Home Page Download Manual GitHub Mediawiki Mailing lists Contributions Related links

Crypto++ 8.6

Crypto++ 8.6 was released on September 24, 2021. The 8.6 release was a minor, unplanned release. There was one CVEs and no memory errors.

This release clears CVE-2021-40530 and fixes a problem with ChaCha20 AVX2 implementation. The CVE was due to ElGamal encryption using a work estimate to size encryption exponents instead subgroup order. The ChaCha20 issue was due to mishandling a carry in the AVX2 code path. The ChaCha20 issue was difficult to duplicate, so most users should not experience it.

Download

The download is available from the Crypto++ website. The checksums for the download are below. Release signatures can be verified using GnuPG according to Release Signing.

Mirrors for the download are below. Note that GitHub checksums on the ZIP or TAR are different because the service creates the archive from sources.

Release Notes

The release notes for Crypto++ 8.6 follows.

Bug fixes and Minor Issues

ElGamal encryption

ElGamal encryption was changed to use exponents of subgroup order due to On the (in)security of ElGamal in OpenPGP. Formerly the size of the exponent was selected based on an estimated work factor.

AdditiveCipherTemplate<T> ProcessData

The AdditiveCipherTemplate<T> ProcessData fix was required because GCC began removing code when the input and output buffers were the same buffer (i.e., in-place encryption or decryption). We believe GCC began removing the code due to alias violations. The fix breaks binary compatibility so a recompile is required.

Notes for Distros

A recompile is required.

FIPS DLL deprecation

The FIPS DLL used to be an important artifact for Windows builds. NIST moved the Crypto++ library to the Historical Validation List in 2014. The Windows DLL is no longer validated.

The project files to build the FIPS DLL are cryptdll.vcxproj and dlltest.vcxproj. The projects are now deprecated and subject to removal.

File Changes

Below is a list of all files that were added at Crypto++ 8.6. The list omits test programs that were renamed from *.cxx to *.cpp.

$ git diff-tree -r --summary CRYPTOPP_8_5_0 CRYPTOPP_8_6_0 | grep -v "change" | awk '{$2=$3=""; print $0}' | grep -E '(\.h|\.cpp|\.txt|\.dat)'
create   TestVectors/lsh.txt
create   TestVectors/lsh256.txt
create   TestVectors/lsh512.txt
create   TestVectors/lsh512_256.txt
create   lsh.h
create   lsh256.cpp
create   lsh256_avx.cpp
create   lsh256_sse.cpp
create   lsh512.cpp
create   lsh512_avx.cpp
create   lsh512_sse.cpp