From 70ae0d2851fd78afda12a4e3c023d1088b1c2937 Mon Sep 17 00:00:00 2001
From: Gregory Maxwell <greg@xiph.org>
Date: Wed, 31 Dec 2014 05:56:00 -0800
Subject: [PATCH 1/2] Use secp256k1_fe_equal_var in secp256k1_fe_sqrt_var.

In theory this should be faster, since secp256k1_fe_equal_var is able to
 shortcut the normalization.  On x86_64 the improvement appears to be in
 the noise for me.  At least it makes the code cleaner.
---
 src/field_impl.h | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/field_impl.h b/src/field_impl.h
index 484e6731..4e2c24aa 100644
--- a/src/field_impl.h
+++ b/src/field_impl.h
@@ -135,10 +135,7 @@ static int secp256k1_fe_sqrt_var(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
     /* Check that a square root was actually calculated */
 
     secp256k1_fe_sqr(&t1, r);
-    secp256k1_fe_negate(&t1, &t1, 1);
-    secp256k1_fe_add(&t1, a);
-    secp256k1_fe_normalize_var(&t1);
-    return secp256k1_fe_is_zero(&t1);
+    return secp256k1_fe_equal_var(&t1, a);
 }
 
 static void secp256k1_fe_inv(secp256k1_fe_t *r, const secp256k1_fe_t *a) {

From 7688e341c5cfe42ee9d22abe73bbaf38fe0b70df Mon Sep 17 00:00:00 2001
From: Gregory Maxwell <greg@xiph.org>
Date: Fri, 2 Jan 2015 07:52:27 -0800
Subject: [PATCH 2/2] Add magnitude limits to secp256k1_fe_verify to ensure
 that it's own tests function correctly.

---
 src/field_10x26_impl.h | 1 +
 src/field_5x52_impl.h  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/field_10x26_impl.h b/src/field_10x26_impl.h
index 8f5d15c7..9ef60a80 100644
--- a/src/field_10x26_impl.h
+++ b/src/field_10x26_impl.h
@@ -31,6 +31,7 @@ static void secp256k1_fe_verify(const secp256k1_fe_t *a) {
     r &= (d[8] <= 0x3FFFFFFUL * m);
     r &= (d[9] <= 0x03FFFFFUL * m);
     r &= (a->magnitude >= 0);
+    r &= (a->magnitude <= 32);
     if (a->normalized) {
         r &= (a->magnitude <= 1);
         if (r && (d[9] == 0x03FFFFFUL)) {
diff --git a/src/field_5x52_impl.h b/src/field_5x52_impl.h
index 33597c44..4db9e6f5 100644
--- a/src/field_5x52_impl.h
+++ b/src/field_5x52_impl.h
@@ -43,6 +43,7 @@ static void secp256k1_fe_verify(const secp256k1_fe_t *a) {
     r &= (d[3] <= 0xFFFFFFFFFFFFFULL * m);
     r &= (d[4] <= 0x0FFFFFFFFFFFFULL * m);
     r &= (a->magnitude >= 0);
+    r &= (a->magnitude <= 2048);
     if (a->normalized) {
         r &= (a->magnitude <= 1);
         if (r && (d[4] == 0x0FFFFFFFFFFFFULL) && ((d[3] & d[2] & d[1]) == 0xFFFFFFFFFFFFFULL)) {