Lower the loop_max constant in curve25519_basepoint_spot_check()

The point of this function is to make sure that the ed25519-based
implementation of curve25519_basepoint() actually works when we
start tor, and use the regular fallback implementation if it
doesn't.  But it accounts for 9% of our startup time in the case
when we have directory information, and I think it's safe to make
the test shorter.  After all, it has yet to find any actual bugs in
curved25519_scalarmult_basepoint_donna() on any platforms.

Closes ticket 28838.

2 files changed, 9 insertions, 1 deletions

diff --git a/changes/ticket28838 b/changes/ticket28838
new file mode 100644
index 0000000000..6c290bf82b
--- /dev/null
+++ b/changes/ticket28838
@@ -0,0 +1,8 @@
+  o Minor features (performance):
+    - Remove about 96% of the work from the function that we run at
+      startup to test our curve25519_basepoint implementation.  Since
+      this function has yet to find an actual failure, we'll only
+      run it for 8 iterations instead of 200. Based on our profile
+      information, this change should save around 8% of our startup
+      time on typical desktops, and may have a similar effect on
+      other platforms.  Closes ticket 28838.
diff --git a/src/lib/crypt_ops/crypto_curve25519.c b/src/lib/crypt_ops/crypto_curve25519.c
index e6a39a8c08..f3a9de9fc5 100644
--- a/src/lib/crypt_ops/crypto_curve25519.c
+++ b/src/lib/crypt_ops/crypto_curve25519.c
@@ -289,7 +289,7 @@ curve25519_basepoint_spot_check(void)
     0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4,
     0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a
   };
-  const int loop_max=200;
+  const int loop_max=8;
   int save_use_ed = curve25519_use_ed;
   unsigned char e1[32], e2[32];
   unsigned char x[32],y[32];