Abstract out verify logic for fe_is_square_var

src/field.h

@@ -100,6 +100,7 @@ static const secp256k1_fe secp256k1_const_beta = SECP256K1_FE_CONST(
 #  define secp256k1_fe_get_bounds secp256k1_fe_impl_get_bounds
 #  define secp256k1_fe_half secp256k1_fe_impl_half
 #  define secp256k1_fe_add_int secp256k1_fe_impl_add_int
+#  define secp256k1_fe_is_square_var secp256k1_fe_impl_is_square_var
 #endif /* !defined(VERIFY) */
 
 /** Normalize a field element.
@@ -321,7 +322,10 @@ static void secp256k1_fe_half(secp256k1_fe *r);
  *  internal overflows. */
 static void secp256k1_fe_get_bounds(secp256k1_fe *r, int m);
 
-/** Determine whether a is a square (modulo p). */
+/** Determine whether a is a square (modulo p).
+ *
+ * On input, a must be a valid field element.
+ */
 static int secp256k1_fe_is_square_var(const secp256k1_fe *a);
 
 /** Check invariants on a field element (no-op unless VERIFY is enabled). */

src/field_10x26_impl.h

@@ -1215,7 +1215,7 @@ static void secp256k1_fe_impl_inv_var(secp256k1_fe *r, const secp256k1_fe *x) {
     secp256k1_fe_from_signed30(r, &s);
 }
 
-static int secp256k1_fe_is_square_var(const secp256k1_fe *x) {
+static int secp256k1_fe_impl_is_square_var(const secp256k1_fe *x) {
     secp256k1_fe tmp;
     secp256k1_modinv32_signed30 s;
     int jac, ret;
@@ -1233,10 +1233,6 @@ static int secp256k1_fe_is_square_var(const secp256k1_fe *x) {
         secp256k1_fe dummy;
         ret = secp256k1_fe_sqrt(&dummy, &tmp);
     } else {
-#ifdef VERIFY
-        secp256k1_fe dummy;
-        VERIFY_CHECK(jac == 2*secp256k1_fe_sqrt(&dummy, &tmp) - 1);
-#endif
         ret = jac >= 0;
     }
     return ret;

src/field_5x52_impl.h

@@ -504,7 +504,7 @@ static void secp256k1_fe_impl_inv_var(secp256k1_fe *r, const secp256k1_fe *x) {
     secp256k1_fe_from_signed62(r, &s);
 }
 
-static int secp256k1_fe_is_square_var(const secp256k1_fe *x) {
+static int secp256k1_fe_impl_is_square_var(const secp256k1_fe *x) {
     secp256k1_fe tmp;
     secp256k1_modinv64_signed62 s;
     int jac, ret;
@@ -522,10 +522,6 @@ static int secp256k1_fe_is_square_var(const secp256k1_fe *x) {
         secp256k1_fe dummy;
         ret = secp256k1_fe_sqrt(&dummy, &tmp);
     } else {
-#ifdef VERIFY
-        secp256k1_fe dummy;
-        VERIFY_CHECK(jac == 2*secp256k1_fe_sqrt(&dummy, &tmp) - 1);
-#endif
         ret = jac >= 0;
     }
     return ret;

src/field_impl.h

@@ -384,6 +384,17 @@ SECP256K1_INLINE static void secp256k1_fe_inv_var(secp256k1_fe *r, const secp256
     secp256k1_fe_verify(r);
 }
 
+static int secp256k1_fe_impl_is_square_var(const secp256k1_fe *x);
+SECP256K1_INLINE static int secp256k1_fe_is_square_var(const secp256k1_fe *x) {
+    int ret;
+    secp256k1_fe tmp = *x, sqrt;
+    secp256k1_fe_verify(x);
+    ret = secp256k1_fe_impl_is_square_var(x);
+    secp256k1_fe_normalize_weak(&tmp);
+    VERIFY_CHECK(ret == secp256k1_fe_sqrt(&sqrt, &tmp));
+    return ret;
+}
+
 static void secp256k1_fe_impl_get_bounds(secp256k1_fe* r, int m);
 SECP256K1_INLINE static void secp256k1_fe_get_bounds(secp256k1_fe* r, int m) {
     VERIFY_CHECK(m >= 0);