Update cryptopp from 8.6.0 to 8.7.0 (#2837)

Update cryptopp from 8.6 to 8.7

Author: patrikjuvonen

vendor/cryptopp/Filelist.txt

@@ -257,9 +257,9 @@ poly1305.cpp
 poly1305.h
 polynomi.cpp
 polynomi.h
-ppc_power7.cpp
-ppc_power8.cpp
-ppc_power9.cpp
+power7_ppc.cpp
+power8_ppc.cpp
+power9_ppc.cpp
 ppc_simd.cpp
 ppc_simd.h
 pssr.cpp
@@ -587,6 +587,7 @@ TestPrograms/test_32bit.cpp
 TestPrograms/test_64bit.cpp
 TestPrograms/test_arm_acle_header.cpp
 TestPrograms/test_arm_aes.cpp
+TestPrograms/test_arm_armv7.cpp
 TestPrograms/test_arm_asimd.cpp
 TestPrograms/test_arm_crc.cpp
 TestPrograms/test_arm_neon.cpp

vendor/cryptopp/History.txt

@@ -542,3 +542,41 @@ last several releases.
       - expanded community input and support
         * 70 unique contributors as of this release
       - port to Apple M1 hardware
+
+8.6.0 - September 21, 2021
+      - minor release, recompile of programs required
+      - expanded community input and support
+        * 74 unique contributors as of this release
+      - fix ElGamal encryption
+      - fix ChaCha20 AVX2 implementation
+      - add octal and decimal literal prefix parsing to Integer
+      - add missing overload in ed25519Signer and ed25519Verifier
+      - make SHA-NI independent of AVX and AVX2
+      - fix OldRandomPool GenerateWord32
+      - use CPPFLAGS during feature testing
+      - fix compile on CentOS 5
+      - fix compile on FreeBSD
+      - fix feature testing on ARM A-32 and Aarch64
+      - enable inline ASM for CRC and PMULL on Apple M1
+      - fix Intel oneAPI compile
+      - rename test files with *.cpp extension
+      - fix GCC compile error due to missing _mm256_set_m128i
+      - add LSH-256 and LSH-512 hash functions
+      - add ECIES_P1363 for backwards compatibility
+      - fix AdditiveCipherTemplate<T> ProcessData
+      - remove CRYPTOPP_NO_CXX11 define
+      - add -fno-common for Darwin builds
+      - update documentation
+
+8.7.0 - August 7, 2022
+      - minor release, recompile of programs required
+      - expanded community input and support
+        * 81 unique contributors as of this release
+      - fix RSA key generation for small moduli
+      - fix AES-GCM with AESNI but without CLMUL
+      - fix Clang warning with C++17
+      - fix MinGW builds due to use of O_NOFOLLOW
+      - rework CFB_CipherTemplate::ProcessData and AdditiveCipherTemplate::ProcessData
+        * restored performance and avoided performance penalty of a temp buffer
+      - fix undersized SecBlock buffer in Integer bit operations
+      - work around several GCC 11 & 12 problems

vendor/cryptopp/Install.txt

@@ -204,7 +204,7 @@ ACCEPTANCE TESTING
 
 Crypto++ uses five security gates in its engineering process. The library must maintain the quality provided by the review system and integrity of the test suites. You can use the information to decide if the Crypto++ library suits your needs and provides a compatible security posture.
 
-The first gate is code review and discussion of proposed chnages. Git commits often cross reference a User Group discussions.
+The first gate is code review and discussion of proposed changes. Git commits often cross reference a User Group discussions.
 
 Second is the compiler warning system. The code must clean compile under the equivalent of GCC's -Wall -Wextra (modulo -Wno-type-limits -Wno-unknown-pragmas). This is a moving target as compiler analysis improves.
 

vendor/cryptopp/License.txt

@@ -28,10 +28,11 @@ Han Lulu, Markku-Juhani O. Saarinen - sm4.cpp sm4_simd.cpp
 Daniel J. Bernstein, Jack Lloyd - chacha.cpp, chacha_simd.cpp, chacha_avx.cpp
 Andrew Moon - ed25519, x25519, donna_32.cpp, donna_64.cpp, donna_sse.cpp
 
-The Crypto++ Library uses portions of Andy Polyakov's CRYPTOGAMS for Poly1305
-scalar multiplication, aes_armv4.S, sha1_armv4.S and sha256_armv4.S. CRYPTOGAMS
-is dual licensed with a permissive BSD-style license. The CRYPTOGAMS license is
-reproduced below.
+The Crypto++ Library uses portions of Andy Polyakov's CRYPTOGAMS on Linux
+for 32-bit ARM with files aes_armv4.S, sha1_armv4.S and sha256_armv4.S.
+CRYPTOGAMS is dual licensed with a permissive BSD-style license. The
+CRYPTOGAMS license is reproduced below. You can disable Cryptogams code by
+undefining the relevant macros in config_asm.h.
 
 The Crypto++ Library uses portions of Jack Lloyd's Botan for ChaCha SSE2 and
 AVX. Botan placed the code in public domain for Crypto++ to use.

vendor/cryptopp/Readme.txt

@@ -1,5 +1,5 @@
 Crypto++: free C++ Class Library of Cryptographic Schemes
-Version 8.6 - TBD
+Version 8.8 - TBD
 
 Crypto++ Library is a free C++ class library of cryptographic schemes.
 Currently the library contains the following algorithms:
@@ -91,13 +91,13 @@ for any purpose without paying anyone, but see License.txt for the fine print.
 The following compilers are supported for this release. Please visit
 http://www.cryptopp.com the most up to date build instructions and porting notes.
 
-  * Visual Studio 2003 - 2019
-  * GCC 3.3 - 10.1
+  * Visual Studio 2003 - 2022
+  * GCC 3.3 - 12.2
   * Apple Clang 4.3 - 12.0
-  * LLVM Clang 2.9 - 11.0
+  * LLVM Clang 2.9 - 14.0
   * C++ Builder 2015
   * Intel C++ Compiler 9 - 16.0
-  * Sun Studio 12u1 - 12.6
+  * Sun Studio 12u1 - 12.7
   * IBM XL C/C++ 10.0 - 14.0
 
 *** Important Usage Notes ***
@@ -294,6 +294,19 @@ documentation is one of the highest returns on investment.
 The items in this section comprise the most recent history. Please see History.txt
 for the record back to Crypto++ 1.0.
 
+8.7.0 - August 7, 2022
+      - minor release, recompile of programs required
+      - expanded community input and support
+        * 81 unique contributors as of this release
+      - fix RSA key generation for small moduli
+      - fix AES-GCM with AESNI but without CLMUL
+      - fix Clang warning with C++17
+      - fix MinGW builds due to use of O_NOFOLLOW
+      - rework CFB_CipherTemplate::ProcessData and AdditiveCipherTemplate::ProcessData
+        * restored performance and avoided performance penalty of a temp buffer
+      - fix undersized SecBlock buffer in Integer bit operations
+      - work around several GCC 11 & 12 problems
+
 8.6.0 - September 21, 2021
       - minor release, recompile of programs required
       - expanded community input and support

vendor/cryptopp/arm_simd.h

@@ -351,9 +351,9 @@ inline uint64x2_t VEXT_U8(uint64x2_t a, uint64x2_t b)
             :"=w" (r) : "w" (a), "w" (b), "I" (C) );
     return r;
 #endif
-//@}
 }
 
+//@}
 #endif // CRYPTOPP_ARM_PMULL_AVAILABLE
 
 #if CRYPTOPP_ARM_SHA3_AVAILABLE  || defined(CRYPTOPP_DOXYGEN_PROCESSING)
@@ -385,19 +385,19 @@ inline uint64x2_t VEOR3(uint64x2_t a, uint64x2_t b, uint64x2_t c)
 /// \param a the first value
 /// \param b the second value
 /// \param c the third value
-/// \return two-way exclusive OR of the values, then rotated by imm6
+/// \return two-way exclusive OR of the values, then rotated by c
 /// \details VXARQ() performs vxarq_u64(). VXARQ is provided as GCC inline assembly due
 ///  to Clang and lack of support for the intrinsic.
 /// \details VXARQ requires ARMv8.2.
 /// \since Crypto++ 8.6
-inline uint64x2_t VXAR(uint64x2_t a, uint64x2_t b, const int imm6)
+inline uint64x2_t VXAR(uint64x2_t a, uint64x2_t b, const int c)
 {
 #if defined(_MSC_VER)
-    return vxarq_u64(a, b, imm6);
+    return vxarq_u64(a, b, c);
 #else
     uint64x2_t r;
     __asm__ ("xar   %0.2d, %1.2d, %2.2d, %3   \n\t"
-            :"=w" (r) : "w" (a), "w" (b), "I" (imm6));
+            :"=w" (r) : "w" (a), "w" (b), "I" (c));
     return r;
 #endif
 }

vendor/cryptopp/asn.h

@@ -110,7 +110,7 @@ class CRYPTOPP_DLL UnknownOID : public BERDecodeErr
 	/// \brief Construct an UnknownOID
 	UnknownOID() : BERDecodeErr("BER decode error: unknown object identifier") {}
 	/// \brief Construct an UnknownOID
-	/// \param err error message to use for the execption
+	/// \param err error message to use for the exception
 	UnknownOID(const char *err) : BERDecodeErr(err) {}
 };
 

vendor/cryptopp/basecode.cpp

@@ -182,7 +182,7 @@ void BaseN_Decoder::InitializeDecodingLookupArray(int *lookup, const byte *alpha
 	for (unsigned int i=0; i<base; i++)
 	{
 		// Debug asserts for 'lookup[alphabet[i]] == -1' removed because the self tests
-		// have unusal tests that try to break the encoders and decoders. Tests include
+		// have unusual tests that try to break the encoders and decoders. Tests include
 		// a string of the same characters. I.,e., a string of stars like '********...'.
 		if (caseInsensitive && isalpha(alphabet[i]))
 		{

vendor/cryptopp/chacha.h

@@ -3,7 +3,7 @@
 //            and Bernstein's reference ChaCha family implementation at
 //            http://cr.yp.to/chacha.html.
 
-// The library added Bernstein's ChaCha classses at Crypto++ 5.6.4. The IETF
+// The library added Bernstein's ChaCha classes at Crypto++ 5.6.4. The IETF
 // uses a slightly different implementation than Bernstein, and the IETF
 // ChaCha and XChaCha classes were added at Crypto++ 8.1. We wanted to maintain
 // ABI compatibility at the 8.1 release so the original ChaCha classes were not

vendor/cryptopp/chacha_avx.cpp

@@ -36,13 +36,12 @@ extern const char CHACHA_AVX_FNAME[] = __FILE__;
 # define MAYBE_CONST const
 #endif
 
-// VS2017 and global optimization bug. TODO, figure out when
-// we can re-enable full optimizations for VS2017. Also see
+// VS2017 and global optimization bug. Also see
 // https://github.com/weidai11/cryptopp/issues/649 and
 // https://github.com/weidai11/cryptopp/issues/735. The
 // 649 issue affects AES but it is the same here. The 735
 // issue is ChaCha AVX2 cut-in where it surfaced again.
-#if (_MSC_VER >= 1910)
+#if (_MSC_VER >= 1910) && (_MSC_VER < 1916)
 # ifndef CRYPTOPP_DEBUG
 #  pragma optimize("", off)
 #  pragma optimize("ts", on)

vendor/cryptopp/config_asm.h

@@ -130,7 +130,7 @@
 #endif
 
 // Couple to CRYPTOPP_DISABLE_AESNI, but use CRYPTOPP_CLMUL_AVAILABLE so we can selectively
-//  disable for misbehaving platofrms and compilers, like Solaris or some Clang.
+//  disable for misbehaving platforms and compilers, like Solaris or some Clang.
 #if defined(CRYPTOPP_DISABLE_AESNI)
 	#define CRYPTOPP_DISABLE_CLMUL 1
 #endif
@@ -311,6 +311,12 @@
 # endif  // Platforms
 #endif
 
+// Buggy Microsoft compiler, https://github.com/weidai11/cryptopp/issues/1096
+#if defined(_MSC_VER)
+# undef CRYPTOPP_ARM_SHA1_AVAILABLE
+# undef CRYPTOPP_ARM_SHA2_AVAILABLE
+#endif
+
 // ARMv8 and SHA-512, SHA-3. -march=armv8.2-a+crypto or above must be present
 // Requires GCC 8.0, Clang 11.0, Apple Clang 12.0 or Visual Studio 20??
 #if !defined(CRYPTOPP_ARM_SHA3_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ARM_SHA)
@@ -365,12 +371,14 @@
 // than C/C++. Define this to use the Cryptogams AES and SHA implementations
 // on GNU Linux systems. When defined, Crypto++ will use aes_armv4.S,
 // sha1_armv4.S and sha256_armv4.S. https://www.cryptopp.com/wiki/Cryptogams.
-#if defined(__arm__) && defined(__linux__)
-# if defined(__GNUC__) || defined(__clang__)
-#  define CRYPTOGAMS_ARM_AES      1
-#  define CRYPTOGAMS_ARM_SHA1     1
-#  define CRYPTOGAMS_ARM_SHA256   1
-#  define CRYPTOGAMS_ARM_SHA512   1
+#if !defined(CRYPTOPP_DISABLE_ARM_NEON)
+# if defined(__arm__) && defined(__linux__)
+#  if defined(__GNUC__) || defined(__clang__)
+#   define CRYPTOGAMS_ARM_AES      1
+#   define CRYPTOGAMS_ARM_SHA1     1
+#   define CRYPTOGAMS_ARM_SHA256   1
+#   define CRYPTOGAMS_ARM_SHA512   1
+#  endif
 # endif
 #endif
 

vendor/cryptopp/config_dll.h

@@ -104,7 +104,7 @@
 	/// \brief Override for internal linkage
 	/// \details CRYPTOPP_TABLE can be used to override internal linkage
 	///  on tables with the <tt>const</tt> qualifier. According to C++ rules
-	///  a decalration with <tt>const</tt> qualifier is internal linkage.
+	///  a declaration with <tt>const</tt> qualifier is internal linkage.
 	/// \note The name CRYPTOPP_TABLE was chosen because it is often used to
 	///  export a table, like AES or SHA constants. The name avoids collisions
 	///  with the DLL gear macros, like CRYPTOPP_EXPORTS and CRYPTOPP_EXTERN.

vendor/cryptopp/config_ver.h

@@ -35,7 +35,7 @@
 ///  as a shared object if versions are inadvertently mixed and matched.
 /// \sa CRYPTOPP_VERSION, LibraryVersion(), HeaderVersion()
 /// \since Crypto++ 8.2
-#define CRYPTOPP_MINOR 6
+#define CRYPTOPP_MINOR 7
 /// \brief Library revision number
 /// \details CRYPTOPP_REVISION reflects the revision number of the library the
 ///  headers came from. It is not necessarily the revision of the library built
@@ -50,7 +50,7 @@
 ///  shared object if versions are inadvertently mixed and matched.
 /// \sa CRYPTOPP_MAJOR, CRYPTOPP_MINOR, CRYPTOPP_REVISION, LibraryVersion(), HeaderVersion()
 /// \since Crypto++ 5.6
-#define CRYPTOPP_VERSION 860
+#define CRYPTOPP_VERSION 870
 
 // Compiler version macros
 

vendor/cryptopp/cpu.cpp

@@ -1130,6 +1130,8 @@ inline bool CPU_QuerySM4()
 
 void DetectArmFeatures()
 {
+#ifndef CRYPTOPP_DISABLE_ASM
+
 	// The CPU_ProbeXXX's return false for OSes which
 	// can't tolerate SIGILL-based probes
 	g_hasARMv7 = CPU_QueryARMv7() || CPU_ProbeARMv7();
@@ -1155,14 +1157,16 @@ void DetectArmFeatures()
 	if (g_cacheLineSize == 0)
 		g_cacheLineSize = CRYPTOPP_L1_CACHE_LINE_SIZE;
 
+#endif  // CRYPTOPP_DISABLE_ASM
+
 	*const_cast<volatile bool*>(&g_ArmDetectionDone) = true;
 }
 
 // *************************** PowerPC and PowerPC64 ***************************
 
 #elif (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64)
 
-bool CRYPTOPP_SECTION_INIT g_PowerpcDetectionDone = false;
+bool CRYPTOPP_SECTION_INIT g_PowerPcDetectionDone = false;
 bool CRYPTOPP_SECTION_INIT g_hasAltivec = false;
 bool CRYPTOPP_SECTION_INIT g_hasPower7 = false;
 bool CRYPTOPP_SECTION_INIT g_hasPower8 = false;
@@ -1373,15 +1377,16 @@ inline bool CPU_QueryDARN()
 	return false;
 }
 
-void DetectPowerpcFeatures()
+void DetectPowerPcFeatures()
 {
-	// GCC 10 is giving us trouble in CPU_ProbePower9() and
-	// CPU_ProbeDARN(). GCC is generating POWER9 instructions
-	// on POWER8 for ppc_power9.cpp. The compiler idiots did
-	// not think through the consequences of requiring us to
-	// use -mcpu=power9 to unlock the ISA. Epic fail.
+	// GCC 10 is giving us trouble in CPU_ProbePower9() and CPU_ProbeDARN().
+	// GCC is generating POWER9 instructions on POWER8 for ppc_power9.cpp.
+	// The compiler idiots did not think through the consequences of
+	// requiring us to use -mcpu=power9 to unlock the ISA. Epic fail.
 	// https://github.com/weidai11/cryptopp/issues/986
 
+#ifndef CRYPTOPP_DISABLE_ASM
+
 	// The CPU_ProbeXXX's return false for OSes which
 	// can't tolerate SIGILL-based probes, like Apple
 	g_hasAltivec  = CPU_QueryAltivec() || CPU_ProbeAltivec();
@@ -1410,7 +1415,9 @@ void DetectPowerpcFeatures()
 	if (g_cacheLineSize == 0)
 		g_cacheLineSize = CRYPTOPP_L1_CACHE_LINE_SIZE;
 
-	*const_cast<volatile bool*>(&g_PowerpcDetectionDone) = true;
+#endif // CRYPTOPP_DISABLE_ASM
+
+	*const_cast<volatile bool*>(&g_PowerPcDetectionDone) = true;
 }
 
 #endif
@@ -1430,7 +1437,7 @@ class InitCpu
 #elif CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARMV8
 		CryptoPP::DetectArmFeatures();
 #elif CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64
-		CryptoPP::DetectPowerpcFeatures();
+		CryptoPP::DetectPowerPcFeatures();
 #endif
 	}
 };