Stream ciphers update and a new release?
10 views
Skip to first unread message
Jeffrey Walton
Mar 17, 2021, 10:29:53 PM3/17/21
to Crypto++ Users List
Hi Everyone,
We fixed a nasty little bug in stream ciphers. The bug surfaced when
inString == outString and the compiler decided to short-circuit the
transformation during code generation. The bug potentially affected
all stream ciphers and some modes of operation, like CFB, OFB and CTR
because the modes use the stream cipher interface. Also see
https://github.com/weidai11/cryptopp/issues/1010.
It would not happen all the time, and it took several conditions to
tickle it. It happened when using (1) FileSource with a 64-bit block
size, and (2) Cryptogams AES on ARM. In (1), a FileSource used a
reserve buffer and encrypted it in place (StringSource is slightly
different and was OK). In (2) Cryptogams AES performed in-place
encryption or decryption of the buffer. In both cases inString ==
outString.
The fix was a temporary outString buffer when inString == outString.
We checked in the fix at
https://github.com/weidai11/cryptopp/commit/71a812ed9e7c and
https://github.com/weidai11/cryptopp/commit/bbc45ddfd7fc. The changes
tested OK.
We also found a non-trivial speedup in xorbuf() at
https://github.com/weidai11/cryptopp/issues/1020. Some ciphers
benefited 0.1 cpb, some 0.5 cpb, some 1.0 cpb, and some managed 4.5
cpb.
I think we should probably release a new version of the library in the
next couple of weeks to avoid the sharp edges in the field.
Does anyone object to a new release in the next couple of weeks?
Jeff
We fixed a nasty little bug in stream ciphers. The bug surfaced when
inString == outString and the compiler decided to short-circuit the
transformation during code generation. The bug potentially affected
all stream ciphers and some modes of operation, like CFB, OFB and CTR
because the modes use the stream cipher interface. Also see
https://github.com/weidai11/cryptopp/issues/1010.
It would not happen all the time, and it took several conditions to
tickle it. It happened when using (1) FileSource with a 64-bit block
size, and (2) Cryptogams AES on ARM. In (1), a FileSource used a
reserve buffer and encrypted it in place (StringSource is slightly
different and was OK). In (2) Cryptogams AES performed in-place
encryption or decryption of the buffer. In both cases inString ==
outString.
The fix was a temporary outString buffer when inString == outString.
We checked in the fix at
https://github.com/weidai11/cryptopp/commit/71a812ed9e7c and
https://github.com/weidai11/cryptopp/commit/bbc45ddfd7fc. The changes
tested OK.
We also found a non-trivial speedup in xorbuf() at
https://github.com/weidai11/cryptopp/issues/1020. Some ciphers
benefited 0.1 cpb, some 0.5 cpb, some 1.0 cpb, and some managed 4.5
cpb.
I think we should probably release a new version of the library in the
next couple of weeks to avoid the sharp edges in the field.
Does anyone object to a new release in the next couple of weeks?
Jeff
Uri Blumenthal
Mar 17, 2021, 10:34:18 PM3/17/21
to cryptop...@googlegroups.com
I say let's release.
> On Mar 17, 2021, at 22:29, Jeffrey Walton <nolo...@gmail.com> wrote:
>
> Hi Everyone,
> --
> You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-user...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/cryptopp-users/CAH8yC8kCL6yMCSrifnD%3DNh-mMiSbca4NPi-m-Do%3D0hKKpUzDHw%40mail.gmail.com.
> On Mar 17, 2021, at 22:29, Jeffrey Walton <nolo...@gmail.com> wrote:
>
> Hi Everyone,
> You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-user...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/cryptopp-users/CAH8yC8kCL6yMCSrifnD%3DNh-mMiSbca4NPi-m-Do%3D0hKKpUzDHw%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages