roconnor-blockstream

I'm moderately sure there is some horrible way to enforce this with macros. The specific solution I came across uses compound literals, but I suspect there are C89 ways too....

appending `u` also works for the expression `i + 1`.

I conjecture that a1,b1 and a2,b2 from https://github.com/bitcoin-core/secp256k1/blob/423b6d19d373f1224fd671a982584d7e7900bc93/src/scalar_impl.h#L86-L89 are the smallest pairs of values where `a1 = -lambda*b1` for some definition of smallest. And that you will get almost identical...

A const void pointer is a subtype of a void pointer, meaning that a void pointer can be converted to a cont void pointer as needed. Function parameters are contravariant,...

I'm starting to think the `ecmult_multi_var` is slightly too narrow of an interface to be used for batch verification. Currently it does a "Multi-multiply: R = inp_g_sc * G +...

Barring such an enhanced `ecmult_multi_var` interface I would propose the following API for batch verification: ```C typedef int (secp256k1_batch_verify_gi_callback)(secp256k1_scalar *gi, size_t idx, void *data); typedef int (secp256k1_batch_verify_callback)(secp256k1_scalar *na, secp256k1_scalar *nb,...

My proposal was based on the idea that `batch_verify` must use `secp256k1_ecmult_multi_var`, but this line of thinking was wrong. `batch_verify` can call `secp256k1_ecmult_pippenger_wnaf` and friends directly. I withdraw my proposal...

The issue is that if everything is done naively the following happens: 1. Batch verification allocates a buffer, or it is allocated by the caller. 2. Batch verification runs point...

Is it sufficient to add a `-fno-builtin-memcmp` flag if it exists, (and maybe disable it if some autotools stuff has run and was unable to find the bug)? (I have...

If we do that will we be able to detect indirect calls to memcmp (I'm thinking via other libc calls)? In that sense `-fno-builtin-memcmp` is more robust.