Commit `8e8a143d62`

Frank Denis <124872+jedisct1@users.noreply.github.com>

2025-09-17 12:09:35

Avoid logic where we return success in case of an error (#25251)

In ed25519.zig, we checked if a test succeeds, in which case we returned an error. This was confusing, and Andrew pointed out that Zig weights branches against errors by default.

master

1 parent 9819f53

Changed files (1)

lib

std

crypto

25519

ed25519.zig

@@ -175,6 +175,10 @@ pub const Ed25519 = struct {
             self.h.update(msg);
         }
 
+        fn isIdentity(p: Curve) bool {
+            return p.x.isZero() and p.y.equivalent(p.z);
+        }
+
         pub const VerifyError = WeakPublicKeyError || IdentityElementError ||
             SignatureVerificationError;
 
@@ -195,9 +199,9 @@ pub const Ed25519 = struct {
                 hram,
             ));
             const check = sb_ah.sub(self.expected_r.clearCofactor());
-            if (check.rejectIdentity()) |_| {
+            if (!isIdentity(check)) {
                 return error.SignatureVerificationFailed;
-            } else |_| {}
+            }
         }
 
         /// Verify that the signature is valid for the entire message using cofactorless verification.
@@ -221,9 +225,9 @@ pub const Ed25519 = struct {
                 hram,
             ));
             const check = sb_ah.sub(self.expected_r);
-            if (check.rejectIdentity()) |_| {
+            if (!isIdentity(check)) {
                 return error.SignatureVerificationFailed;
-            } else |_| {}
+            }
         }
     };

Commit 8e8a143d62

Commit `8e8a143d62`