default crypto provider improvements by brody2consult · Pull Request #2089 · rustls/rustls

brody2consult · 2024-08-26T02:12:26Z

WHAT (updated)

add & use inline module to manage default crypto provider within rustls/src/crypto/mod.rs
fix rustls::crypto::CryptoProvider::install_default() to return consistent result type with both std & no-std build config
~~use Option:: unwrap_or_else() to shorten an internal function~~
rename some default crypto provider test functions (I would like to pull these out of PR ALT DRAFT RFC: add option to use alloc::rc::Rc for no-std targets w/o built-in atomic ops - INITIAL HACK #2088)

WHY - UPDATED:

SEE PR: #2088 & ISSUE #2068

This refactoring & cleanup would help make it easier to update & maintain the code that manages the default crypto provider.

The code needed to store the default crypto provider already depends on the build environment, requiring #[cfg statements sprinkled through some of the existing import statements, rustls::crypto::CryptoProvider API functions, and configuration-specific static variables in rustls/src/crypto/mod.rs.

This issue with the various bits of conditional code is expected to compound as more build options are added over time, for example:

replace alloc::arc::Arc with alloc::rc::Rc, with help from some type aliasing, to help support targets with non-atomic pointers
option to use once_cell with portable-atomic & critical-section crate options, as needed to support non-atomic pointers - and it should be possible to turn this option off in case there may be a more performant solution for certain build targets

In case of an embedded target with no atomic pointers or references, it would not be possible to build any part of this library using alloc::arc::Arc, and another solution such as using alloc::rc::Rc would be needed instead. For example, a type alias could be used to use alloc::rc::Rc in place of Arc (alloc::arc::Arc).

In this case, it would not be possible to support the existing default crypto provider API as it is depending on the Send & Sync support. Assuming that the existing default crypto provider API will be preserved, we would need to use a cfg directive to disable this default crypto provider functionality in this case. This would involve integrating cfg directive updates with some previously existing cfg directives in multiple places, becoming harder & harder to read, understand, and maintain.

Moving the default crypto provider functionality into an internal module would simplify the ability to keep or remove this functionality depending on the build target.

I think this refactoring should offer some further benefits, regardless of these anticipated updated:

improve readability of the default crypto provider code in general
improve rustls::crypto::CryptoProvider::install_default API consistency for std vs non-std build config in general

codecov · 2024-08-26T02:23:56Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 94.63%. Comparing base (bcc295d) to head (f3c7813).
Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2089   +/-   ##
=======================================
  Coverage   94.63%   94.63%           
=======================================
  Files         102      102           
  Lines       23400    23408    +8     
=======================================
+ Hits        22145    22153    +8     
  Misses       1255     1255

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

djc

This makes sense to me, thanks!

rustls-benchmarking · 2024-08-26T11:23:57Z

Benchmark results

Instruction counts

Significant differences

There are no significant instruction count differences

Other differences

Click to expand

Scenario	Baseline	Candidate	Diff	Threshold
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha_server	10789270	10843380	54110 (0.50%)	0.84%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes_client	8552691	8567335	14644 (0.17%)	1.14%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_client	8581297	8593335	12038 (0.14%)	0.50%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes_server	10448154	10435194	-12960 (-0.12%)	0.71%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes_server	10831302	10819386	-11916 (-0.11%)	1.02%
handshake_no_resume_ring_1.3_ecdsap256_aes_client	3625624	3627840	2216 (0.06%)	0.43%
handshake_session_id_aws_lc_rs_1.2_rsa_aes_client	3875185	3873055	-2130 (-0.05%)	0.20%
handshake_tickets_aws_lc_rs_1.2_rsa_aes_client	4217479	4215529	-1950 (-0.05%)	0.21%
handshake_session_id_aws_lc_rs_1.2_rsa_aes_server	3878943	3877503	-1440 (-0.04%)	2.48%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_client	3087354	3086314	-1040 (-0.03%)	0.28%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes_client	3084094	3084956	862 (0.03%)	0.27%
handshake_tickets_aws_lc_rs_1.2_rsa_aes_server	5002684	5001304	-1380 (-0.03%)	4.06%
handshake_session_id_ring_1.2_rsa_aes_client	4237779	4236699	-1080 (-0.03%)	0.20%
handshake_tickets_ring_1.2_rsa_aes_client	4498503	4497603	-900 (-0.02%)	0.22%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes_server	`1281273`	1281437	164 (0.01%)	0.20%
handshake_tickets_ring_1.3_rsa_aes_server	43958514	43963104	4590 (0.01%)	0.20%
handshake_tickets_ring_1.3_ecdsap384_aes_server	43961871	43966461	4590 (0.01%)	0.20%
handshake_tickets_ring_1.3_ecdsap256_aes_server	43961872	43966462	4590 (0.01%)	0.20%
handshake_session_id_ring_1.3_rsa_aes_server	43303373	43307843	4470 (0.01%)	0.20%
handshake_session_id_ring_1.3_ecdsap256_aes_server	43306266	43310736	4470 (0.01%)	0.20%
handshake_session_id_ring_1.3_ecdsap384_aes_server	43306289	43310759	4470 (0.01%)	0.20%
handshake_tickets_ring_1.2_rsa_aes_server	4682697	4682247	-450 (-0.01%)	0.20%
handshake_session_id_ring_1.2_rsa_aes_server	4238740	4238350	-390 (-0.01%)	0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha_server	32073485	32076335	2850 (0.01%)	0.32%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes_server	32129854	32132699	2845 (0.01%)	0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha_client	30328805	30326144	-2661 (-0.01%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha_client	30762790	30760112	-2678 (-0.01%)	0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes_client	30350854	30348227	-2627 (-0.01%)	0.47%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha_client	30314239	30311627	-2612 (-0.01%)	0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes_server	32129462	32132225	2763 (0.01%)	0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha_client	30314738	30312145	-2593 (-0.01%)	0.48%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes_client	30350179	30347665	-2514 (-0.01%)	0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_aes_client	30750789	30748263	-2526 (-0.01%)	0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_aes_server	32126535	32129160	2625 (0.01%)	0.50%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha_client	30762392	30759891	-2501 (-0.01%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes_client	30728450	30725952	-2498 (-0.01%)	0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha_server	32076708	32079314	2606 (0.01%)	0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha_server	32076582	32079179	2597 (0.01%)	0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_aes_client	30364765	30362322	-2443 (-0.01%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes_client	30728427	30725955	-2472 (-0.01%)	0.37%
handshake_no_resume_ring_1.3_ecdsap256_chacha_client	3624670	3624954	284 (0.01%)	0.33%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha_client	30784912	30782515	-2397 (-0.01%)	0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes_server	2173620	2173785	165 (0.01%)	0.20%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes_client	1717609	1717503	-106 (-0.01%)	0.20%
handshake_session_id_ring_1.3_ecdsap256_chacha_client	41711356	41708786	-2570 (-0.01%)	0.20%
handshake_session_id_ring_1.3_ecdsap256_aes_client	41800066	41797496	-2570 (-0.01%)	0.20%
handshake_session_id_ring_1.3_rsa_chacha_client	41725582	41723022	-2560 (-0.01%)	0.20%
handshake_session_id_ring_1.3_rsa_aes_client	41814292	41811732	-2560 (-0.01%)	0.20%
handshake_tickets_ring_1.3_ecdsap256_chacha_client	42172801	42170243	-2558 (-0.01%)	0.20%
handshake_tickets_ring_1.3_ecdsap256_aes_client	42246595	42244037	-2558 (-0.01%)	0.20%
handshake_session_id_ring_1.3_ecdsap384_chacha_client	41711812	41709292	-2520 (-0.01%)	0.20%
handshake_tickets_ring_1.3_rsa_chacha_client	42187268	42184720	-2548 (-0.01%)	0.20%
handshake_tickets_ring_1.3_rsa_aes_client	42261062	42258514	-2548 (-0.01%)	0.20%
handshake_session_id_ring_1.3_ecdsap384_aes_client	41800522	41798002	-2520 (-0.01%)	0.20%
handshake_tickets_ring_1.3_ecdsap384_chacha_client	42173289	42170769	-2520 (-0.01%)	0.20%
handshake_tickets_ring_1.3_ecdsap384_aes_client	42246999	42244479	-2520 (-0.01%)	0.20%
handshake_tickets_ring_1.3_rsa_chacha_server	43867884	43870314	2430 (0.01%)	0.20%
handshake_tickets_ring_1.3_ecdsap384_chacha_server	43871241	43873671	2430 (0.01%)	0.20%
handshake_tickets_ring_1.3_ecdsap256_chacha_server	43871242	43873672	2430 (0.01%)	0.20%
handshake_session_id_ring_1.3_rsa_chacha_server	43195703	43198013	2310 (0.01%)	0.20%
handshake_session_id_ring_1.3_ecdsap256_chacha_server	43198596	43200906	2310 (0.01%)	0.20%
handshake_session_id_ring_1.3_ecdsap384_chacha_server	43198619	43200929	2310 (0.01%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes_server	34136267	34138065	1798 (0.01%)	0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_aes_server	34133321	34134984	1663 (0.00%)	0.50%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes_server	34136134	34137781	1647 (0.00%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha_server	34142039	34143680	1641 (0.00%)	0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha_server	34139413	34140942	1529 (0.00%)	0.37%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha_server	34142276	34143776	1500 (0.00%)	0.20%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes_client	1925948	1925878	-70 (-0.00%)	0.20%
handshake_no_resume_ring_1.3_ecdsap256_chacha_server	1667331	1667383	52 (0.00%)	1.01%
handshake_no_resume_ring_1.3_rsa_aes_client	2656169	2656090	-79 (-0.00%)	0.20%
handshake_no_resume_ring_1.3_rsa_chacha_client	2662012	2661933	-79 (-0.00%)	0.20%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha_client	1932669	1932614	-55 (-0.00%)	0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_server	1283634	1283599	-35 (-0.00%)	0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_server	2176736	2176794	58 (0.00%)	0.20%
handshake_no_resume_ring_1.2_rsa_aes_client	2563612	2563546	-66 (-0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes_client	68688403	68687122	-1281 (-0.00%)	0.20%
handshake_no_resume_ring_1.3_ecdsap256_aes_server	1670295	1670319	24 (0.00%)	1.03%
handshake_no_resume_ring_1.2_rsa_aes_server	11291888	11291771	-117 (-0.00%)	0.20%
handshake_no_resume_ring_1.3_ecdsap384_chacha_server	7619228	7619276	48 (0.00%)	0.20%
handshake_no_resume_ring_1.3_rsa_chacha_server	11481271	11481319	48 (0.00%)	0.20%
handshake_no_resume_ring_1.3_ecdsap384_aes_server	7617075	7617096	21 (0.00%)	0.20%
handshake_no_resume_ring_1.3_ecdsap384_aes_client	35183100	35183012	-88 (-0.00%)	0.20%
handshake_no_resume_ring_1.3_rsa_aes_server	11475316	11475340	24 (0.00%)	0.20%
handshake_no_resume_ring_1.3_ecdsap384_chacha_client	35185008	35184935	-73 (-0.00%)	0.20%
transfer_no_resume_ring_1.3_rsa_aes_client	58356602	58356613	11 (0.00%)	0.20%
transfer_no_resume_ring_1.3_rsa_aes_server	46492213	46492221	8 (0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap256_aes_client	58345711	58345701	-10 (-0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes_server	46484578	46484571	-7 (-0.00%)	0.22%
transfer_no_resume_ring_1.3_ecdsap384_chacha_client	92686927	92686933	6 (0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap384_chacha_server	80546258	80546263	5 (0.00%)	0.20%
transfer_no_resume_ring_1.2_rsa_aes_client	58239130	58239133	3 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes_client	58260230	58260233	3 (0.00%)	0.20%
transfer_no_resume_ring_1.2_rsa_aes_server	46395835	46395837	2 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes_server	46464443	46464445	2 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha_server	80667616	80667619	3 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes_client	58255277	58255275	-2 (-0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes_client	58257517	58257515	-2 (-0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_client	92718958	92718961	3 (0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap256_chacha_server	80547650	`8054764`	-2 (-0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_server	80646209	80646211	2 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_server	80671125	80671123	-2 (-0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap256_chacha_client	92677869	92677867	-2 (-0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_client	92716725	92716723	-2 (-0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes_server	46439674	46439673	-1 (-0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap384_aes_server	46476508	46476507	-1 (-0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap256_aes_server	46479167	46479168	1 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes_server	46489371	46489372	1 (0.00%)	0.20%
transfer_no_resume_ring_1.3_rsa_chacha_server	80560696	80560695	-1 (-0.00%)	0.20%
transfer_no_resume_ring_1.3_rsa_chacha_client	92688773	92688772	-1 (-0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap384_aes_client	58352857	58352857	0 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha_client	92722954	92722954	0 (0.00%)	0.20%

Wall-time

Significant differences

There are no significant wall-time differences

Other differences

Click to expand

Scenario	Baseline	Candidate	Diff	Threshold
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha	1.43 ms	1.39 ms	-0.03 ms (-2.37%)	3.41%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes	1.40 ms	1.37 ms	-0.03 ms (-2.22%)	3.99%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes	1.43 ms	1.40 ms	-0.03 ms (-2.07%)	2.46%
handshake_session_id_aws_lc_rs_1.2_rsa_aes	1.94 ms	1.92 ms	-0.03 ms (-1.33%)	3.16%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha	4.93 ms	5.00 ms	0.06 ms (1.25%)	2.68%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha	5.64 ms	5.71 ms	0.07 ms (1.20%)	2.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes	5.51 ms	5.44 ms	-0.07 ms (-1.19%)	5.23%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha	4.59 ms	4.65 ms	0.05 ms (1.18%)	2.33%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha	5.30 ms	5.36 ms	0.06 ms (1.16%)	2.10%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes	5.52 ms	5.46 ms	-0.06 ms (-1.15%)	4.76%
handshake_tickets_aws_lc_rs_1.2_rsa_aes	2.11 ms	2.09 ms	-0.02 ms (-1.13%)	3.72%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes	5.64 ms	5.70 ms	0.05 ms (0.96%)	2.30%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes	4.53 ms	4.49 ms	-0.04 ms (-0.95%)	5.65%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes	4.93 ms	4.97 ms	0.04 ms (0.90%)	2.91%
handshake_tickets_ring_1.3_ecdsap256_aes	6.65 ms	6.71 ms	0.06 ms (0.85%)	1.00%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes	5.25 ms	5.21 ms	-0.04 ms (-0.84%)	4.52%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes	4.60 ms	4.64 ms	0.04 ms (0.83%)	2.43%
handshake_session_id_ring_1.3_ecdsap256_aes	6.53 ms	6.58 ms	0.05 ms (0.79%)	1.58%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes	5.31 ms	5.36 ms	0.04 ms (0.79%)	1.83%
handshake_tickets_ring_1.3_rsa_aes	7.15 ms	7.20 ms	0.05 ms (0.71%)	1.36%
handshake_session_id_ring_1.3_rsa_aes	7.03 ms	7.08 ms	0.05 ms (0.68%)	1.45%
transfer_no_resume_ring_1.3_ecdsap256_aes	6.38 ms	6.34 ms	-0.04 ms (-0.68%)	3.96%
handshake_tickets_ring_1.3_ecdsap256_chacha	6.61 ms	6.65 ms	0.04 ms (0.67%)	1.18%
handshake_session_id_ring_1.3_ecdsap256_chacha	6.50 ms	6.54 ms	0.04 ms (0.66%)	1.32%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes	464.18 µs	461.28 µs	-2.90 µs (-0.63%)	4.22%
transfer_no_resume_ring_1.2_rsa_aes	6.80 ms	6.76 ms	-0.04 ms (-0.58%)	3.29%
handshake_tickets_ring_1.3_ecdsap384_aes	9.74 ms	9.79 ms	0.05 ms (0.55%)	1.00%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha	5.92 ms	5.95 ms	0.03 ms (0.54%)	3.04%
handshake_session_id_ring_1.3_ecdsap384_aes	9.62 ms	9.67 ms	0.05 ms (0.53%)	1.05%
transfer_no_resume_ring_1.3_ecdsap384_aes	9.49 ms	9.44 ms	-0.05 ms (-0.53%)	2.69%
handshake_tickets_ring_1.3_rsa_chacha	7.10 ms	7.14 ms	0.04 ms (0.51%)	1.23%
handshake_session_id_ring_1.3_rsa_chacha	6.99 ms	7.03 ms	0.04 ms (0.51%)	1.36%
handshake_tickets_ring_1.2_rsa_aes	1.60 ms	1.60 ms	0.01 ms (0.47%)	2.72%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha	13.97 ms	13.91 ms	-0.06 ms (-0.46%)	1.84%
transfer_no_resume_ring_1.3_rsa_aes	6.87 ms	6.84 ms	-0.03 ms (-0.46%)	3.84%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha	5.57 ms	5.60 ms	0.02 ms (0.44%)	2.47%
handshake_no_resume_ring_1.3_ecdsap256_aes	506.97 µs	504.80 µs	-2.17 µs (-0.43%)	3.03%
handshake_session_id_ring_1.3_ecdsap384_chacha	9.58 ms	9.62 ms	0.04 ms (0.42%)	1.00%
handshake_tickets_ring_1.3_ecdsap384_chacha	9.70 ms	9.74 ms	0.04 ms (0.42%)	1.00%
handshake_no_resume_ring_1.3_ecdsap256_chacha	503.56 µs	501.53 µs	-2.03 µs (-0.40%)	2.77%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha	462.23 µs	460.45 µs	-1.77 µs (-0.38%)	3.28%
transfer_no_resume_ring_1.3_ecdsap256_chacha	13.03 ms	12.98 ms	-0.05 ms (-0.38%)	1.77%
handshake_tickets_aws_lc_rs_1.3_rsa_aes	5.91 ms	5.93 ms	0.02 ms (0.38%)	2.85%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha	13.00 ms	12.95 ms	-0.04 ms (-0.34%)	1.89%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha	13.71 ms	13.67 ms	-0.04 ms (-0.30%)	1.65%
transfer_no_resume_ring_1.3_ecdsap384_chacha	16.13 ms	16.08 ms	-0.05 ms (-0.29%)	1.62%
transfer_no_resume_ring_1.3_rsa_chacha	13.52 ms	13.48 ms	-0.04 ms (-0.27%)	1.84%
handshake_session_id_aws_lc_rs_1.3_rsa_aes	5.58 ms	5.59 ms	0.01 ms (0.18%)	2.81%
handshake_no_resume_ring_1.3_ecdsap384_aes	3.61 ms	3.60 ms	-0.00 ms (-0.14%)	1.00%
handshake_no_resume_ring_1.3_rsa_chacha	996.76 µs	997.71 µs	0.95 µs (0.10%)	1.27%
handshake_no_resume_ring_1.3_ecdsap384_chacha	3.60 ms	3.60 ms	-0.00 ms (-0.09%)	1.00%
handshake_no_resume_ring_1.2_rsa_aes	991.38 µs	990.63 µs	-0.76 µs (-0.08%)	1.11%
handshake_session_id_ring_1.2_rsa_aes	1.52 ms	1.52 ms	0.00 ms (0.07%)	2.30%
handshake_no_resume_ring_1.3_rsa_aes	997.89 µs	997.50 µs	-0.39 µs (-0.04%)	1.13%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha	1.18 ms	1.18 ms	0.00 ms (0.02%)	1.72%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes	1.18 ms	1.18 ms	0.00 ms (0.01%)	1.75%

Additional information

Historical results

Checkout details:

Base repo: https://github.com/rustls/rustls.git
Base branch: main (bcc295d)
Candidate repo: https://github.com/brodycj/rustls.git
Candidate branch: default-crypto-provider-improvements (f3c7813)

cpu · 2024-08-26T14:28:49Z

Having not reviewed #2088 yet I think I'd appreciate some elaboration in the accompanying text to help this change set stand alone.

At the moment the commit message only says "default crypto provider improvements" and doesn't get into any motivation or enumerate any improvements. Similarly the PR description says it makes it easier to configure the provider in 2088, but doesn't expand on how.

The actual mechanics of the diff seem reasonable (once djc's feedback is addressed).

brody2consult · 2024-08-26T15:46:24Z

With the one clarification that I requested. all suggestions sounds good. I will try to get this proposal fixed within the next 1-2 days. Thanks!

brody2consult · 2024-08-27T18:16:38Z

I have now updated the description, rebased, and included some more info in the commit message to include the details of the what & why (with # removed from the issue & PR number references to avoid extra GitHub spamming) ... keeping this PR in draft status for now thanks!

djc

Here are a bunch of nits about the implementation. IMO @cpu's point still stands that, in isolation, this does not seem like an obvious improvement, mostly moving stuff around.

brody2consult · 2024-09-03T22:12:50Z

@djc thanks for taking the time to review this!

I may need a few days to go through your comments.... I would like to quote myself from what I wrote in both the updated PR description & in the updated commit message in terms of general motivation - please let me know if my motivation or any part of my motivation does not sound clear enough:

This refactoring & cleanup would help make it easier to update & maintain the code that manages the default crypto provider.

The code needed to store the default crypto provider already depends on the build environment, requiring #[cfg statements sprinkled through some of the existing import statements, rustls::crypto::CryptoProvider API functions, and configuration-specific static variables in rustls/src/crypto/mod.rs.

This issue with the various bits of conditional code is expected to compound as more build options are added over time, for example:

replace alloc::arc::Arc with alloc::rc::Rc, with help from some type aliasing, to help support targets with non-atomic pointers

option to use once_cell with critical-section crate option, as needed to support non-atomic pointers - and it should be possible to turn this option off in case there may be a more performant solution for certain build targets

Moving the default crypto provider functionality into an internal module would simplify the ability to keep or remove this functionality depending on the build target.

I think this refactoring should offer some further benefits, regardless of these anticipated updated:

improve readability of the default crypto provider code in general

improve rustls::crypto::CryptoProvider::install_default API consistency for std vs non-std build config in general

cpu · 2024-09-30T13:33:59Z

@djc thanks for taking the time to review this!

I may need a few days to go through your comments....

@brodycj Checking in on this PR: will you have time to address Djc's feedback?

brody2consult · 2024-10-02T16:37:58Z

I have now addressed @djc most recent comments & rebased into a clean commit, with an updated commit message that contains the updated justification. Heads up that I will likely unplug for the rest of this week due to a religious holiday. Thanks!

cpu · 2024-10-02T16:54:31Z

+    #[cfg(not(feature = "std"))]
+    pub(crate) fn install_default(
+        default_provider: CryptoProvider,
+    ) -> Result<(), Arc<CryptoProvider>> {


Is changing this return type from Result<(), Box<Arc<Self>>> a breaking change for no-std users? It feels like yes.

I think so, but it fixes the feature-controlled breaking change which I would argue is kind of worse.

True, and I think the no-std userbase is very small at this point.

- add & use inline module to manage default crypto provider within `rustls/src/crypto/mod.rs` - fix `rustls::crypto::CryptoProvider::install_default` fn to return consistent result type with both `std` & `no-std` build config --- WHY This refactoring & cleanup would help make it easier to update & maintain the code that manages the default crypto provider. The code needed to store the default crypto provider already depends on the build environment, requiring `#[cfg(...)` statements sprinkled through some of the existing import statements, `rustls::crypto::CryptoProvider` API functions, and configuration-specific static variables in `rustls/src/crypto/mod.rs`. This issue with the various bits of conditional code is expected to compound as more build options are added over time, for example: - replace `alloc::arc::Arc` with `alloc::rc::Rc`, with help from some type aliasing, to help support targets with non-atomic pointers - option to use `once_cell` with `portable-atomic` & `critical-section` crate options, as may be needed to support non-atomic pointers - and it should be possible to turn this option off in case there may be a more performant solution for certain build targets Moving the default crypto provider functionality into an internal module would simplify the ability to keep or remove this functionality depending on the build target. This refactoring should offer some further benefits, regardless of these anticipated updated: - improve readability of the default crypto provider code in general - improve `rustls::crypto::CryptoProvider::install_default` API consistency for `std` vs `non-std` build config in general

brody2consult · 2024-10-02T17:47:42Z

rebased again with a few more updates & fixes:

updates from main
use map_err() to simplify internal fn for no-std (with minor reformatting)
remove internal type alias for PROCESS_DEFAULT_PROVIDER (I still like it, but definitely less concise with the type alias)

ctz · 2024-10-03T08:09:07Z

Thanks!

brody2consult mentioned this pull request Aug 26, 2024

ALT DRAFT RFC: add option to use alloc::rc::Rc for no-std targets w/o built-in atomic ops - INITIAL HACK #2088

Closed

djc approved these changes Aug 26, 2024

View reviewed changes

Comment thread rustls/src/crypto/mod.rs Outdated

Comment thread rustls/src/crypto/mod.rs

Comment thread rustls/src/crypto/mod.rs Outdated

Comment thread rustls/src/crypto/mod.rs Outdated

brody2consult marked this pull request as draft August 27, 2024 16:40

brody2consult force-pushed the default-crypto-provider-improvements branch from 62bc348 to 45ebcf1 Compare August 27, 2024 18:12

brody2consult changed the title ~~default crypto provider improvements~~ [DRAFT] default crypto provider improvements - DRAFT WIP Aug 27, 2024

brody2consult force-pushed the default-crypto-provider-improvements branch from c34c7cd to 36e39ef Compare September 3, 2024 02:08

brody2consult changed the title ~~[DRAFT] default crypto provider improvements - DRAFT WIP~~ default crypto provider improvements & cleanup Sep 3, 2024

brody2consult marked this pull request as ready for review September 3, 2024 03:04

brody2consult requested a review from djc September 3, 2024 03:12

brody2consult force-pushed the default-crypto-provider-improvements branch from 96eaf28 to fb1e514 Compare September 3, 2024 03:16

brody2consult marked this pull request as draft September 3, 2024 04:26

brody2consult changed the title ~~default crypto provider improvements & cleanup~~ default crypto provider improvements etc. Sep 3, 2024

brody2consult changed the title ~~default crypto provider improvements etc.~~ default crypto provider improvements (etc.) Sep 3, 2024

brody2consult force-pushed the default-crypto-provider-improvements branch from be9bd9f to ffe5ba4 Compare September 3, 2024 04:46

brody2consult marked this pull request as ready for review September 3, 2024 04:53

djc approved these changes Sep 3, 2024

View reviewed changes

Comment thread rustls/tests/process_provider.rs Outdated

Comment thread rustls/src/crypto/mod.rs

Comment thread rustls/src/crypto/mod.rs Outdated

Comment thread rustls/src/crypto/mod.rs Outdated

Comment thread rustls/src/crypto/mod.rs Outdated

brody2consult marked this pull request as draft September 3, 2024 22:05

brody2consult changed the title ~~default crypto provider improvements (etc.)~~ DRAFT: multiple default crypto provider improvements (etc.) Sep 3, 2024

brody2consult commented Oct 2, 2024

View reviewed changes

Comment thread rustls/src/crypto/mod.rs Outdated

brody2consult force-pushed the default-crypto-provider-improvements branch from 3302836 to a8f18e3 Compare October 2, 2024 16:34

brody2consult changed the title ~~DRAFT: multiple default crypto provider improvements (etc.)~~ default crypto provider improvements Oct 2, 2024

brody2consult marked this pull request as ready for review October 2, 2024 16:36

cpu reviewed Oct 2, 2024

View reviewed changes

cpu approved these changes Oct 2, 2024

View reviewed changes

brody2consult force-pushed the default-crypto-provider-improvements branch from 81c25bc to f3c7813 Compare October 2, 2024 17:45

ctz approved these changes Oct 3, 2024

View reviewed changes

djc approved these changes Oct 3, 2024

View reviewed changes

ctz added this pull request to the merge queue Oct 3, 2024

Merged via the queue into rustls:main with commit 2d3b7ab Oct 3, 2024

Uh oh!

Conversation

brody2consult commented Aug 26, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

codecov Bot commented Aug 26, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

djc left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

rustls-benchmarking Bot commented Aug 26, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Benchmark results

Instruction counts

Significant differences

Other differences

Wall-time

Significant differences

Other differences

Additional information

Uh oh!

cpu commented Aug 26, 2024

Uh oh!

brody2consult commented Aug 26, 2024

Uh oh!

brody2consult commented Aug 27, 2024

Uh oh!

djc left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

brody2consult commented Sep 3, 2024

Uh oh!

cpu commented Sep 30, 2024

Uh oh!

Uh oh!

brody2consult commented Oct 2, 2024

Uh oh!

Uh oh!

Uh oh!

cpu Oct 2, 2024

Choose a reason for hiding this comment

Uh oh!

ctz Oct 2, 2024

Choose a reason for hiding this comment

Uh oh!

cpu Oct 2, 2024

Choose a reason for hiding this comment

Uh oh!

brody2consult commented Oct 2, 2024

Uh oh!

ctz commented Oct 3, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

brody2consult commented Aug 26, 2024 •

edited

Loading

codecov Bot commented Aug 26, 2024 •

edited

Loading

djc left a comment •

edited

Loading

rustls-benchmarking Bot commented Aug 26, 2024 •

edited

Loading