Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Windows and incorrect results for AES when used on CPUs without AES-NI #649

Closed
rajkosto opened this issue Apr 30, 2018 · 14 comments
Closed

Windows and incorrect results for AES when used on CPUs without AES-NI #649

rajkosto opened this issue Apr 30, 2018 · 14 comments

Comments

@rajkosto
Copy link

@rajkosto rajkosto commented Apr 30, 2018

Crypto++ Issue Report

Windows 7 - Windows 10 latest x64
Crypto++ 7.0.0
Compiled with Visual Studio 2017 latest version as of this writing (15.6.7) via cryptest.sln
(Building everything exactly the same with Visual Studio 2013 version 12.0.40629.00 Update 5 or Visual Studio 2015 Update 3, this bug does not happen)
After building either the dll or static library in Release x64 mode (Debug mode is fine, as are both Win32 builds), running dlltest.exe/cryptest.exe on a CPU with AES-NI instructions passes the AES tests, but when run on a CPU without AES-NI instructions the AES test fails (due to completely wrong output bytes). This can also be simulated on AES-NI CPUs by just setting g_AESNI = false; in DetectX86Features instead of reading it from CPUID.

rajkosto added a commit to rajkosto/deps-cryptopp that referenced this issue Apr 30, 2018
@noloader
Copy link
Collaborator

@noloader noloader commented May 1, 2018

Thanks @rajkosto.

So I am clear, this is the summary:

  • Visual Studio 2017 (15.6.7), Release, AESNI - PASS
  • Visual Studio 2017 (15.6.7), Release, no AESNI - FAIL
  • Visual Studio 2015, Release, AESNI - PASS
  • Visual Studio 2015, Release, no AESNI - PASS
  • Visual Studio 2013, Release, AESNI - PASS
  • Visual Studio 2013, Release, no AESNI - PASS

Is that correct?

Also, could you download Sysinternal's Coreinfo and post the results?

This may be tough for me to work on because I may not be able to duplicate it. Let's ping @MarcelRaad since he performs a lot of Windows work.


This can also be simulated on AES-NI CPUs by just setting g_AESNI = false; in DetectX86Features instead of reading it from CPUID.

Setting just g_AESNI = false may miss the mark a bit. I think both g_AESNI and g_hasCLMUL should probably be either set or unset. But splitting them may make for a good test case, too.

Are you aware of any CPUs that split AES and CLMUL?

@noloader
Copy link
Collaborator

@noloader noloader commented May 1, 2018

So it looks like encryption is OK. The problem appears to be on the decryption path for ECB and CBC mode. Below, notice the "incorrectly decrypted". That is the second known answer test (with the first being encryption).

The results below were produced with the following change. Windows is bad while Linux is OK:

$ git diff cpu.cpp
diff --git a/cpu.cpp b/cpu.cpp
index ef0ddf6..c5bc360 100644
--- a/cpu.cpp
+++ b/cpu.cpp
@@ -242,7 +242,7 @@ void DetectX86Features()
        g_hasSSSE3 = g_hasSSE2 && ((cpuid1[2] & (1<< 9)) != 0);
        g_hasSSE41 = g_hasSSE2 && ((cpuid1[2] & (1<<19)) != 0);
        g_hasSSE42 = g_hasSSE2 && ((cpuid1[2] & (1<<20)) != 0);
-       g_hasAESNI = g_hasSSE2 && ((cpuid1[2] & (1<<25)) != 0);
+       //g_hasAESNI = g_hasSSE2 && ((cpuid1[2] & (1<<25)) != 0);^M
        g_hasCLMUL = g_hasSSE2 && ((cpuid1[2] & (1<< 1)) != 0);

And the failed decryption:

c:\Users\Test\cryptopp>.\cryptest.exe tv aes
Using seed: 1525138484

Testing SymmetricCipher algorithm AES/ECB.

incorrectly decrypted: D6D069162B19B0E8D0D9401D973B80107EE162BB46A80A88896878CDB
9416DE41E3778C479C18459673AFD875D84213A1A8427CBC3FAAB9C1DB4C458101EB1B4
AlgorithmType: SymmetricCipher
Ciphertext: 3ad77bb40d7a3660a89ecaf32466ef97 f5d3d58503b9699de785895a96fdbaaf 43
b1cd7f598ece23881b00e3ed030688 7b0c785e27e8ad3f8223207104725dd4
Comment: F.1.1 ECB-AES128.Encrypt
Key: 2b7e151628aed2a6abf7158809cf4f3c
Name: AES/ECB
Plaintext: 6bc1bee22e409f96e93d7e117393172a ae2d8a571e03ac9c9eb76fac45af8e51 30c
81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710
Source: NIST Special Publication 800-38A
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: 921237DF0D3EB491E5C1FD2150294B3A094E4C5898B68A9FF7A2BE05F
6F47ED659B1F5E268DB2E968D675C937C1E5D807851D6CDD81DF62555B463F048537343
AlgorithmType: SymmetricCipher
Ciphertext: bd334f1d6e45f25ff712a214571fa5cc 974104846d0ad3ad7734ecb3ecee4eef ef
7afd2270e2e60adce0ba2face6444e 9a4b41ba738d6c72fb16691603c18e0e
Comment: F.1.3 ECB-AES192.Encrypt
Key: 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b
Name: AES/ECB
Plaintext: 6bc1bee22e409f96e93d7e117393172a ae2d8a571e03ac9c9eb76fac45af8e51 30c
81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710
Source: NIST Special Publication 800-38A
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: 6200164DC594B5C590D7F3D7D4CBD6AD79E539D269B9A2B279B8F3D7F
790B60346457BAA6CBC243AA5406563A890B2F1B7DC0F989FFF0E1FAF61E39605FAFD53
AlgorithmType: SymmetricCipher
Ciphertext: f3eed1bdb5d2a03c064b5a7e3db181f8 591ccb10d410ed26dc5ba74a31362870 b6
ed21b99ca6f4f9f153e7b1beafed1d 23304b7a39f9f3ff067d8d8f9e24ecc7
Comment: F.1.5 ECB-AES256.Encrypt
Key: 603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4
Name: AES/ECB
Plaintext: 6bc1bee22e409f96e93d7e117393172a ae2d8a571e03ac9c9eb76fac45af8e51 30c
81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710
Source: NIST Special Publication 800-38A
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: 79EB66F64B5861BC0521238B2CCBCE1E79696768C2ED02ED074DEE9FE
12E43091DE97B5A7465FA486F7883FBED9AAB77C46F0D58FC1BAA130772C2EF8EFC7D33FF48A480A
C06C9BF6599BE6553B2637691B2EA1A157C3E70377E4E686B6598FFC4007C1EB7454A75B6F4F36B6
F5634C268798F9DACA2E99DD7FB5CCECB66245DE18B74A5F9D47D49C3F1F97C67FF6412FC8FEECB9
3220349EFCD3246FD5391B80301B55BE6B167B27C81243F563591FEFBB0E43B9371214CB116F4718
EA909CEB6AB3D2C36DA2CADBE7EFD7C10A96618EC6148BD7C7EEB4980AE710534EF1CC59A8735557
3B1298E5E17CEE3FBDB0CB96D71E0389395E76DF05727484FBFB0C1
AlgorithmType: SymmetricCipher
Ciphertext: 84C6CBDC2B5A39985774B23BAB066A6AF8CB66C08E4F058E5D3E7C351EA845CEC7B2
09210EE7EFD38269628687F21CB9BCEA349DC0418ADBA2BF2364DF4DB1A11AD84CF6A422CE95C37B
2CF81196245CD857D0B954B83985C1888230F3C301847AAF714253EF768C17E89E4F5513DBD5BEE1
266A2B2D7063CE3D0BA8716252C5BCBB9922CD46F374B52FDFF1FEBF155FF4AFEE18788999BC7423
4A3FFBA7B2858BB2552F172E56EC47456878440ABB5ADAE49941C1E43616AC5D6E31A011611B829F
6A77BE1F50754F81F35D24ED89FDE804B17363F9A81C3F12AE067FDD41A2984912CAE1926C5FB3AC
18E541FA4AD1E171888E61428F2A8F2E981AE16D0D4E41D33E5E675F446DAE0F454FC4CA056F41F3
CC4744A9E948428B2280F96663B7230C09692503C95B3E34F8DE8DF23157F45BDF689B258D994D9E
6CE5D4DD6BDB96763CCC41DBBE57A4778D5A9E90226D614C335E44CA8AB41EFEA898BC170C65412F
77194A43A1305EF23AC70B059E6E047796EF518D7696BC3DAD5E2634F92DD1C90D206A2B6D3A7CE8
8668BEAD64614E9000ACFBA79EB3601606214E21E08F14CE77E36BB66FE4A0FCD2A21BCAA2391A9C
2016AC3BC7CDF1438EB6DD26696644583E2B0A0C68629D736F6723DF66859CF80B4E5B5C5BF03F33
4D65C48DB3B2660E2CE33B510FD60C912B85D16AEE7CDBFDF6285B0A77BAE07D987F9CE172A548E6
BF0A30CF099AA82BE0A25E0E8919
Comment: long test vector
Key: 2b7e151628aed2a6abf7158809cf4f3c
Name: AES/ECB
Plaintext: r8 006bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51
30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c371000
Source: Generated by Crypto++ 5.6.1
Test: Encrypt

Test FAILED.
Skipping to next test.

Testing SymmetricCipher algorithm AES/CBC.

incorrectly decrypted: 314F49DEEE6BFE3F039F04872CE6464DC61F845708754DB5EFC821B74
95B1738B80178DF176BF56FBA6612C30B05BCE451ECE854B1CFEC5AF56531CABCFB3556
AlgorithmType: SymmetricCipher
Ciphertext: 7649abac8119b246cee98e9b12e9197d 5086cb9b507219ee95db113a917678b2 73
bed6b8e3c1743b7116e69e22229516 3ff1caa1681fac09120eca307586e1a7
Comment: F.2.1 CBC-AES128.Encrypt
IV: 000102030405060708090a0b0c0d0e0f
Key: 2b7e151628aed2a6abf7158809cf4f3c
Name: AES/CBC
Plaintext: 6bc1bee22e409f96e93d7e117393172a ae2d8a571e03ac9c9eb76fac45af8e51 30c
81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710
Source: NIST Special Publication 800-38A
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: FA34BB33F17DAA3E3573D54E86D384D52069F2226B1BC3FE0BBE6F84F
40BEBF64F26C5C1D8B57F24F91175A8C7685BE714A5C695153E7555D3C1658956EE07FD
AlgorithmType: SymmetricCipher
Ciphertext: 4f021db243bc633d7178183a9fa071e8 b4d9ada9ad7dedf4e5e738763f69145a 57
1b242012fb7ae07fa9baac3df102e0 08b0e27988598881d920a9e64f5615cd
Comment: F.2.3 CBC-AES192.Encrypt
IV: 000102030405060708090a0b0c0d0e0f
Key: 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b
Name: AES/CBC
Plaintext: 6bc1bee22e409f96e93d7e117393172a ae2d8a571e03ac9c9eb76fac45af8e51 30c
81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710
Source: NIST Special Publication 800-38A
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: A0B9FB65B1F3D181F38C457BBE48A03F07EE79AD36E34FEB4B5058515
1C57766DBC92CC57A470AE715733A202CC247873EE10597FB65EF6D0631C6EE9A5F6177
AlgorithmType: SymmetricCipher
Ciphertext: f58c4c04d6e5f1ba779eabfb5f7bfbd6 9cfc4e967edb808d679f777bc6702c7d 39
f23369a9d9bacfa530e26304231461 b2eb05e2c39be9fcda6c19078c6a9d1b
Comment: F.2.5 CBC-AES256.Encrypt
IV: 000102030405060708090a0b0c0d0e0f
Key: 603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4
Name: AES/CBC
Plaintext: 6bc1bee22e409f96e93d7e117393172a ae2d8a571e03ac9c9eb76fac45af8e51 30c
81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710
Source: NIST Special Publication 800-38A
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: 05704C39B186F020E69A94CBBE6D70D9
AlgorithmType: SymmetricCipher
Ciphertext: 0xe353779c1079aeb82708942dbe77181a
Comment: Case 1: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
IV: 0x3dafba429d9eb430b422da802c9fac41
Key: 0x06a9214036b8a15b512e03d534120006
Name: AES/CBC
Plaintext: "Single block msg"
Source: RFC 3602
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: A078D6E183882264FF0FD2C04E7A6285263E4B71846F5D38DC4918A3F
99DCAEA
AlgorithmType: SymmetricCipher
Ciphertext: 0xd296cd94c2cccf8a3a863028b5e1dc0a              7586602d253cfff91b82
66bea6d61ab1
Comment: Case 2: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
IV: 0x562e17996d093d28ddb3ba695a2e6f58
Key: 0xc286696d887c9aa0611bbb3e2025a45a
Name: AES/CBC
Plaintext: 0x000102030405060708090a0b0c0d0e0f              101112131415161718191
a1b1c1d1e1f
Source: RFC 3602
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: 0AB24F26E95A18AD050CC60F6A40B67E9817910E599A6AE01AD5B8DDC
DEE91E28D5D1B88A4D9802A697DEE2AF25FC859
AlgorithmType: SymmetricCipher
Ciphertext: 0xd0a02b3836451753d493665d33f0e886              2dea54cdb293abc75069
39276772f8d5              021c19216bad525c8579695d83ba2684
Comment: Case 3: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
IV: 0xc782dc4c098c66cbd9cd27d825682c81
Key: 0x6c3ea0477630ce21a2ce334aa746c2cd
Name: AES/CBC
Plaintext: "This is a 48-byte message (exactly 3 AES blocks)"
Source: RFC 3602
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: 3C763B4ACE39312559C92383B6C722C5DE4673E8E089A4745AFBF2098
9C75F6D295E27DA3639AEA134F774481DEB17CF62709B804BE6213AE5F494CAE553B023
AlgorithmType: SymmetricCipher
Ciphertext: 0xc30e32ffedc0774e6aff6af0869f71aa              0f3af07a9a31a9c684db
207eb0ef8e4e              35907aa632c3ffdf868bb7b29d3d46ad              83ce9f9a
102ee99d49a53e87f4c3da55
Comment: Case 4: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
IV: 0x8ce82eefbea0da3c44699ed7db51b7d9
Key: 0x56e47a38c5598974bc46903dba290349
Name: AES/CBC
Plaintext: 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf              b0b1b2b3b4b5b6b7b8b9b
abbbcbdbebf              c0c1c2c3c4c5c6c7c8c9cacbcccdcecf              d0d1d2d3d
4d5d6d7d8d9dadbdcdddedf
Source: RFC 3602
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: 34BFE889866736EBFBEC1222152644FB1C415CF371B9271845B3677A9
1F8DC5644871412B1AE9E2455C84BF1CF08B3EF56DDA6F5D8BAD05BA73660561D9F611539BE20777
8BEE3393AA0948FC4D3DE3D6300EC891A49F357EAF549AB85C5F26C3BF929226624DCF376A9E4A81
526D2CD4C00409E86F011707140538787E5E8CF1DAF91436DDB4BC0CEE03052CEDC1E09302599232
D415C25BC1707DC797E170145CA9505DE5B3E0B649C256CF715884B76D7C0D15F7636BBB44128BAE
D5A069EAD84EE9C817C1CBDC2781483AB3AFE92F7FC3523F209F2146E9146C602F74CABF075E8D26
523FCA1BB67F009667F4A3AFE30B591BC2616232D436449C5852886
AlgorithmType: SymmetricCipher
Ciphertext: 6544CCA076C4D67C1A69DD7E504C6586FBD22912505E187D8628E19FA067D6C339D0
78E3032B8596DA74BB0E23434F83E153D5ACD5DEF7D264F58EC685317BF50C93430791718D6E09CC
C4804FFE4EEB5C6AD8E9B5DFD456EDE81081627A97FC2FAE9F1955377D7774E68EAB541B20CE3C91
5185BCA208EE08428C400043F2DC90B0390756762C9271946FCE214B9576F74399E466DAC48C6DD1
0B420F302941DCC27D55CF1FB59D71954950CAD893FFFA70970D128C77BFA34F3C84B0B64A01194A
086ACDD9847D6B91B7F870D0E7591CA07F0B407005F1473C37A648F6E18044336F30418BA43FD7AA
5B5BAE01A0E33B1EDA4487730F043E202DE44CB901BD3AED13D790D05F325C414831EB601BD91867
8C1B8E116877CE1167F87204B49619D323713F95C04CA9621FDCF44BD21C5E36A299C486C8FC0D30
43EDFF424B9A7AA5500DC3BD7BF6FAB256E6B45B458058DC933F1FF8C5E841BFC7F405761E14B12B
48C1C108F33BF8D65BB8DBB9ED7E92398E779333730F4C68922AA76409E842E76B649B981B826918
6220ACFF9DFA198D62CBF4CFA0FE05C1427CE63A345A61FE460D14EF25D7A89E2E228B415757B4E4
110B6AFA7D85D48C3BCF184FDD7366F06D9E3D29896B0D3C0D83FCFA881E6EC5F29B0294628EDFF2
84E58B7BE19D37A6B28D70DC0F165A4B60CE5536D76D1A71849C36B0837E4E5082A05208CEEB320C
57F0F5B86DC3CAAC8A32DEA9552D
Comment: long test vector
IV: f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
Key: 2b7e151628aed2a6abf7158809cf4f3c
Name: AES/CBC
Plaintext: r8 006bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51
30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c371000
Source: Generated by Crypto++ 5.6.1
Test: Encrypt

Test FAILED.
Skipping to next test.

Testing SymmetricCipher algorithm AES/CFB.
.......
Testing SymmetricCipher algorithm AES/OFB.
....
Testing SymmetricCipher algorithm AES/CTR.
.............
Tests complete. Total tests = 36. Failed tests = 12.
SOME TESTS FAILED!
@rajkosto
Copy link
Author

@rajkosto rajkosto commented May 1, 2018

You asked for coreinfos for some reason:
main computer that has AES-NI: https://pastebin.com/uygYZs0W
old laptop that doesn't have AES-NI: https://pastebin.com/v0dmjW9Z

while no CPUs before Sandy Bridge have AES-NI, it's not strictly an age thing, recently released Pentiums also don't have AES-NI (Intel considers it some sort of exclusive feature, so the cheapest CPUs don't get it)

And yes, the Visual Studio version breakdown you posted is correct, unfortunately due to the web installer I cannot retrieve 2017 initial release version to test with (and there have been at least 3 compiler updates since then)

@noloader
Copy link
Collaborator

@noloader noloader commented May 2, 2018

Thanks @rajkosto.

It looks like (to me) there's nothing unusual with the cpu features.

I'm guessing the issue has something to do with decryption key setup, but it is just a guess at this point.

I checked in a change that allowed us to test /permissive (Commit 91faa5d399e83f38):

c:\Users\Test\Desktop\cryptopp>msbuild /m /p:Configuration=Release;Platform=x64,
WindowsTargetPlatformVersion=10.0.16299.0,PlatformToolset=v141 /p:AdditionalOpti
ons=/permissive cryptlib.vcxproj

/permissive did not help the issue. I'm guessing this is a code generation problem with VC++. If you could, please file a bug report against Microsoft at MSDN Connect. It looks like you want "DevDiv / Visual Studio and .NET Framework (Connect Site ID 210)" nowadays.

noloader added a commit that referenced this issue May 2, 2018
@MarcelRaad
Copy link
Contributor

@MarcelRaad MarcelRaad commented May 2, 2018

@noloader /permissive currently has no effect, only /permissive- has.

@noloader
Copy link
Collaborator

@noloader noloader commented May 3, 2018

Thanks @MarcelRaad.

/permissive- did not help. Ugh...

@noloader
Copy link
Collaborator

@noloader noloader commented May 6, 2018

@rajkosto,

I was looking at our Appveyor CI build results. Appveyor test Visual Studio 2013 through Visual Studio 2017 in both debug and release builds. We are still not showing a failure.

I don't see a version of the compiler listed with the Appveyor builds, however. I'm guessing this is a recent break on Microsoft's part.

@noloader noloader changed the title AES crypto is giving completely wrong results when used on CPUs without AES-NI in CryptoPP 7.0.0 x64 Release build Windows and incorrect results for AES when used on CPUs without AES-NI May 11, 2018
@kpi6288
Copy link

@kpi6288 kpi6288 commented May 15, 2018

We also observed this issue on a fairly new server machine E5-2690 where someone had turned off AES-NI for some reason.

Note that we saw this only in combination with DES DEFAULT_PADDING. Regeression tests run fine.

We found a workaround in adding the following statement as the first line in rijndael.cpp:
#pragma optimize ("", off)

@smessmer
Copy link

@smessmer smessmer commented Sep 26, 2018

What's the status on this? Can I build a release binary with MSVC 2017 and assume it works? Unfortunately, I don't have a non-AESNI CPU at hand.

@noloader
Copy link
Collaborator

@noloader noloader commented Sep 26, 2018

@smessmer,

Can I build a release binary with MSVC 2017 and assume it works? Unfortunately, I don't have a non-AESNI CPU at hand.

I'm not sure at the moment.

@effolkronium
Copy link

@effolkronium effolkronium commented Oct 5, 2018

This bug have broke a whole day for me!

@noloader
Copy link
Collaborator

@noloader noloader commented Oct 8, 2018

@rajkosto, @MarcelRaad, @smessmer , @effolkronium

I have two questions.

  1. Did anyone with a MSDN account file an issue with Microsoft? (I don't have an account. I wrote to Microsoft and asked for one but they did not respond to my email).

  2. Do we know what versions of the Microsoft compiler are affected? (We need to determine the scope of the problem, but I lack a thorough Windows testing environment).

For (2) we will probably have to use !kpi6288 workaround until a better one comes along.

@noloader
Copy link
Collaborator

@noloader noloader commented Nov 6, 2018

I think I have this isolated a bit, and I think we can mostly clear this issue. I'm working from the pragma optimize page on MSDN.

The following enables small or fast machine code optimizations and executes correctly:

#if defined(_MSC_VER) && (_MSC_VER >= 1910)
# pragma optimize("", off)
# pragma optimize("ts", on)
#endif

The following enables global optimizations and fails:

#if defined(_MSC_VER) && (_MSC_VER >= 1910)
# pragma optimize("", off)
# pragma optimize("g", on)
#endif

I think we can live without global optimizations.

noloader added a commit that referenced this issue Nov 6, 2018
@noloader
Copy link
Collaborator

@noloader noloader commented Nov 6, 2018

Cleared at Commit f57df06c5e6d.

@noloader noloader closed this Nov 6, 2018
noloader added a commit that referenced this issue Nov 9, 2018
Also see #649. The 649 issue is the one affecting AES. It appears to be the same problem.
dvetutnev added a commit to odant/conan-cryptopp that referenced this issue Jan 15, 2019
5e5fb6c8 Prepare for Crypto++ 8.0 release
5e48cfd0 Prepare for Crypto++ 8.0 release
5ace5e47 Spelling corrections
b8777826 Use local definition of space
e8025bf6 Remove unused SM4 code for ARM
9f2917bb Check for root in governor.sh
0c658f5a PublicKey is optional for curve25519
d5338fd2 Remove unneeded buf compare
1fc26dc1 Cleanup Validate tests
5202b631 Add ed25519PrivateKey::Validate body (GH #764) We also clamp the private key and recalculate the public key. Note: we already know some IETF keys fail to validate because they are not clamped as specified in Bernsteain's paper or the RFCs (derp....)
21cd665a Fix TestEd25519 for Debug builds on PowerPC
d0245a49 Fix "explicit template specialization cannot have a storage class" on Aarch64 debug builds
b9688ec5 Fix "explicit template specialization cannot have a storage class" on Aarch64 debug builds
83a37b82 Fix Debug PowerPC build
5f525029 Fix cryptest.vcxproj.user Debug changes cross-pollinated into the commit
bf10aae9 Add additional asserts
6e09f4ee Update README.txt
82c0cb6b Whitespace check-in
f9a33173 Add additional self tests
2ccac19d Use variable length messages in TestEd25519
0311daf7 Update documentation
afd9c856 Update documentation
630361d2 Update documentation
c55e58c2 Update documentation
567eef2d Update documentation
f981c86c Update documentation
ba0dece8 Update documentation
a7492965 Add additional self tests And whitespace check-in
7226abd4 Add additional self tests And whitespace check-in
2c3ca1c0 Update documentation
4aa28fcf Update documentation
bfd3f4e3 Update documentation
d47f5506 Update documentation
f528e9a2 Update documentation
e389e2ad Update documentation
ae267764 Update documentation
0d2067ab Update documentation
430a968c Update documentation
d5e529d8 Update documentation
3b18e81b Remove unneeded ed25519Verifier code Add accessors for public and private key
c37d7c83 Fix compile with NO_OS_DEPENDENCE
416db72f Update documentation
5cbc6710 Clear unused variable warning
5b95b0ab Update documentation
d62674b5 Add ed25519 (GH #764, PR #767)
2ba3c1fc Update documentation
b5142e04 Use SSE2 intrinsics header in sse_simd.cpp only if needed (#759)
fc87f866 Add check for VS version and ExtendedControlRegister (PR #766)
6dfb428f Add Hygon Dhyana support to enable RDRAND/RDSEED/ADX/AVX2 Feature (PR #765)
398964b8 Add curve ids for x25519, ed25519, x448 and ed448 Also see https://tools.ietf.org/html/draft-ietf-curdle-pkix
4f7e2c98 Make test vectors text files in VS filter file
33cb5e63 Add Test vectors and data to VS project files
704762ba Add Test vectors and data to VS project files
9b5b3f4c Update vs2005.zip after x25519 cut-in (GH #761)
67f6a1f0 Clear warning C4702: unreachable code
52267616 Whitespace check-in
1b49bdc4 Enable x25519 SSE2 for MS compilers (GH #761)
17d7a705 Backout change to validate3.cpp It was modified for local testing, and cross-pollinated into the last commit.
4f64bb8e Clear warning C4163: '_umul128' : not available as an intrinsic function
91e58446 Enable x25519 64-bit code path for Microsoft compilers
235c615a Make TestCurve25519 available in Release builds
00f77766 Update comments and documentation
6f2188af Use byte instead of unsigned char
cac97785 Clear alginment warning with Clang The data is aligned, but Clang issues warning based on type and not the actual alignment of the variable and data.
d35124f3 Make SSE2 configurable via CRYPTOPP_SSE2_INTRIN_AVAILABLE Benchmarking shows things run a little slower with SSE2 on modern Core i5's. Also update comments and links
67af7467 Update comments
c0150ed4 Fix placement of align attribute for 32-bit
6dc60888 Fix the cut-in of Moon's implementation (GH #761) The initial cut-in was missing preamble present in Moon's curve25519_donna function. It originally tested good because we only perform a pairwise consistency check in release builds. Comprehensive testing with debug builds revealed the problem. Debug builds cross-validate against Bernstein's TweetNaCl library.
8c343247 Update comments
27cd1772 Fix the cut-in of Moon's implementation (GH #761) The initial cut-in was missing preamble present in Moon's curve25519_donna function. It originally tested good because we only perform a pairwise consistency check in release builds. Comprehensive testing with debug builds revealed the problem. Debug builds cross-validate against Bernstein's TweetNaCl library.
eb749783 Fix the cut-in of Moon's implementation (GH #761) The initial cut-in was missing preamble present in Moon's curve25519_donna function. It originally tested good because we only perform a pairwise consistency check in release builds. Comprehensive testing with debug builds revealed the problem. Debug builds cross-validate against Bernstein's TweetNaCl library.
83ddeadb Make clamped and small order tests static class members
b19abcde Cleanup donna files
560c332f Cutover to Andrew Moon's 64-bit code (GH #761) The code is public domain without license restrictions. It is also faster than Langley's original implementation.
5f8dcbbb Cleanup Moon's donna_32.cpp
adf109a9 Cutover to Andrew Moon's 32-bit code (GH #761) The code is public domain without license restrictions. It is also faster than Langley's original implementation.
9156c495 Update comments
c76f50eb Add missing header guard
26fc727f Increase precision on OutputResultOperations Andrew Moon's x25519 SSE2 code broke reporting because it was too fast.
12e9d137 Fix copy/paste error 32-bit was copied into 64-bit, including the oversized declarations.
152ac617 Add Moon's curve25519 using SSE2 (GH #761) Moon's code is very fast. In fact it is so fast it broke our benchmarks. Moon's code registers 0.00 milliseconds and 0.00 megacycles/operation.
20f4d220  Fix compile on 32-bit MIPS (GH #761) Testing on a ci20 dev-board with Debian 5 and GCC 4
0bdacf14 Fix missing semi-colon in non-ASM path
459035fc Cleanup donna_32.cpp arithmetic shift
a09d4024 Perform both is_clamped and is_small_order at level 2 validation
220ae9b9 Update documentation
b5cf4ff3 Remove unneeded TYPE_OF_SOCKLEN_T define. This should have been removed at GH #208, PR #703.
131397ba Documented Donna namespace for curve25519
0ad50c61 Switch to library integer types The standard ints will cause trouble on older versions of Visual Studio. It looks like they were missed at the initial cut-in.
d481922a Re-enable UBsan tests on Travis The Xenial image and the Xcode 10.1 toolchain are mature enough to enable the sanitizer.
3d98320b Fix compile on 32-bit SunCC (GH #761)
80c55112 Remove duplicate test run The test vector collection is run earlier in the process.
e97d6d0f Fix failed self test when NO_OS_DEPENDENCE (GH #761)
80776453 Fix x25519 test data (GH #761)
34d42b69 Cut-in x25519 weak points and validation
4afa78c0 Update documentation
20fce334 Update documentation
77923a29 Add Langley's curve25519 (GH #761, PR# 762)
c1681148 Add fallback arch in case arch is not set for setenv-ios.sh
0aa217b9 Update comments in config.h Some comments in config.h were old. Time for a refresh. Switch from CRYPTOPP_BOOL_ARM64 to CRYPTOPP_BOOL_ARMV8. Aarch32 is ARMv8, and that's the important part.
fbb9b403 Update Travis Android SDK and NDK gear
709ca5c4 Update Travis Android SDK and NDK gear
354e7ca7 Update Travis Android SDK and NDK gear
e08898b2 Squash Android SDK warning Also see https://stackoverflow.com/a/47028911/608639
b6acde83 Add setenv-travis script
123b0725 Update Travis Android SDK and NDK gear
7a191ba4 Update Travis Android SDK and NDK gear
435b7cab Update Travis Android SDK and NDK gear
b324f187 Increase git clone depth for Travis
872c9487 Rename VS2005 files with dashes to underscores (GH #736)
99b7a730 Add missing iOS architectures for Travis
7777704a Move iOS simulator builds to allowed_failures in Travis
95964fd0 Backout setenv-ios.sh changes The changes did not help
d1156ddf Try -watchos_simulator_version_min and -tvos_simulator_version_min
d48192d1 Remove -no_new_main from Apple Watch and TV simulators It did not help...
1e9a487b Clear Clang warning about C++11 template extension "warning: non-type template argument referring to function 'F' with internal linkage is a C++11 extension". Also see https://travis-ci.org/noloader/cryptopp/jobs/465328751
55b1535a Try to fix Watch and TV simulator link error Something about a missing _start symbol. I'm not sure if -no_new_main is the solution or not. Also see https://stackoverflow.com/q/24841283/608639.
c531c1c5 Add iOS Watch and TV simulator testing
c52e99a3 Fix ANDROID_HOME path ANDROID_HOME is /c/Users/Jeff/.android on desktops. It is a place where user's private data goes, like Android debug signing keys. It is not the SDK directory like answered on Stack Overflow.
5124ff7b Use OS X 10.1 image for Travis testing
8c4f38b2 Update comments
eee358b0 Fix DataDir for C++03 and below (GH #760)
5b0df259 Handle test vectors with extensions
1c88fd6f Add search for test vectors and test data (GH #760)
52035583 Cleanup Panama cihers
08aa7724 Disable Panama ASM on X86 (GH #758)
f74b8c83 Fix -Wreorder warning using GCC
fd15d998 Update comments
7656ff2b Fix Fedora and Red Hat feature tests They use a hardened build and include flags like -Werror=XXX and -Wp,FORTIFY_SOURCE
a6067da3 Fix Fedora and Red Hat feature tests They use a hardened build and include flags like -Werror=XXX and -Wp,FORTIFY_SOURCE
8769302a Add CRYPTOPP_DISABLE_MIXED_ASM define and feature test (GH #756, PR #757)
4b295f1f Use const_cast instead of reinterpret_cast
7832ae37 Switch to uintptr_t for IsAlignedOn I thought this might be part of the problem for https://groups.google.com/d/msg/cryptopp-users/sHCHSjM7scY/PkcSbIo-DQAJ but it did not help. However, the uintptr_t is the proper cast here.
a1c89661 Fix -xarch for CLMUL on Solaris
cdefa5be Test Travis Xenial build I can't test on my fork at the moment because it is tied up with some other changes. Also see https://blog.travis-ci.com/2018-11-08-xenial-release.
482151a9 Fix Aarch64 with early GCC
800dd99c Add init priorities for XLC compilers
71ce30f7 Whitespace check-in
fc5019a8 Add test_x86_avx512.cxx (GH #753)
53bdcb20 Add test_x86_avx512.cxx (GH #753)
13f7bd7f Make GF2_32 class member of RawIDA
0b1162aa Update documentation
6729b294 Move DEFAULT_CHANNEL and AAD_CHANNEL defs into cryptlib.cpp (GH #751)
318d53f6 Avoid use of NDEBUG in source files Posix NDEBUG causes our test script to fail the Posix Assert test
774454ba Cleanup Disable rules for x86
62b1b7d6 Update comments
de2c09ee Remove unneeded test program
92ae496c Update GNUmakefile-cross for feature tests (GH #741)
07209942 Clear unused variable warnings on iOS
a49e2ee2 Clear unused variable warnings on iOS
b8bf4540 Fix simulator SDK
42de69d8 Update ARM recipes
d9288fa8 Add additional ARM test programs The SHA512 and SHA3 programs need fixing, but they are stubbed out
8ae7e45c Initialize ARM test program variables
3b6ef049 Initialize ARM test program variables
9e5ba86d Fix Macports build on old hardware We needed to detect MacPorts earlier so the flags are used in TCXXFLAGS
cecd2fd6 Remove language dependent BAD_RESULT variable from Makefile
41d4fcec Fix typo
06c0c27e  Update test programs for x86 and ARM (GH #741)
28aa02b8 Clear SunCC warning on extra ';'
6028a692 Fix SIGILL in TestDARN() function I thought this was due to trying to call the darn instruction even though g_hasDARN == false on Power8. However, the problem turned out to be a Power9 load was used when DARN class threw a DARN_Err.
3e909c13 Add IBM XLC init priority support
52613240 Update documentation
af7cdcdb Update documentation
b87ef5d5 Update documentation
fd5e35fc Fix SIGILL on Linux when using XLC for DARN
8fba6672 Initialize Intel intrinsic variables
f07f01f4  Add Power9 Random Number Generator support (GH #747, PR #748) This adds the missing changes to the Windows source files
603d37b2 Fix type for XLC features ladder
5d9ecc2b Align GNUmakefile with Autotools and CMake
ee5b0562 Make temporary buffer a SecBlock for zeroization
09bda53f Fix PowerMac compile on G4's and G5's
5685b0fd Guard GCC_DARN_ASM_AVAILABLE on GCC 4.0 The GCC inline assembler is available at GCC 3.2, but we check for 4.0 for expediency
7a9970f0 Update comments and cpu feature test
d41085e9 Update documentation
9ddd6dc9 Fix CPU_ProbeDARN test The DARN probe used 64-bit version of the instruction. I think it would have been OK  32-bit binaries, but the 32-bit version is always safe.
3db34abf Add Power9 Random Number Generator support (GH #747, PR #748)
1966d136 Cleanup BLAKE2 m_keyLength and m_digestSize
cfbe382e Update documentation
a00fd950 Update documentation
b6a73cad Update documentation
9a987b48 Fix compile error with GCC on POWER7
93a9bfba Update documentation
758e31d5 Add 64-bit element rotates for POWER7
cf3dfa27 Drop uint64x2_p to POWER7 According to the OpenPOWER specs, unsigned long long vectors first appeared in ISA 2.06, which is POWER7. However some support functions, like vec_add, did not arrive until ISA 2.07, which is POWER8.
a4dc4e22 Update documentation
ad58f0cb Update comments for PowerPC
51fea1a1 Add VecLoadAligned for PowerPC
727de927 Add CRYPTOPP_POWER7_ALTIVEC for XLC 12 on AIX workaround
064650d3 Avoid IsAlignedOn in VecLoad_ALTIVEC and VecStore_ALTIVEC
a48e387e Add missing offset to VecStoreBE
39aaec7c Use vec_revb when POWER9 is available
4020ba70 Fix PowerPC compile on Linux
ae5650d4 Fix PowerPC compile on Linux
bc63a78b Move Power8 SHA tests into ppc_power8.cpp
2b5bea7b Fix POWER8 compile when -DCRYPTOPP_DISABLE_ALTIVEC
3efc7752 Remove __IBM_ATTRIBUTES I believe this is C++ attributes, and not GCC attributes
3ba4dc60 Use __IBMCPP_NULLPTR from IBM compiler manual
652d0e42 Use __IBM_ATTRIBUTES and __IBM_ALIGNOF__ from IBM compiler manual
2fe5177d Update documentation
17b7ebeb Update documentation
f6de1723 Fix UBsan finding on PowerPC under Clang 7.0
568d9376 Update documentation
64981be3 Remove unneeded assert in panama.cpp The code handles both aligned and unaligned cases
8d4103fb Fix alignment on AIX (GH #745)
6cf8895b Add additional assert to FixedSizeAllocatorWithCleanup (GH #745) This assert checks the array we return to the caller is large enough. Spoiler alert... it is not always large enough, like on 64-bit AIX. The linker on AIX appears to align smaller than 8-bytes
1e8ac49b Guard use of _debug_memset with __DEBUG_ALLOC__ This is engaged with IBM XLC's -qheapdebug option
e26b1a0b Add debug heap support on AIX with IBM XLC
be437504 Clear "x" might be used before it is set using IBM XLC
5492101f Fix XLC 13.1 debug builds on Linux
2caa62a0 Add TCXXFLAGS for compiler and cpu feature testing (GH #741) This will allow users to specify agreesive warning flags without accidentally failing a feature test. The feature tests are minimal but the system headers could be noisy under elevated warnings
4db81f2e Improve -fPIC and -pthread rules
322c67f3 Use previous digest size as a default value in BLAKE2
0d44176f Cleanup debug information from SIMON source files
0998b40d Disable Altivec for BLAKE2s on AIX 7.1 and XLC 12.01 (GH #743)
a65d55a3 Rewrite BLAKE2 classes The ParameterBlocks for BLAKE2 had undefined behavior. We relied on the compiler packing the bytes in the structure, then we used the first byte as the start of an array.
13bee443 Update comments
3be1ae60 Clear warning on unitialized rounds
778f6f12 Remove potential UB from CFB_CipherConcretePolicy
081d9110 Call VecStore_ALTIVEC by name The old form could suffer recursion if teplate deduction fails
e6370f3e Fix typo in VecStore
66b3ba5d Update comments
f52a141f Add separate Polynomial Multiply feature test on POWER8 (GH#742)
215f9dc1 Fix POWER7 runtime detection test (GH #742)
0de4556b Fix feature test programs for early POWER7 machines
0df98b04 Improve support for early XLC compilers on POWER7 (GH #742)
7274827f Add test_ppc_vmull.cxx test program
531ab7e8 Update comments
87565dce Add POWER3 test for PowerPC Issue 656 talks about running on a G4 Macbook
3681d2fa Update documentation
20137574 Update documentation
4c192ecc Whitespace check-in
7d637ded Cleanup POWER8 SHA code
2f26de7a Add 64-bit element loads and stores
3129ad4d Fix LLVM Clang compile on PowerPC
c9f1a260 Update test programs for PowerPC (GH #741)
b1929f78  Update test programs for PowerPC (GH #741)
f8b1a997 Update test programs for PowerPC (GH #741)
2bb9f495 Add test_ppc_aes.cxx test program
1ac72075 Use clean compile as feature test gate on PowerPC (GH #742)
76cb99ff Add unexpected to BAD_RESULT
a82e7669 Make CMake configurable in test script
b65ff529 Make CMake configurable in test script
3725c841 Move CPU_ProbePower7 and CPU_ProbePower8 into their own source files (GH #742)
1a06aadb Update comments
2e68e95a Add BLAKE2s and ChaCha CORE SIMD function (GH #656) The CORE function provides the implementation for ChaCha_OperateKeystream_ALTIVEC, ChaCha_OperateKeystream_POWER7, BLAKE2_Compress32_ALTIVEC and BLAKE2_Compress32_POWER7. Depending on the options used to compile the source files, either POWER7 or ALTIVEC will be used. This is needed to support the "new toolchain, ancient hardware" use case.
e28b2e0f Switch between POWER7 and POWER4 (GH #656) This is kind of tricky. We automatically drop from POWER7 to POWER4 if 7 is notavailable. However, if POWER7 is available the runtime test checks for HasAltivec(), and not HasPower7(), if the drop does not occur. All of this goodness is happening on an old Apple G4 laptop with Gentoo. It is a "new toolchain on old hardware".
70473f0c Whitespace check-in
59ba3b6a Switch between POWER7 and POWER4 (GH #656) This is kind of tricky. We automatically drop from POWER7 to POWER4 if 7 is not available. However, if POWER7 is available the runtime test checks for HasAltivec(), and not HasPower7(), if the drop does not occur. All of this goodness is happening on an old Apple G4 laptop with Gentoo. It is a "new toolchain on old hardware".
aae108d2 Fix PowerPC-64 detection using Clang
7f5624db Update Filelist
889c98b9 Add Newlib test
0c6dc33d Fix missing header
05642661 Cleanup makefile
b0f77fe7 Add additional tests
14798330 Use __ALTIVEC__ preprocessor macro for PowerPC
c4c413e3 Drop GCM to POWER7 if POWER8 unavailable
bbc5c63d Drop GCM to POWER7 on PowerPC GCM can do some bulk XOR's using the SIMD unit. However, we still need loads and stores to be fast. Fast loads and stores of unaligned data requires the VSX unit
0ac7b252 Use C++ compiler for all source files (PR #733)
2d2f69c2 Fix missing cpu-features.o in shared object (PR #733)
5ef27641 Update documentation
4c5695c5 Update documentation
f53405b9 Update documentation
cf52307a Update documentation
364017c0 Update documentation
dd111a61 Update documentation
512fa101 Update documentation
f6e04e5f Rename PPC vector functions from VectorFunc to VecFunc
8e5cd363 Update documentation
98699dde Update documentation
8b4da4ca Update comments
e784c04e Update documentation
89faf392 Cleanup BLAKE2s
f69b7537 Update documentation
390fed72 Add word32 VectorStore overloads
10f85d65 Make Altivec vector wraps friendly to downgrades The way the existing ppc_simd.h is written makes it hard to to switch between the old Altivec loads and stores and the new POWER7 loads and stores. This checkin rewrites the wrappers to use _ALTIVEC_, _ARCH_PWR7 and _ARCH_PWR8. The wrappers in this file now honor -maltivec, -mcpu-power7 and -mcpu=power8. It allows users to compile a source file, like chacha_simd.cpp, with a lower ISA and things just work for them.
3c7bdf1a Add Octet suffix for vec_sld We need to make room for packed shifts and rotates
d6565458 Remove duplicate functions
505c58ac Add Octet suffix for vec_sld We need to make room for packed shifts and rotates
fa8e692d Switch to compiler macros for PPC header
4f86bcc3 Remove -qxlcompatmacros after Commit 96d3fa208ed7
96d3fa20 Fix compile when using XLC with LLVM front-end without -qxlcompatmacros
7bd02896 Fix XLC flags with LLVM front-end
5b9b9b8d Whitespace check-in
7c9858f8 Cleanup PowerPC and XLC feature tests
225ab6cb Drop ChaCha requirements to POWER7 This costs about 0.6 cpb (700 MB/s on GCC112), but it makes the faster algorithm available to more machines. In the future we may want to provide both POWER7 and POWER8
b3941a43 Fix some IBM XL C/C++ issues
7f8d3e88 Miscellaneos warning fixes (GH #739)
fc1e98e7 Make feature test output filename configurable (PR #737, GH #738)
197f7518 Use Linux EOL conventions
00fc030f Add test_pthreads.cxx to Filelist
926e9100 Use Windows EOL conventions
69a00192 Add return value to pthread test function
dd6af58c Add pthreads test
e69106f2 Add "Invalid mnemonic" to bad result on PPC
27b61d87 Add CRYPTOPP_INLINE to SIMON and SPECk for debugging
4da4f7ea Add AVX2 arch to chacha_avx.cpp
57b2bf57 Switch to VectorLoad overload with one arg
7515b4d6 Fix SIMON64 and SPECK64 providers
9550ccc9 Port SIMON64 to Altivec SIMON64 runs about 4x faster than C++ for POWER4 and friends. If POWER7 is available it goes back to full speed due to efficient unaligned loads
a0608a6b Port SPECK64 to Altivec SPECK64 runs about 4x faster than C++ for POWER4 and friends. If POWER7 is available it goes back to full speed due to efficient unaligned loads
b372f7d3 Clear unused variable warning
cff351de Simplify Aach64 polynomial multiply tests
6291e2fb Simplify Aach64 polynomial multiply tests
75c97759 Simplify Aach64 polynomial multiply tests
1070186b Update Filelist.txt
cac97f04 Rename PPC feature tests to test_ppc_xxx.cxx (PR #737)
ff212dae Rename x86 feature tests to test_x86_xxx.cxx (PR #737)
41639e5e Fix ARM A-32 and Aarch64 feature tests (PR #737)
886fd790 Remove wildcard from a.out clean recipe
a0f3744e Use __cpp_lib_uncaught_exceptions for CRYPTOPP_CXX17_EXCEPTIONS Also see https://bugs.llvm.org/show_bug.cgi?id=39631
499a5e28 Remove a.out artifacts whenever feature tests run (GH #738)
f91584a7 Remove a.out artifacts on OS X during clean (GH #738)
4e404cce Fix incorrect Macport compiler detection (GH #738)
b163176f Fix missing 'no such instruction' in assembler messages (GH #738)
05f05300 Make TrimComment call TrimSpace
de75959f Move HAS_NEWLIB down to _XOPEN_SOURCE test
74ee0eef Update comments
959d81b2 Fix cryptest.sh are *-simd file rename
40da78e5 Cleanup GNUmakefile (PR #737)
04062661 Fix test program header include
8e83d7a8 Use __GNUC__ for POWER8 AES availability test
213569a4 Remove Darwin requirement for Port compilers I seem to recall someone used one on Linux at one time
8011f023 Add test programs to file list (PR #737)
6e94562c Move to feature-based availability testing in Makefile (PR #737)
087f97ed Remove patch file
1db4115a Allow all Android tests to fail until we fix the script for NDK 16b
5e48e656 Whitespace check-in
b354eee1 Add /arch:AVX for chacha_avx.cpp to Nmake recipe
0ee1cb2a Rename files with dashes to underscores Also see https://github.com/weidai11/cryptopp/issues/736
06e1d0c0 Add call to _mm256_zeroupper to avoid state penalties Also see https://stackoverflow.com/a/7841251/608639
cc7d5c15 Rename files with dashes to underscores Also see https://github.com/weidai11/cryptopp/issues/736
f3fa10a1 Rename files with dashes to underscores Also see https://github.com/weidai11/cryptopp/issues/736
89622506 Rename files with dashes to underscores (GH #736) Also see https://groups.google.com/forum/#!topic/cryptopp-users/HBz-6gZZFOA on the mailing list
776a2195 Re-add static functions to eccrypto.cpp I think another approach is better for CMake
9dfc0104 Fix compile with SunCC using CMake This is likely another SunCC problem.
f839e509 Enable SSE2 intrinsics for SunCC
2106086f Fix Solaris mapfile The mapfile now removes all hwcaps_1 (SSE-AVX), and hwcaps_2 (AVX2, RDRAND, RDSEED). Unfortunately, it requires  2 and does not work on Solaris 9.
a592d64d Update comments
656be82a Cleanup ARIA SSE and NEON code
ca9d0f10 Use single block for ARIA key
28e7baf4 Clear C4456 under MSVC
a75f0cd8 Fix missing comment characters
092309b2 Fix global optimization bug for ChaCha AVX2 under VS2017 (GH #735) Also see https://github.com/weidai11/cryptopp/issues/649. The 649 issue is the one affecting AES. It appears to be the same problem.
af9fb9d2 Add ChaCha to self tests (GH #732)
e6112e35 Clear C4456 under MSVC
dede7bf6 Whitespace check-in
aa1d0a51 Lower Binutil version to 2.23 for AVX
d9011f07 Add ChaCha AVX2 implementation (GH #735)
9b31bc18 Fix Solaris hardware cpas to allow AVX and AVX2
cc5eb391 Fix compile using SunCC 5.9
4ddaa9d0 whitespace check-in
f57df06c Disable global optimizations for Rijndael using MSC compiler (GH #649)
5a36cd54 Add meaningful test failure messages
8b13c2a8 Whitespace check-in Look, we can finally use whitespace to add breaks and make these somewhat readable.
93c75189 Improve datatest parser This switches to line oriented parsing for the test files. Previously we we using streams for names, and lines for values. We can now use whitespace and make the tests a bit more readable by grouping similar tests. AlgorithmType will clear the current accumlated values.
7c0be4ea Add additional Salsa test vectors
5de65458 Add additional test vectors
4ee0b3e2 cryptlib.h
f5bce1ab Fix missing errno on PPC64 with GCC 4.8.5
6cc76393 Skip unneeded wrap check in SIMD book keeping (GH #732)
29be6ed9 Work-around potential counter increment problem in ChaCha20 (GH #732)
d7a3562c Whitespace check-in
87d679bc Add additional ChaCha20 test vectors (GH #732) The additional tests ensure we cross the 32-bit boundary used by the state counters
40fa6873 Add ability to Seek64 in test framework (GH #732) Also see https://github.com/randombit/botan/pull/1728
f7c0fab5 Fix compile on early Apple platforms. I think this may be related to the VectorSource check-in. The error is:
a4d97e9b Use vec_shleft_octet to avoid confusion with vec_extract
4e3d160a Update comments
43cf1f0d Use vec_sldo to avoid confusion with vec_extract
aee04591 Whitespace check-in
6aa6393b Update documentation
4b4dbdb9 Update documentation
bdeaae3a Fix disjoint t[] and f[] when using SIMD implementations
600e2a8b Rewrite BLAKE2 classes to remove intermediate base class
06867e5c Guard BLAKE2 on CRYPTOPP_ALTIVEC_AVAILABLE
dfacc9f1 Use CRYPTOPP_ALTIVEC_AVAILABLE values over defined This allows users to -DCRYPTOPP_ALTIVEC_AVAILABLE=0 on the command line. It is especially important on PPC, which varies wildly among compilers dating back to the 2000's
aa7e9090 Remove unneeded #undef's from BLAKE2_Compress32_POWER7
d68d0106 Cleanup return statements in PowerPC's VectorSet32
fc17f160 Remove unneeded BLAKE2B_IV from Blake2s source file
5dca85b8 Split Blake2 SIMD files into blake2s-simd.cpp and blake2b-simd.cpp (GH #729, GH #731) The split was required for Blake2b and Power8; Blake2s only requires Power7
d2b64a4d Add BLAKE2b Power8 implementation (GH #731)
1fd8ac8b Use vec_perm on PowerPC little-endian for GCC
c6d27299 Update comments
bcfd8444 Use vec_mergeh and vec_mergel for PowerPC Origian benchmarks showed no material difference. However, today we are seeing up to 0.4 cpb profit on GCC112.
20f82c06 Add VectorSource (GH #730)
7c5da3e1 Update comments
a19385a6 Fix mask names This follows IBM convention, where the lowest memory address is "high", and the highest memory address is "low"
95d45484 Update documentation
659c0c11 Add BLAKE2b Power8 implementation (GH #729)
81db4ea5 Switch to pch.cpp for compile tests. adhoc.cpp was a bit uncomfortable because we had to copy it out from adhoc.cpp.proto. For some reason CMake could not perform the copy, so we started using pch.cpp in CMake. This commit keeps them consistent. We may have problems with one test, and that is the Newlib tests. I seem to recall they a C++ header included to properly identify its use. We cross that bridge during MinGW testing.
ffe63caa Add CXX awareness to CMake test script
1ff6f39e Add proper declaration for Kalyna tables; and split from definitions
1d0c6dd9 Cleanup SHA SIMD source file Add proper declaration for SHA256_K and SHA512_K tables; and split from definitions
c601213c Sync CRYPTOPP_{BIG|LITTLE}_ENDIAN with Autotools Autotools sets up its config.h file with the '#define XXX 0' or '#define XXX 1' pattern. This check-in makes the sources Autotools aware. We need to verify CMake does the same
e185cbd8 Revert "Sync CRYPTOPP_{BIG|LITTLE}_ENDIAN with Autotools"
a7615a8c Add packed 32-bit Shuffle specializations for ChaCha on Power8
54214062 Update comments
a281cd9d Add ChaCha recipes to GNUmakefile-cross
e9e31752 Whitespace check-in
1cf4f98d Update comments
06d0072d Add CRYPTOPP_DISABLE_ASM to dependency recipe This stops the inclusion of SSE headers without arch options that break the recipe
d7d76fa5 Add ChaCha Power8 implementation
04306f86 Sync CRYPTOPP_{BIG|LITTLE}_ENDIAN with Autotools
8b00a9ff Fix compile error on AIX Apparently "hz" is an identifier somewhere in the bowels AIX standard headers
5dfa9086 Add VectorStore(byte*, vector) overload
5e897710 Update documentation
5d1de662 Spelling
55bb2c8b Update documentation
2b4911ab Update documentation
16768df2 Update documentation
ca97f6fa Add addition helper for Aarch32 and Aarch64 Update comments
21d69598 Add CRYPTOPP_DISABLE_ASM to dependency recipe This stops the inclusion of SSE headers without arch options that break the recipe
c0b273da Remove xorInput parameter from ChaCha SIMD functions We can use the input pointer directly after checking KeystreamOperation
61a696f7 Update comments
8da2b91c Add ChaCha AlgorithmName override
76ab8ffa Update comments
c992fe98 Fix failed compile on Ubuntu with -msse2 Also see https://github.com/noloader/cryptopp-cmake/issues/36
99c65bdb Rename ARM Shuffle() to Extract() Extract() is the equivalent to SSE's _mm_shuffle_epi32(), but ARM naming calls it vector extract
d3a3189b Sync CRYPTOPP_ARM_ACLE_AVAILABLE with Autotools
b4b36239 Whitespace check-in
b1050636 Add ChaCha NEON implementation
352083b1 Cleanup HC128 and HC256 OperateKeystream
ba5ca6b8 Add XOP aware BLAKE2b and BLAKE2s
f33b19bf Add XOP aware Salsa20
daa07255 Fix ambiguous symbol BTEA::StaticAlgorithmName (GH #726)
ecbf7910 Remove unneeded SIMON128 functions in simon64-simd.cpp This looks like artifacts from when we split simon-simd.cpp into simon64-simd.cpp and simon128-simd.cpp.
67f42117 Add XOP aware SIMECK
babdf8b3 Add XOP aware CHAM and LEA
210995b8 Add XOP aware SIMON and SPECK
ed4d57ce Add XOP aware ChaCha ChaCha is about 50% faster using XOP for the rotates on AMD machines
b4c4c5aa Add SSSE3 rotates when available This change obtains the remaining 0.1 to 0.15 cpb. It should be engaged with -march=native
c43c47e5 Fix _mm_roti_epi32 and _mm_roti_epi64 redefined on Fedora ar -O0
18dcbdf5 Move input xor to ChaCha_OperateKeystream_SSE2 This picks up about 0.2 cpb in ChaCha::OperateKeystream. It may not sound like much but it puts SSE2 intrinsics version on par with the ASM version of Salsa20. Salsa20 leads ChaCha by 0.1 to 0.15 cpb, which equates to about 50 MB/s.
d230999b Fix ChaCha compile on ARM and MIPS
6a5d2ab0 Remove unneeded params from ChaCha_OperateKeystream_SSE2
028a9f04 Remove old comments from chacha.cpp This should have been done at 916c4484a270
4ad8fa9e Fix cryptest.vcxproj.user after 916c4484a270 check-in
916c4484 Add ChaCha SSE2 implementation Thanks to Jack Lloyd and Botan for allowing us to use the implementation. The numbers for SSE2 are very good. When compared with Salsa20 ASM the results are:   * Salsa20 2.55 cpb; ChaCha/20 2.90 cpb   * Salsa20/12 1.61 cpb; ChaCha/12 1.90 cpb   * Salsa20/8 1.34 cpb; ChaCha/8 1.5 cpb
35b874b5 Add additional ChaCha tests
dc840e49 Make datatest.cpp more tolerant of comments
322cda8e Whitespace check-in
88af6d72 Remove extraneous folder from PR (GH #723)
253f1ba5 Fix unused variable warnings (GH #723)
8790467f Fix constants buffers in TestPadlockRNG
e0d37b22 Remove unused variable from TestPadlockRNG
5e19ac7e Update comments in Doxygen config file
1d0c659f Fix compile error when NO_OS_DEPENDENCE
1de4f39f Add CRYPTOPP_DISABLE_ASM for Google Native Client (GH #719)
3063c6e1 Whitespace check-in
180b39fa Disable SecureWipe specializations when CRYPTOPP_DISABLE_ASM (GH #719)
c315c669 Disable server-side Doxygen search This may be contributing to OOM kills in our low-memory environment
c0471236 Use version 7.0 rather than 6.2 We had to perform a major version bump due to an ABI break
9be27c86 Fix TestMersenne validation
cab699d7 Bail early from test script if initial tests fail
26fcdb55 Add additional RNG tests
ce4af5b8 Add Test_RandomNumberGenerator function Copy and paste gone wrong... This cleaned up a lot of tests by folding the code into one function.
64621525 Clear MS LNK4221 and libtool warnings
ca08d63a Add SIMON and SPECK to validation suite
d6eaa509 Remove DEFAULT_BLOCKSIZE constants (GH #535) This should have been removed around January 2018 with the other functions.
23279dcd Update documentation
7bd9ffca Remove StaticGetValidBlockSize (GH #535) This should have been removed around January 2018 with the other functions.
6660982a Allow Cryptogam's AES thunk to be inlined
4e78abe5 Use HertzToString for friendly CPU speed
c65cd7c3 Use Cycles/Byte for table heading
0d6c86ba Update comments
49d852ee  Enable same buffer for in and out on ARM A-32 (GH #683)
1acbedd4 Fix spelling and grammar
cc5baa9c Fix typo in AdvancedProcessBlocks64_6x2_NEON AdvancedProcessBlocks64_6x2_NEON was only used by Simon and Speck. It was causing failures in wide-block tests for CBC decryption only.
fb303f51 Fix unset MAKE variable in test scripts
1d5eaf52 Fix test scripts on ancient Bash This showed up on Solaris 9 with Bash 2.05. Also see https://unix.stackexchange.com/q/468579/56041
590f8573 Fix LegacyDecryptor and LegacyDecryptorWithMAC (GH #714) The classes used the wrong hash with the MAC. The legacy gear should have used SHA1, not SHA256.
d0946abb Use  in cryptest-cmake.sh test
fc5a7318 Make config.sub and config.guess +w before download
edbd57a4 Make config.sub and config.guess +x after download
b51faab9 Update comments in GNU Makefile
03297cdf Add -xregs=no%appl for SunCC on Sparc
9a8b4a80 Make TestStringSink a debug test
ae34c2d2 Add throw to test recover plain text for DefaultDecryptorWithMAC
4ff34ee3 Add DefaultDecryptorWithMAC using binary file test Also see https://groups.google.com/d/msg/cryptopp-users/QxPxSHkLM-4/pWmoBRuaBQAJ
ac43bee6 Merge pull request #334 from orangefour/feature/vector_sink
9b81a545 Add VectorSink
44cd7eb1 Fix missed conditions for XTR-DH domain parameters generation Formerly we used asserts and they would fire on occassion. This commit makes the condition part of the generation process to avoid the assert.
c01606e3 Add additional assert
aa45eca5 Clear documentation warning due to specialization The specialization pivoted on T_Align16 so it is not longer a template parameter
a77f529e Update cryptest-autotools.sh Update config.sub and config.guess per GNU recommendations
a552eff2 Break-up long lines in cryptest.nmake
e8bf53cd Fix Android Aarch32/Aarch64 code paths in neon-simd.cpp
e8fc1b04 Fix Android Aarch32/Aarch64 code paths in neon-simd.cpp
eba07883 Enable server-side search for Doxygen manual It is too bad it does not work...
4fb9fbf5 Update comments
beed647d Update assert
1bbbfb6b Fix partial specializations for FixedSizeAllocatorWithCleanup (PR #710)
243673c3 Add notes on -stdlib=libc++ for MacOS
afbd3e60 Fix alignment on Win32 and Solaris Sparc  (PR #709)
e054d36d Add partial specializations for FixedSizeAllocatorWithCleanup This allocator still has some demons buried inside due to the bit fiddling. This commit should isolate the demons to aligned stack allocations when an alignment facility from the platform or OS is not available. That is, we use CRYPTOPP_ALIGN_DATA when we can because it is most reliable. We can tell when things have gone sideways using Debug builds. The CRYPTOPP_ASSERT(m_allocated) will fire on destruction because the flag gets overwritten.
8382b49a Fix compile using Nmake LNK2019: unresolved external symbol CryptoPP::KeccakF1600(...)
f3238742 Fix compile with IBM XLC -pthread was causing "xlC: 1501-210 (W) command option t contains an incorrect subargument"
09988377 Use ANONYMOUS_NAMESPACE_END
8c450a9f Avoid Singleton when possible (GH #708) Also clear several sign conversion warnings
0ba3687c Update comments
af17fdf9 Add -Wno-deprecated for PPC tests due to vec_ld and vec_st
4ab06b78 Update Visual Studio 2005 project files
40d75271 Add keccakc.h and keccakc.cpp to Filelist.txt
b9a6034a Add keccakc.h and keccakc.cpp for shared F1600
60c5146c Update comments in integer.cpp
a65cf70f Update comments in integer.cpp
81f8c48f Avoid std::call_once (GH #707) This commit also favors init priorities over C++ dynamic initialization. After the std::call_once problems on Sparc and PowerPC I'm worried about problems with Dynamic Initialization and Destruction with Concurrency. We also do away with supressing warnings and use CRYPTOPP_UNUSED instead.
6b93c284 Use bitwise not 0 for last block flag
a9c5c56d Switch to SaturatingSubtract to guard against wrap on user parameters
4a86ad67 Clear initialization warning due to non-trivial destructor
899236b9 Tweak Makefile test to compile but not link (GH #707)
c3dd09b9 Update messages in cryptest.sh
87493974 Add Power8 VMULL tests to cryptest.sh
c0b11160 Fix compile on Visual Studio 2005 without service packs
cb579548 Update Visual Studio 2005 project files
8db82708 Clear conversion wanrings under MSVC
cb6f93c2 Update Visual Studio 2005 project files
3ad077ad Clear conversion wanrings under MSVC
2f906a03 Clear conversion wanrings under MSVC
37828ff0 Clear conversion wanrings under MSVC
d47f69ac Fix SecBlock ELEMS_MAX in Visual Studio .Net (2002 and 2003)
d1a582e8 Add /DEBUG to cryptest.nmake linker options
c25a1e35 Clear conversion wanrings under MSVC
c24f17b7 Fix compiler crash in Visual Studio .Net (2002 and 2003)
3e9a5f17 Disable C4231 in Visual Studio 2005 project files
01779726 Use consistent suffix for SSE2 ASM
8c5a5586 Update Visual Studio 2005 project files
874f79c3 Fix compile on Visual Studio 2005 without serve packs
5c353259 Whitespace check-in
082ad861 Fix missing _xgetbv for Visual Studio 2008 and below
d41b3c82 Fix linking rdrand.obj twice on Windows using cryptest.nmake
5489cfe3 Remove Asan workaround from VMAC I was not able to duplicate it under GCC. That includes the GCC's supplied with Debian 8 and Ubuntu 14. It looks like the problem was with Asan insread of the library
5e3f38cf Allow previous version of shared library on Solaris
3e23c558 Remove makefile debug print statements
9886b555 Add SONAME to shared object for Solaris Also see https://blogs.oracle.com/solaris/how-to-name-a-solaris-shared-object-v2
964b92b6 Rework -pthread test for GCC on Solaris It looks like GCC is rejecting the -pthread option but it is advertising Pthread support by defining 39 related macros. I'm not sure what to make of it, but we can't use -pthread because it breaks the compile.
3929c359 Add SHACAL2 cipher AlgorithmProvider()
1f5d0d85 Add Tiger cipher AlgorithmProvider()
92163356 Move constant table to unnamed namespace
03d78fb7 Add Panama cipher AlgorithmProvider()
a6fadbad Remove Provider from public key operations Everything is C++ so there's no value added by the column
ea05f2fe Fix build for MinGW due to deleted winpipes.cpp (#705)
ef58e71d Discard extra noise from Autotools test script
31ebabeb Cleanup headers in vmac.cpp
4282f947 Disable X32 inline assembly (GH #686, PR #704)
06cf2ede Disable ASM and intrinsics for ARM big-endian We don't have a test rig to test things. Based on our experience with Power8 and BE/LE, there will be trouble
48f2d95b Fix ChaCha debug builds This broke at https://github.com/weidai11/cryptopp/commit/e2be0cdecce7
f2171cbe Remove Thread and Socket classes (GH #208, PR #703)
522da15b Whitespace check-in
4fe078b4 Use BLAKE2B_G2 macro name
25116f5a Enable SSSE3 and SSE4 for SIMON and SPECK on Solaris with SunCC 5.13 and above
18bfe2a5 Fix AlgorithmProvider for CHAM and LEA on Solaris
b2c5616e Fix AlgorithmProvider for SIMON and SPECK on Solaris
e2be0cde Make ChaCha an Salsa use the same design pattern
3e55bfca Cleanup header includes for SSE Travis is failing because the system headers don't guard their functions and datatypess properly
2876371c Add GNUmakefile-cross flags SIMON and SPECK
a4c5bdf8 Remove unneeded comments
16cf591f Cutover to BLAKE2 team impl The BLAKE2 team runs a tad bit slower but we want to push maintenance onto them
f28fb0a1 Add SIMON-128 and SPECK-128 source files
7a43a040 Split simon-simd.cpp and speck-simd.cpp into separate source files SIMON-64 and SIMON-128 have different ISA requirements. The same applies to SPECK-64 and SPECK-128. GCC generated code that resulted in a SIGILL due to the ISA differences on a down level machine. The instructions was a mtfprwz from POWER8. It was prsent in a function prologue on a POWER7 machine.
eb57dc54 Whitespace check-in
014f3d08 Make AdvancedProcessBlocks64_6x2_ALTIVEC inline
c26aad8a Use PtrSub to subtract offset from pointer
1253bccf Add VectorLoad(word32 arr[4]) overloads
6f1caab7 Move SIMON-64 and SPECK-64 to Power7 minimum SIMON-64 and SPECK-64 don't use 64-bit type so they can run on Power7. We may be able to drop to Power4, but we need to test the effects of Loads and Stores without vec_vxs_ld and vec_vsx_st
62e95313 Update comments
9d15a9ee Fix SIMON-64 on AIX
9a78b924 Update comments
cf0c487c Fix SPECK-64 on AIX
9b91b94b Add POWER8 SIMON-64 implementation
d8c28bdc Make SPECK-64 more symmetrical
f1b19074 Update comments
93149e4c Update comments
d221336f Add POWER8 SPECK-64 implementation
46285190 Add AdvancedProcessBlocks64_6x2_ALTIVEC template
b35632e8 Cleanup SIMON-128 code The check-in provides more unification and sets the pattern used with SIMON-64
9d600816 Cleanup SPECK-128 code The check-in provides more unification and sets the pattern used with SPECK-64
7c70b39d Cleanup DRBGs The change picks up about 10 cpb or 20 MB/s on Power8.
9143a055 Whitespace check-in
b4c0404b Refactor lea-simd.cpp This was part of a POWER8 LEA implementation. The numbers were awful but we still needed the code cleanup
dbe70253 Add AdvancedProcessBlocks128_4x1_ALTIVEC template
78939cb6 Update comments
de7f4a08 Fix carry bug in AdvancedProcessBlocks128_6x1_ALTIVEC
7dc2e6ea Switch to byte instead of uint8_t Several places in ppc-simd.h used uint8_t rather than byte
39b1f60d Fix compile under XLC
e0a35cf1 Fix compile under XLC
89476e28 Cleanup adv-simd.h for ARM
7f374faf Cleanup adv-simd.h for x86
6c621f91 Add POWER8 SIMON-128 implementation Performance went from about 30 to 40 cpb to 5.5 to 9 cpb, depending on endian-ness
aa806f34 Add SPECK-128 provider for POWER8
3e264372 Remove debug statement Thus slipped by during commit 898dab99b808
898dab99 Add POWER8 SPECK-128 implementation Performance went from about 14 cpb to 2-3 cpb, depending on endian-ness
dd4f87fa Clear IBM XLC warnings on PowerPC
afe72c50 Add VectorSub and VectorSwapWords
3d6c8d95 Update comments
8d62b500 Add validat9.cpp to filter list
d109ce09 Update comments and function names Someone trying to make sense of POWER8 GCM is bound to be confused even with the expanded comments and updated function names
6993d1d0 Update comments
78d3a279 Remove specializations for VectorShiftLeft and VectorShiftRight
555f4742 Fix buffering and unusual tag output due to ostringstream
94eff2cd Remove INLINE used for debugging We needed to switch inlining off manually. GDB was not stepping into code for us. No longer needed
23e0ee44 Cleanup GCM code I always thought the SSE code in GCM_ReverseHashBufferIfNeeded_CLMUL was a wart
1c224c87 Switch to vector shifts instead of vector merge
a2a520e5 Cleanup GCM mode
8c21b6af Use shifts for VectorGetLow
eddc3579 Use shifts for VectorGetLow
b44de10e Cleanup Aarch64 GCM mode
9f2d6540 Add POWER8 GCM mode (GH #698) Commit 3ed38e42f619 added the POWER8 infrastructure for GCM mode. It also added GCM_SetKeyWithoutResync_VMULL, GCM_Multiply_VMULL and GCM_Reduce_VMULL. This commit adds the remainder, which includes GCM_AuthenticateBlocks_VMULL. GCC is OK on Linux (ppc64-le) and AIX (ppc64-be). We may need some touchups for XLC compiler
989c3bfb Update comments
99ab11d1 Add TestAltivecOps for Debug builds
1b5422eb Update documentation
3ed38e42 Add POWER8 GCM mode (GH #698) GCM_SetKeyWithoutResync_VMULL, GCM_Multiply_VMULL and GCM_Reduce_VMULL work as expected on Linux (ppc64-le) and AIX (ppc64-be). We are still working on GCM_AuthenticateBlocks_VMULL.
5b89e774 Add Altivec vector extraction tests
13b6dac3 Remove temporary variable
ce5b6c9e Fix return value for Altivec VectorLoad
048c2721 Remove unneeded defines from cpu.cpp
bcf05a6c Add additional PowerPC self tests
04646410 Remove unneeded enum from VectorShiftLeftVectorShiftRight
00e7d02a Fix Altive VectorStore on little-endian Remove unneeded VectorLeftShift(a,b) and VectorRightShift(a,b)
96405e14 Fix VectorShiftRight on PowerPC
4c30f57d Update comments
d4428d7f Add VectorLoad and VectorStore test code Applies to POWER4 and above only
a4ebb755 Update comments
19430730 Cleanup VPMSUM probes
2ec9c996 Update documentation
9ff73182 Prepare for POWER8 carryless multiplies using vpmsum
6cd7f833 Cleanup PPC vector functions The Crypto++ functions follow IBM's lead and provide VectorLoad, VectorLoadBE, VectorStore, and VectorStoreBE. Additionally, VectorLoadKey was removed in favor of vanilla VectorLoad.
9c271435 Whitespace check-in
58b7abe1 Update comments
1dd0e321 Rework Makefile and ppc-simd.h for XLC and LLVM front-end changes
da00422d Fix build with Embarcadero C++Builder 10.2.3 (#696)
e82ee1c6 Fix typo in SM4 recipe on PowerPC
aee00b69 Clean *.lst files created by XLC
9ce1648f Update comments
f67efe75 Remove POWER5 define. We don't use it The 64-bit 'vector long long' is POWER8
4540ab4f Rework PPC probes for XLC and LLVM
8019362b Clear unused variable warnings under MSVC
81a5429e Remove iPhoneSimulator from Travis allowed failures
eca0458d Update comments
1bd18dd5 Simplify RDRAND and RDSEED logic Travis testing on GitHub showed a RDSEED failure with a "no implementation" failure. Stepping back the RDRAND and RDSEED impl logic was too complex. It offered choices when there was no need for them. For MSC we only need the MASM implementation. For U&L we only need the inline assembly that emits the byte codes (and not the instruction). The byte codes cover from GCC 3.2, Clang 2.8 and onwards
7e14cab8 Rework PPC probes for XLC and LLVM
c4eb38b8 Improve CPU_ProbePower8() test
c4ef77bc Attempt to use glibtool if available
fdc3045e Copy setenv-ios.sh into TestScripts This is one of the scripts we have in two places due to historical reasons. The current practice is to put them in TestScripts/
85ea200f Revert "Copy setenv-ios.sh into TestScripts"
f0fdb3bc Bump Travis OS X image to 9.4
a6143862 Copy setenv-ios.sh into TestScripts This is one of the scripts we have in two places due to historical reasons. The current practice is to put them in TestScripts/
3753a430 Disable ASM for iOS simulators
5eec90be Cleared unused variable warning
70c9fe47 Remove calls to chmod and xattr
f9f30766 Add false DOCUMENT_DIRECTORY for GNUmakefile-cross
a1b30685 Fix distclean rule in GNUmakefile-cross
89ec3c4a2 Guard for missing libtoolize
57521bd2 Add calls to 'make clean' to ensure building artifacts
27968af8 Update to support IBM XLC and LLVM backend
5367d263 Fix compile when adhoc.cpp is missing
7ff5f0dc Try fix Travis testing on OS X
319698e4 Rework GNUmakefiles for XL C/C++ changes
8c3658fc Rework GNUmakefiles for XL C/C++ changes
b4a041a7 Add -qxlcompatmacros for IBM XL C/C++ when available Also see https://lists.tetaneutral.net/pipermail/cfarm-users/2018-July/000331.html
4b13ccea Remove automatic bitness selection on PPC64
00135f5b Add CRYPTOPP_ALIGN_DATA for IBM XL C/C++
d563c5da Fix SHA-256 on AIX using IBM XL C/C++ and POWER8 crypto We were using aligned loads of the key table SHA256_K. The key table was declared as 16-byte aligned but it appears the table was not aligned in memory.
0c8a9458 Fix compile for AIX using GCC and IBM XL C/C++
9396dc46 Update comments
f3656221 Add call to ls upon failure of script
12bb4866 Add check for setenv-*.sh scripts
4fc5b8da Update comments
36318790 Whitespace check-in
2510d978 Try fix Travis and "cryptest-ios.sh not found"
d952cb99 Update comments
973fbf0e Fix FixedSizeAllocatorWithCleanup assert on Solaris
f290746a Remove Coverity worakaround StreamState Use std::ostringstream instead. Eventually I'd like to see the output stream passed into the function of interest. It will avoid problems on some mobile OSes that don't have standard inputs and outputs.
bf37ccda Fix initialization of 'pass' variable Copy/paste error from https://github.com/weidai11/cryptopp/commit/d51f701e0638
afd1ff65 Add assert to RunTestDataFile
25a32d35 Fix HMQV self tests
0210e543 Update comments
d51f701e Refactor validat5.cpp and validat6.cpp Also see https://groups.google.com/forum/#\!topic/cryptopp-users/j_aQj6r-PoI
98e35d29 Remove addition of -m32|-m64 from GNUmakefile Sun recommends 32-bit binaries instead of 64-bit ones, even on amd64 and sparcv9
6f64671e Update comments to make it clear the keystream is written
375b3855 Use 64-bit multiply for Rabbit
32d2ad1c Fix "error: ‘MaurerRandomnessTest’ was not declared in this scope"
138ce8f6 Cleanup Makefiles and Android and iOS scripts
86a212b8 Add missing header to validat3.cpp
28fe1a6a Split validat*.cpp source files Also see https://groups.google.com/forum/#\!topic/cryptopp-users/j_aQj6r-PoI
0ea807f2 Add additional artifacts to autotools-clean rule
a411ac35 Cleanup cryptest-autotools.sh script
4066d707 Cleanup cryptest-autotools.sh script
5cc3f72d Add -Wa,--noexecstack for aes-armv4.S
3657f8c2 Add cryptest-results.txt to clean rule
ef5a3d39 Add autotools-clean and cmake-clean rules to GNUmakefile
a0ad5e81 Remove -marm from aes-armv4.S flags
fa513df3 Cleanup head notes and includes
97e283c8 Cleanup head notes and includes
884851cd Update failure message
5861d934 Split regtest2.cpp into two files Rename regtest3.cpp to regtest4.cpp. Split regtest2.cpp into regtest2.cpp and regtest3.cpp
ed91b278 Run autoupdate and libtoolize if available
f201bc94 Remove calls to format script
a3efa68d Add call to autoupdate if available
c7332c22 Split bench1.cpp into two files Renamed bench2.cpp to bench3.cpp. Split bench1.cpp into bench1.cpp and bench2.cpp
1f914fea Split bench1.cpp into two files Renamed bench2.cpp to bench3.cpp. Split bench1.cpp into bench1.cpp and bench2.cpp
7afd05c3 Save/restore 64-bit registers for Padlock on x86_64
5ea410c1 Update comments
f165d182 More SunStudio/SunCC workarounds
2f83777e Backout ChaCha changes to Crypto++ 7.0 These changes made it in by accident at Commit b74a6f444568. We were going to try to let them ride but they broke versioning. They may be added later but we should avoid the change at this time.
e50a40ec Fix 'make sources' recipe
4aafb0e6 Cleanup SHA512::Transform code The extra code paths added at GH #689 were no longer needed after GH #691
f1192fd0 Update comments in IterHashBase and friends We also switched to "IsAligned<HashWordType>(input)". Using word64 was due to debug testing on Solaris (the alignment check is needed). Hard coding word64 should not have been checked in.
61f1456a Disable X32 inline ASM for Tiger See Peter Cordes comments at Issue 686
d4f86d73 Add SunCC code path to GetAlignmentOf It looks like GetAlignmentOf was returning the "UnsignedMin(4U, sizeof(T))" for SunCC. It was causing SIGBUSes on Sparc when T=word64. OpenCSW provided access to their build farm and we were able to test "__alignof__(T)" back to an early SunCC on Solaris 9.
baff390f Fix older Solaris and SunCC compile Found during testing on OpenCSW compile farm on Solaris 9 (host unstable9s)
aeaa4f62 Use blockSize throughout HashMultipleBlocks
414c5c54 Fix Tiger crash on Sparc (GH #690) Man, Sparc does not mess around with unaligned buffers. Without -xmemalign=4i the hardware wants 8-byte aligned word64's so it can use the high performance 64-bit move or add. Since we do not use -xmemalign we get the default behavior of either -xmemalgin=8i or -xmemalgin=8s. It shoul dnot matter to us since we removed unaligned data access at GH #682.
0c0b68a4 Align input buffer in HashMultipleBlocks IteratedHashBase::Update aligns the buffer, but IteratedHashBase::HashBlock does not. It was causing a fair number of asserts to fire when the code was instrumented with alignment checks. Linux benchmarks shows the code does not run materially slower on i686 or x86_64.
365e65c2 Whitespace check-in
ca302c95 Fix Solaris 11/Sparc crash in SHA-384 (GH #689, GH #403) I believe Andrew Marlow first reported it. At the time we could not get our hands on hardware to fully test things. Instead we were using -xmemalign=4i option as a band-aide to avoid running afoul of the Sparc instruction that moves 64-bits of data in one shot.
45ffb7e8 Fix crash in SHA-512 when using different compile options (GH #661) This also helps clear a crash on Sparc due to unaligned access to an uint64_t (GH #689)
8d6b1af4 Update documentation
d8946df8 Add crypto_sign_sk2pk (PR #668) This should allow users to convert a ed25519 seret key to a public key without rolling their own code
e1433536 Use CRYPTOPP_DISABLE_INTEL_ASM for Clang in GCM Clang 6.0 is still broke. It cannot compile a simple "neg %rcx" using Intel syntax
076d0cd6 Remove s_clmulConstants table in GCM mode Local scopes and loading the constants with _mm_set_epi32 saves about 0.03 cpb. It does not sound like much but it improves GMAC by about 500 MB/s. GMAC is just shy of 8 GB/s.
e6fb540c Allow iPhoneSimulator failures (GH #684) We still need to figure out what to do with this.
c9d53ad3 Fix "error C2719: formal parameter with requested alignment of 16 won't be aligned" This was somewhat expected due to the Solaris knob turning.
ee8c141d Fix xompile on downlevel assemblers This surfaced on Solaris with an ancient Binutils
b91491da Fix Solaris i386 compile of CHAM and LEA for SunStudio 12.3 and below
14dd0354 Update cryptest-automake test script for Solaris
81977327 Fix SunStudio 12.6 runtime crash on i386 This bug has been around since the Sun Studio 11/SunCC 5.8 days
28f079ba Fix SunStudio 12.3 compile on i386
bd9ca55c Cleanup gcm.cpp after Commit 9d954efcdeee
9d954efc Disable CLMUL again on SunStudio (GH# 188, GH #224) We got reports that x86_64 was producing incorrect results. Also, the problem persisted in i386 builds. I don't think we can work around this issue. Oracle must fix it.
d1e646a5 Fix SunStudio 12.6 compile on i386
a0166d95 Fix SunStudio 12.4 compile on Solaris
eb55cc0a Fix SunStudio 12.6 GCM compile on Solaris (GH #188, GH #224) I think we have this issue somewhat sorted out. First, there is a compiler bug. Second, it seems to be triggered when function parameters mix const and non-const references. Third, to work around it, all parameters need to be non-const (as in this patch). I'm really glad we kind of got to the bottom of things. The crash when compiling GCM has been bothering me for nearly 3 years.
017886a2 Fix SunStudio 12.2 compile on Solaris
339cc240 Fix SunStudio compile on Solaris (GH #226)
692ed2a2 Fix SunStudio compile on Solaris
916fe7db Remove unneeded code from Blake2
f143534d Cleanup defines in sha.cpp There's no need for extra guards with CRYPTOPP_DISABLE_SHA_ASM because relevant macros are undefined
7e7d86f6 Whitespace check-in
31533db4 Disable X32 for SHA (GH #686) Thanks to Peter Cordes for the feedback
7d1eb4fc Fix AppVeyor Win32 build
c2a9958d Make m4/ directory during testing
437b2f9b Set LC_ALL=C for Darwin Autotools testing
4e3a1ea9 Add ARMv8.4 cpu feature detection support (GH #685) (#687)
2600f6dc Clear unused variable warning
5460f148 Clear unused variable warning
7cc6531d Clear unused variable warning
7a67e43b Fix Apple feature detection (GH #685)
d11a7b34 Add ARMv8 CPU feature queries (GH #685) CPU feature probes are still outstanding. They are going to be trickier because if CRYPTOPP_XXX_FEATURE_AVAILABLE
25abe71e Fix failed compile with Clang
28e20d6e Fix "Error: symbol SHA512_Round is already defined" (GH #684)
26ae1fb7 Fix ARM compile for sm4-simd.cpp
38082928 Update documentation
678bdb17 Add AES-NI accelerated SM4 encryption (GH #540) Thanks to Markku-Juhani Olavi Saarinen for the code. Also see https://github.com/mjosaarinen/sm4ni
3c212334 Add AES-NI accelerated SM4 encryption (GH #540) Thanks to Markku-Juhani Olavi Saarinen for the code. Also see https://github.com/mjosaarinen/sm4ni
2f71e4d7 Fix header include
90e7b858 Update documentation
40d70375 Increase use of ptrdiff_t when performing pointer math
ed143608 Revert "Increase use of ptrdiff_t when performing pointer math"
25179e00 Fix PtrByteDiff cast A quick testing pass that loaded the code with asserts caused a compile failure
bbf9a109 Increase use of ptrdiff_t when performing pointer math This fixes the incorrect result with CFB mode on A-32 in CFB_CipherTemplate<BASE>::ProcessData
6434ec59 Update comments
e580ed58 Disable same buffer for in and out on ARM A-32 (GH #683)
7eb0535a Call Deflator::IsolatedInitialize during Gzip init (GH #660)
9b4476ef Update symbol script for Crypto++ 7.x
d094bc61 Update comments
b3fe24b8 Remove CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS support (GH #682) We were able to gut CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS for everything except Rijndael. Rijndael uses unaligned accesses on x86 to harden against timing attacks. There's a little more to CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS and Rijndael. If we remove unaligned access then AliasedWithTable hangs in an endless loop on non-AESNI machines. So care must be taken when trying to remove the vestige from Rijndael.
1e77a72e Disable Cryptogams AES under Clang What a surprise... Clang pretends to be GCC with __GNUC__ but fails to consume the source file
3ff7d7f0 Add ARM AES asm implementation from Cryptogams (GH #683)
bdac2de3 Increase use of ptrdiff_t when performing pointer math
1836a7fe Cleanup datatest.cpp Switch to non-blocking rngs for Linux and Windows
004d213e Increase use of ptrdiff_t when performing pointer math
961e9b48 Revert "Clear conversion warning"
a2ca2cfc Use OS rng as alternate test generator
722d3e38 Avoid cast in PtrDiff ptrdiff_t is the return type
9748c3cf Clear conversion warning
45fcd47c Clear conversion warning
3b6872a8 Avoid cast in PtrDiff ptrdiff_t is the return type
9e50eae6 Clear unused variable warning
33a1baa1 Clear conversion warning
50f99ae8 Increase use of ptrdiff_t when performing pointer math
59d8ccd6 Switch to PtrAdd and PtrSub in ByteQueue
8dc15f4c Fix ARMv7 detection after c6c44aa5d104
c6c44aa5 Add PtrAdd and PtrSub helper functions This helps contain UB on pointer subtraction by ensuring a ptrdiff_t is used. The code is a little uglier but it is also more portable.
c1866892 Add RandomizedTransfer overload
4c5487b0 Increase use of ptrdiff_t when performing pointer math Increase use of ptrdiff_t when performing pointer math Reduce AlgorithmProvider overrides Fix CPU_ProbeARMv7 on Aarch64
86773e94 Make GNUmakefile aware of *.S files
03bceda1 Use C++ style casts and take addr of elem 0 for non-const pointers
664d67e0 Add additional asserts in modes.cpp
517d552a Add ARMv7 cpu detection
886e48d8 Fix failed link on ARM and friends
f065f193 Fixed failed ChaCha tests We switched to the pattern used for Salsa but did not update the name in the test vector file
71cc002f Update documentation
6d1bb00b Update Makefile DLLSRCS to include latest files
e6f87274 Update Makefile DLLSRCS to include latest files
b74a6f44 Add algorithm provider member function to Algorithm class
6d9047b4 Fix spelling
3dcceb55 Squash MS LNK4221 and libtool warnings
77cd5c69 Update documentation
9117d074 Update documentation
ecababa0 Update documentation
0cee6f01 Squash MS LNK4221 and libtool warnings
bc8da71a Fix early Fedora compiles
30b304b0 Update comments
97a1e8ca Use SecBlock for keys and IVs
320c68ec Add *.cxx to .gitignore
8c871b40 Update comments
d7a751b3 Fix missing test vector in FileList
a1887d48 Add missing HC-256
24d54f06 Remove GetOptimalBlockSize from Rabbit The AdditiveCipherConcretePolicy adapter already provides it
717a8148 Switch to size_t datatype
c9c51a5e Rework OperateKeystream (GH #678) This improves Rabbit performance on a Core i5 6400 from 5.5 cpb to 4.7 cpb
665e16d3 Remove unneeded input variable
fd5dc95f Fix spelling
23c8bfde Rework OperateKeystream (GH #680) This improves performance on a Core i5 6400 from 5.4 cpb to 2.9 cpb
989bf6dc Add HC-256 stream cipher (GH #680)
069d85d3 Update comments
ccc1b71b Move TEA and XTEA to lightweight block ciphers
4feb3731 Fix HC-128 benchmark
541cdf37 Update documentation
8e430daa Add additional HC-128 test vectors (GH #679)
dd31eb80 Add HC-128 stream cipher (GH #679)
93f46e43 Update comments
bfe91dc7 Add additional Rabbit test vectors (GH #678)
07be1cae Update documentation
c73b471d Fix CHAM compile on ARMv7
476559e7 Update documentation
5e0d31fa Update documentation
0ebee870 Update documentation
ffc01989 Update documentation
d00777e1 Add Rabbit stream cipher (GH #678)
94e0b3c9 Update documentation
65806e5e Switch back to _mm_load_sd to load subkeys We performed an intermediate copy while attempting to isolate GH #677.
78ece1b2 Fix temporary array size (GH #675) cryptest.sh and UBsan caught a "secblock.h:389:4: runtime error: load of value 206, which is not a valid value for type 'bool'". m_t[4] is accessed in UncheckedSetKey. The extra m_t[] element was inadvertently removed when ProcessAndXorBlock no longer used it.
f8f6afd1 Use IsZero()/NotZero() for 0 denominator test
ac1439de Update documentation
904e8ce2 Remove code to accomodate variable block size (GH #535) This should have occured when we yanked the variable block size experiment
3b92255b Add recipe to trim trailing whitespace
7bfeb4f3 Add recipe to call dos2unix if available
aa80c7d4 Fix bad CHAM-64/ECB decryption with Clang at -O1 (GH #677) This changes both the encryption and decryption loops to perform 4 rounds per iteration rather than 8 rounds. Decryption was necessary for this bug. Encryption was included to keep things symmetrical in case of future maintenance
1d7358e9 Switch to _mm_loadu_si128 for SIMECK key loading
350a47f8 Clear unused variable warnings
9a6a0cbc Used fixed rounds in encrypt and decrypt functions
7eaccfa4 Update comments
d6cde47b Update documentation
da32ed46 Fix versioning that cross-pollinated when building docs
c58ea35e Update documentation
64d15aff Update documentation
b35df758 Update attribution for SIMECK
01f11727 Fix bench1.cpp from SIMECK testing
08e61370 Add SIMECK-64 SSSE3 implementation (GH #675)
4a7814be Remove alignment of double for 64-bit template
810f5c18 Remove GCC_NO_UBSAN and double casts
7f86f498 Remove GCC_NO_UBSAN attribute
011a66d0 Clear sign compare warning
3d29f99a Clear warnings at -Wall -Wextra
1be58db8 Avoid casting among datatypes in CHAM Clang 5.0 and 6.0 at -O1 is producing code that fails for CHAM-64/ECB
5fd0e98a Add additional SIMECK tests (GH #675)
8b3c4723 Add additional SIMECK tests (GH #675)
61f635b8 Add additional SIMECK tests (GH #675)
7fdb66d4 Fix cryptest-cmake message
ac036496 Add Simeck lightweight block cipher (GH #675)
e18de4d5 Re-engage SSE2 ASM for SHA-256 (GH# 674) I'm not usre where exactly the break occured, but it was probably due to the BASE+SIMD rewrite. Thanks to tesbayda for tracking it down.
9a75d09c Add cleanup function to cryptest-cmake.sh
598e371b Add cryptest-cmake.sh
574097bd Add cryptest-autotools.sh
b6135227 Fix copy/paste error
f5c86217 Use default alignment for GetBlock
afd3b5c5 Place HIGHT F0 and F1 in unnamed namespace
b53842bc Fix CRYPTOPP_DISABLE_ASM build
d12229d4 Fix bench1.cpp from HIGHT testing
2f5b110b Add HIGHT lightweight block cipher (GH #672)
32e2be64 Make CHAM_Info public
404e6cfa Remove CRYPTOPP_LEA_ARM_SPLAT_ROUNDKEYS GCC 8 was producing bad decryption results for CBC mode on x86. NEON and Aarch64 was fine. We lose 0.6 cpb so LEA runs around 3.5 cpb instead of 2.9 cpb. It would be nice to pinpoint the GCC issue but it is kind of difficult at the moment.
3af3b801 Add additional LEA test vectors (GH #669)
72d5d427 Add additional LEA test vectors (GH #669)
d9797c41 Add CRYPTOPP_LEA_ARM_SPLAT_ROUNDKEYS for LEA
2d0d87b5 Use pre-splatted key table for LEA NEON and Aarch64
09c8ae28 Use inline for LEA_Encryption and LEA_Decryption
8279fab4 Fix AdvancedProcessBlocks128_6x1_NEON template name
527613df Update documentation
d0b5dac1 Update comments
9980d307 Add LEA-128 NEON and ARMv8 implementation (GH #669)
80ae9f4f Add AVX512 rotates to RotateLeft and RotateRight templates
fa7714f6 Add LEA-128 SSSE3 implementation (GH #669)
ea109e0f Add CHAM and LEA to cryptest.nmake
68305324 Fix C2719 on MSVC "error C2719: 'value': formal parameter with __declspec(align('16')) won't be aligned"
73513d0d Whitespace check-in
b00a378a Add CHAM64 SSSE3 implementation (PR #670) CHAM64 from 20 cpb to 14 cpb on modern iCore. CHAM64 from 90 cpb to 18 cpb antique Core2 Duo
a80b1d35 Parameterize word type for subkeys in AdvancedProcessBlocks templates This was needed a while ago but we mostly side-stepped the issues with casts. CHAM64 uses a word16 type for subkeys and a cast won't fix it because we favor word32 for 64-bit block sizes.
a6cdf2bf Switch to _mm_loadu_pd to load round keys This is profitable by 0.1 to 0.2 cpb on a modern Core-i5
1fd8d612 Specialize single word UnpackXMM
5e41d5d9 Fix SSSE3 include guard Use single XMM word for subkeys
61388295 Add CHAM128 SSSE3 implementation (PR #670) CHAM-128(128) from 10.5 cpb to 4.1 cpb. CHAM-128(256) from 12.5 cpb to 4.7 cpb.
34dcb0d4 Add additional CHAM test vectors (PR #670) This is in preparation for SSE and la…
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
6 participants