From b39b0d1daf0216749ac71eaaab59b1a8240dc9cf Mon Sep 17 00:00:00 2001
From: Paul Miller <paul@paulmillr.com>
Date: Wed, 13 Dec 2023 12:58:51 +0000
Subject: [PATCH] weierstrass: improve error wording for sqrt case

---
 src/abstract/weierstrass.ts | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/abstract/weierstrass.ts b/src/abstract/weierstrass.ts
index f66f2bb..ecf5d97 100644
--- a/src/abstract/weierstrass.ts
+++ b/src/abstract/weierstrass.ts
@@ -733,7 +733,13 @@ export function weierstrass(curveDef: CurveType): CurveFn {
         const x = ut.bytesToNumberBE(tail);
         if (!isValidFieldElement(x)) throw new Error('Point is not on curve');
         const y2 = weierstrassEquation(x); // y² = x³ + ax + b
-        let y = Fp.sqrt(y2); // y = y² ^ (p+1)/4
+        let y: bigint;
+        try {
+          y = Fp.sqrt(y2); // y = y² ^ (p+1)/4
+        } catch (sqrtError) {
+          const suffix = sqrtError instanceof Error ? ': ' + sqrtError.message : '';
+          throw new Error('Point is not on curve' + suffix);
+        }
         const isYOdd = (y & _1n) === _1n;
         // ECDSA
         const isHeadOdd = (head & 1) === 1;