From 20aae3e5ed3738a4afc42e1ac183d5a7d1a4bd12 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Wed, 6 Sep 2023 12:12:54 +0700
Subject: EdDSA: Minor verification optimization

---
 crypto/src/math/ec/rfc8032/Ed25519.cs | 6 ++++++
 crypto/src/math/ec/rfc8032/Ed448.cs   | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/crypto/src/math/ec/rfc8032/Ed25519.cs b/crypto/src/math/ec/rfc8032/Ed25519.cs
index 8add3c48b..bf3a1a8d8 100644
--- a/crypto/src/math/ec/rfc8032/Ed25519.cs
+++ b/crypto/src/math/ec/rfc8032/Ed25519.cs
@@ -1713,6 +1713,12 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
 
             int bit = 128;
             while (--bit >= 0)
+            {
+                if (((int)ws_b[bit] | (int)ws_b[128 + bit] | (int)ws_p[bit] | (int)ws_q[bit]) != 0)
+                    break;
+            }
+
+            for (; bit >= 0; --bit)
             {
                 int wb = ws_b[bit];
                 if (wb != 0)
diff --git a/crypto/src/math/ec/rfc8032/Ed448.cs b/crypto/src/math/ec/rfc8032/Ed448.cs
index 6eee639fe..54321e37d 100644
--- a/crypto/src/math/ec/rfc8032/Ed448.cs
+++ b/crypto/src/math/ec/rfc8032/Ed448.cs
@@ -1580,6 +1580,12 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
 
             int bit = 225;
             while (--bit >= 0)
+            {
+                if (((int)ws_b[bit] | (int)ws_b[225 + bit] | (int)ws_p[bit] | (int)ws_q[bit]) != 0)
+                    break;
+            }
+
+            for (; bit >= 0; --bit)
             {
                 int wb = ws_b[bit];
                 if (wb != 0)
-- 
cgit 1.4.1