Hi Everyone, We fixed a nasty little bug in stream ciphers. The bug surfaced when inString == outString and the compiler decided to short-circuit the transformation during code generation. The bug potentially affected all stream ciphers and some modes of operation, like CFB, OFB and CTR because the modes use the stream cipher interface. Also see https://github.com/weidai11/cryptopp/issues/1010.
It would not happen all the time, and it took several conditions to tickle it. It happened when using (1) FileSource with a 64-bit block size, and (2) Cryptogams AES on ARM. In (1), a FileSource used a reserve buffer and encrypted it in place (StringSource is slightly different and was OK). In (2) Cryptogams AES performed in-place encryption or decryption of the buffer. In both cases inString == outString. The fix was a temporary outString buffer when inString == outString. We checked in the fix at https://github.com/weidai11/cryptopp/commit/71a812ed9e7c and https://github.com/weidai11/cryptopp/commit/bbc45ddfd7fc. The changes tested OK. We also found a non-trivial speedup in xorbuf() at https://github.com/weidai11/cryptopp/issues/1020. Some ciphers benefited 0.1 cpb, some 0.5 cpb, some 1.0 cpb, and some managed 4.5 cpb. I think we should probably release a new version of the library in the next couple of weeks to avoid the sharp edges in the field. Does anyone object to a new release in the next couple of weeks? Jeff -- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/cryptopp-users/CAH8yC8kCL6yMCSrifnD%3DNh-mMiSbca4NPi-m-Do%3D0hKKpUzDHw%40mail.gmail.com.