aboutsummaryrefslogtreecommitdiff
path: root/src/ext/ed25519/donna
AgeCommit message (Collapse)Author
2019-01-09Fix (and make consistent) the use of OpenBSD preprocessor macro testsKris Katterjohn
Prior to this commit, the testsuite was failing on OpenBSD. After this commit the testsuite runs fine on OpenBSD. It was previously decided to test for the OpenBSD macro (rather than __OpenBSD__, etc.) because OpenBSD forks seem to have the former macro defined. sys/param.h must be included for the OpenBSD macro definition; however, many files tested for the OpenBSD macro without having this header included. This commit includes sys/param.h in the files where the OpenBSD macro is used (and sys/param.h is not already included), and it also changes some instances of the __OpenBSD__ macro to OpenBSD. See commit 27df23abb675ffeb198bf0c1cc85c4baed77a988 which changed everything to use OpenBSD instead of __OpenBSD__ or OPENBSD. See also tickets #6982 and #20980 (the latter ticket is where it was decided to use the OpenBSD macro). Signed-off-by: Kris Katterjohn <katterjohn@gmail.com>
2018-09-11Initialize 't' in ge25519_scalarmult_base_niels()Nick Mathewson
OSS-Fuzz's version of memorysanitizer can't tell that this value is not going to be used unsafely.
2018-06-21Rectify include paths (automated)Nick Mathewson
2018-06-21Rectify include paths (automated)Nick Mathewson
2018-06-20Run rectify_include_paths.pyNick Mathewson
2018-04-06crypto: Refactor (P)RNG functionality into new crypto_rand module.Isis Lovecruft
* ADD new /src/common/crypto_rand.[ch] module. * ADD new /src/common/crypto_util.[ch] module (contains the memwipe() function, since all crypto_* modules need this). * FIXES part of #24658: https://bugs.torproject.org/24658
2018-03-26Merge branch 'bug24658-rm-curve25519-header' into bug24658-mergeNick Mathewson
2018-02-07Fix spelling mistakes corresponding to ticket #23650Deepesh Pathak
2018-02-03Include crypto_digest.h in order to solve dependency issues.Fernando Fernandez Mancera
Included crypto_digest.h in some files in order to solve xof+digest module dependency issues. Removed crypto.h where it isn't needed anymore. Follows #24658. Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2017-08-08Merge branch 'ticket20657_nickm_bugfixes_squashed'Nick Mathewson
2017-08-08Don't double hash the ed25519 blind key parameter.George Kadianakis
We used to do: h = H(BLIND_STRING | H(A | s | B | N ) when we should be doing: h = H(BLIND_STRING | A | s | B | N) Change the logic so that hs_common.c does the hashing, and our ed25519 libraries just receive the hashed parameter ready-made. That's easier than doing the hashing on the ed25519 libraries, since that means we would have to pass them a variable-length param (depending on whether 's' is set or not). Also fix the ed25519 test vectors since they were also double hashing.
2017-07-27Merge branch 'bug22895_027'Nick Mathewson
2017-07-27Remove unused variables in donna's SSE2 codecypherpunks
Fixes unused-const-variable warnings with GCC on 32-bit x86 systems. Closes #22895.
2017-06-28ed25519: Check retval of unpack_negative_vartime in donna.George Kadianakis
2017-06-27Merge branch 'asn_bug22006_final_squashed'Nick Mathewson
2017-06-27ed25519: Add func that checks for torsion component in pubkeys.George Kadianakis
See https://lists.torproject.org/pipermail/tor-dev/2017-April/012213.html .
2017-05-31Fix GCC 7 -Wimplicit-fallthrough warnings (32 bit)Andreas Stieger
Add magic comments recognized by default -Wimplicit-fallthrough=3 Follow-up to e5f464, fixes Ticket 22446 for 32 bit.
2017-05-30Fix GCC 7 -Wimplicit-fallthrough warningsAndreas Stieger
Add magic comments recognized by default -Wimplicit-fallthrough=3 or break, as required.
2017-03-31Make our ed25519 implementations no longer use openssl directly.Nick Mathewson
2016-09-11Merge remote-tracking branch 'public/solaris_warnings_028'Nick Mathewson
2016-07-28Fix a large pile of solaris warnings for bug 19767.Nick Mathewson
In nearly all cases, this is a matter of making sure that we include orconfig.h before we include any standard c headers.
2016-06-11Fix build on 32-bit systems.Nick Mathewson
2016-06-11Add -Wmissing-variable-declarations, with attendant fixesNick Mathewson
This is a big-ish patch, but it's very straightforward. Under this clang warning, we're not actually allowed to have a global variable without a previous extern declaration for it. The cases where we violated this rule fall into three roughly equal groups: * Stuff that should have been static. * Stuff that was global but where the extern was local to some other C file. * Stuff that was only global when built for the unit tests, that needed a conditional extern in the headers. The first two were IMO genuine problems; the last is a wart of how we build tests.
2016-06-11Use autoconf, not gcc version, to decide which warnings we haveNick Mathewson
This gives more accurate results under Clang, which can only help us detect more warnings in more places. Fixes bug 19216; bugfix on 0.2.0.1-alpha
2016-06-11Add -Wunused-const-variable=2 on GCC >=6.1Nick Mathewson
This caused a trivial warning in curve25519-donna-64bit.h, which had two unused constants. I commented them out.
2016-04-15Disambiguate: Avoid defining two static functions both called gettweak()Nick Mathewson
2016-02-24Silence clang-scan warnings in ed25519_donnateor (Tim Wilson-Brown)
2015-12-08Always hash crypto_strongest_rand() along with some prngNick Mathewson
(before using it for anything besides feeding the PRNG) Part of #17694
2015-09-16Don't enable SSE2 on X86-64.Sebastian Hahn
This removes a comment presumably introduced for debugging that was left in accidentally. Bug not in any released version of Tor. Fixes bug 17092.
2015-09-04Fix an alignment issue in our extensions to ed25519_donnaNick Mathewson
Apparently this only happens with clang (or with some particular clang versions), and only on i386. Fixes 16970; bug not in any released Tor. Found by Teor; fix from Yawning.
2015-09-01Add a comment about CID 1311630 and why we won't worry about it.Nick Mathewson
2015-08-17Fixup: Force enable SSE2 before undefining ALIGN if SSE2 is disabled.Yawning Angel
This should fix the x86 build, since variables that require 16 byte alignment will now actually be 16 byte aligned.
2015-08-17Enable ed25519-donna's SSE2 code when possible for 32 bit x86.Yawning Angel
This probably requires the user to manually set CFLAGS, but should result in a net gain on 32 bit x86. Enabling SSE2 support would be possible on x86_64, but will result in slower performance. Implements feature #16535.
2015-08-12Use ed25519-donna's batch verification support when applicable.Yawning Angel
The code was always in our Ed25519 wrappers, so enable it when using the ed25519-donna backend, and deal with the mocking related crypto_rand silliness. Implements feature 16533.
2015-07-27Fix ed25519-donna with SSP on non-x86.Yawning Angel
The only reason 16 byte alignment is required is for SSE2 load and store operations, so only align datastructures to 16 byte boundaries when building with SSE2 support. This fixes builds with GCC SSP on platforms that don't have special case code to do dynamic stack re-alignment (everything not x86/x86_64). Fixes bug #16666.
2015-07-12Try to convince coverity not to worry about this loop eitherNick Mathewson
2015-07-12Try to convince coverity not to worryh about this loopNick Mathewson
2015-07-12Tell coverity to tolerate ed25519_verifyNick Mathewson
2015-07-12Disable -Wstack-protector diagnostics in curve25519-donna-helpers.hNick Mathewson
This was causing a false positive on our arm builders.
2015-07-06Add Curve25519->Ed25519 support to ed25519-donna (Not yet used).Yawning Angel
This needs to be done to allow for the possibility of removing the ref10 code at a later date, though it is not performance critical. When integrated by kludging it into tor, it passes unit tests, and is twice as fast.
2015-07-06Add blinding support to ed25519-donna (Not yet used).Yawning Angel
Integrating it the "wrong" way into common/crypto_ed25519.c passes `make check`, and there appear to be some known answer tests for this, so I assume I got it right. Blinding a public key goes from 139.10 usec to 70.78 usec using ed25519-donna (NB: Turboboost/phase of moon), though the code isn't critical path, so supporting it is mostly done for completeness.
2015-07-06Integrate ed25519-donna (Not yet used).Yawning Angel
Integrate ed25519-donna into the build process, and provide an interface that matches the `ref10` code. Apart from the blinding and Curve25519 key conversion, this functions as a drop-in replacement for ref10 (verified by modifying crypto_ed25519.c). Tests pass, and the benchmarks claim it is quite a bit faster, however actually using the code requires additional integration work.
2015-07-06Import Andrew Moon's ed25519-donna.Yawning Angel
This is a clean copy of ed25519-donna as of commit: 8757bd4cd209cb032853ece0ce413f122eef212c https://github.com/floodyberry/ed25519-donna