This commit cuts releases of the following crates:

- `blowfish` v0.5.0
- `cast5` v0.7.0
- `des` v0.4.0
- `idea` v0.1.0
- `rc2` v0.4.0
- `serpent` v0.1.0
- `sm4` v0.1.0
- `twofish` v0.3.0
- `threefish` v0.3.0

It also adds CHANGELOG.md details to `kuznyechik` and `magma` but does
not release those yet as they had endianness issues we should double
check are corrected before cutting a release.

* Use repeat expression
* Use ref in iterator
* Use u64::from()

"enviromental variable" -> "environment variable"

- Fix broken Unicode
- Link to https://github.com/RustCrypto/meta/blob/master/HAZMAT.md

This commit replaces all previous usages of the `block-cipher` and
`stream-cipher` crates with the new unified `cipher` crate.

Releases new versions of all crates in this repository which incorporate
the migration to the new `cipher` crate (#167).

Information about #165 was accidentally omitted

Fixes links to obsolete crates (`block-cipher-traits`, `stream-cipher`)

Translation ofithe portable C implementation of the "fixslicing"
technique described in:

https://eprint.iacr.org/2020/1123.pdf

Original C code:

https://github.com/aadomn/aes/tree/10a9dc9/opt32/fixslicing

Relicensed as Apache 2.0 + MIT with permission.

Fixslicing is presently defined for encryption only.

However, accelerating just encryption is still useful for AES-CTR.

Performance is improved by ~3X as measured on an Intel Core i9
(despite the fixslicing implementation being 32-bit only)

Also adds algorithmic explanations

- change bitslice format to match existing implementations
- use more descriptive method names for clarity
- factor more of the format-dependent code into methods

Adds CI for the `i686-unknown-linux-gnu` platform

- PPC32 is useful to test endianness handling
- ARM64 is good to test because it's an important platform

* Improved fixslice MixColumns algorithm(s)
* Fold rotations and rename for clarity

The fixsliced implementations now support encryption and decryption.

- see https://github.com/Ko-/aes-armcortexm

We don't have to retain this in perpetuity, but now that the
implementation is fully safe code, adding this attribute gets a
🔒 in cargo-geiger.

- Rename methods for consistency with AES specification
- De-unroll several loops
- Macro-ize the (inv_)mix_columns definitions

This PR also addresses the deprecation warnings which were introduced

- under cfg feature 'semi_fixslice'
- reduces code size at small cost to performance

- also tweak the lib.rs cfg for fixslice

Combines all three crates into a single `aes` crate.

The optional `ctr` feature exposes a consistent set of `Aes*Ctr` types as well.

Bumps the `aes` crate version to indicate we'll be making breaking
changes before the next release (i.e. `cipher` crate upgrade).

Also removes the `aesni` and `aes-soft` crates from the README.md table
now that they've been unified into the `aes` crate (#200)

Simplifies cfg-based gating

Splits the `BlockCipher` impl into the `BlockEncrypt` and `BlockDecrypt`
traits added in RustCrypto/traits#352.

The "semi_fixslice" name is jargon and doesn't describe what the feature
does, which is reduce code size.

This commit renames it to describe what the feature does: make code
"compact".

We previously didn't have `override: true` set in the GitHub Actions
config so CI was running against the wrong version of Rust.

AES-NI support was not being properly tested on both 32-bit and 64-bit
targets.

Also adds better testing for various feature combinations.

On i686/x86_64 platforms, uses the `cpuid-bool` crate to detect at
runtime whether AES-NI is available.

This eliminates the need to specify `target_feature=+aes` when compiling
the crate in order to take advantage of AES-NI.

The accelerated AES-CTR implementation in this crate makes use of SSSE3
instructions.

Though in theory all CPUs with AES-NI should have SSSE3, the `aes`
target feature does not implicitly enable SSSE3 per the Rust Reference:

https://doc.rust-lang.org/reference/attributes/codegen.html#x86-or-x86_64

...so this separate check ensures the availability of SSSE3.

When using the `autodetect` module, we store the possible backing AES
implementations in a `union`, which presently requires all fields be
`Copy` until `ManuallyDrop` stabilizes in Rust 1.49.

However, the "soft" types are directly exposed on non-x86 architectures
or when the `force-soft` feature is enabled. Having these types be
`Copy` when the autodetect wrappers aren't is inconsistent, and it's
better to require an explicit clone for these to make users think when
they make copies of material.

As a workaround until `ManuallyDrop` lands, this gates the `Copy` impl
on the "soft" types to only cases where it is hidden behind the
autodetect facade (i.e. when they presently *need* to be `Copy`).

Implements the API changes introduced in:

RustCrypto/traits#435

Uses the new `core::mem::ManuallyDrop` feature to allow the inner types
of unions to be non-Copy.

The tests are failing because the `aes` crate now uses `ManuallyDrop`
unions which are MSRV 1.49 (see #216)

As @newpavlov pointed out, the actual MSRV of this crate didn't change.

If we run tests with the `aes` crate's `force-soft` feature enabled, we
can still CI with Rust 1.41.

Rust 1.49 features are only needed for CPU feature autodetection.

We can still support MSRV 1.41 when the `force-soft` feature is enabled.

This commit adds CI configuration to test `force-soft` under Rust 1.41,
and makes a note of Rust 1.41 support when `force-soft` is enabled.

Bumps [byteorder](https://github.com/BurntSushi/byteorder) from 1.3.4 to 1.4.2.
- [Release notes](https://github.com/BurntSushi/byteorder/releases)
- [Changelog](https://github.com/BurntSushi/byteorder/blob/master/CHANGELOG.md)
- [Commits](BurntSushi/byteorder@1.3.4...1.4.2)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

The previous usage of macros made refactoring extremely difficult, with
small changes resulting in hundreds upon hundreds of errors when the
macros are expanded, as opposed to a single error in a particular
function.

This commit replaces the AES-NI `util.rs` macros with
`#[inline(always)]` functions.

There is no change to the generated assembly.

- Uses array operations on the block buffer
- Uses loops where they don't appear to impact performance

* block-modes: Add IvState trait for block modes

The new IvState trait allows to expose a value that can be used as an IV
for initializing a subsequent BlockMode and resuming the operation
later. These values must be used exclusively to resume cipher
operations. They MUST NOT be exposed to parties controlling future blocks.

- Add tests that check correctness of interrupted encryptions (i.e.,
encrypting `k` blocks, initialize a new cipher with the IV returned by
iv_state, and encrypting the remaining blocks).
- Add missing OFB test.

See #226.

Fix format

rebase me

* Use generic_array::sequence::Concat for IGE

Define IgeIvBockSize as a sum instead of a product, in order to
concatenate the generic arrays.

* Fix CFB, add CFB test case

Test case generated with OpenSSL

* Remove CFB block decrypt

- CFB decryption needs block encryptions only.
- Add roundtrip tests
- Add longer CFB test (30 blocks)

* Add CFB decryption iterator length for clarity

Co-authored-by: zugzwang <[email protected]>

Bumps [byteorder](https://github.com/BurntSushi/byteorder) from 1.4.2 to 1.4.3.
- [Release notes](https://github.com/BurntSushi/byteorder/releases)
- [Changelog](https://github.com/BurntSushi/byteorder/blob/master/CHANGELOG.md)
- [Commits](BurntSushi/byteorder@1.4.2...1.4.3)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Renamed from `cpuid-bool`

Release notes: RustCrypto/stream-ciphers#229

Releases new versions of all crates in this repository which incorporate
the `cipher` v0.3 release changes (RustCrypto/traits#621)