From 76d31e5047c1d8dfb83b277421f11460f5126a03 Mon Sep 17 00:00:00 2001
From: Pieter Wuille <pieter@wuille.net>
Date: Fri, 28 Jan 2022 18:56:54 -0500
Subject: [PATCH] Abstract out verify logic for fe_to_storage

---
 src/field.h            | 7 ++++++-
 src/field_10x26_impl.h | 5 +----
 src/field_5x52_impl.h  | 5 +----
 src/field_impl.h       | 7 +++++++
 4 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/src/field.h b/src/field.h
index daa2c54066792..4928e256afcac 100644
--- a/src/field.h
+++ b/src/field.h
@@ -93,6 +93,7 @@ static const secp256k1_fe secp256k1_const_beta = SECP256K1_FE_CONST(
 #  define secp256k1_fe_mul secp256k1_fe_impl_mul
 #  define secp256k1_fe_sqr secp256k1_fe_impl_sqr
 #  define secp256k1_fe_cmov secp256k1_fe_impl_cmov
+#  define secp256k1_fe_to_storage secp256k1_fe_impl_to_storage
 #endif /* !defined(VERIFY) */
 
 /** Normalize a field element.
@@ -263,7 +264,11 @@ static void secp256k1_fe_inv(secp256k1_fe *r, const secp256k1_fe *a);
 /** Potentially faster version of secp256k1_fe_inv, without constant-time guarantee. */
 static void secp256k1_fe_inv_var(secp256k1_fe *r, const secp256k1_fe *a);
 
-/** Convert a field element to the storage type. */
+/** Convert a field element to secp256k1_fe_storage.
+ *
+ * On input, a must be a valid normalized field element.
+ * Performs {r = a}.
+ */
 static void secp256k1_fe_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a);
 
 /** Convert a field element back from the storage type. */
diff --git a/src/field_10x26_impl.h b/src/field_10x26_impl.h
index 621915017091c..b0676eb937958 100644
--- a/src/field_10x26_impl.h
+++ b/src/field_10x26_impl.h
@@ -1145,10 +1145,7 @@ static SECP256K1_INLINE void secp256k1_fe_storage_cmov(secp256k1_fe_storage *r,
     r->n[7] = (r->n[7] & mask0) | (a->n[7] & mask1);
 }
 
-static void secp256k1_fe_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a) {
-#ifdef VERIFY
-    VERIFY_CHECK(a->normalized);
-#endif
+static void secp256k1_fe_impl_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a) {
     r->n[0] = a->n[0] | a->n[1] << 26;
     r->n[1] = a->n[1] >> 6 | a->n[2] << 20;
     r->n[2] = a->n[2] >> 12 | a->n[3] << 14;
diff --git a/src/field_5x52_impl.h b/src/field_5x52_impl.h
index 6a90ef4c4db27..d183b0bf7ff50 100644
--- a/src/field_5x52_impl.h
+++ b/src/field_5x52_impl.h
@@ -459,10 +459,7 @@ static SECP256K1_INLINE void secp256k1_fe_storage_cmov(secp256k1_fe_storage *r,
     r->n[3] = (r->n[3] & mask0) | (a->n[3] & mask1);
 }
 
-static void secp256k1_fe_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a) {
-#ifdef VERIFY
-    VERIFY_CHECK(a->normalized);
-#endif
+static void secp256k1_fe_impl_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a) {
     r->n[0] = a->n[0] | a->n[1] << 52;
     r->n[1] = a->n[1] >> 12 | a->n[2] << 40;
     r->n[2] = a->n[2] >> 24 | a->n[3] << 28;
diff --git a/src/field_impl.h b/src/field_impl.h
index bb1608d25cc52..fd0d56da25f9b 100644
--- a/src/field_impl.h
+++ b/src/field_impl.h
@@ -336,6 +336,13 @@ SECP256K1_INLINE static void secp256k1_fe_cmov(secp256k1_fe *r, const secp256k1_
     }
     secp256k1_fe_verify(r);
 }
+
+static void secp256k1_fe_impl_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a);
+SECP256K1_INLINE static void secp256k1_fe_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a) {
+    secp256k1_fe_verify(a);
+    VERIFY_CHECK(a->normalized);
+    secp256k1_fe_impl_to_storage(r, a);
+}
 #endif /* defined(VERIFY) */
 
 #endif /* SECP256K1_FIELD_IMPL_H */