)]}'
{
  "commit": "e40d0f8ee1361fbff2927a6806c755acea79a521",
  "tree": "72ec066be2c5219349b9f8c38d0e59606f98aa17",
  "parents": [
    "8417bacf195cc710650e2f74f3c0040697af3b5d"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Sun Nov 27 19:27:09 2022 -0500"
  },
  "committer": {
    "name": "Boringssl LUCI CQ",
    "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com",
    "time": "Tue Nov 29 20:10:22 2022 +0000"
  },
  "message": "Test, re-document, and deprecate EVP_Cipher.\n\nIt would be nice to have a single-shot EVP_CIPHER_CTX API. This function\nis not it.\n\nEVP_Cipher is absurd. It\u0027s actually just exposing the internal\nEVP_CIPHER \u0027cipher\u0027 callback, whose calling convention is extremely\ncomplex. We\u0027ve currently documented it as a \"single-shot\" API, but it\u0027s\nnot single-shot either, as it does update cipher state. It just can\u0027t\nupdate across block boundaries.\n\nIt is particularly bizarre for \"custom ciphers\", which include AEADs,\nwhich completely changes the return value convention from\nbytes_written/-1 to 1/0, but also adds a bunch of magic NULL behaviors:\n\n- out \u003d\u003d NULL, in !\u003d NULL: supply AAD\n- out !\u003d NULL, in !\u003d NULL: bulk encrypt/decrypt\n- out \u003d\u003d NULL, in \u003d\u003d NULL: compute/check the tag\n\nMoreover, existing code, like OpenSSH, relies on this behavior. To\nensure we don\u0027t break it when refactoring EVP_CIPHER internals, capture\nthe current behavior in tests. But also, no one should be using this in\nnew code, so deprecate it.\n\nUpstream hasn\u0027t quite deprecated it, they now say \"Due to the\nconstraints of the API contract of this function it shouldn\u0027t be used in\napplications, please consider using EVP_CipherUpdate() and\nEVP_CipherFinal_ex() instead.\"\n\nBug: 494\nChange-Id: Icfe39a8fbbc860b03c9861f4164b7ee8da340216\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55391\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Bob Beck \u003cbbe@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "8f99b5e310365df51899cdf341ac52d60dd97835",
      "old_mode": 33188,
      "old_path": "crypto/cipher_extra/cipher_test.cc",
      "new_id": "80146fe03c8d78200288a2b372f3aa9a7461e406",
      "new_mode": 33188,
      "new_path": "crypto/cipher_extra/cipher_test.cc"
    },
    {
      "type": "modify",
      "old_id": "ba4b6983f5e898b5300ee7a5d683e0cba94682e8",
      "old_mode": 33188,
      "old_path": "include/openssl/cipher.h",
      "new_id": "b1876e0dcdab3bc69107093919e0c20fb92fc670",
      "new_mode": 33188,
      "new_path": "include/openssl/cipher.h"
    }
  ]
}