Home Page Download Manual GitHub Wiki and FAQ Mailing lists Contributions Related links

Crypto++ 7.0

Crypto++ 7.0 was released on April 8, 2018. The 7.0.0 release was a major, unplanned release. There are no CVE fixes but there is a fix for a memory error.

Download

The download is available from the Crypto++ website. The checksums for the download are below.

Mirrors for the download are below. Note that GitHub checksums on the ZIP or TAR are different because the service creates the archive from sources.

Release Notes

The release notes for Crypto++ 7.0 follows.

Bug Fixes and Minor Issues

The bug fix and minor issue list for Crypto++ 7.0 follows. Many non-trivial issues are tracked for auditing and C&A purposes, but the list may not be complete. A number in parenthesis is the GitHub Issue number, if it was tracked. Sometimes a Git commit is referenced, but many trivial GitHub commits are omitted. Missing Issue numbers or lack of consecutiveness usually indicates feature requests and "won't fix/can't fix" type reports.

Memory error

The Integer class had a memory error in member function InverseMod that could cause a heap corruption. The error surfaced when x % m was used and x was much larger than m. The error usually occured when the bit count of x was larger than the bit count m by about 128-bits or 256-bits.

Below is the new code for InverseMod located in integer.cpp. InverseMod was fixed, and InverseModNext was added. The problem was Integer r was too small, and AlmostInverse wrote beyond the integer's internal buffer. Also see Issue 602 | Comment 376222204.

Integer Integer::InverseMod(const Integer &m) const
{
    if (IsNegative())
        return Modulo(m).InverseModNext(m);

    // http://github.com/weidai11/cryptopp/issues/602
    if (*this >= m)
        return Modulo(m).InverseModNext(m);

    return InverseModNext(m);
}

Integer Integer::InverseModNext(const Integer &m) const
{
    if (m.IsEven())
    {
        if (!m || IsEven())
            return Zero();    // no inverse
        if (*this == One())
            return One();

        Integer u = m.Modulo(*this).InverseModNext(*this);
        return !u ? Zero() : (m*(*this-u)+1)/(*this);
    }

    IntegerSecBlock T(m.reg.size() * 4);
    Integer r((word)0, m.reg.size());
    unsigned k = AlmostInverse(r.reg, T, reg, reg.size(), m.reg, m.reg.size());
    DivideByPower2Mod(r.reg, r.reg, k, m.reg, m.reg.size());
    return r;
}

Notes for Distros

The incorrect result when using Integer::InverseMod (Issue 602) is a memory error. The issue may be CVE worthy, and it is the reason for the Crypto++ 7.0 release. The library itself was not at risk of memory problems due to the way the library used the Integer class. User programs prior to Crypto++ 7.0 could be at risk because they might call the mod operation with an operand large enough to witness the problem.

The 7.0 version bump was not due to the memory error. The major version bump was due to ABI breaks caused by KeyDerivationFunction interface.

File Changes

Below is a list of all files that were added at Crypto++ 7.0.

$ git diff-tree -r --summary CRYPTOPP_6_1_0 CRYPTOPP_7_0_0 | grep -v "change" | awk '{$2=$3=""; print $0}' | egrep '(\.h|\.cpp|\.txt|\.dat)'
create   scrypt.cpp
create   scrypt.h