1. 15 Apr, 2016 1 commit
  2. 24 Feb, 2016 1 commit
  3. 08 Dec, 2015 1 commit
  4. 16 Sep, 2015 1 commit
    • Sebastian Hahn's avatar
      Don't enable SSE2 on X86-64. · 98da122a
      Sebastian Hahn authored
      This removes a comment presumably introduced for debugging that was left
      in accidentally. Bug not in any released version of Tor. Fixes bug
  5. 04 Sep, 2015 1 commit
  6. 01 Sep, 2015 1 commit
  7. 17 Aug, 2015 2 commits
  8. 12 Aug, 2015 1 commit
  9. 27 Jul, 2015 1 commit
    • Yawning Angel's avatar
      Fix ed25519-donna with SSP on non-x86. · c0106118
      Yawning Angel authored
      The only reason 16 byte alignment is required is for SSE2 load and
      store operations, so only align datastructures to 16 byte boundaries
      when building with SSE2 support.
      This fixes builds with GCC SSP on platforms that don't have special
      case code to do dynamic stack re-alignment (everything not x86/x86_64).
      Fixes bug #16666.
  10. 12 Jul, 2015 4 commits
  11. 06 Jul, 2015 4 commits
    • Yawning Angel's avatar
      Add Curve25519->Ed25519 support to ed25519-donna (Not yet used). · be113f0b
      Yawning Angel authored
      This needs to be done to allow for the possibility of removing the
      ref10 code at a later date, though it is not performance critical.
      When integrated by kludging it into tor, it passes unit tests, and is
      twice as fast.
    • Yawning Angel's avatar
      Add blinding support to ed25519-donna (Not yet used). · b7aa3074
      Yawning Angel authored
      Integrating it the "wrong" way into common/crypto_ed25519.c passes
      `make check`, and there appear to be some known answer tests for this,
      so I assume I got it right.
      Blinding a public key goes from 139.10 usec to 70.78 usec using
      ed25519-donna (NB: Turboboost/phase of moon), though the code isn't
      critical path, so supporting it is mostly done for completeness.
    • Yawning Angel's avatar
      Integrate ed25519-donna (Not yet used). · 0f3eeca9
      Yawning Angel authored
      Integrate ed25519-donna into the build process, and provide an
      interface that matches the `ref10` code.  Apart from the blinding and
      Curve25519 key conversion, this functions as a drop-in replacement for
      ref10 (verified by modifying crypto_ed25519.c).
      Tests pass, and the benchmarks claim it is quite a bit faster, however
      actually using the code requires additional integration work.
    • Yawning Angel's avatar
      Import Andrew Moon's ed25519-donna. · 7b10741b
      Yawning Angel authored
      This is a clean copy of ed25519-donna as of commit:
  12. 29 Sep, 2014 3 commits
    • teor's avatar
      Stop ed25519 8-bit signed left shift overflowing · b7eab94a
      teor authored and Nick Mathewson's avatar Nick Mathewson committed
      Standardise usage in ge_scalarmult_base.c for 1 new fix.
    • Nick Mathewson's avatar
      Use SHL{8,32,64} in ed25519/ref10 to avoid left-shifting negative values · 6129ff32
      Nick Mathewson authored
      This helps us avoid undefined behavior. It's based on a patch from teor,
      except that I wrote a perl script to regenerate the patch:
        #!/usr/bin/perl -p -w -i
        BEGIN { %vartypes = (); }
        if (/^[{}]/) {
            %vartypes = ();
        if (/^ *crypto_int(\d+) +([a-zA-Z_][_a-zA-Z0-9]*)/) {
            $vartypes{$2} = $1;
        } elsif (/^ *(?:signed +)char +([a-zA-Z_][_a-zA-Z0-9]*)/) {
            $vartypes{$1} = '8';
        # This fixes at most one shift per line. But that's all the code does.
        if (/([a-zA-Z_][a-zA-Z_0-9]*) *<< *(\d+)/) {
            $v = $1;
            if (exists $vartypes{$v}) {
        	s/$v *<< *(\d+)/SHL$vartypes{$v}($v,$1)/;
        # remove extra parenthesis
    • teor's avatar
      Stop signed left shifts overflowing in ed25519: Macros · 6b155dc1
      teor authored and Nick Mathewson's avatar Nick Mathewson committed
      The macros let us use unsigned types for potentially overflowing left
      shifts. Create SHL32() and SHL64() and SHL8() macros for convenience.
  13. 26 Sep, 2014 1 commit
    • Nick Mathewson's avatar
      Comment-out dead code in ed25519/ref10 · 27bd1ef1
      Nick Mathewson authored
      There are some loops of the form
             for (i=1;i<1;++i) ...
      And of course, if the loop index is initialized to 1, it will never
      be less than 1, and the loop body will never be executed.  This
      upsets coverity.
      Patch fixes CID 1221543 and 1221542
  14. 25 Sep, 2014 10 commits
  15. 26 Aug, 2014 4 commits