Crypto++ 6.1 release
Crypto++ 6.1
Crypto++ 6.1 was released on February 22, 2018. The 6.1 release was a minor, planned release. There were no CVE fixes.
Release Notes
The release notes for Crypto++ 6.1 follows.
- minor release, maintenance items
- expanded community input and support
-
- 46 unique contributors as of this release
- use 2048-bit modulus default for DSA
- fix build under Linuxbrew
- use /bin/sh in GNUmakefile
- fix missing flags for SIMON and SPECK in GNUMakefile-cross
- fix ARM and MinGW misdetection in GNUMakefile
- port setenv-android.sh to latest NDK
- fix Clang check for C++11 lambdas on FreeBSD
- convert Simon and Speck to little-endian implementation
- use LIB_MAJOR for ABI compatibility
- fix ODR violation in AdvancedProcessBlocks_{ARCH} templates
- handle C++17 std::uncaught_exceptions
- ported to MSVC 2017, Xcode 8.1, Sun Studio 12.5, GCC 8.0.1, MacPorts GCC 7.0, Clang 4.0, Intel C++ 17.00, IBM XL C/C++ 13.1
Simon and Speck
Crypto++ changed its implementation for Simon and Speck from big-endian to little-endian. Formerly we followed the published test vectors from the paper, but they turned out to be incorrect. We later learned we should have followed the algorithmic description from the paper. The Crypto++ implementation now aligns with the Simon and Speck paper's algorithmic description and the Linux kernel.
The Simon and Speck changed was tracked via Issue 585.
Meltdown and Spectre
Meltdown and Spectre are security vulnerabilities announced in December 2017. The defects are present in modern CPU's due to speculative execution and allow attackers to recover secrets and other sensitve information. More reading is available at Meltdown and Spectre website.
Crypto++ 6.1 (and Crypto++ 6.0) did not ship with Meltdown and Spectre remediations in place. The first remediations appeared in GCC 7.3 at the end of January 2018. If you want to build Crypto++ with GCC remediations in place then you should add -mfunction-return=thunk and -mindirect-branch=thunk to your CXXFLAGS. Optionally, you can disable assembly language routines. The steps to engage the hardening are:
- Optionally uncomment
#define CRYPTOPP_DISABLE_ASM 1inconfig.haround line 60. - Add the appropriate flags to
CXXFLAGS. For example, with GCC useCXXFLAGS="-DNDEBUG -g2 -O3 -mfunction-return=thunk -mindirect-branch=thunk".
It is hard to say how effective CRYPTOPP_DISABLE_ASM is when containing Meltdown and Spectre. Crypto++ has a fair amount of assembly langauge routines, including hardware accelerated AES and SHA. Downgrading back to C++ means other side channel leakage could be present that were remediated with the hardware intructions.
Bug Fixes and Minor Issues
The bug fix and minor issue list for Crypto++ 6.1 follows. Many non-trivial issues are tracked for auditing and C&A purposes, but the list may not be complete. A number in parenthesis is the GitHub Issue number, if it was tracked. Sometimes a Git commit is referenced, but many trivial GitHub commits are omitted. Missing Issue numbers or lack of consecutiveness usually indicates feature requests and "won't fix/can't fix" type reports.
- use 2048-bit modulus default for DSA (Issue 571)
- add Kalyna typedefs (Issue 535)
- fix build under Linuxbrew (Issue 575)
- use /bin/sh in GNUmakefile (Issue 573)
- fix missing flags for SIMON and SPECK in GNUMakefile-cross (Issue 577)
- fix MinGW misdetection (Issue 573)
- fix ARM misdetection (Issue 573)
- fix SHA-512 crash on Debian X32 (Issue 578)
- fix misaligned SSE2 allocations on FreeBSD (Issue 562)
- switch to posix_memalign when available (Commit 22e783a)
- use install program for GNUmakefile (Issue 582)
- port setenv-android.sh to latest NDK
- fix Clang check for C++11 lambdas (Issue 587)
- convert Simon and Speck to little-endian (Issue 588)
- fix signed integer overflow on ppc64 (Issue 588)
- use LIB_MAJOR for ABI compatibility (Issue 589)
- fix ODR violation in AdvancedProcessBlocks_{ARCH} templates (Issue 588)
- handle C++17 std::uncaught_exceptions (Issue 590)
Notes for Distros
None.
File Changes
None.