)]}' { "commit": "885a63fb7486a62575d2dc42a73cdefd1c7b0957", "tree": "b4e2165a8edd7ce3c9e3a96f9949a69c778f5831", "parents": [ "aadcce380fe9e5e17ff38f8471e956463fc4df21" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Wed Jan 09 03:48:25 2019 +0000" }, "committer": { "name": "Adam Langley", "email": "agl@google.com", "time": "Thu Mar 14 21:37:46 2019 +0000" }, "message": "Patch out the aes_nohw fallback in bsaes_ctr32_encrypt_blocks.\n\nbsaes_ctr32_encrypt_blocks previously fell back to the table-based\naes_nohw_encrypt for inputs under 128 bytes. Instead, just run the usual\nbsaes code, though it means we compute more blocks than needed.\n\nThis fixes some (but not all) the timing leaks and is needed for later\nbsaes work.\n\nPerformance-wise, x86_64 actually sees a performance improvement for all but\ntiny inputs. ARM does see a loss at small inputs however.\n\nCortex-A53 (Raspberry Pi 3 Model B+)\nBefore:\nDid 299000 AES-128-GCM (16 bytes) seal operations in 1001123us (298664.6 ops/sec): 4.8 MB/s\nDid 236000 AES-128-GCM (32 bytes) seal operations in 1001611us (235620.4 ops/sec): 7.5 MB/s\nDid 167000 AES-128-GCM (64 bytes) seal operations in 1005706us (166052.5 ops/sec): 10.6 MB/s\nDid 129000 AES-128-GCM (96 bytes) seal operations in 1006129us (128214.2 ops/sec): 12.3 MB/s\nDid 116000 AES-128-GCM (112 bytes) seal operations in 1006302us (115273.5 ops/sec): 12.9 MB/s\nDid 107000 AES-128-GCM (128 bytes) seal operations in 1000986us (106894.6 ops/sec): 13.7 MB/s\nAfter:\nDid 132000 AES-128-GCM (16 bytes) seal operations in 1005165us (131321.7 ops/sec): 2.1 MB/s\nDid 128000 AES-128-GCM (32 bytes) seal operations in 1005966us (127240.9 ops/sec): 4.1 MB/s\nDid 120000 AES-128-GCM (64 bytes) seal operations in 1003080us (119631.5 ops/sec): 7.7 MB/s\nDid 113000 AES-128-GCM (96 bytes) seal operations in 1000557us (112937.1 ops/sec): 10.8 MB/s\nDid 110000 AES-128-GCM (112 bytes) seal operations in 1000407us (109955.2 ops/sec): 12.3 MB/s\nDid 108000 AES-128-GCM (128 bytes) seal operations in 1008830us (107054.7 ops/sec): 13.7 MB/s\n(Inputs 128 bytes and up are unaffected by this CL.)\n\nNexus 7\nBefore:\nDid 544000 AES-128-GCM (16 bytes) seal operations in 1001282us (543303.5 ops/sec): 8.7 MB/s\nDid 475750 AES-128-GCM (32 bytes) seal operations in 1000244us (475633.9 ops/sec): 15.2 MB/s\nDid 370500 AES-128-GCM (64 bytes) seal operations in 1000519us (370307.8 ops/sec): 23.7 MB/s\nDid 300750 AES-128-GCM (96 bytes) seal operations in 1000122us (300713.3 ops/sec): 28.9 MB/s\nDid 275750 AES-128-GCM (112 bytes) seal operations in 1000702us (275556.6 ops/sec): 30.9 MB/s\nDid 251000 AES-128-GCM (128 bytes) seal operations in 1000214us (250946.3 ops/sec): 32.1 MB/s\nAfter:\nDid 296000 AES-128-GCM (16 bytes) seal operations in 1001129us (295666.2 ops/sec): 4.7 MB/s\nDid 288750 AES-128-GCM (32 bytes) seal operations in 1000488us (288609.2 ops/sec): 9.2 MB/s\nDid 267250 AES-128-GCM (64 bytes) seal operations in 1000641us (267078.8 ops/sec): 17.1 MB/s\nDid 253250 AES-128-GCM (96 bytes) seal operations in 1000915us (253018.5 ops/sec): 24.3 MB/s\nDid 248000 AES-128-GCM (112 bytes) seal operations in 1000091us (247977.4 ops/sec): 27.8 MB/s\nDid 249000 AES-128-GCM (128 bytes) seal operations in 1000794us (248802.5 ops/sec): 31.8 MB/s\n\nPenryn (Mac mini, mid 2010)\nBefore:\nDid 1331000 AES-128-GCM (16 bytes) seal operations in 1000263us (1330650.0 ops/sec): 21.3 MB/s\nDid 991000 AES-128-GCM (32 bytes) seal operations in 1000274us (990728.5 ops/sec): 31.7 MB/s\nDid 780000 AES-128-GCM (48 bytes) seal operations in 1000278us (779783.2 ops/sec): 37.4 MB/s\nDid 483000 AES-128-GCM (96 bytes) seal operations in 1000137us (482933.8 ops/sec): 46.4 MB/s\nDid 428000 AES-128-GCM (112 bytes) seal operations in 1001132us (427516.1 ops/sec): 47.9 MB/s\nDid 682000 AES-128-GCM (128 bytes) seal operations in 1000564us (681615.6 ops/sec): 87.2 MB/s\nAfter:\nDid 953000 AES-128-GCM (16 bytes) seal operations in 1000385us (952633.2 ops/sec): 15.2 MB/s\nDid 903000 AES-128-GCM (32 bytes) seal operations in 1000998us (902099.7 ops/sec): 28.9 MB/s\nDid 850000 AES-128-GCM (48 bytes) seal operations in 1000938us (849203.4 ops/sec): 40.8 MB/s\nDid 736000 AES-128-GCM (96 bytes) seal operations in 1000886us (735348.5 ops/sec): 70.6 MB/s\nDid 702000 AES-128-GCM (112 bytes) seal operations in 1000657us (701539.1 ops/sec): 78.6 MB/s\nDid 676000 AES-128-GCM (128 bytes) seal operations in 1000405us (675726.3 ops/sec): 86.5 MB/s\n\nBug: 256\nChange-Id: I9403da607dd1feaff7b3c9b76fe78b66018fb753\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/35166\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "11607d117ecfe2127d0dd8a881eafb6bac893799", "old_mode": 33188, "old_path": "crypto/fipsmodule/aes/asm/bsaes-armv7.pl", "new_id": "c6e0b173e689401d261fb2b0c491202f001c2b78", "new_mode": 33188, "new_path": "crypto/fipsmodule/aes/asm/bsaes-armv7.pl" }, { "type": "modify", "old_id": "81331bfa6e6d9c9eb406df4da668f205d39200ef", "old_mode": 33188, "old_path": "crypto/fipsmodule/aes/asm/bsaes-x86_64.pl", "new_id": "899490f7dc70b19526ec3978e8571f18a790bb7b", "new_mode": 33188, "new_path": "crypto/fipsmodule/aes/asm/bsaes-x86_64.pl" } ] }