)]}'
{
  "commit": "3094902fcdc2db2cc832fa854b9a6a8be383926c",
  "tree": "a65020d6936e5034cf11c23a37ad8821a1f688da",
  "parents": [
    "41a14304d7e0cfcb8afa82ee8735f0bd6763e415"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Wed Dec 02 15:40:47 2020 -0500"
  },
  "committer": {
    "name": "CQ bot account: commit-bot@chromium.org",
    "email": "commit-bot@chromium.org",
    "time": "Wed Dec 02 21:23:44 2020 +0000"
  },
  "message": "Get closer to Ed25519 boundary conditions.\n\nIf I perturb kOrder in the malleability check, our and Wycheproof\u0027s\ntests don\u0027t easily notice. This adds some tests with s above and below\nthe order. EdDSA hashes the public key with the message, which\nfrustrates constructing actual boundary cases. Instead, these inputs\nwere found by generating many signatures.\n\nThis isn\u0027t ideal, but it is sensitive to the most significant 32 bits.\n\nChange-Id: I7fc03758ab97650d0e94478f355ea7085ae0559a\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44346\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nCommit-Queue: Adam Langley \u003cagl@google.com\u003e\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "4f34675b81edbb876246d23dd3be6edd703024bc",
      "old_mode": 33188,
      "old_path": "crypto/curve25519/ed25519_test.cc",
      "new_id": "d56abe686cf787547f0fda094490913644b14956",
      "new_mode": 33188,
      "new_path": "crypto/curve25519/ed25519_test.cc"
    }
  ]
}