From 82995ff9fe7507275b35a7be0dfffef16d0d61ba Mon Sep 17 00:00:00 2001
From: stratospher <44024636+stratospher@users.noreply.github.com>
Date: Wed, 5 Jul 2023 20:59:25 +0530
Subject: [PATCH] remove redundant checks in scalar_inverse and scalar_cadd_bit

`secp256k1_scalar_verify` in VERIFY mode already performs this check
in scalar_cadd_bit and scalar_inverse.
---
 src/scalar_4x64_impl.h | 8 --------
 src/scalar_8x32_impl.h | 9 ---------
 src/scalar_low_impl.h  | 1 -
 3 files changed, 18 deletions(-)

diff --git a/src/scalar_4x64_impl.h b/src/scalar_4x64_impl.h
index 710822166e..375364fcbc 100644
--- a/src/scalar_4x64_impl.h
+++ b/src/scalar_4x64_impl.h
@@ -840,20 +840,12 @@ static void secp256k1_scalar_from_signed62(secp256k1_scalar *r, const secp256k1_
     r->d[1] = a1 >> 2 | a2 << 60;
     r->d[2] = a2 >> 4 | a3 << 58;
     r->d[3] = a3 >> 6 | a4 << 56;
-
-#ifdef VERIFY
-    VERIFY_CHECK(secp256k1_scalar_impl_check_overflow(r) == 0);
-#endif
 }
 
 static void secp256k1_scalar_to_signed62(secp256k1_modinv64_signed62 *r, const secp256k1_scalar *a) {
     const uint64_t M62 = UINT64_MAX >> 2;
     const uint64_t a0 = a->d[0], a1 = a->d[1], a2 = a->d[2], a3 = a->d[3];
 
-#ifdef VERIFY
-    VERIFY_CHECK(secp256k1_scalar_impl_check_overflow(a) == 0);
-#endif
-
     r->v[0] =  a0                   & M62;
     r->v[1] = (a0 >> 62 | a1 <<  2) & M62;
     r->v[2] = (a1 >> 60 | a2 <<  4) & M62;
diff --git a/src/scalar_8x32_impl.h b/src/scalar_8x32_impl.h
index d4b093ad1e..fb56d7f4f7 100644
--- a/src/scalar_8x32_impl.h
+++ b/src/scalar_8x32_impl.h
@@ -163,7 +163,6 @@ static void secp256k1_scalar_impl_cadd_bit(secp256k1_scalar *r, unsigned int bit
     r->d[7] = t & 0xFFFFFFFFULL;
 #ifdef VERIFY
     VERIFY_CHECK((t >> 32) == 0);
-    VERIFY_CHECK(secp256k1_scalar_impl_check_overflow(r) == 0);
 #endif
 }
 
@@ -674,10 +673,6 @@ static void secp256k1_scalar_from_signed30(secp256k1_scalar *r, const secp256k1_
     r->d[5] = a5 >> 10 | a6 << 20;
     r->d[6] = a6 >> 12 | a7 << 18;
     r->d[7] = a7 >> 14 | a8 << 16;
-
-#ifdef VERIFY
-    VERIFY_CHECK(secp256k1_scalar_impl_check_overflow(r) == 0);
-#endif
 }
 
 static void secp256k1_scalar_to_signed30(secp256k1_modinv32_signed30 *r, const secp256k1_scalar *a) {
@@ -685,10 +680,6 @@ static void secp256k1_scalar_to_signed30(secp256k1_modinv32_signed30 *r, const s
     const uint32_t a0 = a->d[0], a1 = a->d[1], a2 = a->d[2], a3 = a->d[3],
                    a4 = a->d[4], a5 = a->d[5], a6 = a->d[6], a7 = a->d[7];
 
-#ifdef VERIFY
-    VERIFY_CHECK(secp256k1_scalar_impl_check_overflow(a) == 0);
-#endif
-
     r->v[0] =  a0                   & M30;
     r->v[1] = (a0 >> 30 | a1 <<  2) & M30;
     r->v[2] = (a1 >> 28 | a2 <<  4) & M30;
diff --git a/src/scalar_low_impl.h b/src/scalar_low_impl.h
index 4bcea35de7..2e0040254c 100644
--- a/src/scalar_low_impl.h
+++ b/src/scalar_low_impl.h
@@ -45,7 +45,6 @@ static void secp256k1_scalar_impl_cadd_bit(secp256k1_scalar *r, unsigned int bit
     VERIFY_CHECK(bit < 32);
     /* Verify that adding (1 << bit) will not overflow any in-range scalar *r by overflowing the underlying uint32_t. */
     VERIFY_CHECK(((uint32_t)1 << bit) - 1 <= UINT32_MAX - EXHAUSTIVE_TEST_ORDER);
-    VERIFY_CHECK(secp256k1_scalar_impl_check_overflow(r) == 0);
 #endif
 }