| commit | be5be0a4f5ebf00da151a06860deb11a0ffb609f | [log] [tgz] |
|---|---|---|
| author | Andres Erbsen <andreser@google.com> | Tue Jun 17 20:45:32 2025 -0400 |
| committer | Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> | Mon Jun 30 13:33:16 2025 -0700 |
| tree | 9193350447c2a6b910a7a5a64c9d38ad5eb93a55 | |
| parent | 78b48c1f2a973ff0a4ed18b9618d533101bd4144 [diff] |
Import Bedrock code for P-256 point double, add This code is currently only used in the p256.cc.inc (not nistz), but it uses formulas similar to the nistz implementation. In particular, point doubling is implemented using coordinate halving instead of multiplying denominators by powers of two. This change also removes the affine-addition optimization, counteracting some of the efficiency gains but still resulting in an overall speedup for client-side usage. This removal is intended to be temporary. The verified affine-addition function uses a slightly different (nistz-like) calling convention. Later work will unify the p256 and p256-nistz files behind the new calling convention and restore the optimization for both small and large tables. Benchmarks on Zen 4: ../main/build-small/bssl.json Did 14400 ECDH P-256 operations in 1000289us (14395.8 ops/sec) Did 37000 ECDSA P-256 signing operations in 1009883us (36637.9 ops/sec) Did 16000 ECDSA P-256 verify operations in 1003734us (15940.5 ops/sec) build-small/bssl.json Did 15886 ECDH P-256 operations in 1000894us (15871.8 ops/sec) [+10.3%] Did 36000 ECDSA P-256 signing operations in 1017983us (35364.0 ops/sec) [-3.5%] Did 18000 ECDSA P-256 verify operations in 1045215us (17221.3 ops/sec) [+8.0%] P-256 ECDH is still ~40% slower in the small build than full build. Estimating with double = 0.6 add, table size alone would yield ~30%. Change-Id: Ide90296f9e14bf543df4e397f088602942c0b658 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/79787 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> Auto-Submit: Andres Erbsen <andreser@google.com>
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.
Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.
BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.
Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.
Project links:
To file a security issue, use the Chromium process and mention in the report this is for BoringSSL. You can ignore the parts of the process that are specific to Chromium/Chrome.
There are other files in this directory which might be helpful: