Pieter Wuille

@real-or-random Good to point that out, the changes here not enough to guarantee that field elements in ge/gej are always initialized, and I wonder why the tests don't catch that....

ACK 49a59a115be3cfa9666c6575b52455754e69cc4b (+ my own commits, up to 95d8d92f5d576f2e36d01148bf9d61e37976e969). Should be combined with #699 to deal with the exceptional branches in add functions (which can still leave output coordinates uninitialized...

Yeah, there could be `VG_CHECK`s in `secp256k1_{fe,ge,gej}_verify` after this and #814.

A rebased version of this PR, with @real-or-random's nit above addressed is here: https://github.com/sipa/secp256k1/commits/202009_pr791

A few changes: * Added a configure flag to enable the checks (can be set to yes, no, or auto). * By default it is off, to prevent it from...

> I still seems to fail with ubsan. I guess ubsan disables some optimizations (there could be UB in the eliminated code). Pushed a change to make it 'auto' for...

@real-or-random Trying without `CHECK_SIDE_EFFECT_FREE=auto` for clang to see where it fails. EDIT: seems it's fine.

Rebased after #693 merge. Had to re-introduce #902's `VERIFY_CHECK_ONLY` to give checks that only apply in VERIFY-mode (and/or can't be proven side-effect free). Given how many `#ifdef VERIFY; VERIFY_CHECK(...); #endif`...

We're currently still considering this code experimental, and don't have releases or API compatibility yet. This will hopefully change soon.

I'll leave this issue open until then.