)]}'
{
  "commit": "d1b451676eada2f2dcad9a20debf8b76fa17f403",
  "tree": "1d80d9a83419b57507e65f985edc5934d3eddb24",
  "parents": [
    "3a16df9aa055b8e330bc1fa2e09e0be8ee404a94"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Thu Feb 02 14:50:36 2023 -0500"
  },
  "committer": {
    "name": "Boringssl LUCI CQ",
    "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com",
    "time": "Mon Feb 06 21:10:41 2023 +0000"
  },
  "message": "Add bn_add_words and bn_sub_words assembly for aarch64.\n\nIt is 2023 and compilers *still* cannot use carry flags effectively,\nparticularly GCC.\n\nThere are some Clang-specific built-ins which help x86_64 (where we have\nasm anyway) but, on aarch64, the built-ins actually *regress\nperformance* over the current formulation! I suspect Clang is getting\nconfused by Arm and Intel having opposite borrow flags.\nhttps://clang.llvm.org/docs/LanguageExtensions.html#multiprecision-arithmetic-builtins\n\nJust include aarch64 assembly to avoid this. This provides a noticeable\nperf boost in code that uses these functions (Where bn_mul_mont is\navailable, they\u0027re not used much in RSA, but the generic EC\nimplementation does modular additions, and RSA private key checking\nspends a lot of time in our add/sub-based bn_div_consttime.)\n\nThe new code is also smaller than the generic one (18 instructions\neach), probably because it avoids all the flag spills and only tries to\nunroll by two iterations.\n\nBefore:\nDid 7137 RSA 2048 signing operations in 4022094us (1774.4 ops/sec)\nDid 326000 RSA 2048 verify (same key) operations in 4001828us (81462.8 ops/sec)\nDid 278000 RSA 2048 verify (fresh key) operations in 4001392us (69475.8 ops/sec)\nDid 34830 RSA 2048 private key parse operations in 4038893us (8623.7 ops/sec)\nDid 1196 RSA 4096 signing operations in 4015759us (297.8 ops/sec)\nDid 90000 RSA 4096 verify (same key) operations in 4041959us (22266.4 ops/sec)\nDid 79000 RSA 4096 verify (fresh key) operations in 4034561us (19580.8 ops/sec)\nDid 12222 RSA 4096 private key parse operations in 4004831us (3051.8 ops/sec)\nDid 10626 ECDSA P-384 signing operations in 4030764us (2636.2 ops/sec)\nDid 10800 ECDSA P-384 verify operations in 4052718us (2664.9 ops/sec)\nDid 4182 ECDSA P-521 signing operations in 4076198us (1026.0 ops/sec)\nDid 4059 ECDSA P-521 verify operations in 4063819us (998.8 ops/sec)\n\nAfter:\nDid 7189 RSA 2048 signing operations in 4021331us (1787.7 ops/sec) [+0.7%]\nDid 326000 RSA 2048 verify (same key) operations in 4010811us (81280.3 ops/sec) [-0.2%]\nDid 278000 RSA 2048 verify (fresh key) operations in 4004206us (69427.0 ops/sec) [-0.1%]\nDid 53040 RSA 2048 private key parse operations in 4050953us (13093.2 ops/sec) [+51.8%]\nDid 1200 RSA 4096 signing operations in 4035548us (297.4 ops/sec) [-0.2%]\nDid 90000 RSA 4096 verify (same key) operations in 4035686us (22301.0 ops/sec) [+0.2%]\nDid 80000 RSA 4096 verify (fresh key) operations in 4020989us (19895.6 ops/sec) [+1.6%]\nDid 20468 RSA 4096 private key parse operations in 4037474us (5069.5 ops/sec) [+66.1%]\nDid 11070 ECDSA P-384 signing operations in 4023595us (2751.3 ops/sec) [+4.4%]\nDid 11232 ECDSA P-384 verify operations in 4063116us (2764.4 ops/sec) [+3.7%]\nDid 4387 ECDSA P-521 signing operations in 4052728us (1082.5 ops/sec) [+5.5%]\nDid 4305 ECDSA P-521 verify operations in 4064660us (1059.1 ops/sec) [+6.0%]\n\nChange-Id: If2f739373cdd10fa1d4925d5e2725e87d2255fc0\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/56966\nReviewed-by: Bob Beck \u003cbbe@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "2bfadab440ae17e3b79bf608a18caa52fd76fae7",
      "old_mode": 33188,
      "old_path": "crypto/fipsmodule/CMakeLists.txt",
      "new_id": "66fd44838fa6daed945b85a54114a69c782bb417",
      "new_mode": 33188,
      "new_path": "crypto/fipsmodule/CMakeLists.txt"
    },
    {
      "type": "add",
      "old_id": "0000000000000000000000000000000000000000",
      "old_mode": 0,
      "old_path": "/dev/null",
      "new_id": "5aed8df15f41b6b7dd25e55c1a24e853225c16ba",
      "new_mode": 33261,
      "new_path": "crypto/fipsmodule/bn/asm/bn-armv8.pl"
    },
    {
      "type": "modify",
      "old_id": "628cc53a6c61f387ddf19bdf5bd97d3776a6f311",
      "old_mode": 33188,
      "old_path": "crypto/fipsmodule/bn/generic.c",
      "new_id": "df4a834af721bfc69032cf9a207e53a3068d38b6",
      "new_mode": 33188,
      "new_path": "crypto/fipsmodule/bn/generic.c"
    }
  ]
}