)]}'
{
  "commit": "96b05ed487ec47090b98a109b9caf11615291276",
  "tree": "2a568be2acc894a58718e8928064022744121990",
  "parents": [
    "eb7d5b69e97f8e7982f59a3ce64da15af4940dfd"
  ],
  "author": {
    "name": "Brian Smith",
    "email": "brian@briansmith.org",
    "time": "Thu Nov 29 12:40:37 2018 -1000"
  },
  "committer": {
    "name": "CQ bot account: commit-bot@chromium.org",
    "email": "commit-bot@chromium.org",
    "time": "Mon Dec 03 22:32:24 2018 +0000"
  },
  "message": "Assume hyper-threading-like vulnerabilities are always present.\n\nIt\u0027s not clear that CPUID will always report the correct value here,\nespecially for hyper-threading environments. It also isn\u0027t clear that\nthe assumptions made by AMD processors are correct and will always be\ncorrect. It also seems likely that, if a code path is\nsecurity-sensitive w.r.t. SMT, it is probably also security-sensitive\nw.r.t. other processor (mis)features. Finally, it isn\u0027t clear that all\ndynamic analysis (fuzzing, SDE, etc.) is done separately for the cross\nproduct of all CPU feature combinations * the value of this bit.\n\nWith all that in mind, instruct code sensitive to this bit to always\nchoose the more conservative path.\n\nI only found one place that\u0027s sensitive to this bit, though I didn\u0027t\nlook too hard:\n\n```\naes_nohw_cbc_encrypt:\n    [...]\n    leaq\tOPENSSL_ia32cap_P(%rip),%r10\n    mov\t(%r10), %r10d\n    [...]\n    bt\t\\$28,%r10d\n    jc\t.Lcbc_slow_prologue\n```\n\nI didn\u0027t verify that the code in the HTT-enabled paths is any better\nthan the code in the HTT-disabled paths.\n\nChange-Id: Ifd643e6a1301e5ca2174b84c344eb933d49e0067\nReviewed-on: https://boringssl-review.googlesource.com/c/33404\nReviewed-by: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\nCommit-Queue: Adam Langley \u003cagl@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "20cfbe8c08f57b0e9e4b8364bdc0945df66d5e49",
      "old_mode": 33188,
      "old_path": "crypto/cpu-intel.c",
      "new_id": "5c21f4a4a0b9d04d246b64f6008d8402947ae132",
      "new_mode": 33188,
      "new_path": "crypto/cpu-intel.c"
    }
  ]
}