Hi Everyone,

Crypto++ 8.6 was released on September 24, 2021. The 8.6 release was a
minor, unplanned release. There was one CVE and no memory errors.

This release clears CVE-2021-40530 and fixes a problem with ChaCha20
AVX2 implementation. The CVE was due to ElGamal encryption using a
work estimate to size encryption exponents instead of subgroup order.
The ChaCha20 issue was due to mishandling a carry in the AVX2 code
path. The ChaCha20 issue was difficult to duplicate, so most users
should not experience it.

The release notes and list of issues fixed can be found at
http://www.cryptopp.com/release860.html. The 8.6.0 ZIP archive can be
downloaded from http://www.cryptopp.com/cryptopp860.zip. A GPG
signature can be downloaded from

The checksums for the 8.6.0 ZIP archive are:

  * SHA1: d5756ceff1263cd827506c8189fa8899cec6397c
  * SHA256: 20aa413957d9c8ae353ee2f7747bd7ac392f933c60a53e3fd1e41cadbc48d193
  * SHA512: 
  * BLAKE2b: 

The 8.6.0 sources can be checked out from GitHub using the following.
It is tagged as CRYPTOPP_8_6_0 at GitHub.

  * git clone http://github.com/weidai11/cryptopp.git cryptopp

There are 18 outstanding issues. Most of them are feature requests and
enhancements. One is a side channel leak that will be fixed in a
future release.

Thanks to everyone who made it happen.

You received this message because you are subscribed to the Google Groups 
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cryptopp-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 

Reply via email to