From cec7b18a34e68adb04f31a71a2eb4c5fc97674ce Mon Sep 17 00:00:00 2001
From: Pieter Wuille <pieter@wuille.net>
Date: Tue, 8 Sep 2020 10:20:31 -0700
Subject: [PATCH] Select exhaustive lambda in function of order

---
 src/scalar_impl.h      | 8 ++++++++
 src/tests_exhaustive.c | 1 -
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/scalar_impl.h b/src/scalar_impl.h
index 2ec04b1..8592b13 100644
--- a/src/scalar_impl.h
+++ b/src/scalar_impl.h
@@ -254,6 +254,14 @@ static void secp256k1_scalar_inverse_var(secp256k1_scalar *r, const secp256k1_sc
 
 #ifdef USE_ENDOMORPHISM
 #if defined(EXHAUSTIVE_TEST_ORDER)
+#  if EXHAUSTIVE_TEST_ORDER == 13
+#    define EXHAUSTIVE_TEST_LAMBDA 9
+#  elif EXHAUSTIVE_TEST_ORDER == 199
+#    define EXHAUSTIVE_TEST_LAMBDA 92
+#  else
+#    error No known lambda for the specified exhaustive test group order.
+#  endif
+
 /**
  * Find k1 and k2 given k, such that k1 + k2 * lambda == k mod n; unlike in the
  * full case we don't bother making k1 and k2 be small, we just want them to be
diff --git a/src/tests_exhaustive.c b/src/tests_exhaustive.c
index ab06bab..2035e78 100644
--- a/src/tests_exhaustive.c
+++ b/src/tests_exhaustive.c
@@ -18,7 +18,6 @@
 #ifndef EXHAUSTIVE_TEST_ORDER
 /* see group_impl.h for allowable values */
 #define EXHAUSTIVE_TEST_ORDER 13
-#define EXHAUSTIVE_TEST_LAMBDA 9   /* cube root of 1 mod 13 */
 #endif
 
 #include "include/secp256k1.h"