)]}'
{
  "commit": "f49081b4ef4e99bae452e05170d8433807bd70e9",
  "tree": "f383ebf6600f57d60ed85518de2b827794968e74",
  "parents": [
    "1ec7a4ed6926f0f779553630ed7a78917e6f86b6"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Mon Dec 16 12:22:37 2024 -0500"
  },
  "committer": {
    "name": "Boringssl LUCI CQ",
    "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com",
    "time": "Mon Dec 16 12:11:26 2024 -0800"
  },
  "message": "Run ML-KEM and ML-DSA through constant-time validation\n\nWe did this for Dilithium, but the tests themselves got lost for ML-DSA.\nThis is just a matter of adding some declassifies so that the tests can\nsurvive running through with secret data marked secret.\n\nAs for what to mark secret, I opted to mark:\n\n- Any internal secret output from the PRNG since that aligns better with\n  crbug.com/42290551. Though it probably introduces a bunch of false\n  positives on the TLS side because we haven\u0027t actually run all that\n  through this yet.\n\n- Any *uniformly* secret inputs in test vectors. That is, seeds, but\n  *not* the serialized long-form private keys (which ought to become\n  seeds anyway). This is because a portion of those serializations\n  include public keys and it\u0027s tricky to declassify that before the\n  public key parser gets confused.\n\nTo simplify comparisons, I added a Declassified() helper in test_util.h.\nI considered just making \u003d\u003d on Bytes automatically declassify, but then\nwe won\u0027t notice when we forget to, e.g. declassify ciphertext, so making\nthe test do it explicitly seemed worthwhile?\n\nChange-Id: I2c53e25ca843ef876f2a89c15131a5b2b425603f\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/74387\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "6092545737fc6679472427600598576537f94a7a",
      "old_mode": 33188,
      "old_path": "crypto/fipsmodule/mldsa/mldsa.cc.inc",
      "new_id": "e9166b5af7df3cc03e50d943b54ac05fe7e3acc3",
      "new_mode": 33188,
      "new_path": "crypto/fipsmodule/mldsa/mldsa.cc.inc"
    },
    {
      "type": "modify",
      "old_id": "ec6d4848e3945660c1c0619d73efb44bab5e931e",
      "old_mode": 33188,
      "old_path": "crypto/fipsmodule/mlkem/mlkem.cc.inc",
      "new_id": "0ade4ce0ef638b800e9b9006466d16ec3cbeb904",
      "new_mode": 33188,
      "new_path": "crypto/fipsmodule/mlkem/mlkem.cc.inc"
    },
    {
      "type": "modify",
      "old_id": "cb0e4f3c8bae72ea6c9d86f6d5a1e987dfa8fd57",
      "old_mode": 33188,
      "old_path": "crypto/mldsa/mldsa_test.cc",
      "new_id": "a0ab09021cb86fcaf5b3b3e2a6a798f6eb3d0c0d",
      "new_mode": 33188,
      "new_path": "crypto/mldsa/mldsa_test.cc"
    },
    {
      "type": "modify",
      "old_id": "68bc5fad5885665d1e0c20ecd0e20ba72c95ed74",
      "old_mode": 33188,
      "old_path": "crypto/mlkem/mlkem_test.cc",
      "new_id": "51e9e47b60a6a98ce88a0f871c6f56ecf0a08998",
      "new_mode": 33188,
      "new_path": "crypto/mlkem/mlkem_test.cc"
    },
    {
      "type": "modify",
      "old_id": "16de9ab2d806c8d49d298f3749933fbd4a501181",
      "old_mode": 33188,
      "old_path": "crypto/test/test_util.h",
      "new_id": "7815093a6d7ba6f56e3648ad3ead05c42fed2c66",
      "new_mode": 33188,
      "new_path": "crypto/test/test_util.h"
    }
  ]
}
