Crypto++ 8.1 was released on February 22, 2019. The 8.1 release was a minor, planned release. There are no CVEs or memory errors.

Release Notes

The release notes for Crypto++ 8.1 follows.

• minor release, no recompile of programs required
• expanded community input and support
  • 56 unique contributors as of this release
• fix OS X PowerPC builds with Clang
• add Microsoft ARM64 support
• fix iPhone Simulator build due to missing symbols
• add CRYPTOPP_BUGGY_SIMD_LOAD_AND_STORE
• add carryless multiplies for NIST b233 and k233 curves
• fix OpenMP build due to use of OpenMP 4 with down-level compilers
• add SignStream and VerifyStream for ed25519 and large files
• fix missing AlgorithmProvider in PanamaHash
• add SHAKE-128 and SHAKE-256
• fix AVX2 build due to _mm256_broadcastsi128_si256
• add IETF ChaCha, XChaCha, ChaChaPoly1305 and XChaChaPoly1305
• fix missing symbols in Windows DLL

Bug fixes and Minor Issues

The bug fix and minor issue list for Crypto++ 8.1 follows. Many non-trivial issues are tracked for auditing and C&A purposes, but the list may not be complete. A number in parenthesis is the GitHub GH #number, if it was tracked. Sometimes a Git commit is referenced, but many trivial GitHub commits are omitted. Missing GH #numbers or lack of consecutiveness usually indicates feature requests and "won't fix/can't fix" type reports.

• avoid use of <stdint.h> types in Donna source code (Commit 9c58ba8f2bae)
• fix missing ExtendedControlRegister when CRYPTOPP_DISABLE_ASM (Commit 29d1c1772d05)
• fix GCM build on x86 when using GCC 3.3 (Commit 8edc5cf2d58e)
• fix SIMECK build on x86 when SSSE3 not available (Commit fc2ead427c77)
• fix SIMON build on x86 when SSSE3 not available (Commit 58772f3491a5)
• fix SPECK build on x86 when SSSE3 not available (Commit a9bd504b2f12)
• fix LEA build on x86 when SSSE3 not available (Commit d00b614e4623)
• fix CHAM build on x86 when SSSE3 not available (Commit df47185573d9)
• fix OS X PowerPC builds with Clang (GH #769)
• add Microsoft ARM64 support (GH #776)
• fix iPhone Simulator build due to missing symbols (GH #779)
• fix Donna self-test failure on PowerPC with IBM XLC/C++ at -O3 (Commit 3d07010ac86b)
• fix _M_IX86 typo in Integer class (Commit 1f1c90cc290d)
• add CRYPTOPP_BUGGY_SIMD_LOAD_AND_STORE (GH #782)
• add carryless multiplies for NIST b233 and k233 curves (GH #783)
• fix OpenMP build due to use of OpenMP 4 with down-level compilers (GH #787)
• move NumericLimitsMin and NumericLimitsMax to CryptoPP namespace (GH #793)
• add SignStream and VerifyStream for ed25519 and large files (GH #796)
• add SecretToPublicKey function for x25519 (Commit cae5f8e0fd23)
• use IsPowerOf2 in Integer::Divide (Commit 48531785b74d)
• fix Fedora 7 compile using SSE4.2 (Commit 5b1e6fd28fde)
• add GNU Hurd support (Commits 4d24876490c0, ef1c8c2bb48b)
• latch previous ROUNDS in Salsa and ChaCha (GH #800, PR #804)
• switch to RFC 8439 for ChaCha-TLS (commit 76bdb328a681)
• refactor ChaCha and ChaChaTLS use a common core (Commit 70dcd29e0b86)
• fix missing AlgorithmProvider in PanamaHash (GH #801)
• add SHAKE-128 and SHAKE-256 (GH #805)
• fix AVX2 build due to _mm256_broadcastsi128_si256 (PR #809, Commit a809dbdbc469)
• add IETF ChaCha, XChaCha, ChaChaPoly1305 and XChaChaPoly1305 (GH #727)
• fix missing symbols in Windows DLL (Commit 3185e93fe303)

Crypto++ 8.0

Crypto++ 8.0 was released on December 28, 2018. The 8.0.0 release was a major, planned release. There are no CVEs or memory errors.

This release was scheduled as a minor version bump, but we lost ABI compatibility due to adding AlgorithmProvider at PR 681.

Release Notes

The release notes for Crypto++ 8.0 follows.

• major release, recompile of programs required
• expanded community input and support
  • 54 unique contributors as of this release
• add x25519 key exchange and ed25519 signature scheme
• add limited Asymmetric Key Package support from RFC 5958
• add Power9 DARN random number generator support
• add CHAM, HC-128, HC-256, Hight, LEA, Rabbit, Simeck
• fix FixedSizeAllocatorWithCleanup may be unaligned on some platforms
• cutover to GNU Make-based cpu feature tests
• rename files with dashes to underscores
• fix LegacyDecryptor and LegacyDecryptorWithMAC use wrong MAC
• fix incorrect AES/CBC decryption on Windows
• avoid Singleton<T> when possible, avoid std::call_once completely
• fix SPARC alignment problems due to GetAlignmentOf<T>() on word64
• add ARM AES asm implementation from Cryptogams
• remove CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS support
• ported to MSVC 2017, Xcode 10.0, Sun Studio 12.6, GCC 8.0.1, MacPorts GCC 7.0, Clang 7.0, Intel C++ 17.00, IBM XL C/C++ 13.3

Bug Fixes and Minor Issues

The bug fix and minor issue list for Crypto++ 8.0 follows. Many non-trivial issues are tracked for auditing and C&A purposes, but the list may not be complete. A number in parenthesis is the GitHub Issue number, if it was tracked. Sometimes a Git commit is referenced, but many trivial GitHub commits are omitted. Missing Issue numbers or lack of consecutiveness usually indicates feature requests and "won't fix/can't fix" type reports.

• add ed25519 signatures (Issue 764, PR 767)
• add x25519 key exchange (Issue 761, PR 762)
• add Hygon Dhyana processor support (PR 765)
• add Power9 DARN rng support (Issue 747, PR 748)
• add HC-128 stream cipher (Issue 679)
• add Rabbit stream cipher (Issue 678)
• add Simeck lightweight block cipher (Issue 675)
• add HIGHT lightweight block cipher (Issue 672)
• add CHAM lightweight block cipher (PR 670)
• add LEA lightweight block cipher (Issue 669)
• add ARM AES asm from Cryptogams (Issue 683)
• add Make-based cpu feature tests (Issue 741, Issue 737)
• add VectorSource (Issue 730)
• add AES-NI accelerated SM4 encryption (Issue 540)
• add XOP aware ChaCha (Commit ed4d57cecbd4)
• add XOP aware SIMON and SPECK (Commit 210995b867b0)
• add XOP aware CHAM and LEA (Commit babdf8b38b2b)
• add XOP aware SIMECK (Commit 67f421174ccc)
• add SSSE3 rotates when available (Commit b4c4c5aa14c7)
• add SONAME to shared object for Solaris (Commit 9886b555d073)
• add AlgorithmProvider member function to Algorithm class (PR 681)
• add search for test vectors and test data (Issue 760)
  • only search well known locations for Linux LSB install
• remove OS sockets and threads (Issue 178, Issue 208, PR 703)
  • C++11 socket, threads and synchronization classes may be used
• disable Panama ASM on X86 (Issue 758)
• add CRYPTOPP_DISABLE_MIXED_ASM define (Issue 756, PR 757)
  • folds two previous defines CRYPTOPP_CLANG_INTEGRATED_ASSEMBER and CRYPTOPP_DISABLE_INTEL_ASM
• various SunCC improvements for Solaris
• various XLC improvements for PowerPC
• make GF2_32 class member of RawIDA
• move DEFAULT_CHANNEL and AAD_CHANNEL into cryptlib.cpp (Issue 751)
• various updates to GNUmakefile and GNUmakefile-cross
• fix PowerMac G4 and G5 builds (Issue 741)
• rewrite BLAKE2 classes (Issue 731, Commit a65d55a3fd0b)
• use C++ compiler for all source files (PR 733)
• fix missing cpu-features.o in Android shared object (PR 733)
• rename PPC vector functions from VectorFunc to VecFunc (Commit f6e04e5f338d)
• fix global optimization bug for ChaCha AVX2 under VS2017 (Issue 735)
• fix global optimization bug for AES SSE4.1 under VS2017 (Issue 649)
• add ability to Seek64 in test framework (Issue 732)
• sync CRYPTOPP_{BIG|LITTLE}_ENDIAN with Autotools (Commit c601213ce13f)
• sync CRYPTOPP_ARM_ACLE_AVAILABLE with Autotools (Commit d3a3189ba34f)
• fix ambiguous symbol BTEA::StaticAlgorithmName (Issue 726)
• fix LegacyDecryptor and LegacyDecryptorWithMAC (Issue 714)
• add -xregs=no%appl for SunCC on SPARC (Commit 03297cdfa6f3)
• fix missed conditions for XTR-DH domain parameters generation (Commit 44cd7eb1ed84)
• fix FixedSizeAllocatorWithCleanup may be unaligned on some platforms (Issue 709)
• avoid Singleton<T> when possible (Issue 708)
• avoid std::call_once completely (Issue 707)
• add keccack.h and keccack.cpp for shared F1600 (Commit b9a6034a816b)
  • Provides common core function for SHA-3 and Keccack
• fix SecBlock ELEMS_MAX in Visual Studio .Net (2002 and 2003) (Commit d47f69acf376)
• fix compiler crash in Visual Studio .Net (2002 and 2003) due to GCM (Commit c24f17b7a26b)
• fix compile on Visual Studio 2005 without service packs (Commit 874f79c32061)
• disable X32 inline assembly (Issue 686, PR 704)
• fix build with Embarcadero C++ Builder 10.2.3 (Issue 696)
• rewrite RDRAND and RDSEED classes (Commit 1bd18dd5ba62)
• disable ASM for iOS simulators (Commit 3753a4301d0f)
• refactor bench{N}.cpp, regtest{N}.cpp and validate{N}.cpp
  • resource constrained devices and SunCC could not compile them without hassles
• fix SPARC alignment problems due to GetAlignmentOf<T>() on word64 (Issue 691, Issue 690, Issue 689, Issue 403)
• fix Apple feature detection (Issue 685)
• fix "Error: symbol SHA512_Round is already defined" (Issue 684)
• workaround GCC and Clang in handling of same buffer for in and out (Commit 49d852ee8c7c, Commit e580ed588a1c)
• fix missing Deflator::IsolatedInitialize during Gzip init (Issue 660)
• remove CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS support (Issue 682)
• remove unneeded code to accomodate variable block size (Issue 535)
• fix bad CHAM-64/ECB decryption with Clang at -O1 (Issue 677)
• add AVX and AVX2 runtime feature detection (Issue 671)
• fix missing Kalyna512_Info parameter (Issue 662)
• fix Threefish blocksize parameter (Issue 663)
• fix overcommit resources for Scrypt parallelization (Issue 641)
• fix various Clang warnings in headers (Issue 655)
• add recipe to install the library only (Issue 653)
• back-off HashTransformation asserts (Issue 652)
• use CRYPTOPP_ASSERT in Keccak and SHA3 (Issue 654)
• add AdditionalOptions property to VCXPROJ files (Issue 649)
• fix visibility for SIMON and SPECK (Issue 644)

MinGW 32-bit

MinGW 32-bit is failing self tests for LEA, SIMON, SPECK and SM4. MinGW 64-bit is OK. We don't know the cause and don't have a work-around.

We are tracking the problem at Issue 768, 32-bit MinGW self test failures.

Sockets and threads

Crypto++ removed Operating System specific code for sockets and threads. OS specific socket and thread support was removed to streamline the library and focus on the cryptography. The removal will also avoid porting troubles which surface on occassion. Users can re-install the files or utilize C++11 support, if desired.

The list of files removed are as follows.

• network.cpp
• network.h
• socketft.cpp
• socketft.h
• trdlocal.cpp
• trdlocal.h
• wait.cpp
• wait.h
• winpipes.cpp
• winpipes.h

A wiki page was setup to document the change and provide the old source files at Sockets and Threads.

setenv-android.sh

The cross-compile script setenv-android.sh is no longer viable for building the library using the Android NDK. Recent NDK changes has mostly obsoleted the script. We are moving to a new script but it is not ready at the moment. Also see Issue 763, Building for Android using NDK not supported on Windows hosts.

We have a GitHub setup with yet another build system at cryptopp-android. It provides Android.mk for Android's build system.

Crypto++ 7.0

Crypto++ 7.0 was released on April 8, 2018. The 7.0 release was a major, unplanned release. There are no CVE fixes but there is a fix for a memory error.

Release Notes

The release notes for Crypto++ 7.0 follows.

• major release, recompile of programs required
• expanded community input and support
  • 48 unique contributors as of this release
• fix incorrect result when using Integer::InverseMod
  • may be CVE worthy, but request was not submitted
• fix ARIA/CTR bus error on Sparc64
• fix incorrect result when using a_exp_b_mod_c
• fix undeclared identifier uint32_t on early Visual Studio
• fix iPhoneSimulator build on i386
• fix incorrect adler32 in ZlibDecompressor
• fix Power7 test using PPC_FEATURE_ARCH_2_06
• workaround incorrect Glibc sysconf return value on ppc64-le
• add KeyDerivationFunction interface
• add scrypt key derivation function
• add Salsa20_Core transform callable from outside class
• add sbyte, sword16, sword32 and sword64
• remove s_nullNameValuePairs from unnamed namespace
• ported to MSVC 2017, Xcode 9.3, Sun Studio 12.5, GCC 8.0.1, MacPorts GCC 7.0, Clang 5.0, Intel C++ 17.00, IBM XL C/C++ 13.1

Bug Fixes and Minor Issues

The bug fix and minor issue list for Crypto++ 7.0 follows. Many non-trivial issues are tracked for auditing and C&A purposes, but the list may not be complete. A number in parenthesis is the GitHub Issue number, if it was tracked. Sometimes a Git commit is referenced, but many trivial GitHub commits are omitted. Missing Issue numbers or lack of consecutiveness usually indicates feature requests and "won't fix/can't fix" type reports.

• fix incorrect result when using Integer::InverseMod (Issue 602)
  • may be CVE worthy, but a request was not submitted
• fix warning due to different string alignments in mqueue.cpp (Issue 591, PR 603)
• add PowerPC Power8 SHA hashing (Issue 513)
• define AT_HWCAP/AT_HWCAP2 if getauxval unavailable (PR 594)
• fix compile error on Windows due to symbol U collision (Issue 599)
• fix Adler32 error in ZlibDecompressor in multithreaded programs (Issue 596, PR 600)
• fix ARIA/CTR bus error on Sparc64 (Issue 597)
• fix GCC version for RDSEED intrinsic (PR 598)
• fix incorrect result when using a_exp_b_mod_c (Issue 602)
• fix undeclared identifier uint32_t on early Visual Studio (Issue 608)
• add sbyte, sword16, sword32 and sword64 (Issue 608, 609)
• add KeyDerivationFunction interface (Issue 610)
• cutover PBKDF to KeyDerivationFunction interface (PR 612)
• add Scrypt key derivation function (Issue 613)
• remove extraneous semi-colons in source files (PR 605-625)
• re-enable OS X and iOS tests on Travis (PR 627)
• add OpenMP support to Scrypt (PR 628)
• add Salsa20_Core transform (Issue 630)
• remove s_nullNameValuePairs from unnamed namespace (Issue 631)
• rename ECGDSA_ISO15946 -> ECGDSA (PR 634)
• fix iPhoneSimulator build on i386 (Issue 635)
• make CAST temporaries class members (Commit 71e9fece8795)
• fix Scrypt and Coverity findings CID 189203, 189204, 189205 (Commit 11e076003a1a)
• change order of member initialization in ASN.1 decoders (Commit 64a15cf51b8f)
• make AuthenticatedSymmetricCipher::AlgorithmName non-pure (Commit 62a9574f3fd6)
• add CPU feature queries for AIX (Commit 04e361889efd)

Memory error

The Integer class had a memory error in member function InverseMod that could cause a heap corruption. The error surfaced when x % m was used and x was much larger than m. The error usually occured when the bit count of x was larger than the bit count m by about 128-bits or 256-bits.

Below is the new code for InverseMod located in integer.cpp. InverseMod was fixed, and InverseModNext was added. The problem was Integer r was too small, and AlmostInverse wrote beyond the integer's internal buffer. Also see Issue 602 | Comment 376222204.

Integer Integer::InverseMod(const Integer &m) const
{
    if (IsNegative())
        return Modulo(m).InverseModNext(m);

    // http://github.com/weidai11/cryptopp/issues/602
    if (*this >= m)
        return Modulo(m).InverseModNext(m);

    return InverseModNext(m);
}

Integer Integer::InverseModNext(const Integer &m) const
{
    if (m.IsEven())
    {
        if (!m || IsEven())
            return Zero();    // no inverse
        if (*this == One())
            return One();

        Integer u = m.Modulo(*this).InverseModNext(*this);
        return !u ? Zero() : (m*(*this-u)+1)/(*this);
    }

    IntegerSecBlock T(m.reg.size() * 4);
    Integer r((word)0, m.reg.size());
    unsigned k = AlmostInverse(r.reg, T, reg, reg.size(), m.reg, m.reg.size());
    DivideByPower2Mod(r.reg, r.reg, k, m.reg, m.reg.size());
    return r;
}

Notes for Distros

The incorrect result when using Integer::InverseMod (Issue 602) is a memory error. The issue may be CVE worthy, and it is the reason for the Crypto++ 7.0 release. The library itself was not at risk of memory problems due to the way the library used the Integer class. User programs prior to Crypto++ 7.0 could be at risk because they might call the mod operation with an operand large enough to witness the problem.

The 7.0 version bump was not due to the memory error. The major version bump was due to ABI breaks caused by KeyDerivationFunction interface.

File Changes

Below is a list of all files that were added at Crypto++ 7.0.

$ git diff-tree -r --summary CRYPTOPP_6_1_0 CRYPTOPP_7_0_0 | grep -v "change" | awk '{$2=$3=""; print $0}' | egrep '(.h|.cpp|.txt|.dat)'
create   scrypt.cpp
create   scrypt.h

Crypto++ 6.1

Crypto++ 6.1 was released on February 22, 2018. The 6.1 release was a minor, planned release. There were no CVE fixes.

Release Notes

The release notes for Crypto++ 6.1 follows.

• minor release, maintenance items
• expanded community input and support
• • 46 unique contributors as of this release
• use 2048-bit modulus default for DSA
• fix build under Linuxbrew
• use /bin/sh in GNUmakefile
• fix missing flags for SIMON and SPECK in GNUMakefile-cross
• fix ARM and MinGW misdetection in GNUMakefile
• port setenv-android.sh to latest NDK
• fix Clang check for C++11 lambdas on FreeBSD
• convert Simon and Speck to little-endian implementation
• use LIB_MAJOR for ABI compatibility
• fix ODR violation in AdvancedProcessBlocks_{ARCH} templates
• handle C++17 std::uncaught_exceptions
• ported to MSVC 2017, Xcode 8.1, Sun Studio 12.5, GCC 8.0.1, MacPorts GCC 7.0, Clang 4.0, Intel C++ 17.00, IBM XL C/C++ 13.1

Simon and Speck

Crypto++ changed its implementation for Simon and Speck from big-endian to little-endian. Formerly we followed the published test vectors from the paper, but they turned out to be incorrect. We later learned we should have followed the algorithmic description from the paper. The Crypto++ implementation now aligns with the Simon and Speck paper's algorithmic description and the Linux kernel.

The Simon and Speck changed was tracked via Issue 585.

Meltdown and Spectre

Meltdown and Spectre are security vulnerabilities announced in December 2017. The defects are present in modern CPU's due to speculative execution and allow attackers to recover secrets and other sensitve information. More reading is available at Meltdown and Spectre website.

Crypto++ 6.1 (and Crypto++ 6.0) did not ship with Meltdown and Spectre remediations in place. The first remediations appeared in GCC 7.3 at the end of January 2018. If you want to build Crypto++ with GCC remediations in place then you should add -mfunction-return=thunk and -mindirect-branch=thunk to your CXXFLAGS. Optionally, you can disable assembly language routines. The steps to engage the hardening are:

• Optionally uncomment #define CRYPTOPP_DISABLE_ASM 1 in config.h around line 60.
• Add the appropriate flags to CXXFLAGS. For example, with GCC use CXXFLAGS="-DNDEBUG -g2 -O3 -mfunction-return=thunk -mindirect-branch=thunk".

It is hard to say how effective CRYPTOPP_DISABLE_ASM is when containing Meltdown and Spectre. Crypto++ has a fair amount of assembly langauge routines, including hardware accelerated AES and SHA. Downgrading back to C++ means other side channel leakage could be present that were remediated with the hardware intructions.

Bug Fixes and Minor Issues

The bug fix and minor issue list for Crypto++ 6.1 follows. Many non-trivial issues are tracked for auditing and C&A purposes, but the list may not be complete. A number in parenthesis is the GitHub Issue number, if it was tracked. Sometimes a Git commit is referenced, but many trivial GitHub commits are omitted. Missing Issue numbers or lack of consecutiveness usually indicates feature requests and "won't fix/can't fix" type reports.

• use 2048-bit modulus default for DSA (Issue 571)
• add Kalyna typedefs (Issue 535)
• fix build under Linuxbrew (Issue 575)
• use /bin/sh in GNUmakefile (Issue 573)
• fix missing flags for SIMON and SPECK in GNUMakefile-cross (Issue 577)
• fix MinGW misdetection (Issue 573)
• fix ARM misdetection (Issue 573)
• fix SHA-512 crash on Debian X32 (Issue 578)
• fix misaligned SSE2 allocations on FreeBSD (Issue 562)
• switch to posix_memalign when available (Commit 22e783a378bb)
• use install program for GNUmakefile (Issue 582)
• port setenv-android.sh to latest NDK
• fix Clang check for C++11 lambdas (Issue 587)
• convert Simon and Speck to little-endian (Issue 588)
• fix signed integer overflow on ppc64 (Issue 588)
• use LIB_MAJOR for ABI compatibility (Issue 589)
• fix ODR violation in AdvancedProcessBlocks_{ARCH} templates (Issue 588)
• handle C++17 std::uncaught_exceptions (Issue 590)

Notes for Distros

None.

File Changes

None.

Crypto++ 6.0

Crypto++ 6.0 was released on January 22, 2018. The 6.0 release was a major relase and the ABI changed. The release included two CVE fixes.

The first CVE, CVE-2016-9939, was a transient DoS due to allocating an oversized buffer on attacker controlled data. The transitivity was due to a zeroizer which cleared memory, even if the memory was unused.

The second CVE, CVE-2017-9434, was a misidentified finding that arose during fuzzing. The project detected a memory error that was due to a violation of aliasing rules in the test software, and not the library proper.

Release Notes

The release notes for Crypto++ 6.0 follows.

• Major release, recompile of programs required
• expanded community input and support
  • 43 unique contributors as of this release
• fixed CVE-2016-9939 (Issue 346, transient DoS)
• fixed CVE-2017-9434 (Issue 414, misidentified memory error)
• converted to BASE+SIMD implementation
  • BASE provides an architecture neutral C++ implementation
  • SIMD provides architecture specific hardware acceleration
• improved PowerPC Power4, Power7 and Power8 support
• added ARIA, EC German DSA, Deterministic signatures (RFC 6979), Kalyna, NIST Hash and HMAC DRBG, Padlock RNG, Poly1305, SipHash, Simon, Speck, SM3, SM4, Threefish algorithms
• added NaCl interface from the compact library
  • x25519 key exhange and ed25519 signing provided through NaCl interface
• improved Testing and QA
• ported to MSVC 2017, Xcode 8.1, Sun Studio 12.5, GCC 7.0, MacPorts GCC 7.0, Clang 4.0, Intel C++ 17.00, IBM XL C/C++ 13.1

std::byte

Crypto++ moved byte into the CryptoPP namespace. The change could cause problems with some user programs. There is a wiki page available for fixing user programs at std::byte.

The change was due to C++17 std::byte causing ambiguous symbol references. Formerly Crypto++ byte was in the gobal namespace to avoid ambiguous symbol references due to Microsoft SDK's placement of a byte in the gobal namespace.

After the change Microsoft byte and std::byte will still cause ambiguous symbol references, and the wiki page should help user programs make a choice.

BASE + SIMD

Crypto++ switched to BASE+SIMD to better support distros. BASE provides an agnostic C++ implementation, while SIMD provides a specialized implementation like ARMv8 or Intel for AES or SHA. The SIMD files, like rijndael-simd.cpp or sha-simd.cpp, require architecture specific flags, like -msse4.1 -maes and -march=armv8-a+crypto.

Both the Crypto++ makefile and the unoffical Autoools project adds the architecture specific flags. The makefile still honors your CXXFLAGS:

# AESNI, ARMv8a or Power8 available
rijndael-simd.o : rijndael-simd.cpp
        $(CXX) $(strip $(CXXFLAGS) $(AES_FLAG) -c) $<

If you encounter errors like shown below, then be sure your build tool is adding the necessary flags.

$ g++ -g2 -O3 rijndael-simd.cpp -c
In file included from rijndael-simd.cpp:37:0:
...
/usr/lib/gcc/x86_64-redhat-linux/7/include/wmmintrin.h:61:1:
  error: inlining failed in call to always_inline '__m128i _mm_aesenc_si128(__m128i, __m128i)':
  target specific option mismatch
 _mm_aesenc_si128 (__m128i __X, __m128i __Y)
 ^~~~~~~~~~~~~~~~
rijndael-simd.cpp:377:33: note: called from here
         block = _mm_aesenc_si128(block, skeys[i+1]);

Autotools project

BASE+SIMD caused a lot of extra work for Debian and László Böszörményi. We teamed with László and added an unofficial Autoools project to remove some of the burden. The Autotools project can be used to build Crypto++ by distributions.

If you experience a failed compile due to missing architecture flags, then run the makefile or Autool's configure. Autotools will provide summary information with the necessary flags:

$ autoreconf -f -i
...
$ ./configure
...

Auto-configuration complete. A summary of options are below. If
something looks wrong then please modify config.h and please report
it at http://github.com/noloader/cryptopp-autotools.

   Build triplet: x86_64-pc-linux-gnu
 Compiler target: x86_64-redhat-linux
Compiler version: g++ (GCC) 7.2.1 20170915 (Red Hat 7.2.1-2)

Static library: yes
Shared library: yes

CRYPTOPP_SSE_FLAG: -msse2
CRYPTOPP_ARIA_FLAG: -mssse3
CRYPTOPP_BLAKE2_FLAG: -msse4.1
CRYPTOPP_CRC_FLAG: -msse4.2
CRYPTOPP_GCM_FLAG: -mssse3 -mpclmul
CRYPTOPP_AES_FLAG: -msse4.1 -maes
CRYPTOPP_SHA_FLAG: -msse4.2 -msha
CRYPTOPP_SPECK_FLAG: -msse4.1
CRYPTOPP_SIMON_FLAG: -msse4.1

Automake flags (can be overridden by user flags):
AM_CXXFLAGS:  -pthread -fdata-sections -ffunction-sections -pipe
AM_LDFLAGS:  -pthread -Wl,--gc-sections -Wl,--exclude-libs,ALL

User flags (overrides Automake flags on conflict):
CXXFLAGS: -g -O2
LDFLAGS:

Running configure on an Aarch64 machine produces similar results for ARMv8:

CRYPTOPP_NEON_FLAG: -march=armv8-a
CRYPTOPP_ARIA_FLAG: -march=armv8-a
CRYPTOPP_BLAKE2_FLAG: -march=armv8-a
CRYPTOPP_CRC_FLAG: -march=armv8-a+crc
CRYPTOPP_GCM_FLAG: -march=armv8-a+crypto
CRYPTOPP_AES_FLAG: -march=armv8-a+crypto
CRYPTOPP_SHA_FLAG: -march=armv8-a+crypto
CRYPTOPP_SPECK_FLAG: -march=armv8-a
CRYPTOPP_SIMON_FLAG: -march=armv8-a

Bug Fixes and Minor Issues

The bug fix and minor issue list for Crypto++ 6.0 follows. Many non-trivial issues are tracked for auditing and C&A purposes, but the list may not be complete. A number in parenthesis is the GitHub Issue number, if it was tracked. Sometimes a Git commit is referenced, but many trivial GitHub commits are omitted. Missing Issue numbers or lack of consecutiveness usually indicates feature requests and "won't fix/can't fix" type reports.

CMake bugs were not included in the list below. There were approximately 40 of them. CMake did not achieve stability, and it was removed under Issue 506. The build tool was repsonsible for a disproportionate number of bugs between Crypto++ 5.6.4 and Crypto++ 6.0. We did not have the resources to work the reports.

• Fixed CVE-2016-9939 (Issue 346, transient DoS)
• Fixed CVE-2017-9434 (Issue 414, misidentified memory error)
• Added std::byte, fixed compiles (Issues 442, 447, 458)
• Converted to BASE+SIMD source code pattern (Issue 380, PR 461)
• Updated documentation
• Fixed x64dll.asm included in Windows Phone using MSbuilds (Issue 316)
• Remove dependencies on WINVER and _WIN32_WINNT (Issue 318)
• Fixed memcpy_s has not been declared on MinGW (Issue 319)
• Fixed undeclared identifier '_mm_clmulepi64_si128' with Clang (Issue 320)
• Fixed MASM RDRAND and access violation under VS2013 (Issue 321)
• Fixed WSAStringToAddress was not declared in this scope on Cygwin (Issue 322)
• Updated curve25519 OIDs (Issue 323)
• Fixed error: operator '>=' has no left operand on Solaris (Issue 329)
• Fixed Error: character following name is not '#' on Debian Hurd (Issue 330)
• Fixed zeroizer removal by the optimizer (Issue 331)
• Added AND, OR and XOR bitops to Integer class (Issue 336)
• Fixed missing Integer ctor overload body (Issue 337)
• Removed VC++ 5.0/6.0 support (Issue 342)
• Updated DefaultEncryptor, DefaultEncryptorWithMAC with modern algorithms (Issue 345)
• Added SipHash (Issue 348)
• Increased Socket::Listen backlog (Issue 349)
• Fixed RoundUpToMultipleOf bug (Issue 360)
• Fixed <arm_acle.h> include for Apple and LLVM Clang (Issue 362)
• Fixed Apple Clang and numeric_limits::max() returns 0 (Issue 362)
• Fixed 32-bit SHA-384 and SHA-512 (Issue 365)
• Fixed poor performance with ARMv8/Aarch64 on Cortex-A57 (Issue 367)
• Removed MAINTAIN_BACKWARDS_COMPATIBILITY (Issue 369)
• Added HeaderVersion() and LibraryVersion() functions (Issue 371)
• Singleton::Ref() crashes on VS2012/2013 (Issue 372, 391)
• Fixed Hang and loader lock on WinXP (Issues 373, 435)
• Converted encoders to thread safe initialization (Issue 376)
• Fixed OS_NO_DEPENDENCE in osrng.h (Issue 377)
• Added Test namespace within CryptoPP namespace (Issue 379)
• Removed NULL_CHANNEL and Code Warrior 8 workaround (Issue 382)
• Added support for C++11 nullptr (Issue 383)
• Converted to WSAStringToAddressA for Windows (Issue 385)
• Added Random Number Generator benchmarks (Issue 386)
• Improved RDRAND and RDSEED performance (Issue 387, 388)
• Fixed EGCC assembler error on OpenBSD (Issue 395)
• Fixed SIGBUS crashes in cryptest.exe on Solaris (Issue 403)
• Fixed Inlining failed ... target specific option mismatch (Issue 407)
• Added Kalyna block cipher (Issue 411)
• Reduced fiddling with warnings in config.h (Issue 412)
• Fixed incorrect BLAKE2 hash (Issue 415)
• Added Gzip Filename, Filetime and Comment support (Issue 420)
• Added Threefish block cipher (Issue 422)
• Added Polynomials for CMAC and GCM mode (Issue 423)
• Enabled SHA intrinsics when SHA is not defined (BASE+SIMD pattern) (Issue 427, PR 461)
• Enabled CRC32 intrinsics when CRC is not defined (BASE+SIMD pattern) (Issue 428, PR 461)
• Enabled AES intrinsics when AES is not defined (BASE+SIMD pattern) (Issue 429, PR 461)
• Enabled CLMUL intrinsics when PCLMUL is not defined (BASE+SIMD pattern) (Issue 430, PR 461)
• Fixed GCC7 and -Wimplicit-fallthrough warnings (Issue 411)
• Make SecBlock<T,A> data members protected (Issue 448)
• Fixed Clang and sequence point warning (Issue 449)
• Added OldRandomPool for pre-Crypto++ 5.5 compatibility (Issue 452)
• Switched from -O2 to -O3 in the makefile (Issue 454)
• Fixed static SHA::Transform on Intel SHA (Issue 455, 456)
• Added ARMv8 AES (Issue 458)
• Fixed inlining failed in call on MinGW (Issue 466)
• Fixed Clang 3.8 and SHA assembler error on OpenBSD (Issue 468)
• Fixed crash in ARIA_ProcessAndXorBlock_Xor_SSSE3 (Issue 473)
• Fixed SecBlock compile failure due to lack of strongly typed enums with VS2010 (Issue 400)
• Fixed ARM feature detection with BASE+SIMD (Issue 480, PR 461)
• Fixed load/store on ARM NEON using BASE+SIMD (Issue 481, PR 461)
• Fixed GCC 6 compile failure with -std=c++03 on AIX (Issue 485)
• Improved under-aligned buffers for AltiVec and Power8 (Issue 487)
• Fixed AOSP_STL_INC using setenv-android.sh (Issue 490)
• Fixed Android ARM compile using setenv-android.sh (Issue 491)
• Fixed CentOS 6.6 amd64 compile error (Issue 494)
• Added Power8 AES (Issue 497)
• Fixed DL_PrivateKey_GFP::~DL_PrivateKey_GFP() section type conflict on AIX (Issue 499)
• Fixed CpuID function using Borland (Issue 500)
• Fixed SHA512 failed self tests on AIX (Issue 502)
• Fixed TEA failed self tests on AIX (Issue 502)
• Removed CMake from library sources (Issue 506)
• Fixed Android x86 compile using setenv-android.sh (Issue 508)
• Fixed Android ARMEABI compile using setenv-android.sh (Issue 509)
• Added CRYPTOPP_NO_CPU_FEATURE_PROBES to disable SIGILL probes (Issues 511, 521)
• Fixed compile with Borland 2010 (Issue 512)
• Added SHA3 OIDs for signature schemes (Issue 517)
• Fixed long compile time for BLAKE2 using MSVC (Issue 527)
• Fixed Poly1305 link error (Issue 528)
• Added CRYPTOPP_NO_CXX11 for old compilers (Issue 529)
• Fixed RSA signature failures when using libcryptopp.dylib on OS X (Issue 533)
• Removed variable block size support for block ciphers (Issue 535)
• Added SPECK-64 and SPECK-128 block ciphers (Issue 538)
• Added SIMON-64 and SIMON-128 block ciphers (Issue 539)
• Added SM4 block cipher (Issue 540)
• Added SM3 hash function (Issue 541)
• Fixed no such instruction: 'sha1rnds4 $0,%xmm0,%xmm7' on Solaris (Issue 551)
• Fixed SM3 failed self tests at -O3 on AIX (Issue 553)
• Fixed impossible register constraint in 'asm' (Issue 554)
• Removed DL_PrivateKey_GFP_OldFormat (Issue 567)
• Improved <arm_acle.h> include for GCC, Apple and LLVM Clang on ARM, Aarch32 and Aarch64 (Issue 568)
• Removed AsymmetricAlgorithm::BERDecode and DEREncode (Issue 569)
• Fixed Clang warnings in pkcspad.h (Pull Request 270)
• Improved Keccak and SHA3 support (Pull Requests 280, 291, 296)
• Fixed MARS key sizes (Pull Requests 281, 282)
• Fixed VS2012 project files (Pull Request 286)
• Fixed GCC warning "type qualifiers ignored on function return type" (Pull Request 339)
• Fixed CRYPTOPP_ASSERT (Pull Request 356)
• Fixed VS2017 warnings (Pull Request 363)
• Added W3C padding support (Pull Request 368)
• Added DragonFly support (Pull Request 378)
• Removed static from reference to singleton (Pull Request 392)
• Improved SunCC support (Pull Request 402)
• Fixed Sun SPARC alignment (Pull Request 405)
• Fixed BLAKE2 when using non-standard digest sizes (Pull Request 416)
• Implemented reproducible builds (Pull Request 426)
• Improved Windows XP support under VS2015 (Pull Request 439)
• Removed -march=native as default in Makefile (Pull Request 465)
• Removed WORKAROUND_MS_BUG_Q258000 (Pull Request 478)
• Fixed Clang FreeBSD 10.3 builds (Pull Request 483)
• Added Android cpufeatures library integration (Pull Request 489)
• Improved MinGW support (Pull Request 531)
• Updated shared object build rules (Pull Request 547)
• Fixed C++ Builder compiles (Pull Request 552)
• Used lambda instead of std::bind2nd in C++11 (Pull Request 559)
• Fixed deterministic signatures for EC (Pull Request 560)
• Added interface to TweetNaCl library (Pull Request 566)
• Removed all BACKWARDS_COMPATIBILITY code and macros. The clock is reset.
• Fixed approximately 25 Asan and UBsan findings
• Fixed approximately 50 Coverity findings

Notes for Distros

There are three items of interest for distros. First, we fixed the ABI breaks by bumping to Crypto++ 6.0. We apologize for the problems it caused in Crypto++ 5.6.5.

Second, we have an unoffical Autotools project at Crypto++ | Autoools. It is based on the Autotools project files supplied by Debian and László Böszörményi. Autotools has several contributors, including László, so it should be mostly up to date.

Third, we have an unoffical Cmake project at Crypto++ | Cmake. It is based on the Cmake project files that were removed from the distribution. There are fewer contributors to the Cmake project and the files may not be up to date.

File Changes

Below is a list of all files that were added or deleted at Crypto++ 6.0.

$ git diff-tree -r --summary CRYPTOPP_5_6_5 CRYPTOPP_6_0_0 | grep -v "change" | awk '{$2=$3=""; print $0}' | egrep '(.h|.cpp|.txt|.dat)'
create   TestData/aria.dat
create   TestData/rsa2048a.dat
create   TestVectors/aria.txt
create   TestVectors/kalyna.txt
create   TestVectors/sha1_160_fips_180.txt
create   TestVectors/sha1_fips_180.txt
create   TestVectors/sha2.txt
create   TestVectors/sha2_224_fips_180.txt
create   TestVectors/sha2_256_fips_180.txt
create   TestVectors/sha2_384_fips_180.txt
create   TestVectors/sha2_512_fips_180.txt
create   TestVectors/sha2_fips_180.txt
create   TestVectors/sha3.txt
create   TestVectors/simon.txt
create   TestVectors/siphash.txt
create   TestVectors/sm3.txt
create   TestVectors/sm4.txt
create   TestVectors/speck.txt
create   TestVectors/threefish.txt
create   adv-simd.h
create   aria-simd.cpp
create   aria.cpp
create   aria.h
create   ariatab.cpp
create   blake2-simd.cpp
create   crc-simd.cpp
create   drbg.h
create   ecpoint.h
create   gcm-simd.cpp
create   hashfwd.h
create   kalyna.cpp
create   kalyna.h
create   kalynatab.cpp
create   nacl.h
create   neon-simd.cpp
create   padlkrng.cpp
create   padlkrng.h
create   poly1305.cpp
create   poly1305.h
create   ppc-simd.cpp
create   ppc-simd.h
delete   regtest.cpp
create   regtest1.cpp
create   regtest2.cpp
create   regtest3.cpp
create   rijndael-simd.cpp
create   sha-simd.cpp
create   shacal2-simd.cpp
create   simon-simd.cpp
create   simon.cpp
create   simon.h
create   siphash.h
create   sm3.cpp
create   sm3.h
create   sm4.cpp
create   sm4.h
create   speck-simd.cpp
create   speck.cpp
create   speck.h
create   sse-simd.cpp
create   threefish.cpp
create   threefish.h
create   tweetnacl.cpp
create   tweetnacl.h
create   validat0.cpp
create   validat4.cpp

Crypto++ 5.6.5

Crypto++ 5.6.5 was released on October 11, 2016. The 5.6.5 release was mostly a maintenance release. The release included two CVE fixes.

The first, CVE-2016-7420, was a procedural finding due to external build systems failing to define NDEBUG for release builds. The gap was the project's failure to tell users to define NDEBUG. The second, CVE-2016-7544, was a potential memory corruption on Windows platforms when using Microsoft compilers due to use of _malloca and _freea.

Due to CVE-2016-7420 and the possibility for an unwanted assert to egress data, users and distros are encouraged to recompile the library and all dependent programs.

Release Notes

The release notes for Crypto++ 5.6.5 follows.

• maintenance release, recompile of programs recommended
• expanded community input and support
  • 25 unique contributors as of this release
• fixed CVE-2016-7420 (Issue 277, document NDEBUG for production/release)
• fixed CVE-2016-7544 (Issue 302, avoid _malloca and _freea for MSC compilers)
• shipped library in recommended state
  • backwards compatibility achieved with <config.compat>
• Visual Studio project file cleanup
  • improved X86 and X64 MSBuild support
  • added ARM-based MSBuild awareness
• improved Testing and QA
  • expanded platforms and compilers
  • expanded Coverity into OS X and Windows platforms
  • added Windows test scripts using Strawberry Perl
• ported to MSVC 2015 SP3, Xcode 7.3, Sun Studio 12.5, GCC 7.0, MacPorts GCC 7.0, Clang 3.8, Intel C++ 17.00

Bug Fixes and Minor Issues

The bug fix and minor issue list for Crypto++ 5.6.5 follows. Most non-trivial issues are tracked for auditing and C&A purposes, but the list may not be complete. A number in parenthesis is the GitHub Issue number, if it was tracked. Sometimes a Git commit is referenced, but many trivial GitHub commits are omitted. Missing Issue numbers or lack of consecutiveness usually indicates feature requests and "won't fix/can't fix" type reports.

The list below has about 20 issues. The project's test scripts, cryptest.sh and cryptest.nmake, uncovered about 16 (80.0%) of them.

• Document need for NDEBUG in production/release (CVE-2016-7420, Issue 277)
• Add CRYPTOPP_ASSERT(); avoid Posix assert() (CVE-2016-7420, Issue 277)
• Potential memory corruption when using _malloca and _freea for MSC compilers (CVE-2016-7544, Issue 302)
• Fix missing CryptoPP::memcpy_s on MinGW32 (Issue 319)
• Visual Studio 2010 project file cleanup (Issue 314)
• Improved MSBuild support, including future ARM-based builds (Issue 316)
• Cygwin, Newlib and broken compile when -std=XXX due to <signal.h> (Issue 315)
• Sun Studio 12.2-12.4 and failed debug compile due to <signal.h> (Issue 289)
• Sun Studio 12.3-12.4, integer.cpp and "Types cannot be declared in anonymous union" (Issue 274)
• Sun Studio 12.5 and incorrect results for GCM when using SSE2 ASM (Issue 284)
• Solaris GCC and "error: constructor priorities are not supported" (Issue 289)
• Clang 3.3, i686 and "error: unknown use of instruction mnemonic without a size suffix (Issue 264)
• Clang 3.7 warnings for missing/undefined variable templates definitions in <pkcspad.h>
• Additional test scripts for Windows and OS X testing (Issue 303)
• Approximately 80 miscellaneous Coverity findings on Windows (Issues 310-12, all minor or false positives)
• Approximately 20 miscellaneous Coverity findings on OS X (Issues 295 and 299, all minor or false positives)
• MARS max keysize is limited at 32 bytes (Issue 278)
• CMake improvements (Issues 276)
• CMake, Solaris and output artifacts that can't be linked due to missing PIC (Issue 271)
• CMake, CMakeList.txt calls out GNUInstallDirs (Issue 268)
• Fix port forwarding in cryptest.exe program on Unix
• Move file scope statics into anonymous namespace
• Rewrite some Windows socket code, remove _WINSOCK_DEPRECATED_NO_WARNINGS (Issue 19)
• Guard DEBUG_NEW for Visual Studio and leak detection
• Remove library supplied aesenc, aesdec and friends (Issue 206)
• Use __BIGGEST_ALIGNMENT__ in <secblock.h> if its smaller than sizeof(T)
• Re-enable AES-NI/CLMUL when using Clang Integrated Assembler
• Updated documentation

File Changes

Below is a list of all files that were added or deleted at Crypto++ 5.6.5.

The header file ossig.h is new and needs to be distributed. Additions to TestScripts can probably be ignored.

$ git diff-tree -r --summary CRYPTOPP_5_6_4 CRYPTOPP_5_6_5 | grep -v "change" | awk '{$2=$3=""; print $0}' | egrep '(.h|.cpp|.txt|.dat)'
create TestScripts/coverity-linux.txt
create TestScripts/coverity-macosx.txt
create TestScripts/coverity-windows.txt
create TestScripts/cryptest-coverity.cpp
create TestVectors/tls_chacha.txt
create ossig.h

Note for Distros

If you start getting bug reports on missing symbols that implicate unsigned long long, then this applies to you. Depending on what you are using in Crypto++, it may surface as:

// Linux:
cryptest.exe: symbol lookup error: .../cryptest.exe: undefined symbol: CryptoPP::RandomNumberStore::TransferTo2(CryptoPP::BufferedTransformation&,
    unsigned long long&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool)
cryptest.exe: symbol lookup error: .../cryptest.exe: undefined symbol: CryptoPP::Whirlpool::InitState(unsigned long long*)

// OS X:
dyld: Symbol not found: CryptoPP::RandomPool::GenerateIntoBufferedTransformation(CryptoPP::BufferedTransformation&, std::string const&, unsigned long long)
  Referenced from: .../cryptest.exe
  Expected in: .../libcryptopp.dylib
 in .../cryptest.exe

In Crypto++ 5.6.4 and below word64 was unconditionally defined to unsigned long long on 32-bit and 64-bit platforms. Crypto++ 5.6.5 defined word64 to unsigned long on 64-bit machines due to compile problems with GCC and Clang when using SSE and NEON data types through intrinsics. Crypto++ 5.6.5 increased use of SSE and NEON intrinsics, and calls to SSE and NEON APIs had some hacks that were cleaned up.

Below if from config.h, and it is reposnsible for the "missing unsigned long long" issue.

#if defined(_MSC_VER) || defined(__BORLANDC__)
        typedef unsigned __int64 word64;
        #define W64LIT(x) x##ui64
#elif (_LP64 || __LP64__)
        typedef unsigned long word64;
        #define W64LIT(x) x##UL
#else
        typedef unsigned long long word64;
        #define W64LIT(x) x##ULL
#endif

To go back to Crypto++ 5.6.4, you have two choices. First, you can use config.compat in place of config.h to restore the compatibility. Second, you can remove the __LP64__ block. Be advised we did not test this configuration, so it may not completely clear the "missing unsigned long long" issue.

#if defined(_MSC_VER) || defined(__BORLANDC__)
        typedef unsigned __int64 word64;
        #define W64LIT(x) x##ui64
#else
        typedef unsigned long long word64;
        #define W64LIT(x) x##ULL
#endif

Since this break was unknown to the project, it was identified as a gap in our testing process. Commit 385a3914d6cfdc88 added a script to test for missing symbols by linking cryptest.exe against different versions of the dynamic library. For example, Crypto++ 5.6.4 cryptest.exe will runtime link against Crypto++ 5.6.5 libcryptopp.so or libcryptopp.dylib to nsure no symbols go missing.

Crypto++ 5.6.4

Crypto++ 5.6.4 was released on September 11, 2016. The 5.6.4 release was mostly a maintenance release. The release included a few new classes, like BLAKE2b, BLAKE2s, ChaCha8/12/20, HMQV and FHMQV.

Release Notes

The release notes for Crypto++ 5.6.4 follows.

• maintenance release, honored API/ABI/Versioning requirements
• expanded community input and support
  • 22 unique contributors for this release
• fixed CVE-2016-3995
• changed SHA3 to FIPS 202 (F1600, XOF d=0x06)
• added Keccak (F1600, XOF d=0x01)
• added ChaCha (ChaCha8/12/20)
• added HMQV and FHMQV
  • Hashed and Fully Hashed MQV
• added BLAKE2 (BLAKE2s and BLAKE2b)
  • C++, SSE2, SSE4, ARM NEON and ARMv8 ASIMD
• added CRC32-C
  • C/C++, Amd64 CRC, and ARMv8 CRC
• improved Rabin-William signatures
  • Tweaked roots e and f
• improved C++11 support
  • atomics, threads and fences
  • alginof, alignas
  • constexpr
  • noexcept
• improved GCM mode
  • ARM NEON and ARMv8 ASIMD
  • ARMv8 carry-less multiply
• improved Windows 8 and 10 support
  • Windows Phone, Universal Windows Platform, Windows Store
• improved MIPS, ARMv7 and ARMv8 support
  • added scripts setenv-{android | embedded | ios}.sh for GNUmakefile-cross
  • aggressive use of -march= and -mfpu= in cryptest.sh
• improved build systems
  • Visual Studio 2010 default
  • added CMake support (lacks FindCryptopp.cmake)
  • archived VC++ 5.0/6.0 project files (vc60.zip)
  • archived VS2005 project files (vs2005.zip)
  • archived Borland project files (bds10.zip)
• improved Testing and QA
  • expanded platforms and compilers
  • added code generation tests based on CPU features
  • added C++03, C++11, C++14, C++17 testing
  • added -O3, -O5, -Ofast and -Os testing
• ported to MSVC 2015 SP3, Xcode 7.3, Sun Studio 12.5, GCC 7.0, MacPorts GCC 7.0, Clang 3.8, Intel C++ 17.00

Bug Fixes and Minor Issues

The bug fix and minor issue list for Crypto++ 5.6.4 follows. Most non-trivial issues are tracked for auditing and C&A purposes, but the list may not be complete. A number in parenthesis is the GitHub Issue number, if it was tracked. Sometimes a Git commit is referenced, but many trivial GitHub commits are omitted. Missing Issue numbers or lack of consecutiveness usually indicates feature requests and "won't fix/can't fix" type reports.

The list below has about 70 issues. 10 of the 70 are roughly feature requests that required tracking due to non-trivial code changes. For the remaining 60 issues, the project's test scripts, cryptest.sh and cryptest.nmake, uncovered about 47 (78.3%) of them.

• Timing Attack Counter Measure AES (146) and Camellia (203) (AES was CVE'd; Camellia was pre-emptive)
• Implementing GCM on ARMv8 (177)
• Apple Clang 6.3 and undeclared identifier '_rdseed64_step' (183)
• Apple Clang 6.0 (LLVM Clang 3.5) and alignment on __m128i variable (256)
• Apple Clang 5.0 (LLVM Clang 3.4) and undeclared identifier '_mm_clmulepi64_si128' (184)
• Apple Clang 5.0 compiler crash when using pclmulqdq ASM insn (182)
• Apple Clang 6.0 (LLVM Clang 3.5), ARM and "error: no matching function for call to vcombine_u64" (234)
• Apple Clang 6.0 (LLVM Clang 3.5), ARM and "compiler does not support '-mfpu=neon-vfpv4'" (246)
• LLVM Clang and undeclared identifiers '_tzcnt_u32' and '_blsr_u32' (205)
• LLVM Clang 3.5 and "SSE instruction set not enabled" (196)
• LLVM Clang 3.5 and "error: SSSE3 instruction set not enabled" (245)
• Missing symbols for FixedKeyLength::KEYLENGTH under C++11 and C++14 with constexpr (255)
• StaticGetValidKeyLength returns incorrect values due to incorrect preprocessor macro (252)
• GCC, ARMv8 and "fatal error: arm_acle.h: No such file or directory" (238)
• Mingw-w64 and 'sigset_t' does not name a type (237)
• word64 compile problems due to SSE2 and NEON interfaces (236)
• GCC 4.9, Aarch32 and internal compiler error: in expand_shift_1, at expmed.c:2318 (233)
• GCC 4.9, Raspberry Pi 3 and Bus Error (231)
• Sun GCC 4.8 and missing 64-bit BMI/BMI2 instructions (230)
• Sun Studio 12.1-12.3 and "Error: cannot use vector unsigned long long[2] to initialize vector unsigned long long[2]" (229)
• Sun Studio 12.2 and failed compile using PLATFORM_CXXFLAGS (228, Commit 199c00f30abeaf04)
• Sun Studio 12.2-12.5 and failed compile for gcm.cpp (228, Commit 199c00f30abeaf04)
• Sun Studio 12.4 and failed compile for rijndael.cpp (224, Commit 199c00f30abeaf04)
• Sun Studio 12.4 and "Error: The operand ___LKDB cannot be assigned to..." (188)
• Sun Studio 12.3 and 12.4 builds broken (179)
• Sun Studio 12.5 and BLAKE2b runtime failure (247)
• Sun Studio 12.5 and "assertion failed in function pr_post_process_node() @ preopt.c:3868" (220, Commit 199c00f30abeaf04)
• OS X and Valgrind findings for uninitialized variables when using -Ofast (223)
• OS X and incorrect install_name for dynamic library (80)
• Android cross-compile autoconf header check (222)
• ld.gold and i686 without PIC: "/usr/bin/ld: -f may not be used without -shared" (219)
• VS2015 and multiple C4589 warnings, "Constructor of abstract class X ignores initializer for virtual base class Y" (214)
• Blake2s fails under VS2008/Win32/Release for Validation Suite (209)
• CMake and "No rule to make target 'static'. Stop" (192)
• CMake and "MACOSX_RPATH is not specified for the following targets..." (191)
• CMake and "unknown target_include_directories" (181)
• CMake and "include_directories given empty-string as include directory" (199)
• CMake and "write_basic_package_version_file" (198)
• CMake path variable should use CURRENT_SOURCE_DIR (135)
• cpu.h and error: expected unqualified-id before 'int' (193)
• MacPorts GCC should use Clang integrated assembler via -Wa,-q (190)
• MacPorts GCC engages -DCRYPTOPP_DISABLE_ASM (189)
• Cygwin i686/GCC 5.3 and error: 'u_short' was not declared in this scope (187)
• Cygwin x86_64 and failed compile when using std=c++03 (148)
• Cygwin x86_64 and 'fd_set' does not name a type (137)
• Cygwin x86_64 crash with -DDEBUG -Os (100)
• cryptest.exe reports wrong CPU features (176)
• Use std::call for singleton implementation (173)
• Performance based counter for TimerBase on Windows Phone and Windows Store apps (168)
• Deactivate FIPS code paths for Windows Store apps (167)
• NO_SOCKET macro (or similar) to remove sockets only for Windows Store apps (165)
• NonblockingRng using BCryptGenRandom for Windows 10 and above (165)
• VS2015 with Update2 and broken build using /MD (163)
• blake2.cpp and crc.cpp compile issues under [Visual Studio] ARM Developer Prompt (162)
• Failed build on Debian 8 and m68k processor (153)
• validat1.cpp compile issue with NO_OS_DEPENDENCE defined (141)
• Assert when running CMAC example on the wiki (138)
• StringNarrow may violate ODR and lead to UB (127)
• GCC and Clang warnings when compiling with -Wcast-align (122)
• VS2008 C4996 warning due to std::reverse_copy (123)
• Android NDK and failed compile due to g_pAssignIntToInteger (119)
• Inflator throws end of compressed block on complete compressed data (112)
• Crash when setting alternate alphabet for Base32 decoder (108)
• Valgrind reports unintialized reads under 32-bit ARM (105)
• Borland failed compile due to size_t/unsigned int mismatch in PKCS_DigestDecoration::length (102)
• SecBlock and incorrect result during self assignment (Issue 92, Commit 605744d8260c6ada)
• SecBlock and incorrect result during append when T is not a byte (Issue 92, Commit 81482d8348eae0b4)
• secblock.h failed compile and typo inside assert (92)
• Assert during ZDeflate operation (83)
• Assert in misc.h due to NULL pointers in memcpy_s and memmove_s (79)
• PolynomialMod2::operator<<= incorrect result (64)

File Changes

Below is a list of source files that were added or deleted at Crypto++ 5.6.4.

$ git diff-tree -r --summary CRYPTOPP_5_6_3 CRYPTOPP_5_6_4 | grep -v "change" | awk '{$2=$3=""; print $0}' | egrep '(.h|.cpp|.txt|.dat)'
create CMakeLists.txt
create TestData/fhmqv160.dat
create TestData/fhmqv256.dat
create TestData/fhmqv384.dat
create TestData/fhmqv512.dat
create TestData/hmqv160.dat
create TestData/hmqv256.dat
create TestData/hmqv384.dat
create TestData/hmqv512.dat
create TestVectors/blake2.txt
create TestVectors/blake2b.txt
create TestVectors/blake2s.txt
create TestVectors/chacha.txt
create TestVectors/dsa_rfc6979.txt
create TestVectors/keccak.txt
delete TestVectors/sha3.txt
create TestVectors/sha3_224_fips_202.txt
create TestVectors/sha3_256_fips_202.txt
create TestVectors/sha3_384_fips_202.txt
create TestVectors/sha3_512_fips_202.txt
create TestVectors/sha3_fips_202.txt
delete bench.cpp
create bench1.cpp
create blake2.cpp
create blake2.h
create chacha.cpp
create chacha.h
delete cryptlib_bds.cpp
create fhmqv.h
create hmqv.h
create keccak.cpp
create keccak.h

Below is a list of all files that were added or deleted at Crypto++ 5.6.4. The list includes Windows IDE project files and archives.

$ git diff-tree -r --summary CRYPTOPP_5_6_3 CRYPTOPP_5_6_4 | grep -v "change" | awk '{$2=$3=""; print $0}'
create CMakeLists.txt
create TestData/fhmqv160.dat
create TestData/fhmqv256.dat
create TestData/fhmqv384.dat
create TestData/fhmqv512.dat
create TestData/hmqv160.dat
create TestData/hmqv256.dat
create TestData/hmqv384.dat
create TestData/hmqv512.dat
create TestVectors/blake2.txt
create TestVectors/blake2b.txt
create TestVectors/blake2s.txt
create TestVectors/chacha.txt
create TestVectors/dsa_rfc6979.txt
create TestVectors/keccak.txt
delete TestVectors/sha3.txt
create TestVectors/sha3_224_fips_202.txt
create TestVectors/sha3_256_fips_202.txt
create TestVectors/sha3_384_fips_202.txt
create TestVectors/sha3_512_fips_202.txt
create TestVectors/sha3_fips_202.txt
create bds10.zip
delete bench.cpp
create bench1.cpp
create blake2.cpp
create blake2.h
create chacha.cpp
create chacha.h
delete cryptdll.dsp
delete cryptdll.vcproj
create cryptdll.vcxproj
create cryptdll.vcxproj.filters
create cryptest-ios.sh
delete cryptest.dsp
delete cryptest.dsw
create cryptest.nmake
delete cryptest.vcproj
create cryptest.vcxproj
create cryptest.vcxproj.filters
create cryptest.vcxproj.user
delete cryptest_bds.bdsgroup
delete cryptest_bds.bdsproj
delete cryptest_bds.bpf
delete cryptlib.dsp
delete cryptlib.vcproj
create cryptlib.vcxproj
create cryptlib.vcxproj.filters
delete cryptlib_bds.bdsproj
delete cryptlib_bds.cpp
create cryptopp-config.cmake
delete dlltest.dsp
delete dlltest.vcproj
create dlltest.vcxproj
create fhmqv.h
create hmqv.h
create keccak.cpp
create keccak.h
delete make-rdrand.cmd
create setenv-android.sh
create setenv-embedded.sh
create setenv-ios.sh
create vc60.zip
create vs2005.zip
delete vs2010.zip

Crypto++ 5.6.3

Crypto++ 5.6.3 was released on November 20, 2015. The 5.6.3 release was mostly a maintenance release. The release included a few new minor classes, like Base64URLEncoder to provide encoding and decoding using a web safe alphabet.

Release Notes

The release notes for Crypto++ 5.6.3 follows.

• fixed CVE-2015-2141
• cleared most Undefined Behavior Sanitizer (UBsan) findings
• cleared all Address Sanitizer (Asan) findings
• cleared all Valgrind findings
• cleared all Coverity findings
• cleared all Enterprise Analysis (/analyze) findings
• cleared most GCC warnings with -Wall
• cleared most Clang warnings with -Wall
• cleared most MSVC warnings with /W4
• added -fPIC to 64-bit builds (off for 32-bit builds)
• added HKDF class from RFC 5869
• switched to member_ptr due to C++ 11 warnings for auto_ptr
• initialization of C++ static objects, off by default
  • GCC and init_priotirty/constructor attributes
  • MSVC and init_seg(lib)
  • CRYPTOPP_INIT_PRIORITY disabled by default, but available
• improved OS X support
• improved GNUmakefile support for Testing and QA
• added self tests for additional Testing and QA
• added cryptest.sh for systematic Testing and QA
• added GNU Gold linker support
• added Visual Studio 2010 solution and project files in vs2010.zip
• added Clang integrated assembler support
• unconditionally define CRYPTOPP_NO_UNALIGNED_DATA_ACCESS for Makefile target 'ubsan' and at -O3
• workaround ARMEL/GCC 5.2 bug and failed self test
• fixed crash in MQV due to GCC 4.9+ and inlining
• fixed hang in SHA due to GCC 4.9+ and inlining
• fixed missing rdtables::Te under VS with ALIGNED_DATA_ACCESS
• fixed S/390 and big endian feature detection
• fixed S/390 and int128_t/uint128_t detection
• fixed X32 (ILP32) feature detection
• removed _CRT_SECURE_NO_DEPRECATE for Microsoft platforms
• utilized bound checking interfaces from ISO/IEC TR 24772 when available
• improved ARM, ARM64, MIPS, MIPS64, S/390 and X32 (ILP32) support
• introduced CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
• added additional Doxygen-based documentation
• ported to MSVC 2015, Xcode 7.2, GCC 5.2, Clang 3.7, Intel C++ 16.00

File Changes

Below is a list of files that were added or deleted at Crypto++ 5.6.3.

$ git diff-tree -r --summary CRYPTOPP_5_6_2 CRYPTOPP_5_6_3 | grep -v "change" | awk '{$2=$3=""; print $0}'
create .gitignore
create Filelist.txt
create GNUmakefile-cross
create Install.txt
create TestVectors/hkdf.txt
create config.recommend
create cryptest.sh
create hkdf.h
create make-rdrand.cmd
create mersenne.h
create rdrand-masm.cmd
create rdrand-nasm.sh
create rdrand.S
create rdrand.asm
create rdrand.cpp
create rdrand.h
create trap.h
create vs2010.zip