From 4269156324ff9c5095c8f663c7cebd1a6ce32374 Mon Sep 17 00:00:00 2001 From: "update-envoy[bot]" <135279899+update-envoy[bot]@users.noreply.github.com> Date: Wed, 17 Jan 2024 01:47:41 +0000 Subject: [PATCH] cryptomb: support ECDSA (#31789) Additional Description: The CryptoMB private key provider only supports RSA at the time, the patch adds ECDSA support to it. Risk Level: Low (as contrib extension) Testing: Unit and integration tests Docs Changes: N/A Release Notes: N/A Platform Specific Features: Requires AVX512 or equivalent CPU instruction set Signed-off-by: Xie Zhihao Mirrored from https://github.com/envoyproxy/envoy @ 8dcb3165334b8d9fdec7bb9f5f0b103d97f858d3 --- .../private_key_providers/cryptomb/v3alpha/cryptomb.proto | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/envoy/extensions/private_key_providers/cryptomb/v3alpha/cryptomb.proto b/contrib/envoy/extensions/private_key_providers/cryptomb/v3alpha/cryptomb.proto index 20290d88..cba32b76 100644 --- a/contrib/envoy/extensions/private_key_providers/cryptomb/v3alpha/cryptomb.proto +++ b/contrib/envoy/extensions/private_key_providers/cryptomb/v3alpha/cryptomb.proto @@ -21,10 +21,10 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // A CryptoMbPrivateKeyMethodConfig message specifies how the CryptoMb private // key provider is configured. The private key provider provides ``SIMD`` -// processing for RSA sign and decrypt operations (ECDSA signing uses regular -// BoringSSL functions). The provider works by gathering the operations into a -// worker-thread specific queue, and processing the queue using ``ipp-crypto`` -// library when the queue is full or when a timer expires. +// processing for ECDSA sign operations and RSA sign and decrypt operations. +// The provider works by gathering the operations into a worker-thread specific +// queue, and processing the queue using ``ipp-crypto`` library when the queue +// is full or when a timer expires. // [#extension-category: envoy.tls.key_providers] message CryptoMbPrivateKeyMethodConfig { // Private key to use in the private key provider. If set to inline_bytes or