)]}' { "commit": "1c2e61efefdd67274f7a52049783c300481ae9b8", "tree": "55659851d0b1fc72a48a83fd6eb1aaf6059530bb", "parents": [ "263f4899738dfe97925ba07313fecc90b706d70a" ], "author": { "name": "Adam Langley", "email": "alangley@gmail.com", "time": "Tue Feb 15 13:29:38 2022 -0800" }, "committer": { "name": "Adam Langley", "email": "alangley@gmail.com", "time": "Sat Feb 19 13:08:10 2022 +0000" }, "message": "Make RSA self-test lazy.\n\nWe need to ensure that all public functions that end up doing a\ncryptographic RSA operation run the self-tests first. We could do that\nby putting calls in the lower-most functions but the self-tests must run\noperations without creating a cycle. Therefore calls are placed as low\ndown as possible except where it would conflict with the self-tests.\nSome functions need to be split so that there\u0027s a private version that\ndoesn\u0027t require that the self tests have passed.\n\nHere\u0027s the call-graph that I used for this:\n\n ┌───────────────────────────┐\n │ private_decrypt │\n └───────────────────────────┘\n │\n │\n ▼\n ┌───────────────────────────┐\n │ decrypt │\n └───────────────────────────┘\n │\n │\n ▼\n ┌───────────────────────────┐\n │ default_decrypt │\n └───────────────────────────┘\n │\n │\n ▼\n ┌───────────────────────────┐\n │ private_transform │ ◀┐\n └───────────────────────────┘ │\n │ │\n │ │\n ▼ │\n ┌───────────────────────────┐ │\n │ default_private_transform │ │\n └───────────────────────────┘ │\n ┌───────────────────────────┐ │\n │ private_encrypt │ │\n └───────────────────────────┘ │\n ┌───────────────┐ │ │\n │ sign_pss_mgf1 │ │ │\n └───────────────┘\\ ▼ │\n ┌────────┐ ┌───────────────────────────┐ │\n │ sign │ ──▶ │ sign_raw │ │\n └────────┘ └───────────────────────────┘ │\n │ │\n │ │\n ▼ │\n ┌───────────────────────────┐ │\n │ default_sign_raw │ ─┘\n └───────────────────────────┘\n ┌−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−┐\n ╎ Verification ╎\n ╎ ╎\n ╎ ┌───────────────────────────┐ ╎\n ╎ │ public_decrypt │ ╎\n ╎ └───────────────────────────┘ ╎\n ╎ │ ╎\n ╎ │ ╎\n ╎ │ ╎\n┌−−−−−−−−−−−−−−−− │ ╎\n╎ ▼ ╎\n╎ ┌────────┐ ┌───────────────────────────┐ ╎\n╎ │ verify │ ────▶ │ verify_raw │ ╎\n╎ └────────┘ └───────────────────────────┘ ╎\n╎ ╎\n└−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−┘\n ┌−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−┐\n ╎ Encryption ╎\n ╎ ╎\n ╎ ┌───────────────────────────┐ ╎\n ╎ │ public_encrypt │ ╎\n ╎ └───────────────────────────┘ ╎\n ╎ │ ╎\n ╎ │ ╎\n ╎ ▼ ╎\n ╎ ┌───────────────────────────┐ ╎\n ╎ │ encrypt │ ╎\n ╎ └───────────────────────────┘ ╎\n ╎ ╎\n └−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−┘\n\nSpeed difference looks to be in the noise.\n\nBefore:\n\nDid 19716 RSA 2048 signing operations in 10050000us (1961.8 ops/sec)\nDid 712000 RSA 2048 verify (same key) operations in 10007156us (71149.1 ops/sec)\nDid 590000 RSA 2048 verify (fresh key) operations in 10004296us (58974.7 ops/sec)\nDid 101866 RSA 2048 private key parse operations in 10090285us (10095.5 ops/sec)\nDid 2919 RSA 4096 signing operations in 10019359us (291.3 ops/sec)\nDid 203000 RSA 4096 verify (same key) operations in 10008421us (20282.9 ops/sec)\nDid 175000 RSA 4096 verify (fresh key) operations in 10026353us (17454.0 ops/sec)\nDid 30900 RSA 4096 private key parse operations in 10090073us (3062.4 ops/sec)\n\nAfter:\n\nDid 19525 RSA 2048 signing operations in 10000499us (1952.4 ops/sec)\nDid 706000 RSA 2048 verify (same key) operations in 10002172us (70584.7 ops/sec)\nDid 588000 RSA 2048 verify (fresh key) operations in 10010856us (58736.2 ops/sec)\nDid 101864 RSA 2048 private key parse operations in 10063474us (10122.2 ops/sec)\nDid 2919 RSA 4096 signing operations in 10037480us (290.8 ops/sec)\nDid 203000 RSA 4096 verify (same key) operations in 10026966us (20245.4 ops/sec)\nDid 175000 RSA 4096 verify (fresh key) operations in 10032281us (17443.7 ops/sec)\nDid 31416 RSA 4096 private key parse operations in 10031047us (3131.9 ops/sec)\n\nChange-Id: I8dec8a33066717b7078f160e3f93c33cd354bb0c\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51426\nReviewed-by: David Benjamin \u003cdavidben@google.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "4b0f7e191bf0b391abdfb56a8aef7bdcdef47d97", "old_mode": 33188, "old_path": "crypto/fipsmodule/bcm.c", "new_id": "505510cfb583241842b731cc58c70b826db77699", "new_mode": 33188, "new_path": "crypto/fipsmodule/bcm.c" }, { "type": "modify", "old_id": "d9d6fac80b9a25c5eadfff01d198bafeb181bedf", "old_mode": 33188, "old_path": "crypto/fipsmodule/rsa/internal.h", "new_id": "1cb3b5f3bca0d4971d308be708f2dd03d12f442f", "new_mode": 33188, "new_path": "crypto/fipsmodule/rsa/internal.h" }, { "type": "modify", "old_id": "83649d3f7bf57a11b7119c48d18e247782c6e5ae", "old_mode": 33188, "old_path": "crypto/fipsmodule/rsa/rsa.c", "new_id": "03acd276d2b0e422e31340c98f26071803618a48", "new_mode": 33188, "new_path": "crypto/fipsmodule/rsa/rsa.c" }, { "type": "modify", "old_id": "a6865c03fa76b14789d83b72a3c10dab953355fc", "old_mode": 33188, "old_path": "crypto/fipsmodule/rsa/rsa_impl.c", "new_id": "1046f35231544e5007378b1cce2c0937c5830dc9", "new_mode": 33188, "new_path": "crypto/fipsmodule/rsa/rsa_impl.c" }, { "type": "modify", "old_id": "fe40d90e16e79a10e7552e9f37ba38ce45755c50", "old_mode": 33188, "old_path": "crypto/fipsmodule/self_check/self_check.c", "new_id": "21e9e0a58b253ccdc755d7ed8cbc5d22f4ff6f33", "new_mode": 33188, "new_path": "crypto/fipsmodule/self_check/self_check.c" }, { "type": "modify", "old_id": "fe2ba39da6480896626800db95d3549fdc159168", "old_mode": 33188, "old_path": "crypto/internal.h", "new_id": "dac515cc7e8d62a397213317791e43bb4c84aebc", "new_mode": 33188, "new_path": "crypto/internal.h" } ] }