|
1 | 1 | Crypto++: free C++ Class Library of Cryptographic Schemes |
2 | | -Version 8.3 - TBD |
| 2 | +Version 8.3 - 12/20/2020 |
3 | 3 |
|
4 | 4 | Crypto++ Library is a free C++ class library of cryptographic schemes. |
5 | 5 | Currently the library contains the following algorithms: |
@@ -216,10 +216,9 @@ and other operations. The hardware acceleration remediates some timing |
216 | 216 | attacks. The library also uses cache-aware algoirthms and access patterns |
217 | 217 | to minimize leakage cache evictions. |
218 | 218 |
|
219 | | -Some of the public key algorithms have branches and some of the branches depend |
220 | | -on data that can be private or secret. The branching occurs in some field |
221 | | -operations like exponentiation over integers and elliptic curves. The branching |
222 | | -has been minimized but not completely eliminated. |
| 219 | +Elliptic curves over binary fields are believed to leak information. The task is a |
| 220 | +work in progress. We don't believe binary fields are used in production, so we feel it |
| 221 | +is a low risk at the moment. |
223 | 222 |
|
224 | 223 | Crypto++ does not enagage Specter remediations at this time. The GCC options |
225 | 224 | for Specter are -mfunction-return=thunk and -mindirect-branch=thunk, and the |
@@ -296,6 +295,48 @@ documentation is one of the highest returns on investment. |
296 | 295 | The items in this section comprise the most recent history. Please see History.txt |
297 | 296 | for the record back to Crypto++ 1.0. |
298 | 297 |
|
| 298 | +8.3.0 - December 20, 2020 |
| 299 | + - fix use of macro CRYPTOPP_ALIGN_DATA |
| 300 | + - fix potential out-of-bounds read in ECDSA |
| 301 | + - fix std::bad_alloc when using ByteQueue in pipeline |
| 302 | + - fix missing CRYPTOPP_CXX17_EXCEPTIONS with Clang |
| 303 | + - fix potential out-of-bounds read in GCM mode |
| 304 | + - add configure.sh when preprocessor macros fail |
| 305 | + - fix potential out-of-bounds read in SipHash |
| 306 | + - fix compile error on POWER9 due to vec_xl_be |
| 307 | + - fix K233 curve on POWER8 |
| 308 | + - add Cirrus CI testing |
| 309 | + - fix broken encryption for some 64-bit ciphers |
| 310 | + - fix Android cpu-features.c using C++ compiler |
| 311 | + - disable RDRAND and RDSEED for some AMD processors |
| 312 | + - fix BLAKE2 hash calculation using Salt and Personalization |
| 313 | + - refresh Android and iOS build scripts |
| 314 | + - add XTS mode |
| 315 | + - fix circular dependency between misc.h and secblock.h |
| 316 | + - add Certificate interface |
| 317 | + - fix recursion in AES::Encryption without AESNI |
| 318 | + - add missing OID for ElGamal encryption |
| 319 | + - fix missing override in KeyDerivationFunction-derived classes |
| 320 | + - fix RDSEED assemble under MSVC |
| 321 | + - fix elliptic curve timing leaks (CVE-2019-14318) |
| 322 | + - add link-library variable to Makefiles |
| 323 | + - fix SIZE_MAX definition in misc.h |
| 324 | + - add GetWord64 and PutWord64 to BufferedTransformation |
| 325 | + - use HKDF in AutoSeededX917RNG::Reseed |
| 326 | + - fix Asan finding in VMAC on i686 in inline asm |
| 327 | + - fix undeclared identifier _mm_roti_epi64 on Gentoo |
| 328 | + - fix ECIES and GetSymmetricKeyLength |
| 329 | + - fix possible divide by zero in PKCS5_PBKDF2_HMAC |
| 330 | + - refine ASN.1 encoders and decoders |
| 331 | + - disable BMI2 code paths in Integer class |
| 332 | + - fix use of CRYPTOPP_CLANG_VERSION |
| 333 | + - add NEON SHA1, SHA256 and SHA512 from Cryptogams |
| 334 | + - add ARM SHA1, SHA256 and SHA512 from Cryptogams |
| 335 | + - make config.h more autoconf friendly |
| 336 | + - handle Clang triplet armv8l-unknown-linux-gnueabihf |
| 337 | + - fix reference binding to misaligned address in xed25519 |
| 338 | + - clear asserts in TestDataNameValuePairs |
| 339 | + |
299 | 340 | 8.2.0 - April 28, 2019 |
300 | 341 | - minor release, no recompile of programs required |
301 | 342 | - expanded community input and support |
|
0 commit comments