Skip to content

Crypto++ 8.4 release

Choose a tag to compare
@noloader noloader released this 02 Jan 07:02
· 606 commits to master since this release

Crypto++ 8.4 was released on January 1, 2021. The 8.4 release was a minor, unplanned release. There was no CVEs and one memory error fixed. A recompile of programs is required due to an unintentional ABI break in Crypto++ 8.3.

The Crypto++ 8.4 release reverted the changes for constant-time elliptic curve algorithms. Marcel Keller reported some operations broke under the new algorithm in Issue 992. The revert reactivated CVE-2019-14318.

The release also cleared a memory error reported by Daniel McRobb in Issue 988. McRobb discovered FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned.

Release Notes

  • fix SIGILL on POWER8 when compiling with GCC 10
  • fix potential out-of-bounds write in FixedSizeAllocatorWithCleanup
  • fix compile on AIX POWER7 with IBM XLC 12.01
  • fix compile on Solaris with SunCC 12.6
  • revert changes for constant-time elliptic curve algorithms
  • fix makefile clean and distclean recipes

FIPS DLL deprecation

The FIPS DLL used to be an important artifact for Windows builds. NIST moved the Crypto++ library to the Historical Validation List in 2014. The Windows DLL is no longer validated.

The project files to build the FIPS DLL are cryptdll.vcxproj and dlltest.vcxproj. The projects are now deprecated and subject to removal.