@noloader noloader released this Feb 22, 2018 · 725 commits to master since this release

Assets 2

Crypto++ 6.1

Crypto++ 6.1 was released on February 22, 2018. The 6.1 release was a minor, planned release. There were no CVE fixes.


The download is available from the Crypto++ website. The checksums for the download are below.

  • Original cryptopp610.zip
  • SHA1: c4e7c14ad17b6fae6a1b84d0824b4365f2a779e6
  • SHA256: 21289d2511101a9350c87c8eb1f4982d4a266e8037b19dab79a32cc13ea108c7
  • SHA512: cb01330ffb2f34bf51ca5a9d530b0be987c7cf36ab2be0e562a61bd39748f9fa5533be43050c7505f8be22b03a9dece829c1b27987b9c9c5cb7ecf51d75bf6a3
  • BLAKE2b: 6a869fb29981168c3fbe4d6e7f6813d155f0f149e2ec917916018c426cfe0805e88284866bfa9e7bd3ac7ccdd2569abd50469229798f9b517853ca3c18282c9a
  • WHIRLPOOL: f6f0cc618091aefbf01e169e00e9e6024cd2dd8f6cfa2c2c4703af896e4598fec00772ba0297aef8588fc4c98d0ede6fe49147d236d5c18b8575a71bf4e5b391

Mirrors for the download are below. Note that GitHub checksums on the ZIP or TAR are different because the service creates the archive from sources.

Release Notes

The release notes for Crypto++ 6.1 follows.

  • minor release, maintenance items
  • expanded community input and support
    • 46 unique contributors as of this release
  • use 2048-bit modulus default for DSA
  • fix build under Linuxbrew
  • use /bin/sh in GNUmakefile
  • fix missing flags for SIMON and SPECK in GNUMakefile-cross
  • fix ARM and MinGW misdetection in GNUMakefile
  • port setenv-android.sh to latest NDK
  • fix Clang check for C++11 lambdas on FreeBSD
  • convert Simon and Speck to little-endian implementation
  • use LIB_MAJOR for ABI compatibility
  • fix ODR violation in AdvancedProcessBlocks_{ARCH} templates
  • handle C++17 std::uncaught_exceptions
  • ported to MSVC 2017, Xcode 8.1, Sun Studio 12.5, GCC 8.0.1, MacPorts GCC 7.0, Clang 4.0, Intel C++ 17.00, IBM XL C/C++ 13.1

Simon and Speck

Crypto++ changed its implementation for Simon and Speck from big-endian to little-endian. Formerly we followed the published test vectors from the paper, but they turned out to be incorrect. We later learned we should have followed the algorithmic description from the paper. The Crypto++ implementation now aligns with the Simon and Speck paper's algorithmic description and the Linux kernel.

The Simon and Speck changed was tracked via Issue 585.

Meltdown and Spectre

Meltdown and Spectre are security vulnerabilities announced in December 2017. The defects are present in modern CPU's due to speculative execution and allow attackers to recover secrets and other sensitve information. More reading is available at Meltdown and Spectre website.

Crypto++ 6.1 (and Crypto++ 6.0) did not ship with Meltdown and Spectre remediations in place. The first remediations appeared in GCC 7.3 at the end of January 2018. If you want to build Crypto++ with GCC remediations in place then you should add -mfunction-return=thunk and -mindirect-branch=thunk to your CXXFLAGS. Optionally, you can disable assembly language routines. The steps to engage the hardening are:

  • Optionally uncomment #define CRYPTOPP_DISABLE_ASM 1 in config.h around line 60.
  • Add the appropriate flags to CXXFLAGS. For example, with GCC use CXXFLAGS="-DNDEBUG -g2 -O3 -mfunction-return=thunk -mindirect-branch=thunk".

It is hard to say how effective CRYPTOPP_DISABLE_ASM is when containing Meltdown and Spectre. Crypto++ has a fair amount of assembly langauge routines, including hardware accelerated AES and SHA. Downgrading back to C++ means other side channel leakage could be present that were remediated with the hardware intructions.

Bug Fixes and Minor Issues

The bug fix and minor issue list for Crypto++ 6.1 follows. Many non-trivial issues are tracked for auditing and C&A purposes, but the list may not be complete. A number in parenthesis is the GitHub Issue number, if it was tracked. Sometimes a Git commit is referenced, but many trivial GitHub commits are omitted. Missing Issue numbers or lack of consecutiveness usually indicates feature requests and "won't fix/can't fix" type reports.

  • use 2048-bit modulus default for DSA (Issue 571)
  • add Kalyna typedefs (Issue 535)
  • fix build under Linuxbrew (Issue 575)
  • use /bin/sh in GNUmakefile (Issue 573)
  • fix missing flags for SIMON and SPECK in GNUMakefile-cross (Issue 577)
  • fix MinGW misdetection (Issue 573)
  • fix ARM misdetection (Issue 573)
  • fix SHA-512 crash on Debian X32 (Issue 578)
  • fix misaligned SSE2 allocations on FreeBSD (Issue 562)
  • switch to posix_memalign when available (Commit 22e783a)
  • use install program for GNUmakefile (Issue 582)
  • port setenv-android.sh to latest NDK
  • fix Clang check for C++11 lambdas (Issue 587)
  • convert Simon and Speck to little-endian (Issue 588)
  • fix signed integer overflow on ppc64 (Issue 588)
  • use LIB_MAJOR for ABI compatibility (Issue 589)
  • fix ODR violation in AdvancedProcessBlocks_{ARCH} templates (Issue 588)
  • handle C++17 std::uncaught_exceptions (Issue 590)

Notes for Distros


File Changes