)]}'
{
  "commit": "b8d7b7498c2d198ceef431ae2869bcc3acd43a74",
  "tree": "b499cd313e59faab9028cf16bc9bf6c911fa0229",
  "parents": [
    "da8bb847fd9aa9b029bf0383cbe0de9796495c1a"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Sat Mar 02 18:53:58 2019 -0600"
  },
  "committer": {
    "name": "Adam Langley",
    "email": "agl@google.com",
    "time": "Tue Mar 05 17:55:03 2019 +0000"
  },
  "message": "Prefer vpaes over bsaes in AES-GCM-SIV and AES-CCM.\n\nThe AES-GCM-SIV code does not use ctr128_f at all so bsaes is simply\nidentical to aes_nohw. Also, while CCM encrypts with CTR mode, its MAC\nis not parallelizable at all.\n\n(Given the existence of non-parallelizable modes, we ought to make a\nvpaes-armv7.pl to ensure constant-time AES on NEON. For now, pick the\nright implementation for x86_64 at least.)\n\naes_ctr_set_key and friends probably aren\u0027t the right abstraction\n(observe the large vs small inputs hint *almost* matches whether you\ntouch block128_f), but the right abstraction depends on a couple\nquestions:\n\n- If you don\u0027t provide ctr128_f, is there a perf hit to implementing\n  ctr128_f on top of your block128_f to unify calling code?\n\n- It is almost certainly better to use bsaes with gcm.c by calling\n  ctr128_f exclusively and paying some copies (a dedicated calling\n  convention would be even better, but would be a headache) to integrate\n  leading and trailing blocks into the CTR pass. Is this a win, loss, or\n  no-op for hwaes, where block128_f is just fine? hwaes is the one mode\n  we really should not regress.\n\nHopefully those will get answered as we continue to chip away at this.\n\nBug: 256\nChange-Id: I8f0150b223b671e68f7da6faaff94a3bea398d4d\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/35169\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "144a9093cae667500bf633f7f28a3d86bf00f57f",
      "old_mode": 33188,
      "old_path": "crypto/cipher_extra/e_aesccm.c",
      "new_id": "4e6668c0206c7268f0e71a548426108b9910bd8a",
      "new_mode": 33188,
      "new_path": "crypto/cipher_extra/e_aesccm.c"
    },
    {
      "type": "modify",
      "old_id": "0e5063cd5678d7b58104f9ea34e1f0e3fef1917f",
      "old_mode": 33188,
      "old_path": "crypto/cipher_extra/e_aesgcmsiv.c",
      "new_id": "fb08a4289d9a3eb43c0eae5d4fa744deda7337f7",
      "new_mode": 33188,
      "new_path": "crypto/cipher_extra/e_aesgcmsiv.c"
    }
  ]
}