|author||David Benjamin <firstname.lastname@example.org>||Tue Aug 08 17:21:28 2017 -0400|
|committer||David Benjamin <email@example.com>||Mon Aug 14 19:16:25 2017 +0000|
Enable ADX in x86_64-mont*.pl. This is a reland of https://boringssl-review.googlesource.com/18965 which was reverted due to Windows toolchain problems that have since been fixed. We have an SDE bot now and can more easily test things. We also enabled ADX in rsaz-avx2.pl which does not work without x86_64-mont*.pl enabled. rsa-avx2.pl's ADX code only turns itself off so that the faster ADX code can be used... but we disable it. Verified, after reverting the fix, the test vectors we imported combined with Intel SDE catches CVE-2016-7055, so we do indeed have test coverage. Also verified on the Windows version of Intel SDE. Thanks to Alexey Ivanov for pointing out the discrepancy. Skylake numbers: Before: Did 7296 RSA 2048 signing operations in 10038191us (726.8 ops/sec) Did 209000 RSA 2048 verify operations in 10030629us (20836.2 ops/sec) Did 1080 RSA 4096 signing operations in 10072221us (107.2 ops/sec) Did 60836 RSA 4096 verify operations in 10053929us (6051.0 ops/sec) ADX consistently off: Did 9360 RSA 2048 signing operations in 10025823us (933.6 ops/sec) Did 220000 RSA 2048 verify operations in 10024339us (21946.6 ops/sec) Did 1048 RSA 4096 signing operations in 10006782us (104.7 ops/sec) Did 61936 RSA 4096 verify operations in 10088011us (6139.6 ops/sec) After (ADX consistently on): Did 10444 RSA 2048 signing operations in 10006781us (1043.7 ops/sec) Did 323000 RSA 2048 verify operations in 10012192us (32260.7 ops/sec) Did 1610 RSA 4096 signing operations in 10044930us (160.3 ops/sec) Did 96000 RSA 4096 verify operations in 10075606us (9528.0 ops/sec) Change-Id: I2502ce80e9cfcdea40907512682e3a6663000faa Reviewed-on: https://boringssl-review.googlesource.com/19105 Reviewed-by: Adam Langley <firstname.lastname@example.org> Commit-Queue: David Benjamin <email@example.com>
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.
Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.
BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.
Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.
There are other files in this directory which might be helpful: