From d3f3fe8616d02bd1c62376c1318be69c64eea982 Mon Sep 17 00:00:00 2001
From: Pieter Wuille <pieter@wuille.net>
Date: Fri, 28 Jan 2022 18:07:55 -0500
Subject: [PATCH] Abstract out verify logic for fe_is_zero

---
 src/field.h            | 10 +++++++++-
 src/field_10x26_impl.h |  6 +-----
 src/field_5x52_impl.h  |  6 +-----
 src/field_impl.h       |  7 +++++++
 4 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/src/field.h b/src/field.h
index f6f3fa9f17909..c057472c289c1 100644
--- a/src/field.h
+++ b/src/field.h
@@ -82,6 +82,7 @@ static const secp256k1_fe secp256k1_const_beta = SECP256K1_FE_CONST(
 #  define secp256k1_fe_normalizes_to_zero_var secp256k1_fe_impl_normalizes_to_zero_var
 #  define secp256k1_fe_set_int secp256k1_fe_impl_set_int
 #  define secp256k1_fe_clear secp256k1_fe_impl_clear
+#  define secp256k1_fe_is_zero secp256k1_fe_impl_is_zero
 #endif /* !defined(VERIFY) */
 
 /** Normalize a field element.
@@ -131,7 +132,14 @@ static void secp256k1_fe_set_int(secp256k1_fe *r, int a);
  */
 static void secp256k1_fe_clear(secp256k1_fe *a);
 
-/** Verify whether a field element is zero. Requires the input to be normalized. */
+/** Determine whether a represents field element 0.
+ *
+ * On input, a must be a valid normalized field element.
+ * Returns whether a = 0 (mod p).
+ *
+ * This behaves identical to secp256k1_normalizes_to_zero{,_var}, but requires
+ * normalized input (and is much faster).
+ */
 static int secp256k1_fe_is_zero(const secp256k1_fe *a);
 
 /** Check the "oddness" of a field element. Requires the input to be normalized. */
diff --git a/src/field_10x26_impl.h b/src/field_10x26_impl.h
index 7fc9993e00c32..5e934c438c1a2 100644
--- a/src/field_10x26_impl.h
+++ b/src/field_10x26_impl.h
@@ -269,12 +269,8 @@ SECP256K1_INLINE static void secp256k1_fe_impl_set_int(secp256k1_fe *r, int a) {
     r->n[1] = r->n[2] = r->n[3] = r->n[4] = r->n[5] = r->n[6] = r->n[7] = r->n[8] = r->n[9] = 0;
 }
 
-SECP256K1_INLINE static int secp256k1_fe_is_zero(const secp256k1_fe *a) {
+SECP256K1_INLINE static int secp256k1_fe_impl_is_zero(const secp256k1_fe *a) {
     const uint32_t *t = a->n;
-#ifdef VERIFY
-    VERIFY_CHECK(a->normalized);
-    secp256k1_fe_verify(a);
-#endif
     return (t[0] | t[1] | t[2] | t[3] | t[4] | t[5] | t[6] | t[7] | t[8] | t[9]) == 0;
 }
 
diff --git a/src/field_5x52_impl.h b/src/field_5x52_impl.h
index d2c4a6ba25c71..0572d77becd98 100644
--- a/src/field_5x52_impl.h
+++ b/src/field_5x52_impl.h
@@ -215,12 +215,8 @@ SECP256K1_INLINE static void secp256k1_fe_impl_set_int(secp256k1_fe *r, int a) {
     r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0;
 }
 
-SECP256K1_INLINE static int secp256k1_fe_is_zero(const secp256k1_fe *a) {
+SECP256K1_INLINE static int secp256k1_fe_impl_is_zero(const secp256k1_fe *a) {
     const uint64_t *t = a->n;
-#ifdef VERIFY
-    VERIFY_CHECK(a->normalized);
-    secp256k1_fe_verify(a);
-#endif
     return (t[0] | t[1] | t[2] | t[3] | t[4]) == 0;
 }
 
diff --git a/src/field_impl.h b/src/field_impl.h
index 0eccf75023ae3..8c85134057a80 100644
--- a/src/field_impl.h
+++ b/src/field_impl.h
@@ -202,6 +202,13 @@ SECP256K1_INLINE static void secp256k1_fe_clear(secp256k1_fe *a) {
     secp256k1_fe_impl_clear(a);
     secp256k1_fe_verify(a);
 }
+
+static int secp256k1_fe_impl_is_zero(const secp256k1_fe *a);
+SECP256K1_INLINE static int secp256k1_fe_is_zero(const secp256k1_fe *a) {
+    secp256k1_fe_verify(a);
+    VERIFY_CHECK(a->normalized);
+    return secp256k1_fe_impl_is_zero(a);
+}
 #endif /* defined(VERIFY) */
 
 #endif /* SECP256K1_FIELD_IMPL_H */