Tags: microsoft/SymCrypt
Tags
Merged PR 12113323: Add FIPS approved services indicator ## Description: Add approved services indicator function for FIPS 140-3 compliance ## Admin Checklist: - [ ] You have updated documentation in symcrypt.h to reflect any changes in behavior - [ ] You have updated CHANGELOG.md to reflect any changes in behavior - [ ] You have updated symcryptunittest to exercise any new functionality - [ ] If you have introduced any symbols in symcrypt.h you have updated production and test dynamic export symbols (exports.ver / exports.def / symcrypt.src) and tested the updated dynamic modules with symcryptunittest - [ ] If you have introduced functionality that varies based on CPU features, you have manually tested with and without relevant features - [ ] If you have made significant changes to a particular algorithm, you have checked that performance numbers reported by symcryptunittest are in line with expectations - [ ] If you have added new algorithms/modes, you have updated the status indicator text for the associated modules if necessary
Merged PR 11848961: Add SymCryptRsakeySetValueFromPrivateExponent ## Description: + Adds implementation of SymCryptRsakeySetValueFromPrivateExponent for OpenSSL interop + Adds various testing for this, including adding success/failure testing for RSA keypair import + Removes fatal PCTs from bad import + Bumps to SymCrypt v103.6.0 ## Admin Checklist: - [X] You have updated documentation in symcrypt.h to reflect any changes in behavior - [X] You have updated CHANGELOG.md to reflect any changes in behavior - [X] You have updated symcryptunittest to exercise any new functionality - [X] If you have introduced any symbols in symcrypt.h you have updated production and test dynamic export symbols (exports.ver / exports.def / symcrypt.src) and tested the updated dynamic modules with symcryptunittest - [X] If you have introduced functionality that varies based on CPU features, you have manually tested with and without relevant features - [X] If you have made significant changes to a particular algorithm, you have checked that performance numbers reported by symcryptunittest are in line with expectations - [X] If you have added new algorithms/modes, you have updated the status indicator text for the associated modules if necessary Related work items: #51975833
Merged PR 11456063: Fix RSA export/import test: ensure key is large e… …nough for salt/hash !11444004 added a new unit test for RSA export/import to catch regressions in this functionality, particularly those relating to FIPS PCTs which are currently in a state of flux. However, the test would sometimes choose a key that was too small for the combination of the hash and salt it used, which would cause it to fail. Since test keys are chosen randomly, this failure also happened at random. Tested: ran export/import test hundreds of times in a loop to ensure it no longer fails intermittently
Merged PR 11150425: Arm64 server perf work ## Description: + Improve `SymCryptFdefMontgomeryReduceAsm` + Reduce instruction count in the inner loop - remove superfluous `adc` with zero + Special case first iteration of the reduction loop to further reduce instruction count and multiplication uops + For ease of phrasing used non-volatile registers in aapcs64 assembly for the first time, and had to slightly extend SymCryptAsm processor script for this. + Improve `SymCryptFdefRawSquareAsm` by tweaking to reduce undue dependencies. + More room for improvements in follow-on PR, but checking in what we have to get improvements before GE deadline. ## Admin Checklist: - [X] You have updated documentation in symcrypt.h to reflect any changes in behavior - [X] You have updated CHANGELOG.md to reflect any changes in behavior - [X] You have updated symcryptunittest to exercise any new functionality - [X] If you have introduced any symbols in symcrypt.h you have updated production and test dynamic export symbols (exports.ver / exports.def / symcrypt.src) and tested the updated dynamic modules with symcryptunittest - [X] If you have introduced functionality that varies based on CPU features, you have manually tested with and without relevant features - [X] If you have made significant changes to a particular algorithm, you have checked that performance numbers reported by symcryptunittest are in line with expectations - [X] If you have added new algorithms/modes, you have updated the status indicator text for the associated modules if necessary
Merged PR 10593466: Clean up GHash assertions and SAL annotations bas… …ed on feedback Another follow up to !10578579, this PR removes unnecessary assertions and SAL annotations from `GHashAppendData*` to be more consistent with other SymCrypt functions. It turns out that passing in data that aren't a multiple of the block size can sometimes be convenient because it allows one to make calls to the function unconditional. I added a comment at the function definition to indicate that data beyond multiples of the block size are ignored. Tested: local unit tests (AMD64 noasm), CI pipelines
Merged PR 10177217: Remove outdated security advice on RC4 comment Per [this GitHub issue](#34), the advice on key generation for RC4 is outdated and no longer best practice. RC4 should never be used except for backwards compatibility, but this part of the comment is unhelpful in any case, so this PR removes it. Thanks to [Myriachan](https://github.com/Myriachan) for reporting this issue.
Merged PR 8379224: Add missing version info to CHANGELOG.md Merge conflict for CHANGELOG.md was resolved incorrectly in !8152686 , which led to the updates for Version 103.1.0 in CHANGELOG.md file being not merged to the master branch. This PR adds the missing part. Related work items: #41559779
PreviousNext