)]}'
{
  "commit": "7ab49bf0af78e4b068822f8cd8b4f0fa6bbb4bc0",
  "tree": "5155cf1bb5b3c9273f97acbbfe9d5e57df36a0b6",
  "parents": [
    "a880d2ac8261adca474f8682c5fe4420717e8d08"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Tue Nov 15 16:32:26 2022 -0500"
  },
  "committer": {
    "name": "Boringssl LUCI CQ",
    "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com",
    "time": "Sun Nov 27 17:10:30 2022 +0000"
  },
  "message": "Fix comments now BN_mod_exp_mont_consttime is not cache-line-sensitive\n\nBN_mod_exp_mont_consttime originally assumed accesses within a cache\nline were indistinguishable and indexed into a cache line with secret\nvalues. As a result, it required all of its tables, etc., to be\ncache-line-aligned. Nowadays, the standard constant time memory model is\nto assume the whole address leaks and not make these assumptions.\n\nIn particular, CacheBleed (CVE-2016-0702) showed this assumption was\nfalse and which cache bank you accessed as leaked. OpenSSL\u0027s fix for the\nassembly (mont5 and rsaz) appears to match the standard constant-time\nmodel. However, its fix to the C code narrowed the assumption to cache\nbanks, so the alignment was still necessary.\n\nAfter https://boringssl-review.googlesource.com/c/boringssl/+/33268, we\ndropped this and use the standard model. All together, it should mean we\nno longer make assumptions about cache lines. Update all the comments\nand variable names accordingly.\n\nChange-Id: I7bcb828eb2751a0167c3a3c8242b1b3971efc708\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55227\nReviewed-by: Bob Beck \u003cbbe@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "a76d7cb178011403796a7fae48fca231d39a8cb6",
      "old_mode": 33188,
      "old_path": "crypto/fipsmodule/bn/exponentiation.c",
      "new_id": "285c4dd706061e6e264146c9e3f2a82a7a5c4111",
      "new_mode": 33188,
      "new_path": "crypto/fipsmodule/bn/exponentiation.c"
    },
    {
      "type": "modify",
      "old_id": "9329ce7aaa42f074a517dd0cd42da02466981285",
      "old_mode": 33188,
      "old_path": "crypto/fipsmodule/bn/internal.h",
      "new_id": "f7adfe92ed939f39ef4202b2e1d5b406e6fd9e4c",
      "new_mode": 33188,
      "new_path": "crypto/fipsmodule/bn/internal.h"
    },
    {
      "type": "modify",
      "old_id": "7b455b55f089eead149912c7e3d3a35f1ddfcbc9",
      "old_mode": 33188,
      "old_path": "crypto/fipsmodule/bn/rsaz_exp.c",
      "new_id": "da25030658cdfe65d63fa2a4b6654596cb738b2b",
      "new_mode": 33188,
      "new_path": "crypto/fipsmodule/bn/rsaz_exp.c"
    },
    {
      "type": "modify",
      "old_id": "67f1cab5c7e02bf33eb8b37759f03390987df291",
      "old_mode": 33188,
      "old_path": "crypto/fipsmodule/bn/rsaz_exp.h",
      "new_id": "22ca3ec461d33dcdcf969544cc3f1a355cf2de2c",
      "new_mode": 33188,
      "new_path": "crypto/fipsmodule/bn/rsaz_exp.h"
    }
  ]
}