Functionality
- Crypto Multi buffer library was extended with Intel® AVX-IFMA implementation of ECDSA (Sign and Verify), public key generation, ECDHE over NIST p256r1 curve
- Added support for HKDF, Hashed Message Authentication Code (HMAC)-based key derivation function as defined by RFC-5869
- Added support for SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128 and SHAKE256 hash algorithms as defined by FIPS PUB 202
Experimental Features
- Added support of Key and signature generations for the eXtended Merkle Signature Scheme (XMSS) algorithm
Limitations
ippsXMSSSign()andippsXMSSKeyGen()API were not validated with Constant-time execution tests due to a limitation of the testing methodology, so the resistance to side-channel attacks cannot be guaranteed for this API. This limitation will be eliminated in one of the next product releases by changing the testing methodologyippsXMSSKeyGen()API by default works with RDRAND-based Pseudo Random Number Generator (PRNG). If this instruction is not available on a target CPU, a third-party PRNG should be provided toippsXMSSKeyGen()API, see more details in the function's documentation
Usability and Documentation
- Minimal supported BoringSSL version was increased to 0.20250114.0 tag
- Minimal supported Python version was increased to 3.12.0
- reStructuredText (.rst) documentation is now published to
docfolder, with corresponding rendered GitHub Pages for each commit
Bug fixes
- Fixed memory release issue in FIPS selftests which appears when FIPS module of the library is built with
-DIPPCP_SELFTEST_USE_MALLOC:BOOL=onoption - Fixed build issue for 1cpu crypto_mb which appears when specifying a target platforms set with -
DMERGED_BLD:BOOL=off and -DMBX_PLATFORM_LIST="<platform list>"
Known Limitations
The thread safety is not guaranteed for the following API:
ippsHashMethod_<hash>(),ippsHashMethod_<hash>_NI()andippsHashMethod_<hash>_TT(), where possible values of are MD5, SM3, SHA1, SHA256, SHA512, SHA384, 512_256, 512_224, SHA3_224, SHA3_256, SHA3_384, SHA3_512, SHAKE128, SHAKE256