -758,7 +758,7 @@ size_t GCM_Base::AuthenticateBlocks(const byte *data, size_t len)
 
 		#ifdef __GNUC__
 				ATT_PREFIX
-					: 
+					:
 					: "c" (data), "d" (len/16), "S" (hashBuffer), "D" (s_reductionTable)
 					: "memory", "cc", "%eax"
 			#if CRYPTOPP_BOOL_X64
@@ -837,7 +837,7 @@ size_t GCM_Base::AuthenticateBlocks(const byte *data, size_t len)
 
 		#ifdef __GNUC__
 				ATT_PREFIX
-					: 
+					:
 					: "c" (data), "d" (len/16), "S" (hashBuffer)
 					: "memory", "cc", "%edi", "%eax"
 				);
diff --git a/integer.cpp b/integer.cpp
index 9930968f9..cfc70e0e2 100644
--- a/integer.cpp
+++ b/integer.cpp
@@ -44,6 +44,15 @@
 	#pragma message("You do not seem to have the Visual C++ Processor Pack installed, so use of SSE2 instructions will be disabled.")
 #endif
 
+// "Error: The operand ___LKDB cannot be assigned to", http://github.com/weidai11/cryptopp/issues/188
+#if (__SUNPRO_CC == 0x5130)
+# define MAYBE_CONST
+# define MAYBE_UNCONST_CAST const_cast<word*>
+#else
+# define MAYBE_CONST const
+# define MAYBE_UNCONST_CAST
+#endif
+
 // "Inline assembly operands don't work with .intel_syntax",
 //   http://llvm.org/bugs/show_bug.cgi?id=24232
 #if CRYPTOPP_BOOL_X32 || defined(CRYPTOPP_DISABLE_INTEL_ASM)
@@ -212,7 +221,7 @@ class DWord
 	DWord() : m_whole(0) {memset(&m_whole, 0xa, sizeof(m_whole));}
 #elif (defined(__COVERITY__) || !defined(NDEBUG)) && !defined(CRYPTOPP_NATIVE_DWORD_AVAILABLE)
 	// Repeating pattern of 1010 for debug builds to break things...
-	DWord() : m_halfs() {memset(&m_halfs, 0xa, sizeof(m_halfs));}
+	DWord() : m_halfs() {memset(&m_halfs, 0xaa, sizeof(m_halfs));}
 #else
 	DWord() {}
 #endif
@@ -345,7 +354,7 @@ class Word
 	Word() : m_whole(0) {}
 #elif !defined(NDEBUG)
 	// Repeating pattern of 1010 for debug builds to break things...
-	Word() : m_whole(0) {memset(&m_whole, 0xa, sizeof(m_whole));}
+	Word() : m_whole(0) {memset(&m_whole, 0xaa, sizeof(m_whole));}
 #else
 	Word() {}
 #endif
@@ -389,7 +398,7 @@ class Word
 	hword GetLowHalf() const {return hword(m_whole);}
 	hword GetHighHalf() const {return hword(m_whole>>(WORD_BITS/2));}
 	hword GetHighHalfAsBorrow() const {return 0-hword(m_whole>>(WORD_BITS/2));}
-	
+
 private:
 	word m_whole;
 };
@@ -445,7 +454,7 @@ inline D DivideFourWordsByTwo(S *T, const D &Al, const D &Ah, const D &B)
 	{
 		S Q[2];
 		T[0] = Al.GetLowHalf();
-		T[1] = Al.GetHighHalf(); 
+		T[1] = Al.GetHighHalf();
 		T[2] = Ah.GetLowHalf();
 		T[3] = Ah.GetHighHalf();
 		Q[1] = DivideThreeWordsByTwo<S, D>(T+1, B.GetLowHalf(), B.GetHighHalf());
@@ -488,7 +497,7 @@ inline word DWord::operator%(word a)
 
 // ********************************************************
 
-// Use some tricks to share assembly code between MSVC and GCC
+// Use some tricks to share assembly code between MSVC, GCC, Clang and Sun CC.
 #if defined(__GNUC__)
 	#define AddPrologue \
 		int result;	\
@@ -496,7 +505,7 @@ inline word DWord::operator%(word a)
 		( \
 			INTEL_NOPREFIX
 	#define AddEpilogue \
-			".att_syntax prefix;" \
+			ATT_PREFIX \
 					: "=a" (result)\
 					: "d" (C), "a" (A), "D" (B), "c" (N) \
 					: "%esi", "memory", "cc" \
@@ -505,12 +514,12 @@ inline word DWord::operator%(word a)
 	#define MulPrologue \
 		__asm__ __volatile__ \
 		( \
-			".intel_syntax noprefix;" \
+			INTEL_NOPREFIX \
 			AS1(	push	ebx) \
 			AS2(	mov		ebx, edx)
 	#define MulEpilogue \
 			AS1(	pop		ebx) \
-			".att_syntax prefix;" \
+			ATT_PREFIX \
 			: \
 			: "d" (s_maskLow16), "c" (C), "a" (A), "D" (B) \
 			: "%esi", "memory", "cc" \
@@ -518,7 +527,7 @@ inline word DWord::operator%(word a)
 	#define SquPrologue		MulPrologue
 	#define SquEpilogue	\
 			AS1(	pop		ebx) \
-			".att_syntax prefix;" \
+			ATT_PREFIX \
 			: \
 			: "d" (s_maskLow16), "c" (C), "a" (A) \
 			: "%esi", "%edi", "memory", "cc" \
@@ -526,7 +535,7 @@ inline word DWord::operator%(word a)
 	#define TopPrologue		MulPrologue
 	#define TopEpilogue	\
 			AS1(	pop		ebx) \
-			".att_syntax prefix;" \
+			ATT_PREFIX \
 			: \
 			: "d" (s_maskLow16), "c" (C), "a" (A), "D" (B), "S" (L) \
 			: "memory", "cc" \
@@ -871,8 +880,11 @@ int CRYPTOPP_FASTCALL Baseline_Sub(size_t N, word *C, const word *A, const word
 }
 #endif
 
-static word LinearMultiply(word *C, const word *A, word B, size_t N)
+static word LinearMultiply(word *C, const word *AA, word B, size_t N)
 {
+	// http://github.com/weidai11/cryptopp/issues/188
+	MAYBE_CONST word* A = MAYBE_UNCONST_CAST(AA);
+
 	word carry=0;
 	for(unsigned i=0; i<N; i++)
 	{
@@ -1052,7 +1064,7 @@ static word LinearMultiply(word *C, const word *A, word B, size_t N)
 	Mul_SaveAcc(13, 0, 14) Mul_Acc(1, 13) Mul_Acc(2, 12) Mul_Acc(3, 11) Mul_Acc(4, 10) Mul_Acc(5, 9) Mul_Acc(6, 8) Mul_Acc(7, 7) Mul_Acc(8, 6) Mul_Acc(9, 5) Mul_Acc(10, 4) Mul_Acc(11, 3) Mul_Acc(12, 2) Mul_Acc(13, 1) Mul_Acc(14, 0) \
 	Bot_SaveAcc(14, 0, 15) Bot_Acc(1, 14) Bot_Acc(2, 13) Bot_Acc(3, 12) Bot_Acc(4, 11) Bot_Acc(5, 10) Bot_Acc(6, 9) Bot_Acc(7, 8) Bot_Acc(8, 7) Bot_Acc(9, 6) Bot_Acc(10, 5) Bot_Acc(11, 4) Bot_Acc(12, 3) Bot_Acc(13, 2) Bot_Acc(14, 1) Bot_Acc(15, 0) \
 	Bot_End(16)
-	
+
 #endif
 
 #if 0
@@ -1170,48 +1182,81 @@ static word LinearMultiply(word *C, const word *A, word B, size_t N)
 	R[2*n-1] = HighWord(p);
 
 
-void Baseline_Multiply2(word *R, const word *A, const word *B)
+void Baseline_Multiply2(word *R, const word *AA, const word *BB)
 {
+	// http://github.com/weidai11/cryptopp/issues/188
+	MAYBE_CONST word* A = MAYBE_UNCONST_CAST(AA);
+	MAYBE_CONST word* B = MAYBE_UNCONST_CAST(BB);
+
 	Mul_2
 }
 
-void Baseline_Multiply4(word *R, const word *A, const word *B)
+void Baseline_Multiply4(word *R, const word *AA, const word *BB)
 {
+	// http://github.com/weidai11/cryptopp/issues/188
+	MAYBE_CONST word* A = MAYBE_UNCONST_CAST(AA);
+	MAYBE_CONST word* B = MAYBE_UNCONST_CAST(BB);
+
 	Mul_4
 }
 
-void Baseline_Multiply8(word *R, const word *A, const word *B)
+void Baseline_Multiply8(word *R, const word *AA, const word *BB)
 {
+	// http://github.com/weidai11/cryptopp/issues/188
+	MAYBE_CONST word* A = MAYBE_UNCONST_CAST(AA);
+	MAYBE_CONST word* B = MAYBE_UNCONST_CAST(BB);
+
 	Mul_8
 }
 
-void Baseline_Square2(word *R, const word *A)
+void Baseline_Square2(word *R, const word *AA)
 {
+	// http://github.com/weidai11/cryptopp/issues/188
+	MAYBE_CONST word* A = MAYBE_UNCONST_CAST(AA);
+
 	Squ_2
 }
 
-void Baseline_Square4(word *R, const word *A)
+void Baseline_Square4(word *R, const word *AA)
 {
+	// http://github.com/weidai11/cryptopp/issues/188
+	MAYBE_CONST word* A = MAYBE_UNCONST_CAST(AA);
+
 	Squ_4
 }
 
-void Baseline_Square8(word *R, const word *A)
+void Baseline_Square8(word *R, const word *AA)
 {
+	// http://github.com/weidai11/cryptopp/issues/188
+	MAYBE_CONST word* A = MAYBE_UNCONST_CAST(AA);
+
 	Squ_8
 }
 
-void Baseline_MultiplyBottom2(word *R, const word *A, const word *B)
+void Baseline_MultiplyBottom2(word *R, const word *AA, const word *BB)
 {
+	// http://github.com/weidai11/cryptopp/issues/188
+	MAYBE_CONST word* A = MAYBE_UNCONST_CAST(AA);
+	MAYBE_CONST word* B = MAYBE_UNCONST_CAST(BB);
+
 	Bot_2
 }
 
-void Baseline_MultiplyBottom4(word *R, const word *A, const word *B)
+void Baseline_MultiplyBottom4(word *R, const word *AA, const word *BB)
 {
+	// http://github.com/weidai11/cryptopp/issues/188
+	MAYBE_CONST word* A = MAYBE_UNCONST_CAST(AA);
+	MAYBE_CONST word* B = MAYBE_UNCONST_CAST(BB);
+
 	Bot_4
 }
 
-void Baseline_MultiplyBottom8(word *R, const word *A, const word *B)
+void Baseline_MultiplyBottom8(word *R, const word *AA, const word *BB)
 {
+	// http://github.com/weidai11/cryptopp/issues/188
+	MAYBE_CONST word* A = MAYBE_UNCONST_CAST(AA);
+	MAYBE_CONST word* B = MAYBE_UNCONST_CAST(BB);
+
 	Bot_8
 }
 
@@ -1247,8 +1292,12 @@ void Baseline_MultiplyTop2(word *R, const word *A, const word *B, word L)
 	R[1] = T[3];
 }
 
-void Baseline_MultiplyTop4(word *R, const word *A, const word *B, word L)
+void Baseline_MultiplyTop4(word *R, const word *AA, const word *BB, word L)
 {
+	// http://github.com/weidai11/cryptopp/issues/188
+	MAYBE_CONST word* A = MAYBE_UNCONST_CAST(AA);
+	MAYBE_CONST word* B = MAYBE_UNCONST_CAST(BB);
+
 	Top_Begin(4)
 	Top_Acc(1, 1) Top_Acc(2, 0)  \
 	Top_SaveAcc0(0, 3) Mul_Acc(1, 2) Mul_Acc(2, 1) Mul_Acc(3, 0)  \
@@ -1257,8 +1306,12 @@ void Baseline_MultiplyTop4(word *R, const word *A, const word *B, word L)
 	Mul_End(1, 3)
 }
 
-void Baseline_MultiplyTop8(word *R, const word *A, const word *B, word L)
+void Baseline_MultiplyTop8(word *R, const word *AA, const word *BB, word L)
 {
+	// http://github.com/weidai11/cryptopp/issues/188
+	MAYBE_CONST word* A = MAYBE_UNCONST_CAST(AA);
+	MAYBE_CONST word* B = MAYBE_UNCONST_CAST(BB);
+
 	Top_Begin(8)
 	Top_Acc(1, 5) Top_Acc(2, 4) Top_Acc(3, 3) Top_Acc(4, 2) Top_Acc(5, 1) Top_Acc(6, 0) \
 	Top_SaveAcc0(0, 7) Mul_Acc(1, 6) Mul_Acc(2, 5) Mul_Acc(3, 4) Mul_Acc(4, 3) Mul_Acc(5, 2) Mul_Acc(6, 1) Mul_Acc(7, 0) \
@@ -1272,23 +1325,38 @@ void Baseline_MultiplyTop8(word *R, const word *A, const word *B, word L)
 }
 
 #if !CRYPTOPP_INTEGER_SSE2	// save memory by not compiling these functions when SSE2 is available
-void Baseline_Multiply16(word *R, const word *A, const word *B)
+void Baseline_Multiply16(word *R, const word *AA, const word *BB)
 {
+	// http://github.com/weidai11/cryptopp/issues/188
+	MAYBE_CONST word* A = MAYBE_UNCONST_CAST(AA);
+	MAYBE_CONST word* B = MAYBE_UNCONST_CAST(BB);
+
 	Mul_16
 }
 
-void Baseline_Square16(word *R, const word *A)
+void Baseline_Square16(word *R, const word *AA)
 {
+	// http://github.com/weidai11/cryptopp/issues/188
+	MAYBE_CONST word* A = MAYBE_UNCONST_CAST(AA);
+
 	Squ_16
 }
 
-void Baseline_MultiplyBottom16(word *R, const word *A, const word *B)
+void Baseline_MultiplyBottom16(word *R, const word *AA, const word *BB)
 {
+	// http://github.com/weidai11/cryptopp/issues/188
+	MAYBE_CONST word* A = MAYBE_UNCONST_CAST(AA);
+	MAYBE_CONST word* B = MAYBE_UNCONST_CAST(BB);
+
 	Bot_16
 }
 
-void Baseline_MultiplyTop16(word *R, const word *A, const word *B, word L)
+void Baseline_MultiplyTop16(word *R, const word *AA, const word *BB, word L)
 {
+	// http://github.com/weidai11/cryptopp/issues/188
+	MAYBE_CONST word* A = MAYBE_UNCONST_CAST(AA);
+	MAYBE_CONST word* B = MAYBE_UNCONST_CAST(BB);
+
 	Top_Begin(16)
 	Top_Acc(1, 13) Top_Acc(2, 12) Top_Acc(3, 11) Top_Acc(4, 10) Top_Acc(5, 9) Top_Acc(6, 8) Top_Acc(7, 7) Top_Acc(8, 6) Top_Acc(9, 5) Top_Acc(10, 4) Top_Acc(11, 3) Top_Acc(12, 2) Top_Acc(13, 1) Top_Acc(14, 0) \
 	Top_SaveAcc0(0, 15) Mul_Acc(1, 14) Mul_Acc(2, 13) Mul_Acc(3, 12) Mul_Acc(4, 11) Mul_Acc(5, 10) Mul_Acc(6, 9) Mul_Acc(7, 8) Mul_Acc(8, 7) Mul_Acc(9, 6) Mul_Acc(10, 5) Mul_Acc(11, 4) Mul_Acc(12, 3) Mul_Acc(13, 2) Mul_Acc(14, 1) Mul_Acc(15, 0) \
@@ -1433,7 +1501,7 @@ CRYPTOPP_ALIGN_DATA(16) static const word32 s_maskLow16[4] CRYPTOPP_SECTION_ALIG
 	AS2(	paddd		xmm6, xmm3)			\
 	AS2(	paddd		xmm7, xmm1)		\
 
-#define Squ_Acc1(i)		
+#define Squ_Acc1(i)
 #define Squ_Acc2(i)		ASC(call, LSqu##i)
 #define Squ_Acc3(i)		Squ_Acc2(i)
 #define Squ_Acc4(i)		Squ_Acc2(i)
@@ -1567,7 +1635,7 @@ CRYPTOPP_ALIGN_DATA(16) static const word32 s_maskLow16[4] CRYPTOPP_SECTION_ALIG
 	AS2(	paddd		xmm6, xmm3)			\
 	AS2(	paddd		xmm7, xmm1)		\
 
-#define Mul_Acc1(i)		
+#define Mul_Acc1(i)
 #define Mul_Acc2(i)		ASC(call, LMul##i)
 #define Mul_Acc3(i)		Mul_Acc2(i)
 #define Mul_Acc4(i)		Mul_Acc2(i)
@@ -2896,7 +2964,7 @@ Integer::Integer(const byte *encodedInteger, size_t byteCount, Signedness s, Byt
 	{
 		SecByteBlock block(byteCount);
 #if (CRYPTOPP_MSC_VERSION >= 1500)
-		std::reverse_copy(encodedInteger, encodedInteger+byteCount, 
+		std::reverse_copy(encodedInteger, encodedInteger+byteCount,
 			stdext::make_checked_array_iterator(block.begin(), block.size()));
 #else
 		std::reverse_copy(encodedInteger, encodedInteger+byteCount, block.begin());
@@ -3049,7 +3117,7 @@ template <class T>
 static Integer StringToInteger(const T *str, ByteOrder order)
 {
 	assert( order == BIG_ENDIAN_ORDER || order == LITTLE_ENDIAN_ORDER );
-	
+
 	int radix, sign = 1;
 	// GCC workaround
 	// std::char_traits<wchar_t>::length() not defined in GCC 3.2 and STLport 4.5.3
@@ -3097,7 +3165,7 @@ static Integer StringToInteger(const T *str, ByteOrder order)
 		for (unsigned int i=0; i<length; i++)
 		{
 			int digit, ch = static_cast<int>(str[i]);
-            
+
 			if (ch >= '0' && ch <= '9')
 				digit = ch - '0';
 			else if (ch >= 'A' && ch <= 'F')
@@ -3106,7 +3174,7 @@ static Integer StringToInteger(const T *str, ByteOrder order)
 				digit = ch - 'a' + 10;
 			else
 				digit = radix;
-				
+
 			if (digit < radix)
 			{
 				v *= radix;
@@ -3119,11 +3187,11 @@ static Integer StringToInteger(const T *str, ByteOrder order)
 		// Nibble high, low and count
 		unsigned int nh = 0, nl = 0, nc = 0;
 		Integer position(Integer::One());
-        
+
 		for (unsigned int i=0; i<length; i++)
 		{
 			int digit, ch = static_cast<int>(str[i]);
-            
+
 			if (ch >= '0' && ch <= '9')
 				digit = ch - '0';
 			else if (ch >= 'A' && ch <= 'F')
@@ -3132,7 +3200,7 @@ static Integer StringToInteger(const T *str, ByteOrder order)
 				digit = ch - 'a' + 10;
 			else
 				digit = radix;
-            
+
 			if (digit < radix)
 			{
 				if(nc++ == 0)
@@ -3147,7 +3215,7 @@ static Integer StringToInteger(const T *str, ByteOrder order)
 				}
 			}
 		}
-        
+
 		if(nc == 1)
 			v += nh * position;
 	}
@@ -3156,7 +3224,7 @@ static Integer StringToInteger(const T *str, ByteOrder order)
 		for (int i=static_cast<int>(length)-1; i>=0; i--)
 		{
 			int digit, ch = static_cast<int>(str[i]);
-            
+
 			if (ch >= '0' && ch <= '9')
 				digit = ch - '0';
 			else if (ch >= 'A' && ch <= 'F')
@@ -3165,7 +3233,7 @@ static Integer StringToInteger(const T *str, ByteOrder order)
 				digit = ch - 'a' + 10;
 			else
 				digit = radix;
-            
+
 			if (digit < radix)
 			{
 				v *= radix;
@@ -3173,7 +3241,7 @@ static Integer StringToInteger(const T *str, ByteOrder order)
 			}
 		}
 	}
-    
+
 	if (sign == -1)
 		v.Negate();
 
@@ -3552,7 +3620,7 @@ std::ostream& operator<<(std::ostream& out, const Integer &a)
 	}
 
 	Integer temp1=a, temp2;
-    
+
 	if (a.IsNegative())
 	{
 		out << '-';
@@ -3587,7 +3655,7 @@ std::ostream& operator<<(std::ostream& out, const Integer &a)
 #ifdef CRYPTOPP_USE_STD_SHOWBASE
 	if(out.flags() & std::ios_base::showbase)
 		out << suffix;
-        
+
 	return out;
 #else
  	return out << suffix;
@@ -4441,7 +4509,7 @@ std::string IntToString<Integer>(Integer value, unsigned int base)
 
 	std::string result;
 	result.reserve(i+2);
-	
+
 	if (negative)
 		result += '-';
 
@@ -4474,7 +4542,7 @@ std::string IntToString<word64>(word64 value, unsigned int base)
 	static const unsigned int HIGH_BIT = (1U << 31);
 	const char CH = !!(base & HIGH_BIT) ? 'A' : 'a';
 	base &= ~HIGH_BIT;
-	
+
 	assert(base >= 2);
 	if (value == 0)
 		return "0";