Home Page Download Manual GitHub Mediawiki Mailing lists Contributions Related links

Crypto++ 7.0

Crypto++ 7.0 was released on April 8, 2018. The 7.0.0 release was a major, unplanned release. There are no CVE fixes but there is a fix for a memory error.


The download is available from the Crypto++ website. The checksums for the download are below. Release signatures can be verified using GnuPG according to Release Signing.

Mirrors for the download are below. Note that GitHub checksums on the ZIP or TAR are different because the service creates the archive from sources.

Release Notes

The release notes for Crypto++ 7.0 follows.

Bug Fixes and Minor Issues

The bug fix and minor issue list for Crypto++ 7.0 follows. Many non-trivial issues are tracked for auditing and C&A purposes, but the list may not be complete. A number in parenthesis is the GitHub Issue number, if it was tracked. Sometimes a Git commit is referenced, but many trivial GitHub commits are omitted. Missing Issue numbers or lack of consecutiveness usually indicates feature requests and "won't fix/can't fix" type reports.

Memory error

The Integer class had a memory error in member function InverseMod that could cause a heap corruption. The error surfaced when x % m was used and x was much larger than m. The error usually occured when the bit count of x was larger than the bit count m by about 128-bits or 256-bits.

Below is the new code for InverseMod located in integer.cpp. InverseMod was fixed, and InverseModNext was added. The problem was Integer r was too small, and AlmostInverse wrote beyond the integer's internal buffer. Also see Issue 602 | Comment 376222204.

Integer Integer::InverseMod(const Integer &m) const
    if (IsNegative())
        return Modulo(m).InverseModNext(m);

    // http://github.com/weidai11/cryptopp/issues/602
    if (*this >= m)
        return Modulo(m).InverseModNext(m);

    return InverseModNext(m);

Integer Integer::InverseModNext(const Integer &m) const
    if (m.IsEven())
        if (!m || IsEven())
            return Zero();    // no inverse
        if (*this == One())
            return One();

        Integer u = m.Modulo(*this).InverseModNext(*this);
        return !u ? Zero() : (m*(*this-u)+1)/(*this);

    IntegerSecBlock T(m.reg.size() * 4);
    Integer r((word)0, m.reg.size());
    unsigned k = AlmostInverse(r.reg, T, reg, reg.size(), m.reg, m.reg.size());
    DivideByPower2Mod(r.reg, r.reg, k, m.reg, m.reg.size());
    return r;

AES Decryption

After the Crypto++ 7.0 release it was reported that AES Decryption was not working properly on Windows 10 with the Visual C++ compiler version 15.6.7. The issue is not present in earlier releases of the Visual Studio 2017 compiler, or earlier relase of Visual Studio.

The project is tracking the bug at Issue 649.

Notes for Distros

The incorrect result when using Integer::InverseMod (Issue 602) is a memory error. The issue may be CVE worthy, and it is the reason for the Crypto++ 7.0 release. The library itself was not at risk of memory problems due to the way the library used the Integer class. User programs prior to Crypto++ 7.0 could be at risk because they might call the mod operation with an operand large enough to witness the problem.

The 7.0 version bump was not due to the memory error. The major version bump was due to ABI breaks caused by KeyDerivationFunction interface.

File Changes

Below is a list of all files that were added at Crypto++ 7.0.

$ git diff-tree -r --summary CRYPTOPP_6_1_0 CRYPTOPP_7_0_0 | grep -v "change" | awk '{$2=$3=""; print $0}' | grep -E '(\.h|\.cpp|\.txt|\.dat)'
create   scrypt.cpp
create   scrypt.h