commit 8e8a143d62b6176d94289a2a1e52295b46dfd319 (tree)
parent 9819f53453a95aee97bc12854e6d7653b597c2b3
Author: Frank Denis <124872+jedisct1@users.noreply.github.com>
Date: Wed, 17 Sep 2025 12:09:35 +0200
Avoid logic where we return success in case of an error (#25251)
In ed25519.zig, we checked if a test succeeds, in which case we
returned an error. This was confusing, and Andrew pointed out that
Zig weights branches against errors by default.
Diffstat:
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/lib/std/crypto/25519/ed25519.zig b/lib/std/crypto/25519/ed25519.zig
@@ -175,6 +175,10 @@ pub const Ed25519 = struct {
self.h.update(msg);
}
+ fn isIdentity(p: Curve) bool {
+ return p.x.isZero() and p.y.equivalent(p.z);
+ }
+
pub const VerifyError = WeakPublicKeyError || IdentityElementError ||
SignatureVerificationError;
@@ -195,9 +199,9 @@ pub const Ed25519 = struct {
hram,
));
const check = sb_ah.sub(self.expected_r.clearCofactor());
- if (check.rejectIdentity()) |_| {
+ if (!isIdentity(check)) {
return error.SignatureVerificationFailed;
- } else |_| {}
+ }
}
/// Verify that the signature is valid for the entire message using cofactorless verification.
@@ -221,9 +225,9 @@ pub const Ed25519 = struct {
hram,
));
const check = sb_ah.sub(self.expected_r);
- if (check.rejectIdentity()) |_| {
+ if (!isIdentity(check)) {
return error.SignatureVerificationFailed;
- } else |_| {}
+ }
}
};