I say let's release. > On Mar 17, 2021, at 22:29, Jeffrey Walton <noloa...@gmail.com> wrote: > > Hi Everyone, > > We fixed a nasty little bug in stream ciphers. The bug surfaced when > inString == outString and the compiler decided to short-circuit the > transformation during code generation. The bug potentially affected > all stream ciphers and some modes of operation, like CFB, OFB and CTR > because the modes use the stream cipher interface. Also see > https://github.com/weidai11/cryptopp/issues/1010. > > It would not happen all the time, and it took several conditions to > tickle it. It happened when using (1) FileSource with a 64-bit block > size, and (2) Cryptogams AES on ARM. In (1), a FileSource used a > reserve buffer and encrypted it in place (StringSource is slightly > different and was OK). In (2) Cryptogams AES performed in-place > encryption or decryption of the buffer. In both cases inString == > outString. > > The fix was a temporary outString buffer when inString == outString. > We checked in the fix at > https://github.com/weidai11/cryptopp/commit/71a812ed9e7c and > https://github.com/weidai11/cryptopp/commit/bbc45ddfd7fc. The changes > tested OK. > > We also found a non-trivial speedup in xorbuf() at > https://github.com/weidai11/cryptopp/issues/1020. Some ciphers > benefited 0.1 cpb, some 0.5 cpb, some 1.0 cpb, and some managed 4.5 > cpb. > > I think we should probably release a new version of the library in the > next couple of weeks to avoid the sharp edges in the field. > > Does anyone object to a new release in the next couple of weeks? > > Jeff > > -- > You received this message because you are subscribed to the Google Groups > "Crypto++ Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cryptopp-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/cryptopp-users/CAH8yC8kCL6yMCSrifnD%3DNh-mMiSbca4NPi-m-Do%3D0hKKpUzDHw%40mail.gmail.com.
-- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/cryptopp-users/E7689147-BD3E-4E77-97A4-E35B0CFA0A30%40gmail.com.
smime.p7s
Description: S/MIME cryptographic signature
