Crypto: update Whirlpool implementation using latest code from Crypto++.

src/Crypto/Whirlpool.c

@@ -381,7 +381,7 @@ void WhirlpoolTransform(uint64 *digest, const uint64 *block)
 	#endif
 	__asm__ __volatile__
 	(
-		".intel_syntax noprefix;"
+		INTEL_NOPREFIX
 		AS_PUSH_IF86(	bx)
 		AS2(	mov		AS_REG_6, WORD_REG(ax))
 #else
@@ -392,14 +392,19 @@ void WhirlpoolTransform(uint64 *digest, const uint64 *block)
 		AS2(	mov		WORD_REG(cx), digest)
 		AS2(	mov		WORD_REG(dx), block)
 #endif
-#if CRYPTOPP_BOOL_X86
+#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32
 		AS2(	mov		eax, esp)
 		AS2(	and		esp, -16)
 		AS2(	sub		esp, 16*8)
-		AS1(	push	eax)
-	#define SSE2_workspace	esp+WORD_SZ
+		AS_PUSH_IF86( ax)
+     
+    #if CRYPTOPP_BOOL_X86
+        #define SSE2_workspace	esp+WORD_SZ
+    #elif CRYPTOPP_BOOL_X32
+        #define SSE2_workspace	esp+(WORD_SZ*2)
+    #endif
 #else
-	#define SSE2_workspace	%3
+    #define SSE2_workspace	%3
 #endif
 		AS2(	xor		esi, esi)
 		ASL(0)
@@ -549,7 +554,7 @@ void WhirlpoolTransform(uint64 *digest, const uint64 *block)
 		AS_POP_IF86(	bx)
 #endif
 #ifdef __GNUC__
-		".att_syntax prefix;"
+		ATT_PREFIX
 			:
 			: "a" (Whirlpool_C), "c" (digest), "d" (block)
 	#if CRYPTOPP_BOOL_X64
@@ -628,7 +633,7 @@ void WhirlpoolTransform(uint64 *digest, const uint64 *block)
 	r=0;
 	while (1)
 	{
-		uint32 t;
+		uint32 t = 0;
 
 		KSL(0, 4, 3, 2, 1, 0)
 		KSL(0, 0, 7, 6, 5, 4)

src/Crypto/config.h

@@ -13,9 +13,24 @@
 	#define CRYPTOPP_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
 #endif
 
+
+// Apple and LLVM's Clang. Apple Clang version 7.0 roughly equals LLVM Clang version 3.7
+#if defined(__clang__ ) && !defined(__apple_build_version__)
+    #define CRYPTOPP_CLANG_VERSION (__clang_major__ * 10000 + __clang_minor__ * 100 + __clang_patchlevel__)
+#elif defined(__clang__ ) && defined(__apple_build_version__)
+    #define CRYPTOPP_APPLE_CLANG_VERSION (__clang_major__ * 10000 + __clang_minor__ * 100 + __clang_patchlevel__)
+#endif
+
+// Clang due to "Inline assembly operands don't work with .intel_syntax", http://llvm.org/bugs/show_bug.cgi?id=24232
+//   TODO: supply the upper version when LLVM fixes it. We set it to 20.0 for compilation purposes.
+#if (defined(CRYPTOPP_CLANG_VERSION) && CRYPTOPP_CLANG_VERSION <= 200000) || (defined(CRYPTOPP_APPLE_CLANG_VERSION) && CRYPTOPP_APPLE_CLANG_VERSION <= 200000)
+#define CRYPTOPP_DISABLE_INTEL_ASM 1
+#endif
+
 #ifndef CRYPTOPP_L1_CACHE_LINE_SIZE
 	// This should be a lower bound on the L1 cache line size. It's used for defense against timing attacks.
-	#if defined(_M_X64) || defined(__x86_64__)
+    // Also see http://stackoverflow.com/questions/794632/programmatically-get-the-cache-line-size.
+    #if defined(_M_X64) || defined(__x86_64__) || (__ILP32__ >= 1)
 		#define CRYPTOPP_L1_CACHE_LINE_SIZE 64
 	#else
 		// L1 cache line size is 32 on Pentium III and earlier
@@ -53,49 +68,55 @@
 #define CRYPTOPP_DISABLE_SSE2
 #endif
 
+// Apple's Clang prior to 5.0 cannot handle SSE2 (and Apple does not use LLVM Clang numbering...)
+#if defined(CRYPTOPP_APPLE_CLANG_VERSION) && (CRYPTOPP_APPLE_CLANG_VERSION < 50000)
+# define CRYPTOPP_DISABLE_ASM
+#endif
+
 #if !defined(CRYPTOPP_DISABLE_ASM) && ((defined(_MSC_VER) && defined(_M_IX86)) || (defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__))))
-	// C++Builder 2010 does not allow "call label" where label is defined within inline assembly
-	#define CRYPTOPP_X86_ASM_AVAILABLE
+    // C++Builder 2010 does not allow "call label" where label is defined within inline assembly
+    #define CRYPTOPP_X86_ASM_AVAILABLE
 
-	#if !defined(CRYPTOPP_DISABLE_SSE2) && (defined(_MSC_VER) || CRYPTOPP_GCC_VERSION >= 30300)
-		#define CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE 1
-	#else
-		#define CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE 0
-	#endif
+    #if !defined(CRYPTOPP_DISABLE_SSE2) && (defined(CRYPTOPP_MSVC6PP_OR_LATER) || CRYPTOPP_GCC_VERSION >= 30300 || defined(__SSE2__))
+        #define CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE 1
+    #else
+        #define CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE 0
+    #endif
 
-	// SSSE3 was actually introduced in GNU as 2.17, which was released 6/23/2006, but we can't tell what version of binutils is installed.
-	// GCC 4.1.2 was released on 2/13/2007, so we'll use that as a proxy for the binutils version.
-	#if !defined(CRYPTOPP_DISABLE_SSSE3) && (_MSC_VER >= 1400 || CRYPTOPP_GCC_VERSION >= 40102)
-		#define CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE 1
-	#else
-		#define CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE 0
-	#endif
+    // SSE3 was actually introduced in GNU as 2.17, which was released 6/23/2006, but we can't tell what version of binutils is installed.
+    // GCC 4.1.2 was released on 2/13/2007, so we'll use that as a proxy for the binutils version. Also see the output of
+    // `gcc -dM -E -march=native - < /dev/null | grep -i SSE` for preprocessor defines available.
+    #if !defined(CRYPTOPP_DISABLE_SSSE3) && (_MSC_VER >= 1400 || CRYPTOPP_GCC_VERSION >= 40102 || defined(__SSSE3__) || defined(__SSE3__))
+        #define CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE 1
+    #else
+        #define CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE 0
+    #endif
 #endif
 
 #if !defined(CRYPTOPP_DISABLE_ASM) && defined(_MSC_VER) && defined(_M_X64)
-	#define CRYPTOPP_X64_MASM_AVAILABLE
+    #define CRYPTOPP_X64_MASM_AVAILABLE
 #endif
 
 #if !defined(CRYPTOPP_DISABLE_ASM) && defined(__GNUC__) && defined(__x86_64__)
-	#define CRYPTOPP_X64_ASM_AVAILABLE
+    #define CRYPTOPP_X64_ASM_AVAILABLE
 #endif
 
-#if !defined(CRYPTOPP_DISABLE_SSE2) && (defined(_MSC_VER) || defined(__SSE2__))
-	#define CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE 1
+#if !defined(CRYPTOPP_DISABLE_SSE2) && (defined(CRYPTOPP_MSVC6PP_OR_LATER) || defined(__SSE2__)) && !defined(_M_ARM)
+    #define CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE 1
 #else
-	#define CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE 0
+    #define CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE 0
 #endif
 
-#if !defined(CRYPTOPP_DISABLE_SSSE3) && !defined(CRYPTOPP_DISABLE_AESNI) && CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && (CRYPTOPP_GCC_VERSION >= 40400 || _MSC_FULL_VER >= 150030729 || __INTEL_COMPILER >= 1110)
-	#define CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 1
+#if !defined(CRYPTOPP_DISABLE_SSSE3) && !defined(CRYPTOPP_DISABLE_AESNI) && CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && (CRYPTOPP_GCC_VERSION >= 40400 || _MSC_FULL_VER >= 150030729 || __INTEL_COMPILER >= 1110 || defined(__AES__))
+    #define CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 1
 #else
-	#define CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 0
+    #define CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 0
 #endif
 
 #if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE || CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE)
-	#define CRYPTOPP_BOOL_ALIGN16_ENABLED 1
+    #define CRYPTOPP_BOOL_ALIGN16 1
 #else
-	#define CRYPTOPP_BOOL_ALIGN16_ENABLED 0
+    #define CRYPTOPP_BOOL_ALIGN16 0
 #endif
 
 // how to allocate 16-byte aligned memory (for SSE2)
@@ -116,21 +137,39 @@
 #	define CRYPTOPP_CONSTANT(x) static const int x;
 #endif
 
-#if defined(_M_X64) || defined(__x86_64__)
-	#define CRYPTOPP_BOOL_X64 1
+// Linux provides X32, which is 32-bit integers, longs and pointers on x86_64 using the full x86_64 register set.
+// Detect via __ILP32__ (http://wiki.debian.org/X32Port). However, __ILP32__ shows up in more places than
+// the System V ABI specs calls out, like on just about any 32-bit system with Clang.
+#if ((__ILP32__ >= 1) || (_ILP32 >= 1)) && defined(__x86_64__)
+    #define CRYPTOPP_BOOL_X32 1
 #else
-	#define CRYPTOPP_BOOL_X64 0
+    #define CRYPTOPP_BOOL_X32 0
 #endif
 
 // see http://predef.sourceforge.net/prearch.html
-#if defined(_M_IX86) || defined(__i386__) || defined(__i386) || defined(_X86_) || defined(__I86__) || defined(__INTEL__)
-	#define CRYPTOPP_BOOL_X86 1
+#if (defined(_M_IX86) || defined(__i386__) || defined(__i386) || defined(_X86_) || defined(__I86__) || defined(__INTEL__)) && !CRYPTOPP_BOOL_X32
+    #define CRYPTOPP_BOOL_X86 1
 #else
-	#define CRYPTOPP_BOOL_X86 0
+    #define CRYPTOPP_BOOL_X86 0
 #endif
 
-#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86 || defined(__powerpc__)
-	#define CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS
+#if (defined(_M_X64) || defined(__x86_64__)) && !CRYPTOPP_BOOL_X32
+    #define CRYPTOPP_BOOL_X64 1
+#else
+    #define CRYPTOPP_BOOL_X64 0
+#endif
+
+// Undo the ASM and Intrinsic related defines due to X32.
+#if CRYPTOPP_BOOL_X32
+# undef CRYPTOPP_BOOL_X64
+# undef CRYPTOPP_X64_ASM_AVAILABLE
+# undef CRYPTOPP_X64_MASM_AVAILABLE
+#endif
+
+#if !defined(CRYPTOPP_NO_UNALIGNED_DATA_ACCESS) && !defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS)
+#if (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || defined(__powerpc__) || (__ARM_FEATURE_UNALIGNED >= 1))
+    #define CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS
+#endif
 #endif
 
 #define GETBYTE(x, y) (unsigned int)((unsigned char)((x)>>(8*(y))))

src/Crypto/cpu.c

@@ -3,6 +3,10 @@
 #include "cpu.h"
 #include "misc.h"
 
+#ifndef EXCEPTION_EXECUTE_HANDLER
+#define EXCEPTION_EXECUTE_HANDLER 1
+#endif
+
 #ifndef CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
 #include <signal.h>
 #include <setjmp.h>
@@ -16,7 +20,7 @@
 
 #if _MSC_VER >= 1400 && CRYPTOPP_BOOL_X64
 
-int CpuId(uint32 input, uint32 *output)
+int CpuId(uint32 input, uint32 output[4])
 {
 	__cpuid((int *)output, input);
 	return 1;
@@ -45,12 +49,13 @@ static void SigIllHandlerSSE2(int p)
 	longjmp(s_jmpNoSSE2, 1);
 }
 #endif
+
 #if defined(__cplusplus)
 }
 #endif
 #endif
 
-int CpuId(uint32 input, uint32 *output)
+int CpuId(uint32 input, uint32 output[4])
 {
 #ifdef CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
     __try
@@ -58,6 +63,7 @@ int CpuId(uint32 input, uint32 *output)
 		__asm
 		{
 			mov eax, input
+            mov ecx, 0
 			cpuid
 			mov edi, output
 			mov [edi], eax
@@ -66,32 +72,42 @@ int CpuId(uint32 input, uint32 *output)
 			mov [edi+12], edx
 		}
 	}
-    __except (1)
+    __except (EXCEPTION_EXECUTE_HANDLER)
 	{
 		return 0;
     }
+    
+	// function 0 returns the highest basic function understood in EAX
+	if(input == 0)
+        return !!output[0]? 1 : 0;
+
 	return 1;
 #else
+	// longjmp and clobber warnings. Volatile is required.
+	// http://github.com/weidai11/cryptopp/issues/24
+	// http://stackoverflow.com/q/7721854
+	volatile int result = 1;
+
 	SigHandler oldHandler = signal(SIGILL, SigIllHandlerCPUID);
 	if (oldHandler == SIG_ERR)
-		return 0;
+		result = 0;
 
-	int result = 1;
 	if (setjmp(s_jmpNoCPUID))
 		result = 0;
 	else
 	{
-		asm
+		asm volatile
 		(
-			// save ebx in case -fPIC is being used
-#if CRYPTOPP_BOOL_X86
-			"push %%ebx; cpuid; mov %%ebx, %%edi; pop %%ebx"
+            // save ebx in case -fPIC is being used
+            // TODO: this might need an early clobber on EDI.
+#if CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64
+            "pushq %%rbx; cpuid; mov %%ebx, %%edi; popq %%rbx"
 #else
-			"pushq %%rbx; cpuid; mov %%ebx, %%edi; popq %%rbx"
+            "push %%ebx; cpuid; mov %%ebx, %%edi; pop %%ebx"
 #endif
-			: "=a" (output[0]), "=D" (output[1]), "=c" (output[2]), "=d" (output[3])
-			: "a" (input)
-		);
+            : "=a" (output[0]), "=D" (output[1]), "=c" (output[2]), "=d" (output[3])
+            : "a" (input), "c" (0)
+         );
 	}
 
 	signal(SIGILL, oldHandler);
@@ -112,29 +128,33 @@ static int TrySSE2()
         AS2(por xmm0, xmm0)        // executing SSE2 instruction
 #elif CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
 		__m128i x = _mm_setzero_si128();
-		return _mm_cvtsi128_si32(x) == 0;
+		return _mm_cvtsi128_si32(x) == 0 ? 1 : 0;
 #endif
 	}
-    __except (1)
+    __except (EXCEPTION_EXECUTE_HANDLER)
 	{
 		return 0;
     }
 	return 1;
 #else
+	// longjmp and clobber warnings. Volatile is required.
+	// http://github.com/weidai11/cryptopp/issues/24
+	// http://stackoverflow.com/q/7721854
+	volatile int result = 1;
+
 	SigHandler oldHandler = signal(SIGILL, SigIllHandlerSSE2);
 	if (oldHandler == SIG_ERR)
 		return 0;
 
-	int result = 1;
 	if (setjmp(s_jmpNoSSE2))
-		result = 0;
+		result = 1;
 	else
 	{
 #if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
 		__asm __volatile ("por %xmm0, %xmm0");
 #elif CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
 		__m128i x = _mm_setzero_si128();
-		result = _mm_cvtsi128_si32(x) == 0;
+		result = _mm_cvtsi128_si32(x) == 0? 1 : 0;
 #endif
 	}
 
@@ -147,9 +167,25 @@ int g_x86DetectionDone = 0;
 int g_hasISSE = 0, g_hasSSE2 = 0, g_hasSSSE3 = 0, g_hasMMX = 0, g_hasAESNI = 0, g_hasCLMUL = 0, g_isP4 = 0;
 uint32 g_cacheLineSize = CRYPTOPP_L1_CACHE_LINE_SIZE;
 
+static inline int IsIntel(const uint32 output[4])
+{
+	// This is the "GenuineIntel" string
+	return (output[1] /*EBX*/ == 0x756e6547) &&
+    (output[2] /*ECX*/ == 0x6c65746e) &&
+    (output[3] /*EDX*/ == 0x49656e69);
+}
+
+static inline int IsAMD(const uint32 output[4])
+{
+	// This is the "AuthenticAMD" string
+	return (output[1] /*EBX*/ == 0x68747541) &&
+    (output[2] /*ECX*/ == 0x69746E65) &&
+    (output[3] /*EDX*/ == 0x444D4163);
+}
+
 void DetectX86Features()
 {
-	uint32 cpuid[4], cpuid1[4], tmp;
+	uint32 cpuid[4], cpuid1[4];
 	if (!CpuId(0, cpuid))
 		return;
 	if (!CpuId(1, cpuid1))
@@ -175,15 +211,12 @@ void DetectX86Features()
 		}
 	}
 
-	tmp = cpuid[2];
-	cpuid[2] = cpuid[3];
-	cpuid[3] = tmp;
-	if (memcmp(cpuid+1, "GenuineIntel", 12) == 0)
+	if (IsIntel(cpuid))
 	{
 		g_isP4 = ((cpuid1[0] >> 8) & 0xf) == 0xf;
 		g_cacheLineSize = 8 * GETBYTE(cpuid1[1], 1);
 	}
-	else if (memcmp(cpuid+1, "AuthenticAMD", 12) == 0)
+	else if (IsAMD(cpuid))
 	{
 		CpuId(0x80000005, cpuid);
 		g_cacheLineSize = GETBYTE(cpuid[2], 0);
@@ -192,7 +225,7 @@ void DetectX86Features()
 	if (!g_cacheLineSize)
 		g_cacheLineSize = CRYPTOPP_L1_CACHE_LINE_SIZE;
 
-	g_x86DetectionDone = 1;
+	*((volatile int*)&g_x86DetectionDone) = 1;
 }
 
 #endif

src/Crypto/cpu.h

@@ -2,6 +2,7 @@
 #define CRYPTOPP_CPU_H
 
 #include "Common/Tcdefs.h"
+#include "config.h"
 
 #ifdef CRYPTOPP_GENERATE_X64_MASM
 
@@ -11,8 +12,6 @@
 
 #else
 
-#include "config.h"
-
 #if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
 #include <emmintrin.h>
 #endif
@@ -51,7 +50,7 @@ extern __m128i _mm_aesdeclast_si128(__m128i v, __m128i rkey);
 #endif
 #endif
 
-#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64
 
 #define CRYPTOPP_CPUID_AVAILABLE
 
@@ -125,26 +124,56 @@ extern int g_hasMMX;
 	#define AS_HEX(y) 0x##y
 #else
 	#define CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
-	// define these in two steps to allow arguments to be expanded
-	#define GNU_AS1(x) #x ";"
-	#define GNU_AS2(x, y) #x ", " #y ";"
-	#define GNU_AS3(x, y, z) #x ", " #y ", " #z ";"
-	#define GNU_ASL(x) "\n" #x ":"
-	#define GNU_ASJ(x, y, z) #x " " #y #z ";"
-	#define AS1(x) GNU_AS1(x)
-	#define AS2(x, y) GNU_AS2(x, y)
-	#define AS3(x, y, z) GNU_AS3(x, y, z)
-	#define ASS(x, y, a, b, c, d) #x ", " #y ", " #a "*64+" #b "*16+" #c "*4+" #d ";"
-	#define ASL(x) GNU_ASL(x)
-	#define ASJ(x, y, z) GNU_ASJ(x, y, z)
-	#define ASC(x, y) #x " " #y ";"
-	#define CRYPTOPP_NAKED
-	#define AS_HEX(y) 0x##y
+
+    #if defined(CRYPTOPP_CLANG_VERSION) || defined(CRYPTOPP_APPLE_CLANG_VERSION)
+        #define NEW_LINE "\n"
+        #define INTEL_PREFIX ".intel_syntax;"
+        #define INTEL_NOPREFIX ".intel_syntax;"
+        #define ATT_PREFIX ".att_syntax;"
+        #define ATT_NOPREFIX ".att_syntax;"
+    #else
+        #define NEW_LINE
+        #define INTEL_PREFIX ".intel_syntax prefix;"
+        #define INTEL_NOPREFIX ".intel_syntax noprefix;"
+        #define ATT_PREFIX ".att_syntax prefix;"
+        #define ATT_NOPREFIX ".att_syntax noprefix;"
+        #endif
+
+    // define these in two steps to allow arguments to be expanded
+    #define GNU_AS1(x) #x ";" NEW_LINE
+    #define GNU_AS2(x, y) #x ", " #y ";" NEW_LINE
+    #define GNU_AS3(x, y, z) #x ", " #y ", " #z ";" NEW_LINE
+    #define GNU_ASL(x) "\n" #x ":" NEW_LINE
+    #define GNU_ASJ(x, y, z) #x " " #y #z ";" NEW_LINE
+    #define AS1(x) GNU_AS1(x)
+    #define AS2(x, y) GNU_AS2(x, y)
+    #define AS3(x, y, z) GNU_AS3(x, y, z)
+    #define ASS(x, y, a, b, c, d) #x ", " #y ", " #a "*64+" #b "*16+" #c "*4+" #d ";"
+    #define ASL(x) GNU_ASL(x)
+    #define ASJ(x, y, z) GNU_ASJ(x, y, z)
+    #define ASC(x, y) #x " " #y ";"
+    #define CRYPTOPP_NAKED
+    #define AS_HEX(y) 0x##y
 #endif
 
 #define IF0(y)
 #define IF1(y) y
 
+// Should be confined to GCC, but its used to help manage Clang 3.4 compiler error.
+//   Also see LLVM Bug 24232, http://llvm.org/bugs/show_bug.cgi?id=24232 .
+#ifndef INTEL_PREFIX
+#define INTEL_PREFIX
+#endif
+#ifndef INTEL_NOPREFIX
+#define INTEL_NOPREFIX
+#endif
+#ifndef ATT_PREFIX
+#define ATT_PREFIX
+#endif
+#ifndef ATT_NOPREFIX
+#define ATT_NOPREFIX
+#endif
+
 #ifdef CRYPTOPP_GENERATE_X64_MASM
 #define ASM_MOD(x, y) ((x) MOD (y))
 #define XMMWORD_PTR XMMWORD PTR
@@ -176,6 +205,27 @@ extern int g_hasMMX;
 	#define AS_PUSH_IF86(x) AS1(push e##x)
 	#define AS_POP_IF86(x) AS1(pop e##x)
 	#define AS_JCXZ jecxz
+#elif CRYPTOPP_BOOL_X32
+    #define AS_REG_1 ecx
+    #define AS_REG_2 edx
+    #define AS_REG_3 r8d
+    #define AS_REG_4 r9d
+    #define AS_REG_5 eax
+    #define AS_REG_6 r10d
+    #define AS_REG_7 r11d
+    #define AS_REG_1d ecx
+    #define AS_REG_2d edx
+    #define AS_REG_3d r8d
+    #define AS_REG_4d r9d
+    #define AS_REG_5d eax
+    #define AS_REG_6d r10d
+    #define AS_REG_7d r11d
+    #define WORD_SZ 4
+    #define WORD_REG(x)	e##x
+    #define WORD_PTR DWORD PTR
+    #define AS_PUSH_IF86(x) AS1(push r##x)
+    #define AS_POP_IF86(x) AS1(pop r##x)
+    #define AS_JCXZ jecxz
 #elif CRYPTOPP_BOOL_X64
 	#ifdef CRYPTOPP_GENERATE_X64_MASM
 		#define AS_REG_1 rcx

src/Crypto/misc.h

@@ -27,7 +27,7 @@
 #elif (defined(__MWERKS__) && TARGET_CPU_PPC) || \
 	(defined(__GNUC__) && (defined(_ARCH_PWR2) || defined(_ARCH_PWR) || defined(_ARCH_PPC) || defined(_ARCH_PPC64) || defined(_ARCH_COM)))
 	#define CRYPTOPP_FAST_ROTATE(x) ((x) == 32)
-#elif defined(__GNUC__) && (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86)	// depend on GCC's peephole optimization to generate rotate instructions
+#elif defined(__GNUC__) && (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86)	// depend on GCC's peephole optimization to generate rotate instructions
 	#define CRYPTOPP_FAST_ROTATE(x) 1
 #else
 	#define CRYPTOPP_FAST_ROTATE(x) 0