2 files changed, 24 insertions, 1 deletions

diff --git a/src/ext/ed25519/ref10/README.tor b/src/ext/ed25519/ref10/README.tor
new file mode 100644
index 0000000000..38ed97ba05
--- /dev/null
+++ b/src/ext/ed25519/ref10/README.tor
@@ -0,0 +1,23 @@
+
+We've made the following changes to the stock ed25519_ref10 from
+supercop-20140622:
+
+   * We added the necessary glue to provide integers of fixed bit
+     sizes, SHA512, and to compile without warnings everywhere we need
+     to build.
+
+   * Secret keys are stored in expanded format.  There are functions
+     to expand them from the 32-byte seed.
+
+   * Signatures are made and processed detached from the messages that
+     they sign.  (In other words, we support "make signature" and
+     "check signature", not "create signed message" and "check and
+     unpack signed message".)
+
+   * There's an implementation of 'convert a curve25519 key to an
+     ed25519 key' so we can do cross-certification with curve25519 keys.
+     (keyconv.c)
+
+   * There's an implementation of multiplicative key blinding so we
+     can use it for next-gen hidden srevice descriptors. (blinding.c)
+
diff --git a/src/ext/ed25519/ref10/blinding.c b/src/ext/ed25519/ref10/blinding.c
index a17dbcd3e3..f0154e098f 100644
--- a/src/ext/ed25519/ref10/blinding.c
+++ b/src/ext/ed25519/ref10/blinding.c
@@ -14,7 +14,7 @@ gettweak(unsigned char *out, const unsigned char *param)
 {
   const char str[] = "Derive temporary signing key";
   crypto_hash_sha512_2(out, (const unsigned char*)str, strlen(str), param, 32);
-  out[0] &= 248;  /* Necessary ? */
+  out[0] &= 248;  /* Is this necessary necessary ? */
   out[31] &= 63;
   out[31] |= 64;
 }