Abstract out verify logic for fe_half

Author: sipa

src/field.h

@@ -92,6 +92,7 @@ static const secp256k1_fe secp256k1_const_beta = SECP256K1_FE_CONST(
 #  define secp256k1_fe_inv secp256k1_fe_impl_inv
 #  define secp256k1_fe_inv_var secp256k1_fe_impl_inv_var
 #  define secp256k1_fe_get_bounds secp256k1_fe_impl_get_bounds
+#  define secp256k1_fe_half secp256k1_fe_impl_half
 #endif /* defined(VERIFY) */
 
 /** Normalize a field element.

src/field_10x26_impl.h

@@ -1045,17 +1045,12 @@ SECP256K1_INLINE static void secp256k1_fe_impl_cmov(secp256k1_fe *r, const secp2
     r->n[9] = (r->n[9] & mask0) | (a->n[9] & mask1);
 }
 
-static SECP256K1_INLINE void secp256k1_fe_half(secp256k1_fe *r) {
+static SECP256K1_INLINE void secp256k1_fe_impl_half(secp256k1_fe *r) {
     uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4],
              t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9];
     uint32_t one = (uint32_t)1;
     uint32_t mask = -(t0 & one) >> 6;
 
-#ifdef VERIFY
-    secp256k1_fe_verify(r);
-    VERIFY_CHECK(r->magnitude < 32);
-#endif
-
     /* Bounds analysis (over the rationals).
      *
      * Let m = r->magnitude
@@ -1102,10 +1097,8 @@ static SECP256K1_INLINE void secp256k1_fe_half(secp256k1_fe *r) {
      *
      * Current bounds: t0..t8 <= C * (m/2 + 1/2)
      *                     t9 <= D * (m/2 + 1/4)
-     */
-
-#ifdef VERIFY
-    /* Therefore the output magnitude (M) has to be set such that:
+     *
+     * Therefore the output magnitude (M) has to be set such that:
      *     t0..t8: C * M >= C * (m/2 + 1/2)
      *         t9: D * M >= D * (m/2 + 1/4)
      *
@@ -1115,10 +1108,6 @@ static SECP256K1_INLINE void secp256k1_fe_half(secp256k1_fe *r) {
      * and since we want the smallest such integer value for M:
      *     M == floor(m/2) + 1
      */
-    r->magnitude = (r->magnitude >> 1) + 1;
-    r->normalized = 0;
-    secp256k1_fe_verify(r);
-#endif
 }
 
 static SECP256K1_INLINE void secp256k1_fe_storage_cmov(secp256k1_fe_storage *r, const secp256k1_fe_storage *a, int flag) {

src/field_5x52_impl.h

@@ -374,16 +374,11 @@ SECP256K1_INLINE static void secp256k1_fe_impl_cmov(secp256k1_fe *r, const secp2
     r->n[4] = (r->n[4] & mask0) | (a->n[4] & mask1);
 }
 
-static SECP256K1_INLINE void secp256k1_fe_half(secp256k1_fe *r) {
+static SECP256K1_INLINE void secp256k1_fe_impl_half(secp256k1_fe *r) {
     uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4];
     uint64_t one = (uint64_t)1;
     uint64_t mask = -(t0 & one) >> 12;
 
-#ifdef VERIFY
-    secp256k1_fe_verify(r);
-    VERIFY_CHECK(r->magnitude < 32);
-#endif
-
     /* Bounds analysis (over the rationals).
      *
      * Let m = r->magnitude
@@ -420,10 +415,8 @@ static SECP256K1_INLINE void secp256k1_fe_half(secp256k1_fe *r) {
      *
      * Current bounds: t0..t3 <= C * (m/2 + 1/2)
      *                     t4 <= D * (m/2 + 1/4)
-     */
-
-#ifdef VERIFY
-    /* Therefore the output magnitude (M) has to be set such that:
+     *
+     * Therefore the output magnitude (M) has to be set such that:
      *     t0..t3: C * M >= C * (m/2 + 1/2)
      *         t4: D * M >= D * (m/2 + 1/4)
      *
@@ -433,10 +426,6 @@ static SECP256K1_INLINE void secp256k1_fe_half(secp256k1_fe *r) {
      * and since we want the smallest such integer value for M:
      *     M == floor(m/2) + 1
      */
-    r->magnitude = (r->magnitude >> 1) + 1;
-    r->normalized = 0;
-    secp256k1_fe_verify(r);
-#endif
 }
 
 static SECP256K1_INLINE void secp256k1_fe_storage_cmov(secp256k1_fe_storage *r, const secp256k1_fe_storage *a, int flag) {

src/field_impl.h

@@ -372,6 +372,16 @@ SECP256K1_INLINE static void secp256k1_fe_get_bounds(secp256k1_fe* r, int m) {
     secp256k1_fe_verify(r);
 }
 
+static void secp256k1_fe_impl_half(secp256k1_fe *r);
+SECP256K1_INLINE static void secp256k1_fe_half(secp256k1_fe *r) {
+    secp256k1_fe_verify(r);
+    VERIFY_CHECK(r->magnitude < 32);
+    secp256k1_fe_impl_half(r);
+    r->magnitude = (r->magnitude >> 1) + 1;
+    r->normalized = 0;
+    secp256k1_fe_verify(r);
+}
+
 #endif /* defined(VERIFY) */
 
 #endif /* SECP256K1_FIELD_IMPL_H */