I am using ed25519-donna not for EdDSA, but for general point operations using ed25519 curve.
I noticed that ge25519_double_scalarmult_vartime() does not correctly finalize the result.
If I try to add the result to some other point then I get an incorrect result (not a problem for ed25519.c).
It seems that this is because ge25519_double_scalarmult_vartime() lacks ge25519_p1p1_to_full(r, &t); at the end.
ed25519-donna.patch.txt
I am using ed25519-donna not for EdDSA, but for general point operations using ed25519 curve.
I noticed that ge25519_double_scalarmult_vartime() does not correctly finalize the result. If I try to add the result to some other point then I get an incorrect result (not a problem for ed25519.c). It seems that this is because ge25519_double_scalarmult_vartime() lacks ge25519_p1p1_to_full(r, &t); at the end.