Crypto++ 8.3

Crypto++ 8.3 was released on December 20, 2020. The 8.3 release was a minor, planned release. There was one CVE and no memory errors. A recompile of programs is required due to an unintentional ABI break in Crypto++ 8.3.

The 8.3 release cleared CVE-2019-14318. Ján Jančár discovered multiple information leaks in elliptic curve algorithms. The CVE was tracked under Issue 869. See the section CVE-2019-14318 below for more details.

Download

The download is available from the Crypto++ website. The checksums for the download are below. Release signatures can be verified using GnuPG according to Release Signing.

• Download: cryptopp830.zip, cryptopp830.zip.sig
• SHA1: 6bb0c339d15fd0b1560e01242c4294c858862388
• SHA256: db38a15a6b1c337c665e2ebeb731dd0754b05e45504897d0f2fe4ae9f5ee589a
• SHA512: ad5219a66c5924d330d3646d0ff996dd235006f6812074bc4eb9e8c662a4f000ba20449d377f24b133d19ce682f7b2a3b2eb4c08857ce0f5bb39743d1d425147
• BLAKE2b: 777ae6a0716793dbbf40594e5f910783852df15e1d6444ddb9505e9f00e6ead0c17fcf6eb5d0b4d58881595fefa79d285bd2db1f1789716ffb59624c50823c3d
• WHIRLPOOL: 12a5f35dab841621791859e326a925b58db0e8f04cca35c82f12d6134728118c64b248a3276e371ff104e748be72c70ea0ebdca3a9fd21ab5ac040dad0ede998

Mirrors for the download are below. Note that GitHub checksums on the ZIP or TAR are different because the service creates the archive from sources.

• GitHub cryptopp830.zip

Release Notes

The release notes for Crypto++ 8.3 follows.

• minor release, recompile of programs required
• • an accidental ABI break in Crypto++ 8.3 may surface
• expanded community input and support
• • 66 unique contributors as of this release
• fix use of macro CRYPTOPP_ALIGN_DATA
• fix potential out-of-bounds read in ECDSA
• fix std::bad_alloc when using ByteQueue in pipeline
• fix missing CRYPTOPP_CXX17_EXCEPTIONS with Clang
• fix potential out-of-bounds read in GCM mode
• add configure.sh when preprocessor macros fail
• fix potential out-of-bounds read in SipHash
• fix compile error on POWER9 due to vec_xl_be
• fix K233 curve on POWER8
• add Cirrus CI testing
• fix broken encryption for some 64-bit ciphers
• fix Android cpu-features.c using C++ compiler
• disable RDRAND and RDSEED for some AMD processors
• fix BLAKE2 hash calculation using Salt and Personalization
• refresh Android and iOS builds
• add XTS mode
• fix circular dependency between misc.h and secblock.h
• add Certificate interface
• fix recursion in AES::Encryption without AESNI
• add missing OID for ElGamal encryption
• fix missing override in KeyDerivationFunction-derived classes
• fix RDSEED assemble under MSVC
• fix elliptic curve timing leaks (CVE-2019-14318)
• add link-library variable to Makefiles (GH #866)
• fix SIZE_MAX definition in misc.h
• add GetWord64 and PutWord64 to BufferedTransformation
• use HKDF in AutoSeededX917RNG::Reseed
• fix Asan finding in VMAC on i686 in inline asm
• fix undeclared identifier _mm_roti_epi64 on Gentoo
• fix ECIES and GetSymmetricKeyLength
• fix possible divide by zero in PKCS5_PBKDF2_HMAC
• refine ASN.1 encoders and decoders
• disable BMI2 code paths in Integer class
• fix use of CRYPTOPP_CLANG_VERSION
• add NEON SHA1, SHA256 and SHA512 from Cryptogams
• add ARM SHA1, SHA256 and SHA512 from Cryptogams
• make config.h more autoconf friendly
• handle Clang triplet armv8l-unknown-linux-gnueabihf
• fix reference binding to misaligned address in xed25519
• clear asserts in TestDataNameValuePairs

Bug fixes and Minor Issues

The bug fix and minor issue list for Crypto++ 8.3 follows. Many non-trivial issues are tracked for auditing and C&A purposes, but the list may not be complete. A number in parenthesis is the GitHub Issue number, if it was tracked. Sometimes a Git commit is referenced, but many trivial GitHub commits are omitted. Missing Issue numbers or lack of consecutiveness usually indicates feature requests and "won't fix/can't fix" type reports.

• fix use of macro CRYPTOPP_ALIGN_DATA (GH #982)
• fix potential out-of-bounds read in ECDSA (GH #981)
• fix std::bad_alloc when using ByteQueue in pipeline (GH #962)
• fix missing CRYPTOPP_CXX17_EXCEPTIONS with Clang (GH #960)
• fix potential out-of-bounds read in GCM mode (GH #954)
• add configure.sh when preprocessor macros fail (GH #950)
• fix potential out-of-bounds read in SipHash (GH #948)
• fix compile error on POWER9 due to vec_xl_be (GH #944)
• fix K233 curve on POWER8 (GH #943)
• add Cirrus CI testing (GH #940)
• fix broken encryption for some 64-bit ciphers (GH #932, GH #945)
• fix Android cpu-features.c using C++ compiler (GH #926)
• disable RDRAND and RDSEED for some AMD processors (GH #924)
• fix BLAKE2 hash calculation using Salt and Personalization (GH #921)
• refresh Android and iOS builds (GH #920, GH #936)
• add XTS mode (GH #891)
• fix circular dependency between misc.h and secblock.h (GH #885)
• add Certificate interface (GH #884)
• fix recursion in AES::Encryption without AESNI (GH #880)
• add missing OID for ElGamal encryption (GH #876)
• fix missing override in KeyDerivationFunction-derived classes (GH #874)
• fix RDSEED assemble under MSVC (GH #872)
• fix elliptic curve timing leaks (CVE-2019-14318, GH #869)
• add link-library variable to Makefiles (GH #866)
• fix SIZE_MAX definition in misc.h (GH #864)
• add GetWord64 and PutWord64 to BufferedTransformation (GH #862, PR #863)
• use HKDF in AutoSeededX917RNG::Reseed (GH #861)
• fix Asan finding in VMAC on i686 in inline asm (GH #860)
• fix undeclared identifier _mm_roti_epi64 on Gentoo (GH #859)
• fix ECIES and GetSymmetricKeyLength (GH #856)
• fix possible divide by zero in PKCS5_PBKDF2_HMAC (GH #855)
• refine ASN.1 encoders and decoders
• disable BMI2 code paths in Integer class (GH #850)
• fix use of CRYPTOPP_CLANG_VERSION (GH #845)
• add NEON SHA1 from Cryptogams (GH #841, PR #842)
• add NEON SHA256 from Cryptogams (GH #839, PR #840)
• add NEON SHA512 from Cryptogams (GH #837, PR #838)
• add ARM SHA1 from Cryptogams (GH #841, PR #842)
• add ARM SHA256 from Cryptogams (GH #839, PR #840)
• add ARM SHA512 from Cryptogams (GH #837, PR #838)
• make config.h more autoconf friendly
• handle Clang triplet armv8l-unknown-linux-gnueabihf
• fix reference binding to misaligned address in xed25519
• clear asserts in TestDataNameValuePairs

CVE-2019-14318

Ján Jančár discovered multiple information leaks in elliptic curve algorithms. The first is in ECDSA due to leaking nonce length information. The second is information leaks in elliptic curve ECP class (prime fields) and the Add, Double and Multiply class member functions. The third is information leaks in elliptic curve EC2N class (binary fields) and the Add, Double and Multiply class member functions.

Based on research of antique Crypto++, it appears the issue affects Crypto++ 3.2 and forward. Crypto++ 3.2 was released March 2000.

The CVE was tracked under Issue 869.

Configure.sh script

The Crypto++ 8.3 release added a configure.sh script. The script helps fix misdetected features on Android, Clang, OS X and iOS. You should use the script before a build if the library misdetects features for you.

The script fixes misdetected features by rewriting config_asm.h and config_cxx.h for the platform it is run on. To run the script perform these steps. You should set CXX and CXXFLAGS to your preferred flags before running the script.

$ cp -p TestScripts/configure.sh .
$ CXX=g++ ./configure.sh
Configuring for x86_64
Compiler: /usr/bin/g++
Linker: /usr/bin/ld
Done writing config_asm.h
Done writing config_cxx.h

The configure.sh script is located in TestScripts/. It was placed there to avoid confusing users because the script is usually not needed.

A wiki page is available at Configure.sh script.

X.509 Certificate interface

Crypto++ was modified to support certificates by way of a Certificate base class. The library does not provide concrete certificate classes, however. An X.509 Certificate class is available as an add-on at noloader | cryptopp-pem.

FIPS DLL deprecation

The FIPS DLL used to be an important artifact for Windows builds. NIST moved the Crypto++ library to the Historical Validation List in 2014. The Windows DLL is no longer validated.

The project files to build the FIPS DLL are cryptdll.vcxproj and dlltest.vcxproj. The projects are now deprecated and subject to removal.

File Changes

Below is a list of all files that were added at Crypto++ 8.3.

$ git diff-tree -r --summary CRYPTOPP_8_2_0 CRYPTOPP_8_3_0 | grep -v "change" | awk '{$2=$3=""; print $0}' | grep -E '(\.h|\.cpp|\.S|\.txt|\.dat)'
create   TestData/ecies_p160.dat
create   TestData/ecies_t163.dat
create   TestVectors/xts.txt
create   allocate.cpp
create   allocate.h
create   config_align.h
create   config_asm.h
create   config_cpu.h
create   config_cxx.h
create   config_dll.h
create   config_int.h
create   config_misc.h
create   config_ns.h
create   config_os.h
create   config_ver.h
create   secblockfwd.h
create   sha1_armv4.S
create   sha1_armv4.h
create   sha256_armv4.S
create   sha256_armv4.h
create   sha512_armv4.S
create   sha512_armv4.h
create   xts.cpp
create   xts.h