Home | Search | boringssl - Builders
Login

Builder win64_vs2017 Build 8929403074324801552 Microsoft Windows

Overview

Success

Input

Revision 4188c3f49552bfea3b740b3007fdcb096d21cae1

Infra

Steps and Logs

Show:
  1. ( 267 ms ) setup_build

    running recipe: “boringssl”

  2. ( 7 secs ) bot_update

    [21GB/299GB used (7%)]

  3. ( 1 mins 28 secs ) gclient runhooks
  4. ( 139 ms ) clean
  5. ( 141 ms ) mkdir
  6. ( 15 secs ) cmake
  7. ( 33 secs ) ninja
  8. ( 500 ms ) check filenames
  9. ( 40 secs ) unit tests
  10. ( 44 secs ) ssl tests
  11. ( 79 ms ) taskkill mspdbsrv
  12. ( 0 ) recipe result

Timing

Create Monday, 19-Nov-18 19:10:49 UTC
Start Monday, 19-Nov-18 19:15:41 UTC
End Monday, 19-Nov-18 19:20:21 UTC
Pending 4 mins 51 secs
Execution 4 mins 40 secs

Tags

KeyValue
buildset commit/git/4188c3f49552bfea3b740b3007fdcb096d21cae1
scheduler_invocation_id 9094833136332275792
scheduler_job_id boringssl/win64_vs2017
user_agent luci-scheduler

Input Properties

NameValue
$recipe_engine/runtime { "is_experimental": false, "is_luci": true }
branch "refs/heads/master"
buildbucket { "build": { "bucket": "luci.boringssl.ci", "created_by": "user:luci-scheduler@appspot.gserviceaccount.com", "created_ts": 1542654649385085, "id": "8929403074324801552", "project": "boringssl", "tags": [ "builder:win64_vs2017", "buildset:commit/git/4188c3f49552bfea3b740b3007fdcb096d21cae1", "buildset:commit/gitiles/boringssl.googlesource.com/boringssl/+/4188c3f49552bfea3b740b3007fdcb096d21cae1", "gitiles_ref:refs/heads/master", "scheduler_invocation_id:9094833136332275792", "scheduler_job_id:boringssl/win64_vs2017", "user_agent:luci-scheduler" ] }, "hostname": "cr-buildbucket.appspot.com" }
buildername "win64_vs2017"
repository "https://boringssl.googlesource.com/boringssl.git"
revision "4188c3f49552bfea3b740b3007fdcb096d21cae1"

Output Properties

NameValue
$recipe_engine/path { "cache_dir": "C:\\b\\s\\w\\ir\\cache", "temp_dir": "C:\\b\\s\\w\\ir\\tmp\\rt" }
$recipe_engine/runtime { "is_experimental": false, "is_luci": true }
bot_id "win10-727f49a0-us-west1-b-0hth"
branch "refs/heads/master"
buildbucket { "build": { "bucket": "luci.boringssl.ci", "created_by": "user:luci-scheduler@appspot.gserviceaccount.com", "created_ts": 1542654649385085, "id": "8929403074324801552", "project": "boringssl", "tags": [ "builder:win64_vs2017", "buildset:commit/git/4188c3f49552bfea3b740b3007fdcb096d21cae1", "buildset:commit/gitiles/boringssl.googlesource.com/boringssl/+/4188c3f49552bfea3b740b3007fdcb096d21cae1", "gitiles_ref:refs/heads/master", "scheduler_invocation_id:9094833136332275792", "scheduler_job_id:boringssl/win64_vs2017", "user_agent:luci-scheduler" ] }, "hostname": "cr-buildbucket.appspot.com" }
buildername "win64_vs2017"
got_revision "4188c3f49552bfea3b740b3007fdcb096d21cae1"
path_config "generic"
recipe "boringssl"
repository "https://boringssl.googlesource.com/boringssl.git"
revision "4188c3f49552bfea3b740b3007fdcb096d21cae1"

All Changes

  1. Remove cacheline striping in copy_from_prebuf.

    Changed by David Benjamin - davidbenohnoyoudont@google.com
    Changed at Monday, 19-Nov-18 19:10:09 UTC
    Repository https://boringssl.googlesource.com/boringssl
    Branch
    Revision 4188c3f49552bfea3b740b3007fdcb096d21cae1

    Comments

    Remove cacheline striping in copy_from_prebuf.
    
    The standard computation model for constant-time code is that memory
    access patterns must be independent of secret data.
    BN_mod_exp_mont_consttime was previously written to a slightly weaker
    model: only cacheline access patterns must be independent of secret
    data. It assumed accesses within a cacheline were indistinguishable.
    
    The CacheBleed attack (https://eprint.iacr.org/2016/224.pdf) showed this
    assumption was false. Cache lines may be divided into cache banks, and
    the researchers were able to measure cache bank contention pre-Haswell.
    For Haswell, the researchers note "But, as Haswell does show timing
    variations that depend on low address bits [19], it may be vulnerable to
    similar attacks."
    
    OpenSSL's fix to CacheBleed was not to adopt the standard constant-time
    computation model. Rather, it now assumes accesses within a 16-byte
    cache bank are indistinguishable, at least in the C copy_from_prebuf
    path. These weaker models failed before with CacheBleed, so avoiding
    such assumptions seems prudent. (The [19] citation above notes a false
    dependence between memory addresses with a distance of 4k, which may be
    what the paper was referring to.) Moreover, the C path is largely unused
    on x86_64 (which uses mont5 asm), so it is especially questionable for
    the generic C code to make assumptions based on x86_64.
    
    Just walk the entire table in the C implementation. Doing so as-is comes
    with a performance hit, but the striped memory layout is, at that point,
    useless. We regain the performance loss (and then some) by using a more
    natural layout. Benchmarks below.
    
    This CL does not touch the mont5 assembly; I haven't figured out what
    it's doing yet.
    
    Pixel 3, aarch64:
    Before:
    Did 3146 RSA 2048 signing operations in 10009070us (314.3 ops/sec)
    Did 447 RSA 4096 signing operations in 10026666us (44.6 ops/sec)
    After:
    Did 3210 RSA 2048 signing operations in 10010712us (320.7 ops/sec)
    Did 456 RSA 4096 signing operations in 10063543us (45.3 ops/sec)
    
    Pixel 3, armv7:
    Before:
    Did 2688 RSA 2048 signing operations in 10002266us (268.7 ops/sec)
    Did 459 RSA 4096 signing operations in 10004785us (45.9 ops/sec)
    After:
    Did 2709 RSA 2048 signing operations in 10001299us (270.9 ops/sec)
    Did 459 RSA 4096 signing operations in 10063737us (45.6 ops/sec)
    
    x86_64 Broadwell, mont5 assembly disabled:
    (This configuration is not actually shipped anywhere, but seemed a
    useful data point.)
    Before:
    Did 14274 RSA 2048 signing operations in 10009130us (1426.1 ops/sec)
    Did 2448 RSA 4096 signing operations in 10046921us (243.7 ops/sec)
    After:
    Did 14706 RSA 2048 signing operations in 10037908us (1465.0 ops/sec)
    Did 2538 RSA 4096 signing operations in 10059986us (252.3 ops/sec)
    
    Change-Id: If41da911d4281433856a86c6c8eadf99cd33e2d8
    Reviewed-on: https://boringssl-review.googlesource.com/c/33268
    Reviewed-by: Adam Langley <agl@google.com>
    Commit-Queue: David Benjamin <davidben@google.com>
    

    Changed files

    • crypto/fipsmodule/bn/exponentiation.c