blob: fa11a367713827008e383577c2e2246de1ee5b0e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
We've made the following changes to the stock ed25519-donna from
as of 8757bd4cd209cb032853ece0ce413f122eef212c.
* Tor uses copies of `ed25519-donna.h` and `ed25519.c`, named
`ed25519_donna_tor.h` and `ed25591_tor.c`.
The main functional differences between the standard ed25519-donna
and the Tor specific version are:
* The external interface has been reworked to match that provided
by Tor's copy of the SUPERCOP `ref10` code.
* The secret (aka private) key is now stored/used in expanded form.
* The internal math tests from `test-internals.c` have been wrapped
in a function and the entire file is included to allow for
runtime validation.
* There's an implementation of multiplicative key blinding so we
can use it for next-gen hidden service descriptors.
* `ED25519_FN(ed25519_randombytes_unsafe)` is now static.
* `ed25519-randombytes-custom.h` has the appropriate code to call
Tor's `crypto_rand()` routine, instead of directly using OpenSSL's
CSPRNG.
* OSX pollutes the global namespace with an `ALIGN` macro, which is
undef-ed right before the donna `ALIGN` macro is defined.
* If building with Clang's AddressSanitizer, disable inline assembly
since the compilation will fail in `ge25519_scalarmult_base_choose_niels`
on x86_64 targets due to running out of registers.
|
