fix(crypto): use `ring` for non-fips builds by duncanista · Pull Request #1816 · DataDog/libdatadog

duncanista · 2026-03-27T20:01:50Z

What does this PR do?

Switches the default (non-FIPS) crypto backend for rustls from aws-lc-rs to ring across all platforms, and changes reqwest's TLS feature from rustls to rustls-no-provider to prevent reqwest from forcing aws-lc-rs back into the dependency tree.

Changes:

libdd-common/Cargo.toml: Removed cfg(unix)/cfg(not(unix)) platform-specific rustls/hyper-rustls deps. Both now use ring unconditionally. Switched reqwest feature from rustls to rustls-no-provider. Pinned rustls-native-certs to <0.8.3.
libdd-common/src/connector/mod.rs: Simplified ensure_crypto_provider_initialized() to always install ring's provider, removing platform #[cfg] branches.
libdd-profiling/Cargo.toml: Same — removed platform split for rustls, unified on ring. Switched reqwest to rustls-no-provider.
libdd-profiling/src/exporter/tls.rs: Simplified default_crypto_provider() to always return ring's provider.
libdd-http-client/Cargo.toml: Switched https feature from reqwest?/rustls to reqwest?/rustls-no-provider. Added rustls with ring as dev-dependency for tests.
Test files: Added explicit ensure_crypto_provider() calls in libdd-common/tests/reqwest_builder_test.rs and all libdd-http-client test files, since rustls-no-provider does not auto-install a crypto provider.

FIPS builds are unchanged — hyper-rustls/fips continues to activate aws-lc-rs as the FIPS-certified backend.

Motivation

Reduce binary size by eliminating aws-lc-sys (a large C crypto library) from non-FIPS builds.

Measured binary size reduction (macOS arm64, release profile):

Artifact	Before (aws-lc-rs)	After (ring)	Savings
`libdatadog_profiling_ffi.dylib`	9.0 MB	7.8 MB	1.2 MB (13%)
`libdatadog_profiling_ffi.a`	154 MB	145 MB	9 MB (6%)

The .a percentage is smaller because it contains all object files before link-time dead-code elimination. The .dylib reflects actual linked output where the crypto portion is a larger share of the total.

Additionally, reqwest 0.13's rustls feature implicitly enables __rustls-aws-lc-rs, which forces aws-lc-rs into the tree regardless of what the consumer configures on rustls directly. This made it impossible to use ring-only builds without switching to rustls-no-provider. As a side effect, this also drops the quinn/QUIC HTTP/3 stack (quinn, quinn-proto, quinn-udp, lru-slab, web-time) from the dependency tree, which was being pulled in by reqwest's rustls feature but never used.

This is the first step in a cross-repo effort to standardize on ring for non-FIPS and aws-lc-rs for FIPS-only across libdatadog and its downstream consumers.

Additional Notes

rustls-platform-verifier in libdd-profiling is intentionally kept — it's there for the cert-caching performance fix (PR perf(profiling): cache TLS in ProfileExporter::new #1619), not for crypto backend selection.
rustls-native-certs is pinned to >=0.8.1, <0.8.3 — version 0.8.3+ pulls in openssl-probe@0.2 which probes multiple certificate directories and parses individual cert files instead of loading a single bundle, adding unnecessary I/O overhead in latency-sensitive environments.
The previous cfg(unix)/cfg(not(unix)) split existed because aws-lc-rs had build issues on Windows. Since we're now using ring everywhere, the platform split is no longer necessary.
FIPS provider initialization remains the caller's responsibility — ensure_crypto_provider_initialized() is a no-op when the fips feature is enabled, and the caller must install the FIPS-compliant provider (e.g., aws-lc-rs FIPS) before any TLS connections. This is existing behavior, unchanged by this PR.

How to test the change?

Verify aws-lc-rs is absent from the default dependency tree:

cargo tree --workspace -i aws-lc-rs
# Expected: "error: package ID specification `aws-lc-rs` did not match any packages"

Verify ring is the sole crypto backend:

cargo tree --workspace -i ring
# Expected: ring present, used by rustls -> hyper-rustls -> libdd-common / libdd-profiling

Verify FIPS builds still pull in aws-lc-rs:

cargo tree -p libdd-common --features fips -i aws-lc-rs
# Expected: aws-lc-rs present via hyper-rustls/fips

Verify full workspace compiles:

cargo check --workspace
cargo check -p libdd-common --features fips

Verify rustls-native-certs stays below 0.8.3:

cargo tree -p rustls-native-certs
# Expected: v0.8.1 or v0.8.2

github-actions · 2026-03-27T20:04:29Z

Clippy Allow Annotation Report

Comparing clippy allow annotations between branches:

Base Branch: origin/main
PR Branch: origin/jordan.gonzalez/crypto/ring-for-non-fips

Summary by Rule

Rule	Base Branch	PR Branch	Change
unwrap_used	1	1	No change (0%)
Total	1	1	No change (0%)

Annotation Counts by File

File	Base Branch	PR Branch	Change
`libdd-common/src/connector/conn_stream.rs`	1	1	No change (0%)

Annotation Stats by Crate

Crate	Base Branch	PR Branch	Change
`clippy-annotation-reporter`	5	5	No change (0%)
`datadog-ffe-ffi`	1	1	No change (0%)
`datadog-ipc`	21	21	No change (0%)
`datadog-live-debugger`	6	6	No change (0%)
`datadog-live-debugger-ffi`	10	10	No change (0%)
`datadog-profiling-replayer`	4	4	No change (0%)
`datadog-remote-config`	3	3	No change (0%)
`datadog-sidecar`	55	55	No change (0%)
`libdd-common`	10	10	No change (0%)
`libdd-common-ffi`	12	12	No change (0%)
`libdd-data-pipeline`	5	5	No change (0%)
`libdd-ddsketch`	2	2	No change (0%)
`libdd-dogstatsd-client`	1	1	No change (0%)
`libdd-profiling`	13	13	No change (0%)
`libdd-telemetry`	19	19	No change (0%)
`libdd-tinybytes`	4	4	No change (0%)
`libdd-trace-normalization`	2	2	No change (0%)
`libdd-trace-obfuscation`	8	8	No change (0%)
`libdd-trace-utils`	15	15	No change (0%)
Total	196	196	No change (0%)

About This Report

This report tracks Clippy allow annotations for specific rules, showing how they've changed in this PR. Decreasing the number of these annotations generally improves code quality.

datadog-prod-us1-3 · 2026-03-27T20:12:41Z

✅ Tests

🎉 All green!

❄️ No new flaky tests detected
🧪 All tests passed

🎯 Code Coverage (details)
• Patch Coverage: 100.00%
• Overall Coverage: 71.50% (-0.06%)

_{This comment will be updated automatically if new data arrives.

🔗 Commit SHA: 449f27c | Docs | Datadog PR Page | Was this helpful? React with 👍/👎 or give us feedback!}

pr-commenter · 2026-03-27T20:21:25Z

Benchmarks

Comparison

Benchmark execution time: 2026-03-30 19:48:24

Comparing candidate commit eab0da1 in PR branch jordan.gonzalez/crypto/ring-for-non-fips with baseline commit 29678bd in branch main.

Found 4 performance improvements and 7 performance regressions! Performance is the same for 51 metrics, 0 unstable metrics.

Explanation

This is an A/B test comparing a candidate commit's performance against that of a baseline commit. Performance changes are noted in the tables below as:

🟩 = significantly better candidate vs. baseline
🟥 = significantly worse candidate vs. baseline

We compute a confidence interval (CI) over the relative difference of means between metrics from the candidate and baseline commits, considering the baseline as the reference.

If the CI is entirely outside the configured SIGNIFICANT_IMPACT_THRESHOLD (or the deprecated UNCONFIDENCE_THRESHOLD), the change is considered significant.

Feel free to reach out to #apm-benchmarking-platform on Slack if you have any questions.

More details about the CI and significant changes

You can imagine this CI as a range of values that is likely to contain the true difference of means between the candidate and baseline commits.

CIs of the difference of means are often centered around 0%, because often changes are not that big:

---------------------------------(------|---^--------)-------------------------------->
                              -0.6%    0%  0.3%     +1.2%
                                 |          |        |
         lower bound of the CI --'          |        |
sample mean (center of the CI) -------------'        |
         upper bound of the CI ----------------------'

As described above, a change is considered significant if the CI is entirely outside the configured SIGNIFICANT_IMPACT_THRESHOLD (or the deprecated UNCONFIDENCE_THRESHOLD).

For instance, for an execution time metric, this confidence interval indicates a significantly worse performance:

----------------------------------------|---------|---(---------^---------)---------->
                                       0%        1%  1.3%      2.2%      3.1%
                                                  |   |         |         |
       significant impact threshold --------------'   |         |         |
                      lower bound of CI --------------'         |         |
       sample mean (center of the CI) --------------------------'         |
                      upper bound of CI ----------------------------------'

scenario:credit_card/is_card_number/x371413321323331

🟥 execution_time [+343.190ns; +352.695ns] or [+6.015%; +6.182%]
🟥 throughput [-10197038.039op/s; -9941755.791op/s] or [-5.818%; -5.672%]

scenario:credit_card/is_card_number_no_luhn/ 3782-8224-6310-005

🟥 execution_time [+4.785µs; +4.979µs] or [+7.892%; +8.211%]
🟥 throughput [-1257249.627op/s; -1204640.560op/s] or [-7.623%; -7.304%]

scenario:credit_card/is_card_number_no_luhn/x371413321323331

🟥 execution_time [+338.151ns; +350.085ns] or [+5.925%; +6.134%]
🟥 throughput [-10112789.959op/s; -9798380.238op/s] or [-5.772%; -5.592%]

scenario:normalization/normalize_name/normalize_name/Too-Long-.Too-Long-.Too-Long-.Too-Long-.Too-Long-.Too-Lo...

🟩 execution_time [-20.044µs; -19.908µs] or [-9.722%; -9.655%]
🟩 throughput [+518598.403op/s; +522043.595op/s] or [+10.692%; +10.763%]

scenario:normalization/normalize_name/normalize_name/good

🟩 execution_time [-848.888ns; -819.979ns] or [-7.871%; -7.603%]
🟩 throughput [+7642603.426op/s; +7898333.511op/s] or [+8.242%; +8.518%]

scenario:receiver_entry_point/report/2598

🟥 execution_time [+160.603µs; +168.513µs] or [+4.620%; +4.848%]

Candidate

Candidate benchmark details

Group 1

cpu_model	git_commit_sha	git_commit_date	git_branch
Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	`eab0da1`	1774899049	jordan.gonzalez/crypto/ring-for-non-fips

scenario	metric	min	mean ± sd	median ± mad	p75	p95	p99	max	peak_to_median_ratio	skewness	kurtosis	cv	sem	runs	sample_size
tags/replace_trace_tags	execution_time	2.298µs	2.372µs ± 0.020µs	2.373µs ± 0.004µs	2.378µs	2.399µs	2.410µs	2.414µs	1.77%	-1.739	4.419	0.85%	0.001µs	1	200

scenario	metric	95% CI mean	Shapiro-Wilk pvalue	Ljung-Box pvalue (lag=1)	Dip test pvalue
tags/replace_trace_tags	execution_time	[2.369µs; 2.374µs] or [-0.118%; +0.118%]	None	None	None

Group 2

cpu_model	git_commit_sha	git_commit_date	git_branch
Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	`eab0da1`	1774899049	jordan.gonzalez/crypto/ring-for-non-fips

scenario	metric	min	mean ± sd	median ± mad	p75	p95	p99	max	peak_to_median_ratio	skewness	kurtosis	cv	sem	runs	sample_size
profile_add_sample_timestamped_x1000	execution_time	4.157ms	4.165ms ± 0.008ms	4.164ms ± 0.002ms	4.166ms	4.170ms	4.173ms	4.271ms	2.56%	10.981	138.053	0.20%	0.001ms	1	200

scenario	metric	95% CI mean	Shapiro-Wilk pvalue	Ljung-Box pvalue (lag=1)	Dip test pvalue
profile_add_sample_timestamped_x1000	execution_time	[4.164ms; 4.166ms] or [-0.027%; +0.027%]	None	None	None

Group 3

cpu_model	git_commit_sha	git_commit_date	git_branch
Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	`eab0da1`	1774899049	jordan.gonzalez/crypto/ring-for-non-fips

scenario	metric	min	mean ± sd	median ± mad	p75	p95	p99	max	peak_to_median_ratio	skewness	kurtosis	cv	sem	runs	sample_size
ip_address/quantize_peer_ip_address_benchmark	execution_time	4.982µs	5.052µs ± 0.039µs	5.039µs ± 0.013µs	5.056µs	5.128µs	5.132µs	5.133µs	1.86%	0.891	-0.434	0.78%	0.003µs	1	200

scenario	metric	95% CI mean	Shapiro-Wilk pvalue	Ljung-Box pvalue (lag=1)	Dip test pvalue
ip_address/quantize_peer_ip_address_benchmark	execution_time	[5.046µs; 5.057µs] or [-0.108%; +0.108%]	None	None	None

Group 4

cpu_model	git_commit_sha	git_commit_date	git_branch
Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	`eab0da1`	1774899049	jordan.gonzalez/crypto/ring-for-non-fips

scenario	metric	min	mean ± sd	median ± mad	p75	p95	p99	max	peak_to_median_ratio	skewness	kurtosis	cv	sem	runs	sample_size
single_flag_killswitch/rules-based	execution_time	190.808ns	193.326ns ± 2.042ns	193.045ns ± 1.525ns	194.501ns	197.235ns	199.406ns	200.480ns	3.85%	0.996	0.710	1.05%	0.144ns	1	200

scenario	metric	95% CI mean	Shapiro-Wilk pvalue	Ljung-Box pvalue (lag=1)	Dip test pvalue
single_flag_killswitch/rules-based	execution_time	[193.043ns; 193.609ns] or [-0.146%; +0.146%]	None	None	None

Group 5

cpu_model	git_commit_sha	git_commit_date	git_branch
Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	`eab0da1`	1774899049	jordan.gonzalez/crypto/ring-for-non-fips

scenario	metric	min	mean ± sd	median ± mad	p75	p95	p99	max	peak_to_median_ratio	skewness	kurtosis	cv	sem	runs	sample_size
benching serializing traces from their internal representation to msgpack	execution_time	14.158ms	14.240ms ± 0.031ms	14.240ms ± 0.016ms	14.254ms	14.292ms	14.342ms	14.417ms	1.24%	1.651	7.115	0.22%	0.002ms	1	200

scenario	metric	95% CI mean	Shapiro-Wilk pvalue	Ljung-Box pvalue (lag=1)	Dip test pvalue
benching serializing traces from their internal representation to msgpack	execution_time	[14.236ms; 14.244ms] or [-0.030%; +0.030%]	None	None	None

Group 6

cpu_model	git_commit_sha	git_commit_date	git_branch
Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	`eab0da1`	1774899049	jordan.gonzalez/crypto/ring-for-non-fips

scenario	metric	min	mean ± sd	median ± mad	p75	p95	p99	max	peak_to_median_ratio	skewness	kurtosis	cv	sem	runs	sample_size
profile_add_sample_frames_x1000	execution_time	4.175ms	4.181ms ± 0.003ms	4.180ms ± 0.002ms	4.182ms	4.186ms	4.188ms	4.207ms	0.63%	2.509	15.281	0.08%	0.000ms	1	200

scenario	metric	95% CI mean	Shapiro-Wilk pvalue	Ljung-Box pvalue (lag=1)	Dip test pvalue
profile_add_sample_frames_x1000	execution_time	[4.180ms; 4.181ms] or [-0.011%; +0.011%]	None	None	None

Group 7

cpu_model	git_commit_sha	git_commit_date	git_branch
Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	`eab0da1`	1774899049	jordan.gonzalez/crypto/ring-for-non-fips

scenario	metric	min	mean ± sd	median ± mad	p75	p95	p99	max	peak_to_median_ratio	skewness	kurtosis	cv	sem	runs	sample_size
profile_serialize_compressed_pprof_timestamped_x1000	execution_time	926.736µs	930.315µs ± 2.783µs	929.727µs ± 0.851µs	930.752µs	934.026µs	938.030µs	953.125µs	2.52%	4.425	29.291	0.30%	0.197µs	1	200

scenario	metric	95% CI mean	Shapiro-Wilk pvalue	Ljung-Box pvalue (lag=1)	Dip test pvalue
profile_serialize_compressed_pprof_timestamped_x1000	execution_time	[929.929µs; 930.701µs] or [-0.041%; +0.041%]	None	None	None

Group 8

cpu_model	git_commit_sha	git_commit_date	git_branch
Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	`eab0da1`	1774899049	jordan.gonzalez/crypto/ring-for-non-fips

scenario	metric	min	mean ± sd	median ± mad	p75	p95	p99	max	peak_to_median_ratio	skewness	kurtosis	cv	sem	runs	sample_size
normalization/normalize_service/normalize_service/A0000000000000000000000000000000000000000000000000...	execution_time	534.723µs	535.720µs ± 0.682µs	535.579µs ± 0.360µs	536.059µs	536.756µs	537.559µs	540.855µs	0.99%	2.691	15.577	0.13%	0.048µs	1	200
normalization/normalize_service/normalize_service/A0000000000000000000000000000000000000000000000000...	throughput	1848924.589op/s	1866648.196op/s ± 2368.465op/s	1867137.464op/s ± 1255.419op/s	1868138.437op/s	1869420.752op/s	1869824.666op/s	1870127.767op/s	0.16%	-2.652	15.198	0.13%	167.476op/s	1	200
normalization/normalize_service/normalize_service/Data🐨dog🐶 繋がっ⛰てて	execution_time	380.092µs	381.129µs ± 0.481µs	381.077µs ± 0.271µs	381.372µs	381.971µs	382.563µs	383.768µs	0.71%	1.212	4.176	0.13%	0.034µs	1	200
normalization/normalize_service/normalize_service/Data🐨dog🐶 繋がっ⛰てて	throughput	2605743.035op/s	2623788.233op/s ± 3304.008op/s	2624139.482op/s ± 1865.963op/s	2625860.790op/s	2628189.741op/s	2629800.098op/s	2630944.089op/s	0.26%	-1.194	4.081	0.13%	233.629op/s	1	200
normalization/normalize_service/normalize_service/Test Conversion 0f Weird !@#$%^&**() Characters	execution_time	194.548µs	195.130µs ± 0.271µs	195.110µs ± 0.172µs	195.285µs	195.615µs	195.884µs	196.432µs	0.68%	0.953	2.105	0.14%	0.019µs	1	200
normalization/normalize_service/normalize_service/Test Conversion 0f Weird !@#$%^&**() Characters	throughput	5090814.095op/s	5124796.033op/s ± 7108.055op/s	5125311.160op/s ± 4524.820op/s	5129777.637op/s	5134903.025op/s	5136372.307op/s	5140123.834op/s	0.29%	-0.939	2.049	0.14%	502.615op/s	1	200
normalization/normalize_service/normalize_service/[empty string]	execution_time	37.822µs	38.321µs ± 0.152µs	38.336µs ± 0.080µs	38.417µs	38.538µs	38.584µs	38.741µs	1.06%	-0.600	0.794	0.39%	0.011µs	1	200
normalization/normalize_service/normalize_service/[empty string]	throughput	25812506.251op/s	26095618.356op/s ± 103514.461op/s	26085131.779op/s ± 54137.844op/s	26137889.894op/s	26300143.716op/s	26390898.374op/s	26439892.132op/s	1.36%	0.629	0.831	0.40%	7319.578op/s	1	200
normalization/normalize_service/normalize_service/test_ASCII	execution_time	45.781µs	45.976µs ± 0.090µs	45.965µs ± 0.042µs	46.008µs	46.151µs	46.257µs	46.503µs	1.17%	1.823	6.697	0.20%	0.006µs	1	200
normalization/normalize_service/normalize_service/test_ASCII	throughput	21504179.098op/s	21750733.410op/s ± 42476.341op/s	21755620.565op/s ± 20084.113op/s	21774727.391op/s	21801064.945op/s	21828911.326op/s	21843249.926op/s	0.40%	-1.792	6.513	0.19%	3003.531op/s	1	200

scenario	metric	95% CI mean	Shapiro-Wilk pvalue	Ljung-Box pvalue (lag=1)	Dip test pvalue
normalization/normalize_service/normalize_service/A0000000000000000000000000000000000000000000000000...	execution_time	[535.626µs; 535.815µs] or [-0.018%; +0.018%]	None	None	None
normalization/normalize_service/normalize_service/A0000000000000000000000000000000000000000000000000...	throughput	[1866319.950op/s; 1866976.443op/s] or [-0.018%; +0.018%]	None	None	None
normalization/normalize_service/normalize_service/Data🐨dog🐶 繋がっ⛰てて	execution_time	[381.062µs; 381.196µs] or [-0.017%; +0.017%]	None	None	None
normalization/normalize_service/normalize_service/Data🐨dog🐶 繋がっ⛰てて	throughput	[2623330.329op/s; 2624246.137op/s] or [-0.017%; +0.017%]	None	None	None
normalization/normalize_service/normalize_service/Test Conversion 0f Weird !@#$%^&**() Characters	execution_time	[195.093µs; 195.168µs] or [-0.019%; +0.019%]	None	None	None
normalization/normalize_service/normalize_service/Test Conversion 0f Weird !@#$%^&**() Characters	throughput	[5123810.925op/s; 5125781.142op/s] or [-0.019%; +0.019%]	None	None	None
normalization/normalize_service/normalize_service/[empty string]	execution_time	[38.300µs; 38.342µs] or [-0.055%; +0.055%]	None	None	None
normalization/normalize_service/normalize_service/[empty string]	throughput	[26081272.247op/s; 26109964.465op/s] or [-0.055%; +0.055%]	None	None	None
normalization/normalize_service/normalize_service/test_ASCII	execution_time	[45.963µs; 45.988µs] or [-0.027%; +0.027%]	None	None	None
normalization/normalize_service/normalize_service/test_ASCII	throughput	[21744846.597op/s; 21756620.222op/s] or [-0.027%; +0.027%]	None	None	None

Group 9

cpu_model	git_commit_sha	git_commit_date	git_branch
Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	`eab0da1`	1774899049	jordan.gonzalez/crypto/ring-for-non-fips

scenario	metric	min	mean ± sd	median ± mad	p75	p95	p99	max	peak_to_median_ratio	skewness	kurtosis	cv	sem	runs	sample_size
concentrator/add_spans_to_concentrator	execution_time	14.871ms	14.908ms ± 0.020ms	14.906ms ± 0.014ms	14.921ms	14.946ms	14.950ms	14.991ms	0.57%	0.717	0.462	0.13%	0.001ms	1	200

scenario	metric	95% CI mean	Shapiro-Wilk pvalue	Ljung-Box pvalue (lag=1)	Dip test pvalue
concentrator/add_spans_to_concentrator	execution_time	[14.906ms; 14.911ms] or [-0.019%; +0.019%]	None	None	None

Group 10

cpu_model	git_commit_sha	git_commit_date	git_branch
Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	`eab0da1`	1774899049	jordan.gonzalez/crypto/ring-for-non-fips

scenario	metric	min	mean ± sd	median ± mad	p75	p95	p99	max	peak_to_median_ratio	skewness	kurtosis	cv	sem	runs	sample_size
benching deserializing traces from msgpack to their internal representation	execution_time	49.952ms	50.258ms ± 0.850ms	50.138ms ± 0.101ms	50.251ms	50.390ms	54.127ms	58.015ms	15.71%	8.111	68.621	1.69%	0.060ms	1	200

scenario	metric	95% CI mean	Shapiro-Wilk pvalue	Ljung-Box pvalue (lag=1)	Dip test pvalue
benching deserializing traces from msgpack to their internal representation	execution_time	[50.140ms; 50.375ms] or [-0.234%; +0.234%]	None	None	None

Group 11

cpu_model	git_commit_sha	git_commit_date	git_branch
Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	`eab0da1`	1774899049	jordan.gonzalez/crypto/ring-for-non-fips

scenario	metric	min	mean ± sd	median ± mad	p75	p95	p99	max	peak_to_median_ratio	skewness	kurtosis	cv	sem	runs	sample_size
sdk_test_data/rules-based	execution_time	145.056µs	146.914µs ± 1.636µs	146.641µs ± 0.524µs	147.187µs	148.562µs	152.937µs	162.689µs	10.94%	5.587	45.183	1.11%	0.116µs	1	200

scenario	metric	95% CI mean	Shapiro-Wilk pvalue	Ljung-Box pvalue (lag=1)	Dip test pvalue
sdk_test_data/rules-based	execution_time	[146.687µs; 147.141µs] or [-0.154%; +0.154%]	None	None	None

Group 12

cpu_model	git_commit_sha	git_commit_date	git_branch
Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	`eab0da1`	1774899049	jordan.gonzalez/crypto/ring-for-non-fips

scenario	metric	min	mean ± sd	median ± mad	p75	p95	p99	max	peak_to_median_ratio	skewness	kurtosis	cv	sem	runs	sample_size
benching string interning on wordpress profile	execution_time	162.575µs	163.867µs ± 0.821µs	163.723µs ± 0.211µs	164.002µs	164.633µs	165.765µs	173.276µs	5.83%	8.103	86.378	0.50%	0.058µs	1	200

scenario	metric	95% CI mean	Shapiro-Wilk pvalue	Ljung-Box pvalue (lag=1)	Dip test pvalue
benching string interning on wordpress profile	execution_time	[163.753µs; 163.981µs] or [-0.069%; +0.069%]	None	None	None

Group 13

cpu_model	git_commit_sha	git_commit_date	git_branch
Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	`eab0da1`	1774899049	jordan.gonzalez/crypto/ring-for-non-fips

scenario	metric	min	mean ± sd	median ± mad	p75	p95	p99	max	peak_to_median_ratio	skewness	kurtosis	cv	sem	runs	sample_size
redis/obfuscate_redis_string	execution_time	34.360µs	34.918µs ± 0.977µs	34.467µs ± 0.060µs	34.579µs	36.962µs	37.123µs	38.169µs	10.74%	1.718	1.143	2.79%	0.069µs	1	200

scenario	metric	95% CI mean	Shapiro-Wilk pvalue	Ljung-Box pvalue (lag=1)	Dip test pvalue
redis/obfuscate_redis_string	execution_time	[34.783µs; 35.054µs] or [-0.388%; +0.388%]	None	None	None

Group 14

cpu_model	git_commit_sha	git_commit_date	git_branch
Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	`eab0da1`	1774899049	jordan.gonzalez/crypto/ring-for-non-fips

scenario	metric	min	mean ± sd	median ± mad	p75	p95	p99	max	peak_to_median_ratio	skewness	kurtosis	cv	sem	runs	sample_size
write only interface	execution_time	5.247µs	5.382µs ± 0.032µs	5.382µs ± 0.020µs	5.402µs	5.439µs	5.453µs	5.465µs	1.55%	-0.156	1.110	0.59%	0.002µs	1	200

scenario	metric	95% CI mean	Shapiro-Wilk pvalue	Ljung-Box pvalue (lag=1)	Dip test pvalue
write only interface	execution_time	[5.378µs; 5.387µs] or [-0.082%; +0.082%]	None	None	None

Group 15

cpu_model	git_commit_sha	git_commit_date	git_branch
Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	`eab0da1`	1774899049	jordan.gonzalez/crypto/ring-for-non-fips

scenario	metric	min	mean ± sd	median ± mad	p75	p95	p99	max	peak_to_median_ratio	skewness	kurtosis	cv	sem	runs	sample_size
two way interface	execution_time	14.957µs	15.329µs ± 0.266µs	15.272µs ± 0.101µs	15.408µs	15.760µs	16.367µs	16.932µs	10.87%	2.505	9.665	1.73%	0.019µs	1	200

scenario	metric	95% CI mean	Shapiro-Wilk pvalue	Ljung-Box pvalue (lag=1)	Dip test pvalue
two way interface	execution_time	[15.292µs; 15.366µs] or [-0.240%; +0.240%]	None	None	None

Group 16

cpu_model	git_commit_sha	git_commit_date	git_branch
Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	`eab0da1`	1774899049	jordan.gonzalez/crypto/ring-for-non-fips

scenario	metric	min	mean ± sd	median ± mad	p75	p95	p99	max	peak_to_median_ratio	skewness	kurtosis	cv	sem	runs	sample_size
sql/obfuscate_sql_string	execution_time	294.707µs	296.041µs ± 0.605µs	295.978µs ± 0.347µs	296.354µs	296.702µs	297.394µs	300.834µs	1.64%	3.749	25.482	0.20%	0.043µs	1	200

scenario	metric	95% CI mean	Shapiro-Wilk pvalue	Ljung-Box pvalue (lag=1)	Dip test pvalue
sql/obfuscate_sql_string	execution_time	[295.957µs; 296.124µs] or [-0.028%; +0.028%]	None	None	None

Group 17

cpu_model	git_commit_sha	git_commit_date	git_branch
Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	`eab0da1`	1774899049	jordan.gonzalez/crypto/ring-for-non-fips

scenario	metric	min	mean ± sd	median ± mad	p75	p95	p99	max	peak_to_median_ratio	skewness	kurtosis	cv	sem	runs	sample_size
credit_card/is_card_number/	execution_time	3.901µs	3.917µs ± 0.004µs	3.917µs ± 0.003µs	3.920µs	3.924µs	3.926µs	3.933µs	0.40%	0.205	1.624	0.10%	0.000µs	1	200
credit_card/is_card_number/	throughput	254276960.377op/s	255267674.690op/s ± 251542.164op/s	255304796.946op/s ± 177766.016op/s	255446682.883op/s	255582735.275op/s	255729151.041op/s	256346971.347op/s	0.41%	-0.195	1.633	0.10%	17786.717op/s	1	200
credit_card/is_card_number/ 3782-8224-6310-005	execution_time	73.889µs	74.747µs ± 0.486µs	74.695µs ± 0.322µs	75.008µs	75.532µs	76.059µs	76.629µs	2.59%	0.747	0.593	0.65%	0.034µs	1	200
credit_card/is_card_number/ 3782-8224-6310-005	throughput	13049885.916op/s	13378945.367op/s ± 86502.746op/s	13387783.399op/s ± 57859.867op/s	13446283.790op/s	13508302.965op/s	13529071.962op/s	13533766.394op/s	1.09%	-0.708	0.487	0.64%	6116.668op/s	1	200
credit_card/is_card_number/ 378282246310005	execution_time	67.657µs	67.776µs ± 0.080µs	67.765µs ± 0.044µs	67.809µs	67.919µs	67.962µs	68.361µs	0.88%	2.493	13.513	0.12%	0.006µs	1	200
credit_card/is_card_number/ 378282246310005	throughput	14628168.753op/s	14754400.060op/s ± 17461.958op/s	14756909.088op/s ± 9633.211op/s	14766582.486op/s	14774104.691op/s	14779221.435op/s	14780469.088op/s	0.16%	-2.460	13.210	0.12%	1234.747op/s	1	200
credit_card/is_card_number/37828224631	execution_time	3.896µs	3.916µs ± 0.005µs	3.916µs ± 0.002µs	3.918µs	3.922µs	3.929µs	3.969µs	1.35%	5.196	50.524	0.13%	0.000µs	1	200
credit_card/is_card_number/37828224631	throughput	251977788.858op/s	255339990.206op/s ± 337619.391op/s	255372675.124op/s ± 128349.387op/s	255502565.120op/s	255617786.356op/s	255698022.195op/s	256660485.309op/s	0.50%	-5.095	49.328	0.13%	23873.296op/s	1	200
credit_card/is_card_number/378282246310005	execution_time	64.427µs	64.577µs ± 0.075µs	64.569µs ± 0.049µs	64.620µs	64.727µs	64.762µs	64.828µs	0.40%	0.737	0.196	0.12%	0.005µs	1	200
credit_card/is_card_number/378282246310005	throughput	15425439.595op/s	15485322.488op/s ± 17902.129op/s	15487376.243op/s ± 11794.857op/s	15498299.067op/s	15509739.031op/s	15513837.040op/s	15521461.525op/s	0.22%	-0.731	0.184	0.12%	1265.872op/s	1	200
credit_card/is_card_number/37828224631000521389798	execution_time	44.778µs	45.306µs ± 0.142µs	45.343µs ± 0.094µs	45.419µs	45.503µs	45.573µs	45.611µs	0.59%	-0.639	0.416	0.31%	0.010µs	1	200
credit_card/is_card_number/37828224631000521389798	throughput	21924681.477op/s	22072111.389op/s ± 69414.752op/s	22054220.952op/s ± 45783.471op/s	22111844.238op/s	22189763.477op/s	22250595.236op/s	22332415.683op/s	1.26%	0.658	0.461	0.31%	4908.364op/s	1	200
credit_card/is_card_number/x371413321323331	execution_time	6.031µs	6.053µs ± 0.034µs	6.044µs ± 0.005µs	6.049µs	6.117µs	6.193µs	6.256µs	3.52%	3.603	14.493	0.56%	0.002µs	1	200
credit_card/is_card_number/x371413321323331	throughput	159838979.896op/s	165200946.646op/s ± 906784.302op/s	165458855.470op/s ± 142810.051op/s	165600776.749op/s	165700847.844op/s	165759015.398op/s	165811097.473op/s	0.21%	-3.545	13.972	0.55%	64119.333op/s	1	200
credit_card/is_card_number_no_luhn/	execution_time	3.903µs	3.917µs ± 0.004µs	3.916µs ± 0.003µs	3.919µs	3.924µs	3.929µs	3.934µs	0.46%	0.874	2.159	0.10%	0.000µs	1	200
credit_card/is_card_number_no_luhn/	throughput	254194153.734op/s	255311621.976op/s ± 261458.847op/s	255359829.743op/s ± 163712.527op/s	255510240.536op/s	255636088.363op/s	255719499.426op/s	256192618.300op/s	0.33%	-0.864	2.136	0.10%	18487.932op/s	1	200
credit_card/is_card_number_no_luhn/ 3782-8224-6310-005	execution_time	65.019µs	65.522µs ± 0.068µs	65.514µs ± 0.039µs	65.557µs	65.626µs	65.700µs	65.716µs	0.31%	-1.522	14.093	0.10%	0.005µs	1	200
credit_card/is_card_number_no_luhn/ 3782-8224-6310-005	throughput	15216882.345op/s	15262100.936op/s ± 15837.569op/s	15263997.578op/s ± 9026.443op/s	15271640.569op/s	15280147.194op/s	15284851.941op/s	15380193.869op/s	0.76%	1.565	14.439	0.10%	1119.885op/s	1	200
credit_card/is_card_number_no_luhn/ 378282246310005	execution_time	52.999µs	53.079µs ± 0.047µs	53.070µs ± 0.034µs	53.110µs	53.160µs	53.178µs	53.264µs	0.37%	0.662	0.092	0.09%	0.003µs	1	200
credit_card/is_card_number_no_luhn/ 378282246310005	throughput	18774263.128op/s	18839692.296op/s ± 16556.313op/s	18843066.627op/s ± 12055.099op/s	18853098.675op/s	18860998.003op/s	18864633.887op/s	18868318.207op/s	0.13%	-0.657	0.078	0.09%	1170.708op/s	1	200
credit_card/is_card_number_no_luhn/37828224631	execution_time	3.903µs	3.917µs ± 0.004µs	3.917µs ± 0.002µs	3.920µs	3.924µs	3.927µs	3.929µs	0.32%	0.426	0.600	0.10%	0.000µs	1	200
credit_card/is_card_number_no_luhn/37828224631	throughput	254528118.029op/s	255287970.955op/s ± 252065.221op/s	255329950.216op/s ± 159729.790op/s	255466615.327op/s	255624663.774op/s	255736496.938op/s	256193628.997op/s	0.34%	-0.419	0.602	0.10%	17823.703op/s	1	200
credit_card/is_card_number_no_luhn/378282246310005	execution_time	49.794µs	49.883µs ± 0.052µs	49.872µs ± 0.033µs	49.916µs	49.980µs	50.050µs	50.085µs	0.43%	1.041	1.401	0.10%	0.004µs	1	200
credit_card/is_card_number_no_luhn/378282246310005	throughput	19966202.484op/s	20047026.709op/s ± 20950.164op/s	20051448.426op/s ± 13337.050op/s	20061064.985op/s	20074493.550op/s	20078197.728op/s	20082829.181op/s	0.16%	-1.033	1.376	0.10%	1481.400op/s	1	200
credit_card/is_card_number_no_luhn/37828224631000521389798	execution_time	44.909µs	45.285µs ± 0.134µs	45.289µs ± 0.093µs	45.379µs	45.508µs	45.555µs	45.672µs	0.85%	-0.172	0.075	0.30%	0.009µs	1	200
credit_card/is_card_number_no_luhn/37828224631000521389798	throughput	21895130.020op/s	22082381.266op/s ± 65443.907op/s	22080360.877op/s ± 45194.377op/s	22125419.087op/s	22194874.095op/s	22262046.037op/s	22267202.417op/s	0.85%	0.190	0.085	0.30%	4627.583op/s	1	200
credit_card/is_card_number_no_luhn/x371413321323331	execution_time	6.032µs	6.052µs ± 0.043µs	6.041µs ± 0.004µs	6.046µs	6.117µs	6.324µs	6.393µs	5.84%	5.640	35.660	0.70%	0.003µs	1	200
credit_card/is_card_number_no_luhn/x371413321323331	throughput	156410765.383op/s	165255692.101op/s ± 1123142.385op/s	165541893.114op/s ± 102529.965op/s	165623564.439op/s	165689890.456op/s	165739680.862op/s	165786024.700op/s	0.15%	-5.519	34.215	0.68%	79418.160op/s	1	200

scenario	metric	95% CI mean	Shapiro-Wilk pvalue	Ljung-Box pvalue (lag=1)	Dip test pvalue
credit_card/is_card_number/	execution_time	[3.917µs; 3.918µs] or [-0.014%; +0.014%]	None	None	None
credit_card/is_card_number/	throughput	[255232813.365op/s; 255302536.014op/s] or [-0.014%; +0.014%]	None	None	None
credit_card/is_card_number/ 3782-8224-6310-005	execution_time	[74.680µs; 74.815µs] or [-0.090%; +0.090%]	None	None	None
credit_card/is_card_number/ 3782-8224-6310-005	throughput	[13366956.918op/s; 13390933.815op/s] or [-0.090%; +0.090%]	None	None	None
credit_card/is_card_number/ 378282246310005	execution_time	[67.765µs; 67.788µs] or [-0.016%; +0.016%]	None	None	None
credit_card/is_card_number/ 378282246310005	throughput	[14751980.000op/s; 14756820.119op/s] or [-0.016%; +0.016%]	None	None	None
credit_card/is_card_number/37828224631	execution_time	[3.916µs; 3.917µs] or [-0.018%; +0.018%]	None	None	None
credit_card/is_card_number/37828224631	throughput	[255293199.405op/s; 255386781.006op/s] or [-0.018%; +0.018%]	None	None	None
credit_card/is_card_number/378282246310005	execution_time	[64.567µs; 64.588µs] or [-0.016%; +0.016%]	None	None	None
credit_card/is_card_number/378282246310005	throughput	[15482841.425op/s; 15487803.551op/s] or [-0.016%; +0.016%]	None	None	None
credit_card/is_card_number/37828224631000521389798	execution_time	[45.287µs; 45.326µs] or [-0.043%; +0.043%]	None	None	None
credit_card/is_card_number/37828224631000521389798	throughput	[22062491.172op/s; 22081731.606op/s] or [-0.044%; +0.044%]	None	None	None
credit_card/is_card_number/x371413321323331	execution_time	[6.049µs; 6.058µs] or [-0.078%; +0.078%]	None	None	None
credit_card/is_card_number/x371413321323331	throughput	[165075275.063op/s; 165326618.229op/s] or [-0.076%; +0.076%]	None	None	None
credit_card/is_card_number_no_luhn/	execution_time	[3.916µs; 3.917µs] or [-0.014%; +0.014%]	None	None	None
credit_card/is_card_number_no_luhn/	throughput	[255275386.294op/s; 255347857.657op/s] or [-0.014%; +0.014%]	None	None	None
credit_card/is_card_number_no_luhn/ 3782-8224-6310-005	execution_time	[65.512µs; 65.531µs] or [-0.014%; +0.014%]	None	None	None
credit_card/is_card_number_no_luhn/ 3782-8224-6310-005	throughput	[15259906.001op/s; 15264295.870op/s] or [-0.014%; +0.014%]	None	None	None
credit_card/is_card_number_no_luhn/ 378282246310005	execution_time	[53.073µs; 53.086µs] or [-0.012%; +0.012%]	None	None	None
credit_card/is_card_number_no_luhn/ 378282246310005	throughput	[18837397.750op/s; 18841986.841op/s] or [-0.012%; +0.012%]	None	None	None
credit_card/is_card_number_no_luhn/37828224631	execution_time	[3.917µs; 3.918µs] or [-0.014%; +0.014%]	None	None	None
credit_card/is_card_number_no_luhn/37828224631	throughput	[255253037.140op/s; 255322904.770op/s] or [-0.014%; +0.014%]	None	None	None
credit_card/is_card_number_no_luhn/378282246310005	execution_time	[49.876µs; 49.890µs] or [-0.014%; +0.014%]	None	None	None
credit_card/is_card_number_no_luhn/378282246310005	throughput	[20044123.217op/s; 20049930.200op/s] or [-0.014%; +0.014%]	None	None	None
credit_card/is_card_number_no_luhn/37828224631000521389798	execution_time	[45.267µs; 45.304µs] or [-0.041%; +0.041%]	None	None	None
credit_card/is_card_number_no_luhn/37828224631000521389798	throughput	[22073311.370op/s; 22091451.162op/s] or [-0.041%; +0.041%]	None	None	None
credit_card/is_card_number_no_luhn/x371413321323331	execution_time	[6.046µs; 6.057µs] or [-0.098%; +0.098%]	None	None	None
credit_card/is_card_number_no_luhn/x371413321323331	throughput	[165100035.369op/s; 165411348.834op/s] or [-0.094%; +0.094%]	None	None	None

Group 18

cpu_model	git_commit_sha	git_commit_date	git_branch
Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	`eab0da1`	1774899049	jordan.gonzalez/crypto/ring-for-non-fips

scenario	metric	min	mean ± sd	median ± mad	p75	p95	p99	max	peak_to_median_ratio	skewness	kurtosis	cv	sem	runs	sample_size
normalization/normalize_name/normalize_name/Too-Long-.Too-Long-.Too-Long-.Too-Long-.Too-Long-.Too-Lo...	execution_time	185.643µs	186.203µs ± 0.266µs	186.179µs ± 0.185µs	186.367µs	186.748µs	186.911µs	187.333µs	0.62%	0.767	1.214	0.14%	0.019µs	1	200
normalization/normalize_name/normalize_name/Too-Long-.Too-Long-.Too-Long-.Too-Long-.Too-Long-.Too-Lo...	throughput	5338102.038op/s	5370504.161op/s ± 7652.963op/s	5371172.528op/s ± 5347.154op/s	5376442.184op/s	5381108.030op/s	5385105.749op/s	5386681.591op/s	0.29%	-0.756	1.179	0.14%	541.146op/s	1	200
normalization/normalize_name/normalize_name/bad-name	execution_time	17.952µs	18.065µs ± 0.057µs	18.057µs ± 0.037µs	18.097µs	18.171µs	18.214µs	18.259µs	1.12%	0.665	0.355	0.32%	0.004µs	1	200
normalization/normalize_name/normalize_name/bad-name	throughput	54767663.147op/s	55356813.221op/s ± 175831.363op/s	55380803.525op/s ± 112781.630op/s	55479840.603op/s	55611064.070op/s	55675724.148op/s	55704178.047op/s	0.58%	-0.647	0.320	0.32%	12433.155op/s	1	200
normalization/normalize_name/normalize_name/good	execution_time	9.887µs	9.950µs ± 0.044µs	9.949µs ± 0.024µs	9.971µs	10.008µs	10.127µs	10.145µs	1.97%	1.538	4.724	0.44%	0.003µs	1	200
normalization/normalize_name/normalize_name/good	throughput	98572270.276op/s	100500400.114op/s ± 436577.768op/s	100513614.700op/s ± 239456.001op/s	100883996.076op/s	101050024.591op/s	101101547.407op/s	101140357.531op/s	0.62%	-1.482	4.463	0.43%	30870.710op/s	1	200

scenario	metric	95% CI mean	Shapiro-Wilk pvalue	Ljung-Box pvalue (lag=1)	Dip test pvalue
normalization/normalize_name/normalize_name/Too-Long-.Too-Long-.Too-Long-.Too-Long-.Too-Long-.Too-Lo...	execution_time	[186.166µs; 186.239µs] or [-0.020%; +0.020%]	None	None	None
normalization/normalize_name/normalize_name/Too-Long-.Too-Long-.Too-Long-.Too-Long-.Too-Long-.Too-Lo...	throughput	[5369443.534op/s; 5371564.788op/s] or [-0.020%; +0.020%]	None	None	None
normalization/normalize_name/normalize_name/bad-name	execution_time	[18.057µs; 18.073µs] or [-0.044%; +0.044%]	None	None	None
normalization/normalize_name/normalize_name/bad-name	throughput	[55332444.685op/s; 55381181.757op/s] or [-0.044%; +0.044%]	None	None	None
normalization/normalize_name/normalize_name/good	execution_time	[9.944µs; 9.956µs] or [-0.061%; +0.061%]	None	None	None
normalization/normalize_name/normalize_name/good	throughput	[100439894.634op/s; 100560905.594op/s] or [-0.060%; +0.060%]	None	None	None

Group 19

cpu_model	git_commit_sha	git_commit_date	git_branch
Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	`eab0da1`	1774899049	jordan.gonzalez/crypto/ring-for-non-fips

scenario	metric	min	mean ± sd	median ± mad	p75	p95	p99	max	peak_to_median_ratio	skewness	kurtosis	cv	sem	runs	sample_size
profile_add_sample2_frames_x1000	execution_time	736.295µs	737.892µs ± 0.732µs	737.900µs ± 0.477µs	738.363µs	739.190µs	739.664µs	740.014µs	0.29%	0.219	0.075	0.10%	0.052µs	1	200

scenario	metric	95% CI mean	Shapiro-Wilk pvalue	Ljung-Box pvalue (lag=1)	Dip test pvalue
profile_add_sample2_frames_x1000	execution_time	[737.791µs; 737.994µs] or [-0.014%; +0.014%]	None	None	None

Group 20

cpu_model	git_commit_sha	git_commit_date	git_branch
Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	`eab0da1`	1774899049	jordan.gonzalez/crypto/ring-for-non-fips

scenario	metric	min	mean ± sd	median ± mad	p75	p95	p99	max	peak_to_median_ratio	skewness	kurtosis	cv	sem	runs	sample_size
normalization/normalize_trace/test_trace	execution_time	243.369ns	251.576ns ± 10.691ns	247.160ns ± 1.862ns	251.874ns	283.988ns	286.916ns	288.828ns	16.86%	2.344	4.631	4.24%	0.756ns	1	200

scenario	metric	95% CI mean	Shapiro-Wilk pvalue	Ljung-Box pvalue (lag=1)	Dip test pvalue
normalization/normalize_trace/test_trace	execution_time	[250.094ns; 253.057ns] or [-0.589%; +0.589%]	None	None	None

Group 21

cpu_model	git_commit_sha	git_commit_date	git_branch
Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	`eab0da1`	1774899049	jordan.gonzalez/crypto/ring-for-non-fips

scenario	metric	min	mean ± sd	median ± mad	p75	p95	p99	max	peak_to_median_ratio	skewness	kurtosis	cv	sem	runs	sample_size
receiver_entry_point/report/2598	execution_time	3.614ms	3.640ms ± 0.017ms	3.635ms ± 0.008ms	3.648ms	3.680ms	3.690ms	3.691ms	1.53%	1.224	1.020	0.46%	0.001ms	1	200

scenario	metric	95% CI mean	Shapiro-Wilk pvalue	Ljung-Box pvalue (lag=1)	Dip test pvalue
receiver_entry_point/report/2598	execution_time	[3.638ms; 3.643ms] or [-0.064%; +0.064%]	None	None	None

Baseline

Omitted due to size.

dd-octo-sts · 2026-03-27T21:06:03Z

Artifact Size Benchmark Report

aarch64-alpine-linux-musl

Artifact	Baseline	Commit	Change
/aarch64-alpine-linux-musl/lib/libdatadog_profiling.a	102.12 MB	82.89 MB	--18.82% (-19.22 MB) 💪
/aarch64-alpine-linux-musl/lib/libdatadog_profiling.so	8.76 MB	7.63 MB	--12.83% (-1.12 MB) 💪

aarch64-unknown-linux-gnu

Artifact	Baseline	Commit	Change
/aarch64-unknown-linux-gnu/lib/libdatadog_profiling.a	119.12 MB	98.86 MB	--17.00% (-20.25 MB) 💪
/aarch64-unknown-linux-gnu/lib/libdatadog_profiling.so	11.36 MB	10.08 MB	--11.33% (-1.28 MB) 💪

libdatadog-x64-windows

Artifact	Baseline	Commit	Change
/libdatadog-x64-windows/debug/dynamic/datadog_profiling_ffi.dll	27.41 MB	24.98 MB	--8.87% (-2.43 MB) 💪
/libdatadog-x64-windows/debug/dynamic/datadog_profiling_ffi.lib	80.69 KB	77.85 KB	--3.51% (-2.83 KB) 💪
/libdatadog-x64-windows/debug/dynamic/datadog_profiling_ffi.pdb	187.83 MB	182.36 MB	--2.91% (-5.47 MB) 💪
/libdatadog-x64-windows/debug/static/datadog_profiling_ffi.lib	924.52 MB	904.68 MB	--2.14% (-19.84 MB) 💪
/libdatadog-x64-windows/release/dynamic/datadog_profiling_ffi.dll	9.06 MB	7.85 MB	--13.37% (-1.21 MB) 💪
/libdatadog-x64-windows/release/dynamic/datadog_profiling_ffi.lib	80.69 KB	77.85 KB	--3.51% (-2.83 KB) 💪
/libdatadog-x64-windows/release/dynamic/datadog_profiling_ffi.pdb	27.01 MB	23.51 MB	--12.95% (-3.50 MB) 💪
/libdatadog-x64-windows/release/static/datadog_profiling_ffi.lib	61.33 MB	45.85 MB	--25.24% (-15.48 MB) 💪

libdatadog-x86-windows

Artifact	Baseline	Commit	Change
/libdatadog-x86-windows/debug/dynamic/datadog_profiling_ffi.dll	23.27 MB	21.48 MB	--7.69% (-1.79 MB) 💪
/libdatadog-x86-windows/debug/dynamic/datadog_profiling_ffi.lib	81.94 KB	79.06 KB	--3.51% (-2.88 KB) 💪
/libdatadog-x86-windows/debug/dynamic/datadog_profiling_ffi.pdb	192.41 MB	186.37 MB	--3.13% (-6.03 MB) 💪
/libdatadog-x86-windows/debug/static/datadog_profiling_ffi.lib	909.66 MB	889.47 MB	--2.21% (-20.18 MB) 💪
/libdatadog-x86-windows/release/dynamic/datadog_profiling_ffi.dll	6.90 MB	6.09 MB	--11.69% (-827.00 KB) 💪
/libdatadog-x86-windows/release/dynamic/datadog_profiling_ffi.lib	81.94 KB	79.06 KB	--3.51% (-2.88 KB) 💪
/libdatadog-x86-windows/release/dynamic/datadog_profiling_ffi.pdb	29.12 MB	25.16 MB	--13.62% (-3.96 MB) 💪
/libdatadog-x86-windows/release/static/datadog_profiling_ffi.lib	57.70 MB	43.33 MB	--24.89% (-14.36 MB) 💪

x86_64-alpine-linux-musl

Artifact	Baseline	Commit	Change
/x86_64-alpine-linux-musl/lib/libdatadog_profiling.a	88.97 MB	74.07 MB	--16.74% (-14.89 MB) 💪
/x86_64-alpine-linux-musl/lib/libdatadog_profiling.so	10.34 MB	8.49 MB	--17.92% (-1.85 MB) 💪

x86_64-unknown-linux-gnu

Artifact	Baseline	Commit	Change
/x86_64-unknown-linux-gnu/lib/libdatadog_profiling.a	111.78 MB	91.32 MB	--18.30% (-20.46 MB) 💪
/x86_64-unknown-linux-gnu/lib/libdatadog_profiling.so	12.09 MB	10.13 MB	--16.19% (-1.95 MB) 💪

codecov-commenter · 2026-03-27T21:45:02Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.49%. Comparing base (4be1fcc) to head (449f27c).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1816      +/-   ##
==========================================
- Coverage   71.55%   71.49%   -0.06%     
==========================================
  Files         426      426              
  Lines       67350    67362      +12     
==========================================
- Hits        48192    48161      -31     
- Misses      19158    19201      +43

Components	Coverage Δ
libdd-crashtracker	`65.99% <ø> (ø)`
libdd-crashtracker-ffi	`34.09% <ø> (ø)`
libdd-alloc	`98.77% <ø> (ø)`
libdd-data-pipeline	`86.65% <ø> (+0.45%)`	⬆️
libdd-data-pipeline-ffi	`74.85% <ø> (+2.62%)`	⬆️
libdd-common	`79.16% <ø> (ø)`
libdd-common-ffi	`73.87% <ø> (ø)`
libdd-telemetry	`62.80% <ø> (ø)`
libdd-telemetry-ffi	`16.75% <ø> (ø)`
libdd-dogstatsd-client	`82.64% <ø> (ø)`
datadog-ipc	`71.00% <ø> (-2.04%)`	⬇️
libdd-profiling	`82.13% <100.00%> (ø)`
libdd-profiling-ffi	`64.94% <ø> (ø)`
datadog-sidecar	`30.32% <ø> (-0.87%)`	⬇️
datdog-sidecar-ffi	`7.79% <ø> (-4.05%)`	⬇️
spawn-worker	`54.69% <ø> (ø)`
libdd-tinybytes	`93.16% <ø> (ø)`
libdd-trace-normalization	`81.71% <ø> (ø)`
libdd-trace-obfuscation	`87.24% <ø> (ø)`
libdd-trace-protobuf	`68.25% <ø> (ø)`
libdd-trace-utils	`88.85% <ø> (+0.12%)`	⬆️
datadog-tracer-flare	`86.88% <ø> (ø)`
libdd-log	`74.69% <ø> (ø)`

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

morrisonlevi

CI is failing but overall looks good to me. Ping me on Slack when you have it ready for re-review.

morrisonlevi

Looks fine to me, but for the artifacts I'm seeing reductions around 1-2 MiB, isn't aws-lc-rs much heavier than that?

ekump · 2026-04-02T20:26:29Z

If I'm following correctly, now when FIPS is enabled it's going to include both ring and aws-lc.

This would only impact serverless right now, so if you're ok with it, then it's not a blocker for me.

If you did want to solve this I think you'd have to declare rustls and hyper-rustls without a crypto provider like:

rustls = { version = "0.23.37", default-features = false, optional = true } hyper-rustls = { version = "0.27.7", default-features = false, features = [ "native-tokio", "http1", "tls12", ], optional = true }

and then add another feature like:

tls-core = ["tokio-rustls", "rustls", "hyper-rustls", "rustls-native-certs"] https = ["tls-core", "rustls/ring", "hyper-rustls/ring"] fips = ["tls-core", "hyper-rustls/fips"]

and then change the gates from #[cfg(feature = "https")] to #[cfg(feature = "tls-core")]

Wait, thought this was done by the no-default-provider, let me take a look

Ok, I looked a it, yes, I didn't realize the gating would not reduce size in FIPS, now it is, added your suggestion on another featured called tls-core and updated it where necessary, thanks for catching this!

Sorry about the miss here!

ekump

Left a non-blocking comment. LGTM

fips builds still use `aws-lc-rs`

…o-provider doesnt auto-install one

New crate from #1624 used reqwest?/rustls which re-introduced aws-lc-rs. Switch to rustls-no-provider to match the rest of the workspace.

Version 0.8.3+ pulls in openssl-probe@0.2 which probes multiple certificate directories and parses individual cert files instead of loading a single bundle, adding unnecessary I/O overhead in latency-sensitive environments.

Without this, FIPS builds through libdd-http-client's hyper backend would use libdd-common's default connector which installs ring. Propagating fips ensures libdd-common skips ring init and uses the FIPS-compliant hyper-rustls/fips path instead.

Introduce tls-core feature for TLS plumbing (rustls, hyper-rustls, tokio-rustls, rustls-native-certs) without a crypto provider. The https and fips features now both build on tls-core and add their respective provider: - https = tls-core + ring - fips = tls-core + aws-lc-rs (via hyper-rustls/fips) This ensures FIPS builds only compile aws-lc-rs without ring, avoiding unnecessary binary bloat from shipping both crypto backends. Updated all cfg(feature = "https") gates to cfg(feature = "tls-core") so TLS code compiles under both https and fips features.

…lities-impl (#1872) ## What does this PR do? Follows up on #1816 by gating `libdd-common`'s TLS features behind `https`/`fips` feature flags in the three internal crates that were still pulling in `libdd-common` with default features. Without this, downstream consumers that build with `--no-default-features --features fips` still get `ring` in the dependency tree via transitive default feature activation, breaking FIPS compliance checks. ### Changes: - `libdd-trace-obfuscation/Cargo.toml`: Added `default-features = false` on both `libdd-common` and `libdd-trace-utils`. Added `[features]` section with `default = ["https"]`, `https` (forwarding to `libdd-common/https` and `libdd-trace-utils/https`), and `fips` (forwarding to `libdd-common/fips` and `libdd-trace-utils/fips`). - `libdd-capabilities-impl/Cargo.toml`: Added `default-features = false` on `libdd-common`. Added `[features]` section with `default = ["https"]`, `https` (forwarding to `libdd-common/https`), and `fips` (forwarding to `libdd-common/fips`). - `libdd-trace-utils/Cargo.toml`: Added `default-features = false` on `libdd-capabilities-impl` in `[target.'cfg(not(target_arch = "wasm32"))'.dependencies]`. Updated `https` and `fips` features to also forward to `libdd-capabilities-impl/https` and `libdd-capabilities-impl/fips` respectively. ## Motivation PR #1816 moved `ring` behind `libdd-common`'s `https` feature and introduced a separate `fips` feature that uses `aws-lc-rs` without pulling in `ring`. However, three internal crates (`libdd-trace-obfuscation`, `libdd-capabilities-impl`, and `libdd-trace-utils` via `libdd-capabilities-impl`) still depended on `libdd-common` with default features enabled. Since Cargo features are additive, this caused `libdd-common/default` → `https` → `rustls/ring` to be activated regardless of what the downstream consumer configured. In `datadog-lambda-extension`, the FIPS build (`cargo clippy --no-default-features --features fips`) was failing because the build.rs FIPS compliance check detected `ring` in the dependency tree through these transitive paths: ``` ring v0.17.14 └── rustls └── libdd-common (feature "https", activated by "default") ├── libdd-trace-obfuscation (default features) ├── libdd-capabilities-impl (default features, via libdd-trace-utils) └── libdd-trace-utils (default features, via libdd-trace-obfuscation) ``` This PR applies the same pattern already used by `libdd-trace-utils` for its `libdd-common` dependency (`default-features = false` + explicit `https`/`fips` forwarding) to all internal crates in the dependency chain. ## Additional Notes - `libdd-trace-utils` already had `default-features = false` on `libdd-common` and proper `https`/`fips` feature gates. The only change to `libdd-trace-utils` is adding the same treatment for its `libdd-capabilities-impl` dependency. - Default builds are unchanged — the `default = ["https"]` feature on each crate preserves the existing behavior where `ring` is used as the crypto backend. - Downstream consumers that need FIPS must set `default-features = false` on these crates and activate the `fips` feature explicitly. For example, in `datadog-lambda-extension`: ```toml libdd-common = { ..., default-features = false } libdd-trace-utils = { ..., default-features = false, features = ["mini_agent"] } libdd-trace-obfuscation = { ..., default-features = false } [features] default = ["libdd-common/default", "libdd-trace-utils/default", "libdd-trace-obfuscation/default", ...] fips = ["libdd-common/fips", "libdd-trace-utils/fips", "libdd-trace-obfuscation/fips", ...] ``` ## How to test the change? - Verify default build compiles (ring path unchanged): ``` cargo check --workspace ``` - Verify ring is absent from a FIPS feature build of affected crates: ``` cargo tree -p libdd-trace-obfuscation --no-default-features --features fips -i ring # Expected: "error: package ID specification `ring` did not match any packages" ``` - Verify aws-lc-rs is present in FIPS builds: ``` cargo tree -p libdd-trace-obfuscation --no-default-features --features fips -i aws-lc-rs # Expected: aws-lc-rs present via hyper-rustls/fips ``` - Verify ring is still present in default builds: ``` cargo tree -p libdd-trace-obfuscation -i ring # Expected: ring present via libdd-common/https ``` Co-authored-by: jordan.gonzalez <jordan.gonzalez@datadoghq.com>

# Release proposal for libdd-capabilities-impl and its dependencies This PR contains version bumps based on public API changes and commits since last release. ## libdd-capabilities **Next version:** `1.0.0` **Semver bump:** `major` **Tag:** `libdd-capabilities-v1.0.0` **Warning:** this is an initial release. Please verify that the version and commits included are correct. ## libdd-common **Next version:** `4.0.0` **Semver bump:** `major` **Tag:** `libdd-common-v4.0.0` ### Commits - chore(benchmarks): add allocation size tracking allocator (#1905) - refactor(libdd-capabilities)!: remove transitive dependency (#1895) - feat(runtime)!: add shared runtime (#1602) - fix(crypto): use `ring` for non-fips builds (#1816) - fix(ci): skip thread counting test (#1841) - chore(ci): mock now function for rate limiter in tests to make them deterministic (#1842) - fix(entity_id): Handle Podman cgroupns=host cgroup path (#1828) - feat(capabilities)!: trait architecture http (#1555) - feat!: implement HTTP common component (#1624) - fix(common): don't use reqwest http proxies (#1810) - test(miri): skip reqwest test that takes 10mn (#1784) ## libdd-capabilities-impl **Next version:** `1.0.0` **Semver bump:** `major` **Tag:** `libdd-capabilities-impl-v1.0.0` **Warning:** this is an initial release. Please verify that the version and commits included are correct. --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: hoolioh <107922352+hoolioh@users.noreply.github.com>

# Release proposal for libdd-capabilities-impl and its dependencies This PR contains version bumps based on public API changes and commits since last release. ## libdd-capabilities **Next version:** `1.0.0` **Semver bump:** `major` **Tag:** `libdd-capabilities-v1.0.0` **Warning:** this is an initial release. Please verify that the version and commits included are correct. ## libdd-common **Next version:** `4.0.0` **Semver bump:** `major` **Tag:** `libdd-common-v4.0.0` ### Commits - fix(libdd-common): fix condition so testing with --all-features works (#1919) - chore(benchmarks): add allocation size tracking allocator (#1905) - refactor(libdd-capabilities)!: remove transitive dependency (#1895) - feat(runtime)!: add shared runtime (#1602) - fix(crypto): use `ring` for non-fips builds (#1816) - fix(ci): skip thread counting test (#1841) - chore(ci): mock now function for rate limiter in tests to make them deterministic (#1842) - fix(entity_id): Handle Podman cgroupns=host cgroup path (#1828) - feat(capabilities)!: trait architecture http (#1555) - feat!: implement HTTP common component (#1624) - fix(common): don't use reqwest http proxies (#1810) - test(miri): skip reqwest test that takes 10mn (#1784) ## libdd-capabilities-impl **Next version:** `1.0.0` **Semver bump:** `major` **Tag:** `libdd-capabilities-impl-v1.0.0` **Warning:** this is an initial release. Please verify that the version and commits included are correct. --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: hoolioh <107922352+hoolioh@users.noreply.github.com>

duncanista requested review from a team as code owners March 27, 2026 20:01

github-actions Bot added the common label Mar 27, 2026

duncanista force-pushed the jordan.gonzalez/crypto/ring-for-non-fips branch from 14e7e68 to ea6007e Compare March 27, 2026 20:03

duncanista force-pushed the jordan.gonzalez/crypto/ring-for-non-fips branch from 2747245 to 13b8202 Compare March 27, 2026 21:31

duncanista mentioned this pull request Mar 27, 2026

fix(crypto): switch to ring for non-FIPS builds, bump libdatadog DataDog/datadog-lambda-extension#1137

Open

morrisonlevi reviewed Mar 27, 2026

View reviewed changes

duncanista force-pushed the jordan.gonzalez/crypto/ring-for-non-fips branch from 2121479 to 4915c49 Compare March 30, 2026 16:36

duncanista requested a review from a team as a code owner March 30, 2026 16:36

duncanista force-pushed the jordan.gonzalez/crypto/ring-for-non-fips branch from 4915c49 to f5cb663 Compare March 30, 2026 16:58

ekump reviewed Mar 30, 2026

View reviewed changes

Comment thread libdd-common/Cargo.toml Outdated

duncanista force-pushed the jordan.gonzalez/crypto/ring-for-non-fips branch 2 times, most recently from d4bfcbf to eab0da1 Compare March 30, 2026 19:31

morrisonlevi reviewed Mar 30, 2026

View reviewed changes

duncanista force-pushed the jordan.gonzalez/crypto/ring-for-non-fips branch 5 times, most recently from d902723 to dc550ab Compare April 2, 2026 17:25

ekump reviewed Apr 2, 2026

View reviewed changes

Comment thread libdd-http-client/Cargo.toml

duncanista force-pushed the jordan.gonzalez/crypto/ring-for-non-fips branch from b66d170 to ac78df9 Compare April 2, 2026 20:20

ekump reviewed Apr 2, 2026

View reviewed changes

ekump approved these changes Apr 2, 2026

View reviewed changes

duncanista force-pushed the jordan.gonzalez/crypto/ring-for-non-fips branch from 2963fd8 to ac9c30e Compare April 3, 2026 15:16

use ring for non-fips builds

8caa8d7

fips builds still use `aws-lc-rs`

duncanista added 6 commits April 3, 2026 15:19

tests need to explicitly install rings crypto provider since rustls-n…

2f2ade1

…o-provider doesnt auto-install one

fix: switch libdd-http-client reqwest to rustls-no-provider

fb7d601

New crate from #1624 used reqwest?/rustls which re-introduced aws-lc-rs. Switch to rustls-no-provider to match the rest of the workspace.

fix: pin rustls-native-certs to <0.8.3

d5f5292

Version 0.8.3+ pulls in openssl-probe@0.2 which probes multiple certificate directories and parses individual cert files instead of loading a single bundle, adding unnecessary I/O overhead in latency-sensitive environments.

chore: regenerate LICENSE-3rdparty.csv after removing aws-lc-rs deps

be01b30

duncanista force-pushed the jordan.gonzalez/crypto/ring-for-non-fips branch from ac9c30e to 449f27c Compare April 3, 2026 19:19

gh-worker-dd-devflow-36fce6 Bot added mergequeue-status: queued mergequeue-status: in_progress and removed mergequeue-status: queued labels Apr 3, 2026

gh-worker-dd-mergequeue-cf854d Bot merged commit 5b6dffc into main Apr 3, 2026
90 checks passed

gh-worker-dd-devflow-36fce6 Bot removed the mergequeue-status: in_progress label Apr 3, 2026

gh-worker-dd-mergequeue-cf854d Bot deleted the jordan.gonzalez/crypto/ring-for-non-fips branch April 3, 2026 20:52

gh-worker-dd-devflow-36fce6 Bot added the mergequeue-status: done label Apr 3, 2026

dd-octo-sts Bot mentioned this pull request Apr 10, 2026

chore(release): proposal for libdd-common #1863

Closed

duncanista mentioned this pull request Apr 13, 2026

fix(crypto): gate libdd-common TLS features in obfuscation and capabilities-impl #1872

Merged

This was referenced Apr 23, 2026

chore(release): proposal for libdd-capabilities-impl #1913

Closed

chore(release): proposal for libdd-capabilities-impl #1914

Merged

dd-octo-sts Bot mentioned this pull request Apr 27, 2026

chore(release): proposal for libdd-capabilities-impl #1924

Merged

Conversation

duncanista commented Mar 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What does this PR do?

Changes:

Motivation

Additional Notes

How to test the change?

Uh oh!

github-actions Bot commented Mar 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Clippy Allow Annotation Report

Summary by Rule

Annotation Counts by File

Annotation Stats by Crate

About This Report

Uh oh!

datadog-prod-us1-3 Bot commented Mar 27, 2026 • edited by datadog-official Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

pr-commenter Bot commented Mar 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Benchmarks

Comparison

Explanation

More details about the CI and significant changes

scenario:credit_card/is_card_number/x371413321323331

scenario:credit_card/is_card_number_no_luhn/ 3782-8224-6310-005

scenario:credit_card/is_card_number_no_luhn/x371413321323331

scenario:normalization/normalize_name/normalize_name/Too-Long-.Too-Long-.Too-Long-.Too-Long-.Too-Long-.Too-Lo...

scenario:normalization/normalize_name/normalize_name/good

scenario:receiver_entry_point/report/2598

Candidate

Group 1

Group 2

Group 3

Group 4

Group 5

Group 6

Group 7

Group 8

Group 9

Group 10

Group 11

Group 12

Group 13

Group 14

Group 15

Group 16

Group 17

Group 18

Group 19

Group 20

Group 21

Baseline

Uh oh!

dd-octo-sts Bot commented Mar 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Artifact Size Benchmark Report

Uh oh!

codecov-commenter commented Mar 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

morrisonlevi left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

morrisonlevi left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

ekump Apr 2, 2026

Choose a reason for hiding this comment

Uh oh!

duncanista Apr 2, 2026

Choose a reason for hiding this comment

Uh oh!

duncanista Apr 2, 2026

Choose a reason for hiding this comment

duncanista commented Mar 27, 2026 •

edited

Loading

github-actions Bot commented Mar 27, 2026 •

edited

Loading

datadog-prod-us1-3 Bot commented Mar 27, 2026 •

edited by datadog-official Bot

Loading

pr-commenter Bot commented Mar 27, 2026 •

edited

Loading

dd-octo-sts Bot commented Mar 27, 2026 •

edited

Loading

codecov-commenter commented Mar 27, 2026 •

edited

Loading