Crypto++ 8.4 was released on January 2, 2021. The 8.4 release was a minor, unplanned release. There were no CVEs and one memory error fixed. A recompile of programs is required due to an unintentional ABI break in Crypto++ 8.3.
The Crypto++ 8.4 release reverted the changes for constant-time elliptic curve algorithms. Marcel Keller reported some operations broke under the new algorithm in Issue 992. The revert reactivated CVE-2019-14318.
The release also cleared a memory error reported by Daniel McRobb in Issue 988. McRobb discovered FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned.
The download is available from the Crypto++ website. The checksums for the download are below. Release signatures can be verified using GnuPG according to Release Signing.
Mirrors for the download are below. Note that GitHub checksums on the ZIP or TAR are different because the service creates the archive from sources.
The release notes for Crypto++ 8.4 follows.
The bug fix and minor issue list for Crypto++ 8.4 follows. Many non-trivial issues are tracked for auditing and C&A purposes, but the list may not be complete. A number in parenthesis is the GitHub Issue number, if it was tracked. Sometimes a Git commit is referenced, but many trivial GitHub commits are omitted. Missing Issue numbers or lack of consecutiveness usually indicates feature requests and "won't fix/can't fix" type reports.
Marcel Keller discovered recent contant-time elliptic curve changes checked-in under Issue 862 broke some operations. As a hotfix the contant-time code was reverted, which means CVE-2019-14318 is active again. The break and CVE-2019-14318 are being tracked under Issue 994.
Daniel McRobb discovered FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. The FixedSizeAllocatorWithCleanup typically has an allocation on the stack, and not the heap. The impact of the memory error was lessened because FixedSizeAllocatorWithCleanup is typically used for table data with a known size, like the state of BLAKE2s or BLAKE2b hash. Attackers generally don't have direct access to the pointer. However, an attacker who can find a message (preimage) that hashes to a particular string (image) may be able to control an address.
Based on research of older Crypto++, it appears the issue affects Crypto++ 5.6 and forward. Crypto++ 5.6 was released March 2009.
The issue was tracked under Issue 988. No CVE was assigned because the web form at https://cveform.mitre.org would not submit. We then tried to email email@example.com but the email response directed us to the webform.
The Crypto++ 8.3 release added a configure.sh script. The script helps fix misdetected features on Android, Clang, OS X and iOS. You should use the script before a build if the library misdetects features for you.
The script fixes misdetected features by rewriting config_asm.h and config_cxx.h for the platform it is run on. To run the script perform these steps. You should set CXX and CXXFLAGS to your preferred flags before running the script.
$ cp -p TestScripts/configure.sh . $ CXX=g++ ./configure.sh Configuring for x86_64 Compiler: /usr/bin/g++ Linker: /usr/bin/ld Done writing config_asm.h Done writing config_cxx.h
The configure.sh script is located in TestScripts/. It was placed there to avoid confusing users because the script is usually not needed.
A wiki page is available at Configure.sh script.
Crypto++ 8.3 was modified to support certificates by way of a Certificate base class. The library does not provide concrete certificate classes, however. An X.509 Certificate class is available as an add-on at noloader | cryptopp-pem.
The FIPS DLL used to be an important artifact for Windows builds. NIST moved the Crypto++ library to the Historical Validation List in 2014. The Windows DLL is no longer validated.
The project files to build the FIPS DLL are cryptdll.vcxproj and dlltest.vcxproj. The projects are now deprecated and subject to removal.
No files were added or removed at Crypto++ 8.4.