Crypto++® Library 5.6.5
Crypto++ Library is a free C++ class library of cryptographic schemes. The library contains the following algorithms:
algorithm type name authenticated encryption schemes
GCM ,
CCM ,
EAX high speed stream ciphers
ChaCha (ChaCha8/12/20) ,
Panama ,
Sosemanuk ,
Salsa20 ,
XSalsa20 AES and AES candidates
AES (Rijndael),
RC6 ,
MARS ,
Twofish ,
Serpent ,
CAST-256
other block ciphers
IDEA ,
Triple-DES (DES-EDE2 and DES-EDE3),
Camellia ,
SEED ,
RC5, Blowfish, TEA, XTEA, Skipjack, SHACAL-2
block cipher modes of operation
ECB, CBC, CBC ciphertext stealing (CTS), CFB, OFB, counter mode (CTR)
message authentication codes
VMAC ,
HMAC ,
GMAC (GCM) ,
CMAC ,
CBC-MAC, DMAC, Two-Track-MAC
hash functions
BLAKE2 (BLAKE2b, BLAKE2s) ,
SHA-1 ,
SHA-2 (SHA-224, SHA-256, SHA-384, and SHA-512), SHA-3,
Tiger ,
WHIRLPOOL ,
RIPEMD-128, RIPEMD-256, RIPEMD-160, RIPEMD-320
public-key cryptography
RSA, DSA , ElGamal, Nyberg-Rueppel (NR), Rabin-Williams (RW), LUC, LUCELG, DLIES (variants of DHAES), ESIGN
padding schemes for public-key systems
PKCS#1 v2.0, OAEP, PSS, PSSR, IEEE P1363 EMSA2 and EMSA5
key agreement schemes
Diffie-Hellman (DH), Unified Diffie-Hellman (DH2), Menezes-Qu-Vanstone (MQV), Hashed MQV (HMQV), Fully Hashed MQV (FHMQV), LUCDIF, XTR-DH
elliptic curve cryptography
ECDSA, ECNR, ECIES, ECDH, ECMQV
insecure or obsolescent algorithms retained for backwards compatibility and historical value
MD2 ,
MD4 ,
MD5 ,
Panama Hash ,
DES ,
ARC4 ,
SEAL 3.0 ,
WAKE-OFB, DESX (DES-XEX3), RC2, SAFER, 3-WAY, GOST, SHARK, CAST-128, Square
Other features include:
pseudo random number generators (PRNG): ANSI X9.17 appendix C, RandomPool
password based key derivation functions: PBKDF1 and PBKDF2 from PKCS #5, PBKDF from PKCS #12 appendix B
Shamir's secret sharing scheme and Rabin's information dispersal algorithm (IDA)
fast multi-precision integer (bignum) and polynomial operations
finite field arithmetics, including GF(p) and GF(2^n)
prime number generation and verification
useful non-cryptographic algorithms
DEFLATE (RFC 1951) compression/decompression with
gzip (RFC 1952) and zlib (RFC 1950) format support
hex, base-32, and base-64 coding/decoding
32-bit CRC and Adler32 checksum
class wrappers for these operating system features (optional):
high resolution timers on Windows, Unix, and Mac OS
Berkeley and Windows style sockets
Windows named pipes
/dev/random, /dev/urandom, /dev/srandom
Microsoft's CryptGenRandom on Windows
A high level interface for most of the above, using a filter/pipeline metaphor
benchmarks and validation testing
x86, x86-64 (x64), MMX, and SSE2 assembly code for the most commonly used algorithms,
with run-time CPU feature detection and code selection
supports GCC-style and MSVC-style inline assembly, and MASM for x64
certain versions are available in FIPS 140-2 validated form
Crypto++ Library is copyrighted as a compilation and (as of version 5.6.2) licensed under the Boost Software License 1.0,
while the individual files in the compilation are all public domain.
10/11/2016 - Version 5.6.5 released
maintenance release, recompile of programs recommended
expanded community input and support
25 unique contributors as of this release
fixed CVE-2016-7420 (Issue 277, document NDEBUG for production/release)
fixed CVE-2016-7544 (Issue 302, avoid _malloca and _freea )
shipped library in recommended state
backwards compatibility achieved with <config.compat>
Visual Studio project file cleanup
improved X86 and X64 MSBuild support
added ARM-based MSBuild awareness
improved Testing and QA
expanded platforms and compilers
expanded Coverity into OS X and Windows platforms
added Windows test scripts using Strawberry Perl
ported to MSVC 2015 SP3, Xcode 7.3, Sun Studio 12.5, GCC 7.0, MacPorts GCC 7.0, Clang 3.8, Intel C++ 17.00
09/11/2016 - Version 5.6.4 released
maintenance release, honored API/ABI/Versioning requirements
expanded community input and support
22 unique contributors as of this release
fixed CVE-2016-3995
changed SHA3 to FIPS 202 (F1600, XOF d=0x06)
added Keccak (F1600, XOF d=0x01)
added ChaCha (ChaCha8/12/20)
added HMQV and FHMQV
Hashed and Fully Hashed MQV
added BLAKE2 (BLAKE2s and BLAKE2b)
C++, SSE2, SSE4, ARM NEON and ARMv8 ASIMD
added CRC32-C
C/C++, Amd64 CRC, and ARMv8 CRC
improved Rabin-William signatures
improved C++11 support
atomics, threads and fences
alginof, alignas
constexpr
noexcept
improved GCM mode
ARM NEON and ARMv8 ASIMD
ARMv8 carry-less multiply
improved Windows 8 and 10 support
Windows Phone, Universal Windows Platform, Windows Store
improved MIPS, ARMv7 and ARMv8 support
added scripts setenv-{android | embedded | ios}.sh for GNUmakefile-cross
aggressive use of -march=<arch> and -mfpu=<fpu> in cryptest.sh
improved build systems
Visual Studio 2010 default
added CMake support (lacks FindCryptopp.cmake)
archived VC++ 5/0/6.0 project files (vc60.zip)
archived VS2005 project files (vs2005.zip)
archived Borland project files (bds10.zip)
improved Testing and QA
expanded platforms and compilers
added code generation tests based on CPU features
added C++03, C++11, C++14, C++17 testing
added -O3, -O5, -Ofast and -Os testing
ported to MSVC 2015 SP3, Xcode 7.3, Sun Studio 12.5, GCC 7.0, MacPorts GCC 7.0, Clang 3.8, Intel C++ 17.00
11/20/2015 - Version 5.6.3 released
fixed CVE-2015-2141
cleared most Undefined Behavior Sanitizer (UBsan) findings
cleared all Address Sanitizer (Asan) findings
cleared all Valgrind findings
cleared all Coverity findings
cleared all Enterprise Analysis (/analyze) findings
cleared most GCC warnings with -Wall
cleared most Clang warnings with -Wall
cleared most MSVC warnings with /W4
added -fPIC for 64-bit builds (off for 32-bit builds)
added HKDF class from RFC 5869
switched to member_ptr due to C++ 11 warnings for auto_ptr
initialization of C++ static objects, off by default
GCC and init_priotirty/constructor attributes
MSVC and init_seg(lib)
CRYPTOPP_INIT_PRIORITY disabled by default, but available
improved OS X support
improved GNUmakefile support for Testing and QA
added self tests for additional Testing and QA
added cryptest.sh for systematic Testing and QA
added GNU Gold linker support
added Visual Studio 2010 solution and project files in vs2010.zip
added Clang integrated assembler support
unconditionally define CRYPTOPP_NO_UNALIGNED_DATA_ACCESS for Makefile target 'ubsan' and at -O3
workaround ARMEL/GCC 5.2 bug and failed self test
fixed crash in MQV due to GCC 4.9+ and inlining
fixed hang in SHA due to GCC 4.9+ and inlining
fixed missing rdtables::Te under VS with ALIGNED_DATA_ACCESS
fixed S/390 and big endian feature detection
fixed S/390 and int128_t/uint128_t detection
fixed X32 (ILP32) feature detection
removed _CRT_SECURE_NO_DEPRECATE for Microsoft platforms
utilized bound checking interfaces from ISO/IEC TR 24772 when available
improved ARM, ARM64, MIPS, MIPS64, S/390 and X32 (ILP32) support
introduced CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
added additional Doxygen-based documentation
ported to MSVC 2015, Xcode 7.2, GCC 5.2, Clang 3.7, Intel C++ 16.00
8/31/2015 - Completed migration from ibiblio and Sourceforge to a stand alone installation and GitHub
02/20/2013 - Version 5.6.2 released
changed license to Boost Software License 1.0
added SHA-3 (Keccak)
updated DSA to FIPS 186-3 (see DSA2 class)
fixed Blowfish minimum keylength to be 4 bytes (32 bits)
fixed Salsa validation failure when compiling with GCC 4.6
fixed infinite recursion when on x64, assembly disabled, and no AESNI
ported to MSVC 2012, GCC 4.7, Clang 3.2, Solaris Studio 12.3, Intel C++ Compiler 13.0
8/9/2010 - Version 5.6.1 released
added support for AES-NI and CLMUL instruction sets in AES and GMAC/GCM
removed WAKE-CFB
fixed several bugs in the SHA-256 x86/x64 assembly code:
incorrect hash on non-SSE2 x86 machines on non-aligned input
incorrect hash on x86 machines when input crosses 0x80000000
incorrect hash on x64 when compiled with GCC with optimizations enabled
fixed bugs in AES x86 and x64 assembly causing crashes in some MSVC build configurations
switched to a public domain implementation of MARS
ported to MSVC 2010, GCC 4.5.1, Sun Studio 12u1, C++Builder 2010, Intel C++ Compiler 11.1
renamed the MSVC DLL project to "cryptopp" for compatibility with MSVC 2010
3/15/2009 - Version 5.6.0 released
added AuthenticatedSymmetricCipher interface class and Filter wrappers
added CCM, GCM (with SSE2 assembly), EAX, CMAC, XSalsa20, and SEED
added support for variable length IVs
added OIDs for Brainpool elliptic curve parameters
improved AES and SHA-256 speed on x86 and x64
fixed incorrect VMAC computation on message lengths that are >64 mod 128 (x86 assembly version is not affected)
fixed compiler error in vmac.cpp on x86 with GCC -fPIC
fixed run-time validation error on x86-64 with GCC 4.3.2 -O2
fixed HashFilter bug when putMessage=true
removed WORD64_AVAILABLE; compiler support for 64-bit int is now required
ported to GCC 4.3, C++Builder 2009, Sun CC 5.10, Intel C++ Compiler 11
5/16/2008 - Recovered from web host server crash. Now hosted by ibiblio.org .
9/24/2007 - Version 5.5.2 released
ported x64 assembly language code for AES, Salsa20, Sosemanuk, and Panama to MSVC 2005 (using MASM since MSVC doesn't support inline assembly on x64)
fixed Salsa20 initialization crash on non-SSE2 machines
fixed Whirlpool crash on Pentium 2 machines
fixed possible branch prediction analysis (BPA) vulnerability in MontgomeryReduce(), which may affect security of RSA, RW, LUC
fixed link error with MSVC 2003 when using "debug DLL" form of runtime library
fixed crash in SSE2_Add on P4 machines when compiled with MSVC 6.0 SP5 with Processor Pack
added support for newly released compilers: MSVC 2008, GCC 4.2, Sun CC 5.9, Intel C++ Compiler 10.0, and Borland C++Builder 2007
8/14/2007 - Version 5.3.0 released as FIPS 140-2 validated module.
6/1/2007 - Updated reference manual to version 5.5.1,
and migrated from CVS to SVN
5/25/2007 - Version 5.5.1 released
fixed VMAC validation failure on 32-bit big-endian machines
5/5/2007 - Version 5.5 released
added VMAC and Sosemanuk (with x86-64 and SSE2 assembly)
improved speed of integer arithmetic, AES, SHA-512, Tiger, Salsa20, Whirlpool, and PANAMA cipher using assembly (x86-64, MMX, SSE2)
optimized Camellia and added defense against timing attacks
updated benchmarks code to show cycles per byte and to time key/IV setup
started using OpenMP for increased multi-core speed
enabled GCC optimization flags by default in GNUmakefile
added blinding and computational error checking for RW signing
changed RandomPool, X917RNG, GetNextIV, DSA/NR/ECDSA/ECNR to reduce the risk of reusing random numbers and IVs after virtual machine state rollback
changed default FIPS mode RNG from AutoSeededX917RNG<DES_EDE3> to
AutoSeededX917RNG<AES>
fixed PANAMA cipher interface to accept 256-bit key and 256-bit IV
moved MD2, MD4, MD5, PanamaHash, ARC4, WAKE_CFB into the namespace "Weak"
removed HAVAL, MD5-MAC, XMAC
The current version of Crypto++ supports the following compilers:
MSVC 6.0 - VS2015
GCC 3.2 - 7.0
Clang 2.9 - 3.8
Intel C++ Compiler 11 - 17.0
Solaris Studio 12.5
Xcode 3.0 - 7.3
C++ Builder 2010 (for version 5.6.4)
For detailed build status and notes on various compiler/OS/CPU combinations as well as information about compiling earlier versions of Crypto++, please see this wiki entry .
Remember to use the "-a" (auto-convert text files) option when unzipping on a Unix machine. After downloading, please read the Readme.txt included in the zip archive for build instructions and other important notes.
The zip files should have the following hashes:
crypto50.zip:
MD5: fe8d4ef49b69874763f6dab30cbb6292
SHA-1: d0d83e60b6c03408370ca6c13aa5cac5e2220bf1
RIPEMD-160: 150db13d4df29020829f0fe817f54ee5a0595e50
SHA-256: c67c64693f32195e69d3d7e5bdf47afbd91e8b69d0407a2bc68a745d9dbebb26
crypto51.zip:
MD5: f4bfd4ac39dc1b7f0764d61a1ec4df16
SHA-1: 95905714c85f6fb563e66edb5478818df787fe2d
RIPEMD-160: 8b7420c421be39e9976f1ce2a80840d7ed6b38ef
SHA-256: d183a98c28feb1e0f7d21d177469831e5052aa8ca446475e95a5ebe7a7feb3cd
cryptopp521.zip:
MD5: 82a00c44235ccbae2bedf9cb16c40ac3
SHA-1: 4b84311d1cbde04df5d88b5375d29c2e35ccb89c
RIPEMD-160: 7c4d3cf702a1cf38f2a19cb5cebf170dabc23a35
SHA-256: d578d297f1804a6b1c3f9090cc77091e49ae6d0311846a45117e79d4d20c2a39
cryptopp54.zip:
MD5: 40e760012d1b0b7e316676ef09e0a814
SHA-1: 88f6534b713fbbf5c1af5fdddc402b221eea73bf
RIPEMD-160: 8efd6d1ab9a34f69dfa2ef04852eff0efb69b47f
SHA-256: fa9aceb1b46c886b5c13fe5aa3d0cdbd74b4a2dd894e290cbdbfd17fe8a7fe5a
cryptopp552.zip:
SHA-1: 18efe451b3c682f40db75dc2b09cb448a835e7d6
SHA-512: 62fa0aa79081b14cc87345c5364182d83cd1bde6ea732bcecc5cae02879d218159b324a0872d6ef70c1b1916cadb2243036918cbcf962f78b84c788c55d7520f
WHIRLPOOL: ff32165cd7bac87004d5a60550226ef6391901185d2c2262f58b278d6cc705fb74d5cfaabbcdc47fed16448b52499b061ab0bb07556b95e3ccd4b4441cbd3952
cryptopp560.zip:
SHA-1: b836783ebd72d5bc6a916620ab2b1ecec316fef1
SHA-512: 37c5820404f9fa94e4ebe595865de17af13876bf5ef20c8612e019427893227f80095f21ee71c6caf781f14a493dc56805eb965e909f8fdce31a9f748b772655
WHIRLPOOL: fab7114bcd3eef5df0ef9d794ccb5f54670a7ef27f57f9662339e27d42dd2d19223ebee395e6a17e0fb2d48ea74139f3093f688db14bdefa650fb27f520c006b
cryptopp561.zip:
SHA-1: 31dbb456c21f50865218c57b7eaf4c955a222ba1
SHA-256: 98e74d8cb17a38033354519ac8ba9c5d98a6dc00bf5d1ec3c533c2e8ec86f268
SHA-512: 6cc07f36b84a1043e01e458a826d4e3626a2d87b2f606352bc18f607e1c1a68dc3c9b3454659bc1e21e07c9addbf6f4255c5848205fb31c3f445c31a00ebfbf1
WHIRLPOOL: 51021ec68fa5b4a988fa343dce1e64455b33c922691a842a2f7801d7359e400bff342f381393aae42114a061cf9ab6365271d7a5c21dd5c26330d41dcb59bfc9
cryptopp562.zip:
SHA-1: ddc18ae41c2c940317cd6efe81871686846fa293
SHA-256: 5cbfd2fcb4a6b3aab35902e2e0f3b59d9171fee12b3fc2b363e1801dfec53574
SHA-512: 016ca7ebad1091d67ad0bc5ccb7549d96d4af6b563d9d5a612cae27b3d1a3514c41b954e319fed91c820e8c701e3aa43da186e0864bf959ce4afd1539248ebbe
WHIRLPOOL: e31203da48a31b09e6ea48a75aa64fe5fd27fd370a1a609c4387526f09daab7582716563b688c0c81a8c3b200b8ffa7bdb2b981e5911640e5f1c172d6027f6ac
cryptopp563.zip:
SHA-1: f2fcd1fbf884bed70a69b565970ecd8b33a68cc4
SHA-256: 9390670a14170dd0f48a6b6b06f74269ef4b056d4718a1a329f6f6069dc957c9
SHA-512: b3b963e87d937aeae03aa41849c23bb03fc0a8e627afddb8aa74bc07edf51949888aaa25cb4888053455524e7c5dd8de1f11e227acfab3a3ea344285b6408ce0
WHIRLPOOL: 1f7716f143a6677be213e29330ed0cbcd16db0fe575487b35c071e3ee12bff0471b1c82fa43590ac708c06dbcd4d9c39499a4b8dfa89a3f410d3b0be376f5268
cryptopp564.zip:
SHA1: effa1770b81dfe05db48ddc0468ead8660929650
SHA256: be430377b05c15971d5ccb6e44b4d95470f561024ed6d701fe3da3a188c84ad7
SHA512: d9f0ce92f5f95794b5a43d5ae865bfe7bae555f1565210dd4fd9fa9d44b2f801d947e216042099f7d40dd83e3d385a6346343b05431f05bf04276ba85b7ff63f
WHIRLPOOL: 344354e2b4a822eb1f431137678067f6a042e710c13ab70e53dca2523f29b8bcf2227e6973f67e69079ddde789f1af764c0913a0e73808e784cec195ef722ce4
cryptopp565.zip:
SHA1: a74f207a315b6a133af9640a45bde9d6e378af4d
SHA256: a75ef486fe3128008bbb201efee3dcdcffbe791120952910883b26337ec32c34
SHA512: f13718d02ca69b0129aaf9e767c9d2e0333aa7538355f9c63d9eaf1ff369062084a18dc01489439ebf37797b3ea81b01beb072057d47ec962bfb824ddc72abc7
WHIRLPOOL: 376e8d7ad497d03f19542fd183181f26c83f38dfef800529cb5d5ce7238978f005d36e3e7cce63322af9b7dfc3a69fdb615c435bcf092bbd6abf6781dfd6d8a3
While You Are Downloading
The following versions of Crypto++ have been validated by NIST and CSE for
FIPS 140-2 level 1 conformance. Because only compiled executable code can receive FIPS validation, these versions are listed separately from the other source-code-only downloads. These download packages include the validated binary object, header files, API reference, and FIPS related documentation. Source code is also included for debugging purposes. (You cannot compile Crypto++ yourself and claim FIPS 140-2 conformance on the resulting module, unless the it goes through the validation process again.)
Because these packages contain compiled executable code, they have been signed with a PGP public key which is included inside the package. You can verify the PGP key's fingerprint by following the certificate link and obtaining a
copy of the Crypto++ Library Security Policy from NIST's web site. The fingerprint is given in the Security Policy.
There are two mailing lists for Crypto++. The first is cryptopp-announce@googlegroups.com, and the second is cryptopp-users@googlegroups.com.
As a courtesy, please join the discussion list with your real name instead of an online handle. Alternate webviews are for the lists are available at Crypto++ Announce - Google Groups and Crypto++ Users - Google Groups .
When posting a question to the Crypto++ user mailing list, please provide the following information, if applicable:
exact error message
stack trace (please copy from the call stack window of your debugger, or use the "bt" command in gdb)
a minimal program with a main() function, that reproduces the problem
version of Crypto++, operating system (output of "uname -a" command if using Unix), and compiler (output of "gcc -v" if using GCC)
The source code and its planned changes are available at the following locations.
The Crypto++ GitHub repository allows you to view the latest (unreleased) Crypto++ source code via the Linux kernel's git beginning around June 2015. Its also serves as an incubator to nuture and grow the library.
The former Crypto++ SourceForge repository allows you to view the Crypto++ source code via Apache's subversion until about July 2015. At that time, SourceForge had infrastructure problems and a cutover to GutHub was performed.
The Roadmap on the wiki provides the general direction the library is heading. It includes planned features and releases, and even some wishlist items.
Contributions of all types are welcomed. Contributions include the following.
Bug finding and fixes
Features and enhancements
Test scripts and test cases
Branch and release testing
Documentation and updates
If you think you have found a bug in the library, then you should discuss it on the Users mailing list . Discussing it will help bring the issue to the attention of folks who can help resolve the issue. If you want to contribute a bug fix to the library, then make a Pull Request or make a Diff available somewhere. Also see Bug Reports on the wiki.
Features and enhancements are welcomend additions to the library. This category tends to be time consuming because algorithms and their test cases need to be reviewed and merged. Please be mindful of the test cases, and attempt to procure them from an independent source.
The library cherishes test scripts and test cases. They ensure the library is fit and they help uncover issues with the library before users experience them. If you have some time, then write some test cases, especially the ones that are intended to break things.
Branch and release testing is your chance to ensure Master (and planned merges) meets your expectations and perform as expected. If you have a few spare cycles, then please test Master on your favorite platform. We need more testing on MinGW, Windows Phone, Windows Store, Solaris 10 (and below), and modern iOS and OS X (including TV and Watch builds).
Documentation and updates includes both the inline source code annotations using Doxygen, and the online information provided in the wiki. The wiki is more verbose and usually provides more contextual information than the API reference. Besides testing, documentation is one of the highest returns on investment.
If you are interested in paid support for Crypto++ or consulting on a Crypto++ related project, then please see this list of companies and individuals providing services on the wiki. This listing is a free service for the Crypto++ community, and anyone may sign up to be listed by creating an account on the wiki .
Originally written by: Wei Dai
visitors since 4/7/2004.
