)]}'
{
  "commit": "48510419670ae301fee4d448c2db7e624ce67e44",
  "tree": "b9a274c81db8d45aeb2c8fed6069a2aabacfb1b5",
  "parents": [
    "885a63fb7486a62575d2dc42a73cdefd1c7b0957"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Sat Jan 12 15:20:22 2019 +0000"
  },
  "committer": {
    "name": "Adam Langley",
    "email": "agl@google.com",
    "time": "Thu Mar 14 21:38:28 2019 +0000"
  },
  "message": "Patch out the aes_nohw fallback in bsaes_cbc_encrypt.\n\nThis plugs all bsaes fallback leaks for CBC outside of the key schedule.\nThe CBC EVP_CIPHERs never call the block function directly when there\u0027s\na stream.cbc function available.\n\nThis affects CBC decryptions of length \u003c 128 or 16 mod 128.\nPerformance-wise, we don\u0027t really care about CBC apart from passing\nglances at its use in TLS. There, the Lucky13 workaround mutes the\neffects.\n\nCortex-A53 (Raspberry Pi 3 Model B+)\nBefore:\nDid 78000 AES-128-CBC-SHA1 (16 bytes) open operations in 3020254us (25825.6 ops/sec): 0.4 MB/s\nDid 75000 AES-128-CBC-SHA1 (32 bytes) open operations in 3005760us (24952.1 ops/sec): 0.8 MB/s\nDid 71000 AES-128-CBC-SHA1 (64 bytes) open operations in 3038137us (23369.6 ops/sec): 1.5 MB/s\nDid 67000 AES-128-CBC-SHA1 (96 bytes) open operations in 3027686us (22129.1 ops/sec): 2.1 MB/s\nDid 64000 AES-128-CBC-SHA1 (112 bytes) open operations in 3005491us (21294.4 ops/sec): 2.4 MB/s\nDid 59000 AES-128-CBC-SHA1 (128 bytes) open operations in 3020083us (19535.9 ops/sec): 2.5 MB/s\nDid 53000 AES-128-CBC-SHA1 (240 bytes) open operations in 3020105us (17549.1 ops/sec): 4.2 MB/s\nAfter:\nDid 71668 AES-128-CBC-SHA1 (16 bytes) open operations in 3020896us (23724.1 ops/sec): 0.4 MB/s\nDid 71000 AES-128-CBC-SHA1 (32 bytes) open operations in 3040826us (23348.9 ops/sec): 0.7 MB/s\nDid 68000 AES-128-CBC-SHA1 (64 bytes) open operations in 3009913us (22592.0 ops/sec): 1.4 MB/s\nDid 66000 AES-128-CBC-SHA1 (96 bytes) open operations in 3007597us (21944.4 ops/sec): 2.1 MB/s\nDid 59000 AES-128-CBC-SHA1 (112 bytes) open operations in 3002878us (19647.8 ops/sec): 2.2 MB/s\nDid 59000 AES-128-CBC-SHA1 (128 bytes) open operations in 3046786us (19364.7 ops/sec): 2.5 MB/s\nDid 50000 AES-128-CBC-SHA1 (240 bytes) open operations in 3043643us (16427.7 ops/sec): 3.9 MB/s\n\nPenryn (Mac mini, mid 2010)\nBefore:\nDid 152000 AES-128-CBC-SHA1 (16 bytes) open operations in 1004422us (151330.8 ops/sec): 2.4 MB/s\nDid 143000 AES-128-CBC-SHA1 (32 bytes) open operations in 1000443us (142936.7 ops/sec): 4.6 MB/s\nDid 136000 AES-128-CBC-SHA1 (48 bytes) open operations in 1006580us (135111.0 ops/sec): 6.5 MB/s\nDid 146000 AES-128-CBC-SHA1 (96 bytes) open operations in 1005731us (145168.0 ops/sec): 13.9 MB/s\nDid 138000 AES-128-CBC-SHA1 (112 bytes) open operations in 1003330us (137542.0 ops/sec): 15.4 MB/s\nDid 133000 AES-128-CBC-SHA1 (128 bytes) open operations in 1005876us (132223.1 ops/sec): 16.9 MB/s\nDid 117000 AES-128-CBC-SHA1 (240 bytes) open operations in 1004922us (116426.9 ops/sec): 27.9 MB/s\nAfter:\nDid 159000 AES-128-CBC-SHA1 (16 bytes) open operations in 1000505us (158919.7 ops/sec): 2.5 MB/s\nDid 157000 AES-128-CBC-SHA1 (32 bytes) open operations in 1006091us (156049.5 ops/sec): 5.0 MB/s\nDid 154000 AES-128-CBC-SHA1 (48 bytes) open operations in 1002720us (153582.3 ops/sec): 7.4 MB/s\nDid 146000 AES-128-CBC-SHA1 (96 bytes) open operations in 1002567us (145626.2 ops/sec): 14.0 MB/s\nDid 135000 AES-128-CBC-SHA1 (112 bytes) open operations in 1001212us (134836.6 ops/sec): 15.1 MB/s\nDid 133000 AES-128-CBC-SHA1 (128 bytes) open operations in 1006441us (132148.8 ops/sec): 16.9 MB/s\nDid 115000 AES-128-CBC-SHA1 (240 bytes) open operations in 1005246us (114399.9 ops/sec): 27.5 MB/s\n\nBug: 256\nChange-Id: I864b4455ada0d4d245380fce6f869dabb0686354\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/35167\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "c6e0b173e689401d261fb2b0c491202f001c2b78",
      "old_mode": 33188,
      "old_path": "crypto/fipsmodule/aes/asm/bsaes-armv7.pl",
      "new_id": "d4db3b4d10693ce61b884e7bd9fae7a18795e8db",
      "new_mode": 33188,
      "new_path": "crypto/fipsmodule/aes/asm/bsaes-armv7.pl"
    },
    {
      "type": "modify",
      "old_id": "899490f7dc70b19526ec3978e8571f18a790bb7b",
      "old_mode": 33188,
      "old_path": "crypto/fipsmodule/aes/asm/bsaes-x86_64.pl",
      "new_id": "3bb28190da4b896df259dfbe9f3d128490f8b9fb",
      "new_mode": 33188,
      "new_path": "crypto/fipsmodule/aes/asm/bsaes-x86_64.pl"
    },
    {
      "type": "modify",
      "old_id": "a05abcbfeaae388c964433038cf25a146e50bb73",
      "old_mode": 33188,
      "old_path": "crypto/fipsmodule/aes/internal.h",
      "new_id": "63070bc6bc3764668523b5b607ffd3ce64df6dbc",
      "new_mode": 33188,
      "new_path": "crypto/fipsmodule/aes/internal.h"
    }
  ]
}