Crypto++ 8.6

Crypto++ 8.6 was released on September 24, 2021. The 8.6 release was a minor, unplanned release. There was one CVEs and no memory errors.

This release clears CVE-2021-40530 and fixes a problem with ChaCha20 AVX2 implementation. The CVE was due to ElGamal encryption using a work estimate to size encryption exponents instead subgroup order. The ChaCha20 issue was due to mishandling a carry in the AVX2 code path. The ChaCha20 issue was difficult to duplicate, so most users should not experience it.

Download

The download is available from the Crypto++ website. The checksums for the download are below. Release signatures can be verified using GnuPG according to Release Signing.

• Download: cryptopp860.zip, cryptopp860.zip.sig
• SHA1: d5756ceff1263cd827506c8189fa8899cec6397c
• SHA256: 20aa413957d9c8ae353ee2f7747bd7ac392f933c60a53e3fd1e41cadbc48d193
• SHA512: e7773f5e4a7dc7e8e735b1702524bee56ba38e5211544c9c9778bc51ed8dc7b376c17f2e406410043b636312336f26f76dc963f298872f8c13933e88c232fc03
• BLAKE2b: c93998e2deb93abf12b801877404f0f82547bfbbbc5aae727e68daffc2407877dda76d7bcd06239d40a48baf21b6f2e29f74e9a97ecbc1b5d4b5bcc50ada71da
• WHIRLPOOL: edc5b350d12bad9f48382bd225383720939d3371817d2d0bd0a428d37a54a2ec6289d1dc52daeba7fb314a738e78d32fc126c58c7f0c86ad9ecc4ea849985bd0

Mirrors for the download are below. Note that GitHub checksums on the ZIP or TAR are different because the service creates the archive from sources.

• GitHub cryptopp860.zip

Release Notes

The release notes for Crypto++ 8.6 follows.

• minor release, recompile of programs required
• expanded community input and support
• • 74 unique contributors as of this release
• fix ElGamal encryption
• fix ChaCha20 AVX2 implementation
• fix AdditiveCipherTemplate<T> ProcessData
• add LSH-256 and LSH-512 hash functions
• add ECIES_P1363 for backwards compatibility

Bug fixes and Minor Issues

• fix ElGamal encryption (GH #1059, CVE-2021-40530)
• fix ChaCha20 AVX2 implementation (GH #1069)
• add octal and decimal literal prefix parsing to Integer (Commit e154280d310c)
• add missing overload in ed25519Signer and ed25519Verifier (Commits fae99431186d, 08f3fc5676af)
• make SHA-NI independent of AVX and AVX2 (GH #1045)
• fix OldRandomPool GenerateWord32 (Commit fabd88e4e47b)
• use CPPFLAGS during feature testing (Commit 7e0f678055f4)
• fix compile on CentOS 5 (Commits b51383cc6c63, ef3a9e8eeaea)
• fix compile on FreeBSD (Commit 2619dbec0bfc)
• fix feature testing on ARM A-32 and Aarch64 (Commit 203a47a3451d)
• enable inline ASM for CRC and PMULL on Apple M1
• fix Intel oneAPI compile (PR #1027)
• rename test files with *.cpp extension (GH #1024)
• fix GCC compile error due to missing _mm256_set_m128i (Commit 2cfa8a60a186)
• add LSH-256 and LSH-512 hash functions (GH #1025, PR #1026)
• add ECIES_P1363 for backwards compatibility (Commit 8e02d0d6dcdd)
• fix AdditiveCipherTemplate<T> ProcessData (GH #1010)
• remove CRYPTOPP_NO_CXX11 define (Commit 6911928ffd3a)
• add -fno-common for Darwin builds (Commit a70662dae83e)
• update documentation (too many commits to list)

ElGamal encryption

ElGamal encryption was changed to use exponents of subgroup order due to On the (in)security of ElGamal in OpenPGP. Formerly the size of the exponent was selected based on an estimated work factor.

AdditiveCipherTemplate<T> ProcessData

The AdditiveCipherTemplate<T> ProcessData fix was required because GCC began removing code when the input and output buffers were the same buffer (i.e., in-place encryption or decryption). We believe GCC began removing the code due to alias violations. The fix breaks binary compatibility so a recompile is required.

Notes for Distros

A recompile is required.

FIPS DLL deprecation

The FIPS DLL used to be an important artifact for Windows builds. NIST moved the Crypto++ library to the Historical Validation List in 2014. The Windows DLL is no longer validated.

The project files to build the FIPS DLL are cryptdll.vcxproj and dlltest.vcxproj. The projects are now deprecated and subject to removal.

File Changes

Below is a list of all files that were added at Crypto++ 8.6. The list omits test programs that were renamed from *.cxx to *.cpp.

$ git diff-tree -r --summary CRYPTOPP_8_5_0 CRYPTOPP_8_6_0 | grep -v "change" | awk '{$2=$3=""; print $0}' | grep -E '(\.h|\.cpp|\.txt|\.dat)'
create   TestVectors/lsh.txt
create   TestVectors/lsh256.txt
create   TestVectors/lsh512.txt
create   TestVectors/lsh512_256.txt
create   lsh.h
create   lsh256.cpp
create   lsh256_avx.cpp
create   lsh256_sse.cpp
create   lsh512.cpp
create   lsh512_avx.cpp
create   lsh512_sse.cpp