Abstract out verify logic for fe_normalize_var

Author: sipa

src/field.h

@@ -77,6 +77,7 @@ static const secp256k1_fe secp256k1_const_beta = SECP256K1_FE_CONST(
  * function call (even though presumably inlinable). */
 #  define secp256k1_fe_normalize secp256k1_fe_impl_normalize
 #  define secp256k1_fe_normalize_weak secp256k1_fe_impl_normalize_weak
+#  define secp256k1_fe_normalize_var secp256k1_fe_impl_normalize_var
 #endif /* !defined(VERIFY) */
 
 /** Normalize a field element.
@@ -93,7 +94,10 @@ static void secp256k1_fe_normalize(secp256k1_fe *r);
  */
 static void secp256k1_fe_normalize_weak(secp256k1_fe *r);
 
-/** Normalize a field element, without constant-time guarantee. */
+/** Normalize a field element, without constant-time guarantee.
+ *
+ * Identical in behavior to secp256k1_fe_normalize, but not constant time in r.
+ */
 static void secp256k1_fe_normalize_var(secp256k1_fe *r);
 
 /** Verify whether a field element represents zero i.e. would normalize to a zero value. */

src/field_10x26_impl.h

@@ -133,7 +133,7 @@ static void secp256k1_fe_impl_normalize_weak(secp256k1_fe *r) {
     r->n[5] = t5; r->n[6] = t6; r->n[7] = t7; r->n[8] = t8; r->n[9] = t9;
 }
 
-static void secp256k1_fe_normalize_var(secp256k1_fe *r) {
+static void secp256k1_fe_impl_normalize_var(secp256k1_fe *r) {
     uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4],
              t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9];
 
@@ -181,12 +181,6 @@ static void secp256k1_fe_normalize_var(secp256k1_fe *r) {
 
     r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4;
     r->n[5] = t5; r->n[6] = t6; r->n[7] = t7; r->n[8] = t8; r->n[9] = t9;
-
-#ifdef VERIFY
-    r->magnitude = 1;
-    r->normalized = 1;
-    secp256k1_fe_verify(r);
-#endif
 }
 
 static int secp256k1_fe_normalizes_to_zero(const secp256k1_fe *r) {

src/field_5x52_impl.h

@@ -108,7 +108,7 @@ static void secp256k1_fe_impl_normalize_weak(secp256k1_fe *r) {
     r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4;
 }
 
-static void secp256k1_fe_normalize_var(secp256k1_fe *r) {
+static void secp256k1_fe_impl_normalize_var(secp256k1_fe *r) {
     uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4];
 
     /* Reduce t4 at the start so there will be at most a single carry from the first pass */
@@ -144,12 +144,6 @@ static void secp256k1_fe_normalize_var(secp256k1_fe *r) {
     }
 
     r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4;
-
-#ifdef VERIFY
-    r->magnitude = 1;
-    r->normalized = 1;
-    secp256k1_fe_verify(r);
-#endif
 }
 
 static int secp256k1_fe_normalizes_to_zero(const secp256k1_fe *r) {

src/field_impl.h

@@ -164,6 +164,15 @@ SECP256K1_INLINE static void secp256k1_fe_normalize_weak(secp256k1_fe *r) {
     r->magnitude = 1;
     secp256k1_fe_verify(r);
 }
+
+static void secp256k1_fe_impl_normalize_var(secp256k1_fe *r);
+SECP256K1_INLINE static void secp256k1_fe_normalize_var(secp256k1_fe *r) {
+    secp256k1_fe_verify(r);
+    secp256k1_fe_impl_normalize_var(r);
+    r->magnitude = 1;
+    r->normalized = 1;
+    secp256k1_fe_verify(r);
+}
 #endif /* defined(VERIFY) */
 
 #endif /* SECP256K1_FIELD_IMPL_H */