From 0dd8338b83eeba82c148f3e1a6ab8a7d73fb0ae4 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Fri, 6 Oct 2017 15:35:07 +0200
Subject: [PATCH] Add a compile-time switch to create non-deterministic
 signatures

---
 src/libsodium/crypto_sign/ed25519/ref10/sign.c | 5 +++++
 test/default/sign.c                            | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/src/libsodium/crypto_sign/ed25519/ref10/sign.c b/src/libsodium/crypto_sign/ed25519/ref10/sign.c
index f9d47fdc..6ea94fff 100644
--- a/src/libsodium/crypto_sign/ed25519/ref10/sign.c
+++ b/src/libsodium/crypto_sign/ed25519/ref10/sign.c
@@ -5,6 +5,7 @@
 #include "crypto_sign_ed25519.h"
 #include "ed25519_ref10.h"
 #include "private/curve25519_ref10.h"
+#include "randombytes.h"
 #include "utils.h"
 
 void
@@ -40,6 +41,10 @@ _crypto_sign_ed25519_detached(unsigned char *sig, unsigned long long *siglen_p,
     az[31] |= 64;
 
     _crypto_sign_ed25519_ref10_hinit(&hs, prehashed);
+#ifdef ED25519_NONDETERMINISTIC
+    randombytes_buf(nonce, 32);
+    crypto_hash_sha512_update(&hs, nonce, 32);
+#endif
     crypto_hash_sha512_update(&hs, az + 32, 32);
     crypto_hash_sha512_update(&hs, m, mlen);
     crypto_hash_sha512_final(&hs, nonce);
diff --git a/test/default/sign.c b/test/default/sign.c
index a577df80..1b782633 100644
--- a/test/default/sign.c
+++ b/test/default/sign.c
@@ -1311,5 +1311,9 @@ int main(void)
            == crypto_sign_ed25519_secretkeybytes());
     assert(crypto_sign_statebytes() == crypto_sign_ed25519ph_statebytes());
 
+#ifdef ED25519_NONDETERMINISTIC
+    exit(0);
+#endif
+
     return 0;
 }