Crypto++ 8.6 released
44 views
Skip to first unread message
Jeffrey Walton
Sep 24, 2021, 11:53:15 AM9/24/21
to Crypto++ Users List
Hi Everyone,
Crypto++ 8.6 was released on September 24, 2021. The 8.6 release was a
minor, unplanned release. There was one CVE and no memory errors.
This release clears CVE-2021-40530 and fixes a problem with ChaCha20
AVX2 implementation. The CVE was due to ElGamal encryption using a
work estimate to size encryption exponents instead of subgroup order.
The ChaCha20 issue was due to mishandling a carry in the AVX2 code
path. The ChaCha20 issue was difficult to duplicate, so most users
should not experience it.
The release notes and list of issues fixed can be found at
http://www.cryptopp.com/release860.html. The 8.6.0 ZIP archive can be
downloaded from http://www.cryptopp.com/cryptopp860.zip. A GPG
signature can be downloaded from
http://www.cryptopp.com/cryptopp860.zip.sig.
The checksums for the 8.6.0 ZIP archive are:
* SHA1: d5756ceff1263cd827506c8189fa8899cec6397c
* SHA256: 20aa413957d9c8ae353ee2f7747bd7ac392f933c60a53e3fd1e41cadbc48d193
* SHA512: e7773f5e4a7dc7e8e735b1702524bee56ba38e5211544c9c9778bc51ed8dc7b376c17f2e406410043b636312336f26f76dc963f298872f8c13933e88c232fc03
* BLAKE2b: c93998e2deb93abf12b801877404f0f82547bfbbbc5aae727e68daffc2407877dda76d7bcd06239d40a48baf21b6f2e29f74e9a97ecbc1b5d4b5bcc50ada71da
* WHIRLPOOL: edc5b350d12bad9f48382bd225383720939d3371817d2d0bd0a428d37a54a2ec6289d1dc52daeba7fb314a738e78d32fc126c58c7f0c86ad9ecc4ea849985bd0
The 8.6.0 sources can be checked out from GitHub using the following.
It is tagged as CRYPTOPP_8_6_0 at GitHub.
* git clone http://github.com/weidai11/cryptopp.git cryptopp
There are 18 outstanding issues. Most of them are feature requests and
enhancements. One is a side channel leak that will be fixed in a
future release.
Thanks to everyone who made it happen.
Crypto++ 8.6 was released on September 24, 2021. The 8.6 release was a
minor, unplanned release. There was one CVE and no memory errors.
This release clears CVE-2021-40530 and fixes a problem with ChaCha20
AVX2 implementation. The CVE was due to ElGamal encryption using a
work estimate to size encryption exponents instead of subgroup order.
The ChaCha20 issue was due to mishandling a carry in the AVX2 code
path. The ChaCha20 issue was difficult to duplicate, so most users
should not experience it.
The release notes and list of issues fixed can be found at
http://www.cryptopp.com/release860.html. The 8.6.0 ZIP archive can be
downloaded from http://www.cryptopp.com/cryptopp860.zip. A GPG
signature can be downloaded from
http://www.cryptopp.com/cryptopp860.zip.sig.
The checksums for the 8.6.0 ZIP archive are:
* SHA1: d5756ceff1263cd827506c8189fa8899cec6397c
* SHA256: 20aa413957d9c8ae353ee2f7747bd7ac392f933c60a53e3fd1e41cadbc48d193
* SHA512: e7773f5e4a7dc7e8e735b1702524bee56ba38e5211544c9c9778bc51ed8dc7b376c17f2e406410043b636312336f26f76dc963f298872f8c13933e88c232fc03
* BLAKE2b: c93998e2deb93abf12b801877404f0f82547bfbbbc5aae727e68daffc2407877dda76d7bcd06239d40a48baf21b6f2e29f74e9a97ecbc1b5d4b5bcc50ada71da
* WHIRLPOOL: edc5b350d12bad9f48382bd225383720939d3371817d2d0bd0a428d37a54a2ec6289d1dc52daeba7fb314a738e78d32fc126c58c7f0c86ad9ecc4ea849985bd0
The 8.6.0 sources can be checked out from GitHub using the following.
It is tagged as CRYPTOPP_8_6_0 at GitHub.
* git clone http://github.com/weidai11/cryptopp.git cryptopp
There are 18 outstanding issues. Most of them are feature requests and
enhancements. One is a side channel leak that will be fixed in a
future release.
Thanks to everyone who made it happen.
Devharsh Trivedi
Oct 16, 2021, 3:32:13 PM10/16/21
to Crypto++ Users
I love the support and ease of use for authenticated encryption schemes in Crypto++, any plans for NTRU?
Reply all
Reply to author
Forward
0 new messages