Use magic constant ED25519_NO_CONTEXT for non-contextual operations.

src/GENERATED/c/curve25519/eddsa.c

@@ -58,21 +58,18 @@ static void hash_init_with_dom(
     uint8_t prehashed,
     uint8_t for_prehash,
     const uint8_t *context,
-    uint8_t context_len,
-    uint8_t no_context
+    uint8_t context_len
 ) {
     hash_init(hash);
-    
+
 #if NO_CONTEXT
-    if (no_context) {
+    if (context_len == 0 && context == ED25519_NO_CONTEXT) {
         (void)prehashed;
         (void)for_prehash;
         (void)context;
         (void)context_len;
         return;
     }
-#else
-    (void)no_context;
 #endif
     const char *dom_s = "SigEd25519 no Ed25519 collisions";
     const uint8_t dom[2] = {2+word_is_zero(prehashed)+word_is_zero(for_prehash), context_len};
@@ -134,8 +131,7 @@ void decaf_ed25519_sign (
     size_t message_len,
     uint8_t prehashed,
     const uint8_t *context,
-    uint8_t context_len,
-    uint8_t no_context
+    uint8_t context_len
 ) {
     API_NS(scalar_t) secret_scalar;
     hash_ctx_t hash;
@@ -155,7 +151,7 @@ void decaf_ed25519_sign (
         API_NS(scalar_decode_long)(secret_scalar, expanded.secret_scalar_ser, sizeof(expanded.secret_scalar_ser));
     
         /* Hash to create the nonce */
-        hash_init_with_dom(hash,prehashed,0,context,context_len,no_context);
+        hash_init_with_dom(hash,prehashed,0,context,context_len);
         hash_update(hash,expanded.seed,sizeof(expanded.seed));
         hash_update(hash,message,message_len);
         decaf_bzero(&expanded, sizeof(expanded));
@@ -189,7 +185,7 @@ void decaf_ed25519_sign (
     API_NS(scalar_t) challenge_scalar;
     {
         /* Compute the challenge */
-        hash_init_with_dom(hash,prehashed,0,context,context_len,no_context);
+        hash_init_with_dom(hash,prehashed,0,context,context_len);
         hash_update(hash,nonce_point,sizeof(nonce_point));
         hash_update(hash,pubkey,DECAF_EDDSA_25519_PUBLIC_BYTES);
         hash_update(hash,message,message_len);
@@ -229,7 +225,7 @@ void decaf_ed25519_sign_prehash (
         hash_destroy(hash_too);
     }
 
-    decaf_ed25519_sign(signature,privkey,pubkey,hash_output,sizeof(hash_output),1,context,context_len,0);
+    decaf_ed25519_sign(signature,privkey,pubkey,hash_output,sizeof(hash_output),1,context,context_len);
     decaf_bzero(hash_output,sizeof(hash_output));
 }
 
@@ -240,8 +236,7 @@ decaf_error_t decaf_ed25519_verify (
     size_t message_len,
     uint8_t prehashed,
     const uint8_t *context,
-    uint8_t context_len,
-    uint8_t no_context
+    uint8_t context_len
 ) { 
     API_NS(point_t) pk_point, r_point;
     decaf_error_t error = API_NS(point_decode_like_eddsa_and_ignore_cofactor)(pk_point,pubkey);
@@ -254,7 +249,7 @@ decaf_error_t decaf_ed25519_verify (
     {
         /* Compute the challenge */
         hash_ctx_t hash;
-        hash_init_with_dom(hash,prehashed,0,context,context_len,no_context);
+        hash_init_with_dom(hash,prehashed,0,context,context_len);
         hash_update(hash,signature,DECAF_EDDSA_25519_PUBLIC_BYTES);
         hash_update(hash,pubkey,DECAF_EDDSA_25519_PUBLIC_BYTES);
         hash_update(hash,message,message_len);
@@ -305,7 +300,7 @@ decaf_error_t decaf_ed25519_verify_prehash (
         hash_destroy(hash_too);
     }
     
-    ret = decaf_ed25519_verify(signature,pubkey,hash_output,sizeof(hash_output),1,context,context_len,0);
+    ret = decaf_ed25519_verify(signature,pubkey,hash_output,sizeof(hash_output),1,context,context_len);
     
     return ret;
 }

src/GENERATED/c/ed448goldilocks/eddsa.c

@@ -58,21 +58,18 @@ static void hash_init_with_dom(
     uint8_t prehashed,
     uint8_t for_prehash,
     const uint8_t *context,
-    uint8_t context_len,
-    uint8_t no_context
+    uint8_t context_len
 ) {
     hash_init(hash);
-    
+
 #if NO_CONTEXT
-    if (no_context) {
+    if (context_len == 0 && context == ED448_NO_CONTEXT) {
         (void)prehashed;
         (void)for_prehash;
         (void)context;
         (void)context_len;
         return;
     }
-#else
-    (void)no_context;
 #endif
     const char *dom_s = "SigEd448";
     const uint8_t dom[2] = {2+word_is_zero(prehashed)+word_is_zero(for_prehash), context_len};
@@ -134,8 +131,7 @@ void decaf_ed448_sign (
     size_t message_len,
     uint8_t prehashed,
     const uint8_t *context,
-    uint8_t context_len,
-    uint8_t no_context
+    uint8_t context_len
 ) {
     API_NS(scalar_t) secret_scalar;
     hash_ctx_t hash;
@@ -155,7 +151,7 @@ void decaf_ed448_sign (
         API_NS(scalar_decode_long)(secret_scalar, expanded.secret_scalar_ser, sizeof(expanded.secret_scalar_ser));
     
         /* Hash to create the nonce */
-        hash_init_with_dom(hash,prehashed,0,context,context_len,no_context);
+        hash_init_with_dom(hash,prehashed,0,context,context_len);
         hash_update(hash,expanded.seed,sizeof(expanded.seed));
         hash_update(hash,message,message_len);
         decaf_bzero(&expanded, sizeof(expanded));
@@ -189,7 +185,7 @@ void decaf_ed448_sign (
     API_NS(scalar_t) challenge_scalar;
     {
         /* Compute the challenge */
-        hash_init_with_dom(hash,prehashed,0,context,context_len,no_context);
+        hash_init_with_dom(hash,prehashed,0,context,context_len);
         hash_update(hash,nonce_point,sizeof(nonce_point));
         hash_update(hash,pubkey,DECAF_EDDSA_448_PUBLIC_BYTES);
         hash_update(hash,message,message_len);
@@ -229,7 +225,7 @@ void decaf_ed448_sign_prehash (
         hash_destroy(hash_too);
     }
 
-    decaf_ed448_sign(signature,privkey,pubkey,hash_output,sizeof(hash_output),1,context,context_len,0);
+    decaf_ed448_sign(signature,privkey,pubkey,hash_output,sizeof(hash_output),1,context,context_len);
     decaf_bzero(hash_output,sizeof(hash_output));
 }
 
@@ -240,8 +236,7 @@ decaf_error_t decaf_ed448_verify (
     size_t message_len,
     uint8_t prehashed,
     const uint8_t *context,
-    uint8_t context_len,
-    uint8_t no_context
+    uint8_t context_len
 ) { 
     API_NS(point_t) pk_point, r_point;
     decaf_error_t error = API_NS(point_decode_like_eddsa_and_ignore_cofactor)(pk_point,pubkey);
@@ -254,7 +249,7 @@ decaf_error_t decaf_ed448_verify (
     {
         /* Compute the challenge */
         hash_ctx_t hash;
-        hash_init_with_dom(hash,prehashed,0,context,context_len,no_context);
+        hash_init_with_dom(hash,prehashed,0,context,context_len);
         hash_update(hash,signature,DECAF_EDDSA_448_PUBLIC_BYTES);
         hash_update(hash,pubkey,DECAF_EDDSA_448_PUBLIC_BYTES);
         hash_update(hash,message,message_len);
@@ -305,7 +300,7 @@ decaf_error_t decaf_ed448_verify_prehash (
         hash_destroy(hash_too);
     }
     
-    ret = decaf_ed448_verify(signature,pubkey,hash_output,sizeof(hash_output),1,context,context_len,0);
+    ret = decaf_ed448_verify(signature,pubkey,hash_output,sizeof(hash_output),1,context,context_len);
     
     return ret;
 }

src/GENERATED/include/decaf/ed255.h

@@ -34,7 +34,8 @@ extern "C" {
 
 /** Does EdDSA support non-contextual signatures? */
 #define DECAF_EDDSA_25519_NO_CONTEXT 1
-    
+const uint8_t * const ED25519_NO_CONTEXT = (const uint8_t * const)(25519);
+
 /** Prehash context renaming macros. */
 #define decaf_ed25519_prehash_ctx_s   decaf_sha512_ctx_s
 #define decaf_ed25519_prehash_ctx_t   decaf_sha512_ctx_t
@@ -64,7 +65,6 @@ void decaf_ed25519_derive_public_key (
  * @param [in] prehashed Nonzero if the message is actually the hash of something you want to sign.
  * @param [in] context A "context" for this signature of up to 255 bytes.
  * @param [in] context_len Length of the context.
- * @param [in] no_context Nonzero if no context should be used (only Ed25519 supported).
  *
  * @warning For Ed25519, it is unsafe to use the same key for both prehashed and non-prehashed
  * messages, at least without some very careful protocol-level disambiguation.  For Ed448 it is
@@ -79,8 +79,7 @@ void decaf_ed25519_sign (
     size_t message_len,
     uint8_t prehashed,
     const uint8_t *context,
-    uint8_t context_len,
-    uint8_t no_context
+    uint8_t context_len
 ) API_VIS __attribute__((nonnull(1,2,3))) NOINLINE;
 
 /**
@@ -128,7 +127,6 @@ void decaf_ed25519_prehash_init (
  * @param [in] prehashed Nonzero if the message is actually the hash of something you want to verify.
  * @param [in] context A "context" for this signature of up to 255 bytes.
  * @param [in] context_len Length of the context.
- * @param [in] no_context Nonzero if no context should be used (only Ed25519 supported).
  *
  * @warning For Ed25519, it is unsafe to use the same key for both prehashed and non-prehashed
  * messages, at least without some very careful protocol-level disambiguation.  For Ed448 it is
@@ -142,8 +140,7 @@ decaf_error_t decaf_ed25519_verify (
     size_t message_len,
     uint8_t prehashed,
     const uint8_t *context,
-    uint8_t context_len,
-    uint8_t no_context
+    uint8_t context_len
 ) API_VIS __attribute__((nonnull(1,2))) NOINLINE;
 
 /**

src/GENERATED/include/decaf/ed255.hxx

@@ -141,8 +141,7 @@ public:
      */
     inline SecureBuffer sign (
         const Block &message,
-        const Block &context = Block(NULL,0),
-        const bool no_context = false
+        const Block &context = Block(NULL,0)
     ) const /* TODO: this exn spec tickles a Clang bug?
              * throw(LengthException, std::bad_alloc)
              */ {
@@ -159,8 +158,7 @@ public:
             message.size(),
             0,
             context.data(),
-            context.size(),
-            no_context
+            context.size()
         );
         return out;
     }
@@ -247,8 +245,7 @@ public:
     inline decaf_error_t WARN_UNUSED verify_noexcept (
         const FixedBlock<DECAF_EDDSA_25519_SIGNATURE_BYTES> &sig,
         const Block &message,
-        const Block &context = Block(NULL,0),
-        const bool no_context = false
+        const Block &context = Block(NULL,0)
     ) const /*NOEXCEPT*/ {
         if (context.size() > 255) {
             return DECAF_FAILURE;
@@ -261,8 +258,7 @@ public:
             message.size(),
             0,
             context.data(),
-            context.size(),
-            no_context
+            context.size()
         );
     }
     
@@ -276,14 +272,13 @@ public:
     inline void verify (
         const FixedBlock<DECAF_EDDSA_25519_SIGNATURE_BYTES> &sig,
         const Block &message,
-        const Block &context = Block(NULL,0),
-        const bool no_context = false
+        const Block &context = Block(NULL,0)
     ) const /*throw(LengthException,CryptoException)*/ {
         if (context.size() > 255) {
             throw LengthException();
         }
         
-        if (DECAF_SUCCESS != verify_noexcept( sig, message, context, no_context )) {
+        if (DECAF_SUCCESS != verify_noexcept( sig, message, context )) {
             throw CryptoException();
         }
     }

src/GENERATED/include/decaf/ed448.h

@@ -34,7 +34,7 @@ extern "C" {
 
 /** Does EdDSA support non-contextual signatures? */
 #define DECAF_EDDSA_448_NO_CONTEXT 0
-    
+
 /** Prehash context renaming macros. */
 #define decaf_ed448_prehash_ctx_s   decaf_shake256_ctx_s
 #define decaf_ed448_prehash_ctx_t   decaf_shake256_ctx_t
@@ -64,7 +64,6 @@ void decaf_ed448_derive_public_key (
  * @param [in] prehashed Nonzero if the message is actually the hash of something you want to sign.
  * @param [in] context A "context" for this signature of up to 255 bytes.
  * @param [in] context_len Length of the context.
- * @param [in] no_context Nonzero if no context should be used (only Ed25519 supported).
  *
  * @warning For Ed25519, it is unsafe to use the same key for both prehashed and non-prehashed
  * messages, at least without some very careful protocol-level disambiguation.  For Ed448 it is
@@ -79,8 +78,7 @@ void decaf_ed448_sign (
     size_t message_len,
     uint8_t prehashed,
     const uint8_t *context,
-    uint8_t context_len,
-    uint8_t no_context
+    uint8_t context_len
 ) API_VIS __attribute__((nonnull(1,2,3))) NOINLINE;
 
 /**
@@ -128,7 +126,6 @@ void decaf_ed448_prehash_init (
  * @param [in] prehashed Nonzero if the message is actually the hash of something you want to verify.
  * @param [in] context A "context" for this signature of up to 255 bytes.
  * @param [in] context_len Length of the context.
- * @param [in] no_context Nonzero if no context should be used (only Ed25519 supported).
  *
  * @warning For Ed25519, it is unsafe to use the same key for both prehashed and non-prehashed
  * messages, at least without some very careful protocol-level disambiguation.  For Ed448 it is
@@ -142,8 +139,7 @@ decaf_error_t decaf_ed448_verify (
     size_t message_len,
     uint8_t prehashed,
     const uint8_t *context,
-    uint8_t context_len,
-    uint8_t no_context
+    uint8_t context_len
 ) API_VIS __attribute__((nonnull(1,2))) NOINLINE;
 
 /**

src/GENERATED/include/decaf/ed448.hxx

@@ -141,8 +141,7 @@ public:
      */
     inline SecureBuffer sign (
         const Block &message,
-        const Block &context = Block(NULL,0),
-        const bool no_context = false
+        const Block &context = Block(NULL,0)
     ) const /* TODO: this exn spec tickles a Clang bug?
              * throw(LengthException, std::bad_alloc)
              */ {
@@ -159,8 +158,7 @@ public:
             message.size(),
             0,
             context.data(),
-            context.size(),
-            no_context
+            context.size()
         );
         return out;
     }
@@ -247,8 +245,7 @@ public:
     inline decaf_error_t WARN_UNUSED verify_noexcept (
         const FixedBlock<DECAF_EDDSA_448_SIGNATURE_BYTES> &sig,
         const Block &message,
-        const Block &context = Block(NULL,0),
-        const bool no_context = false
+        const Block &context = Block(NULL,0)
     ) const /*NOEXCEPT*/ {
         if (context.size() > 255) {
             return DECAF_FAILURE;
@@ -261,8 +258,7 @@ public:
             message.size(),
             0,
             context.data(),
-            context.size(),
-            no_context
+            context.size()
         );
     }
     
@@ -276,14 +272,13 @@ public:
     inline void verify (
         const FixedBlock<DECAF_EDDSA_448_SIGNATURE_BYTES> &sig,
         const Block &message,
-        const Block &context = Block(NULL,0),
-        const bool no_context = false
+        const Block &context = Block(NULL,0)
     ) const /*throw(LengthException,CryptoException)*/ {
         if (context.size() > 255) {
             throw LengthException();
         }
         
-        if (DECAF_SUCCESS != verify_noexcept( sig, message, context, no_context )) {
+        if (DECAF_SUCCESS != verify_noexcept( sig, message, context )) {
             throw CryptoException();
         }
     }

src/per_curve/eddsa.tmpl.c

@@ -49,21 +49,18 @@ static void hash_init_with_dom(
     uint8_t prehashed,
     uint8_t for_prehash,
     const uint8_t *context,
-    uint8_t context_len,
-    uint8_t no_context
+    uint8_t context_len
 ) {
     hash_init(hash);
-    
+
 #if NO_CONTEXT
-    if (no_context) {
+    if (context_len == 0 && context == ED$(gf_shortname)_NO_CONTEXT) {
         (void)prehashed;
         (void)for_prehash;
         (void)context;
         (void)context_len;
         return;
     }
-#else
-    (void)no_context;
 #endif
     const char *dom_s = "$(eddsa_dom)";
     const uint8_t dom[2] = {2+word_is_zero(prehashed)+word_is_zero(for_prehash), context_len};
@@ -125,8 +122,7 @@ void decaf_ed$(gf_shortname)_sign (
     size_t message_len,
     uint8_t prehashed,
     const uint8_t *context,
-    uint8_t context_len,
-    uint8_t no_context
+    uint8_t context_len
 ) {
     API_NS(scalar_t) secret_scalar;
     hash_ctx_t hash;
@@ -146,7 +142,7 @@ void decaf_ed$(gf_shortname)_sign (
         API_NS(scalar_decode_long)(secret_scalar, expanded.secret_scalar_ser, sizeof(expanded.secret_scalar_ser));
     
         /* Hash to create the nonce */
-        hash_init_with_dom(hash,prehashed,0,context,context_len,no_context);
+        hash_init_with_dom(hash,prehashed,0,context,context_len);
         hash_update(hash,expanded.seed,sizeof(expanded.seed));
         hash_update(hash,message,message_len);
         decaf_bzero(&expanded, sizeof(expanded));
@@ -180,7 +176,7 @@ void decaf_ed$(gf_shortname)_sign (
     API_NS(scalar_t) challenge_scalar;
     {
         /* Compute the challenge */
-        hash_init_with_dom(hash,prehashed,0,context,context_len,no_context);
+        hash_init_with_dom(hash,prehashed,0,context,context_len);
         hash_update(hash,nonce_point,sizeof(nonce_point));
         hash_update(hash,pubkey,DECAF_EDDSA_$(gf_shortname)_PUBLIC_BYTES);
         hash_update(hash,message,message_len);
@@ -220,7 +216,7 @@ void decaf_ed$(gf_shortname)_sign_prehash (
         hash_destroy(hash_too);
     }
 
-    decaf_ed$(gf_shortname)_sign(signature,privkey,pubkey,hash_output,sizeof(hash_output),1,context,context_len,0);
+    decaf_ed$(gf_shortname)_sign(signature,privkey,pubkey,hash_output,sizeof(hash_output),1,context,context_len);
     decaf_bzero(hash_output,sizeof(hash_output));
 }
 
@@ -231,8 +227,7 @@ decaf_error_t decaf_ed$(gf_shortname)_verify (
     size_t message_len,
     uint8_t prehashed,
     const uint8_t *context,
-    uint8_t context_len,
-    uint8_t no_context
+    uint8_t context_len
 ) { 
     API_NS(point_t) pk_point, r_point;
     decaf_error_t error = API_NS(point_decode_like_eddsa_and_ignore_cofactor)(pk_point,pubkey);
@@ -245,7 +240,7 @@ decaf_error_t decaf_ed$(gf_shortname)_verify (
     {
         /* Compute the challenge */
         hash_ctx_t hash;
-        hash_init_with_dom(hash,prehashed,0,context,context_len,no_context);
+        hash_init_with_dom(hash,prehashed,0,context,context_len);
         hash_update(hash,signature,DECAF_EDDSA_$(gf_shortname)_PUBLIC_BYTES);
         hash_update(hash,pubkey,DECAF_EDDSA_$(gf_shortname)_PUBLIC_BYTES);
         hash_update(hash,message,message_len);
@@ -296,7 +291,7 @@ decaf_error_t decaf_ed$(gf_shortname)_verify_prehash (
         hash_destroy(hash_too);
     }
     
-    ret = decaf_ed$(gf_shortname)_verify(signature,pubkey,hash_output,sizeof(hash_output),1,context,context_len,0);
+    ret = decaf_ed$(gf_shortname)_verify(signature,pubkey,hash_output,sizeof(hash_output),1,context,context_len);
     
     return ret;
 }

src/per_curve/eddsa.tmpl.h

@@ -19,7 +19,7 @@ extern "C" {
 
 /** Does EdDSA support non-contextual signatures? */
 #define DECAF_EDDSA_$(gf_shortname)_NO_CONTEXT $(eddsa_no_context)
-    
+$("const uint8_t * const ED" + gf_shortname + "_NO_CONTEXT = (const uint8_t * const)(" + gf_shortname + ");\n" if eddsa_no_context else "")
 /** Prehash context renaming macros. */
 #define decaf_ed$(gf_shortname)_prehash_ctx_s   decaf_$(eddsa_hash)_ctx_s
 #define decaf_ed$(gf_shortname)_prehash_ctx_t   decaf_$(eddsa_hash)_ctx_t
@@ -49,7 +49,6 @@ void decaf_ed$(gf_shortname)_derive_public_key (
  * @param [in] prehashed Nonzero if the message is actually the hash of something you want to sign.
  * @param [in] context A "context" for this signature of up to 255 bytes.
  * @param [in] context_len Length of the context.
- * @param [in] no_context Nonzero if no context should be used (only Ed25519 supported).
  *
  * @warning For Ed25519, it is unsafe to use the same key for both prehashed and non-prehashed
  * messages, at least without some very careful protocol-level disambiguation.  For Ed448 it is
@@ -64,8 +63,7 @@ void decaf_ed$(gf_shortname)_sign (
     size_t message_len,
     uint8_t prehashed,
     const uint8_t *context,
-    uint8_t context_len,
-    uint8_t no_context
+    uint8_t context_len
 ) API_VIS __attribute__((nonnull(1,2,3))) NOINLINE;
 
 /**
@@ -113,7 +111,6 @@ void decaf_ed$(gf_shortname)_prehash_init (
  * @param [in] prehashed Nonzero if the message is actually the hash of something you want to verify.
  * @param [in] context A "context" for this signature of up to 255 bytes.
  * @param [in] context_len Length of the context.
- * @param [in] no_context Nonzero if no context should be used (only Ed25519 supported).
  *
  * @warning For Ed25519, it is unsafe to use the same key for both prehashed and non-prehashed
  * messages, at least without some very careful protocol-level disambiguation.  For Ed448 it is
@@ -127,8 +124,7 @@ decaf_error_t decaf_ed$(gf_shortname)_verify (
     size_t message_len,
     uint8_t prehashed,
     const uint8_t *context,
-    uint8_t context_len,
-    uint8_t no_context
+    uint8_t context_len
 ) API_VIS __attribute__((nonnull(1,2))) NOINLINE;
 
 /**

src/per_curve/eddsa.tmpl.hxx

@@ -125,8 +125,7 @@ public:
      */
     inline SecureBuffer sign (
         const Block &message,
-        const Block &context = Block(NULL,0),
-        const bool no_context = false
+        const Block &context = Block(NULL,0)
     ) const /* TODO: this exn spec tickles a Clang bug?
              * throw(LengthException, std::bad_alloc)
              */ {
@@ -143,8 +142,7 @@ public:
             message.size(),
             0,
             context.data(),
-            context.size(),
-            no_context
+            context.size()
         );
         return out;
     }
@@ -231,8 +229,7 @@ public:
     inline decaf_error_t WARN_UNUSED verify_noexcept (
         const FixedBlock<DECAF_EDDSA_$(gf_shortname)_SIGNATURE_BYTES> &sig,
         const Block &message,
-        const Block &context = Block(NULL,0),
-        const bool no_context = false
+        const Block &context = Block(NULL,0)
     ) const /*NOEXCEPT*/ {
         if (context.size() > 255) {
             return DECAF_FAILURE;
@@ -245,8 +242,7 @@ public:
             message.size(),
             0,
             context.data(),
-            context.size(),
-            no_context
+            context.size()
         );
     }
     
@@ -260,14 +256,13 @@ public:
     inline void verify (
         const FixedBlock<DECAF_EDDSA_$(gf_shortname)_SIGNATURE_BYTES> &sig,
         const Block &message,
-        const Block &context = Block(NULL,0),
-        const bool no_context = false
+        const Block &context = Block(NULL,0)
     ) const /*throw(LengthException,CryptoException)*/ {
         if (context.size() > 255) {
             throw LengthException();
         }
         
-        if (DECAF_SUCCESS != verify_noexcept( sig, message, context, no_context )) {
+        if (DECAF_SUCCESS != verify_noexcept( sig, message, context )) {
             throw CryptoException();
         }
     }

test/test_decaf.cxx

@@ -469,7 +469,7 @@ static void test_cfrg_crypto() {
     }
 }
 
-static const bool eddsa_prehashed[], eddsa_no_context[];
+static const bool eddsa_prehashed[];
 static const Block eddsa_sk[], eddsa_pk[], eddsa_message[], eddsa_context[], eddsa_sig[];
 
 static void test_cfrg_vectors() {
@@ -499,7 +499,7 @@ static void test_cfrg_vectors() {
             typename EdDSA<Group>::PrivateKeyPh priv2(eddsa_sk[t]); 
             sig = priv2.sign_with_prehash(eddsa_message[t],eddsa_context[t]);
         } else {
-            sig = priv.sign(eddsa_message[t],eddsa_context[t],eddsa_no_context[t]);
+            sig = priv.sign(eddsa_message[t],eddsa_context[t]);
         }
 
         if (!memeq(SecureBuffer(eddsa_sig[t]),sig)) {

test/vectors.inc.cxx

@@ -346,15 +346,6 @@ template<> const Block Tests<Ed448Goldilocks>::eddsa_context[] = {
     Block(NULL,0),
     Block(ed448_eddsa_context[0],3)
 };
-template<> const bool Tests<Ed448Goldilocks>::eddsa_no_context[] = {
-    false,
-    false,
-    false,
-    false,
-    false,
-    false,
-    false
-};
 template<> const Block Tests<Ed448Goldilocks>::eddsa_sig[] = {
     Block(ed448_eddsa_sig[0],114),
     Block(ed448_eddsa_sig[1],114),
@@ -516,21 +507,13 @@ template<> const Block Tests<IsoEd25519>::eddsa_pk[] = {
     Block(ed25519_eddsa_pk[4],32)
 };
 template<> const Block Tests<IsoEd25519>::eddsa_context[] = {
-    Block(NULL,0),
-    Block(NULL,0),
-    Block(NULL,0),
+    Block(ED25519_NO_CONTEXT,0),
+    Block(ED25519_NO_CONTEXT,0),
+    Block(ED25519_NO_CONTEXT,0),
     Block(NULL,0),
     Block(ed25519_eddsa_context[0],3),
     Block(ed25519_eddsa_context[1],3)
 };
-template<> const bool Tests<IsoEd25519>::eddsa_no_context[] = {
-    true,
-    true,
-    true,
-    false,
-    false,
-    false
-};
 template<> const Block Tests<IsoEd25519>::eddsa_message[] = {
     Block(ed25519_eddsa_message[0],0),
     Block(ed25519_eddsa_message[1],1),