-
-
Notifications
You must be signed in to change notification settings - Fork 10.6k
Add threading support to the FIPS provider. #25537
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
Conversation
The FIPS provider does not include threading code directly. The core passes thread related methods to the providers so that the FIPS provider has access to threading. This allows complex algorithms such as ARGON or HSS to use threads once they are implemented in the FIPS provider. An existing PR for HSS will use and test this code.
@@ -15,6 +15,9 @@ | |||
# include <openssl/core.h> | |||
# include <openssl/indicator.h> | |||
|
|||
/* Note that this matches CRYPTO_THREAD_ROUTINE */ | |||
typedef uint32_t (*OSSL_thread_start_handler_fn)(void *); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note that the thread code is internal which is why this is defined here
Argon isn't available in FIPS yet. |
Rather than have people review roughly 70 files for the HSS work, I think it makes sense to break up the work into digestable sized PR's that have a chance of being more thoroughly reviewed. This is one such PR. |
In ref to Argon, See https://csrc.nist.gov/news/2023/proposal-to-revise-nist-sp-800-132-pbkdf |
Should the HSS have a feature branch then? |
Dont really see why it needs a feature branch. The work is mainly done. |
I think a feature branch makes sense - the review process is going to be "fun" and then we can keep it ready to hit the tree in a single chunk once all the various PRs get reviewed. |
Is the 'feature' branch process documented somewhere? Am I supposed to create it? |
For things such as #25499 I dont think they need to be on a feature branch.. (i.e.- a general fix). |
concur with feature branch suggestion. I think we need to start moving more work to feature branches to make inclusion decisions later in the development cycle more manageable |
This PR is in a state where it requires action by @openssl/committers but the last update was 30 days ago |
This PR is in a state where it requires action by @openssl/committers but the last update was 61 days ago |
This PR is in a state where it requires action by @openssl/committers but the last update was 92 days ago |
This PR is in a state where it requires action by @openssl/committers but the last update was 123 days ago |
This PR is in a state where it requires action by @openssl/committers but the last update was 154 days ago |
This PR is in a state where it requires action by @openssl/committers but the last update was 185 days ago |
This PR is in a state where it requires action by @openssl/committers but the last update was 216 days ago |
This PR is in a state where it requires action by @openssl/committers but the last update was 247 days ago |
This PR is in a state where it requires action by @openssl/committers but the last update was 278 days ago |
The FIPS provider does not include threading code directly. The core passes thread related methods to the providers so that the FIPS provider has access to threading.
This allows complex algorithms such as ARGON or HSS to use threads once they are implemented in the FIPS provider.
An existing PR for HSS will use and test this code.
Checklist