)]}'
{
  "commit": "9bd9c4967a2eacd888fcee15d94fe48cedf34b63",
  "tree": "51d55b7aa421f7e9fd56ff18bdf5e5adbe11f9fc",
  "parents": [
    "8bfbe4b7e29b72852ab34eaa3d735e286092ec56"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Mon Apr 20 15:38:36 2026 -0400"
  },
  "committer": {
    "name": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com",
    "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com",
    "time": "Tue Apr 21 00:23:05 2026 -0700"
  },
  "message": "Add a value barrier to EVP_sha256_final_with_secret_suffix too\n\nIn https://boringssl-review.googlesource.com/c/boringssl/+/85628, we\nadded a value barrier to is_last_block because Clang had started undoing\nthe constant-time for those few operations. This is part of the Lucky 13\nmitigation the legacy TLS CBC_SHA ciphers.\n\nTurned out the legacy TLS CBC_SHA256 ciphers had the same problem. But\nbecause we didn\u0027t have EVP_AEAD-level tests for them, this went\nunnoticed.\n\nThanks to Alex Gaynor for noticing that the two functions were\ninconsistently barriered and prompting me to check this.\n\nChange-Id: I57f80d0d918a529afdbf207abab51707288a3750\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/93188\nPresubmit-BoringSSL-Verified: boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cboringssl-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nCommit-Queue: Adam Langley \u003cagl@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "08eb73d1f11c9cb1bf535737db927a832f088591",
      "old_mode": 33188,
      "old_path": "crypto/cipher/tls_cbc.cc",
      "new_id": "f0c57647b4b17afa120901d952afe7ea746bb8d3",
      "new_mode": 33188,
      "new_path": "crypto/cipher/tls_cbc.cc"
    }
  ]
}