sipa
diff --git a/‎.cirrus.yml
+14-6 b/‎.cirrus.yml
+14-6
diff --git a/‎.gitignore
+2 b/‎.gitignore
+2
diff --git a/‎CMakeLists.txt
+90-55 b/‎CMakeLists.txt
+90-55
diff --git a/‎CMakePresets.json
+19 b/‎CMakePresets.json
+19
@@ -21,6 +21,7 @@ env:
   ECDH: no
   RECOVERY: no
   SCHNORRSIG: no
+  ELLSWIFT: no
   ### test options
   SECP256K1_TEST_ITERS:
   BENCH: yes
@@ -74,12 +75,12 @@ task:
   << : *LINUX_CONTAINER
   matrix: &ENV_MATRIX
     - env: {WIDEMUL:  int64,  RECOVERY: yes}
-    - env: {WIDEMUL:  int64,                 ECDH: yes, SCHNORRSIG: yes}
+    - env: {WIDEMUL:  int64,                 ECDH: yes, SCHNORRSIG: yes, ELLSWIFT: yes}
     - env: {WIDEMUL: int128}
-    - env: {WIDEMUL: int128_struct}
-    - env: {WIDEMUL: int128,  RECOVERY: yes,            SCHNORRSIG: yes}
+    - env: {WIDEMUL: int128_struct,                                      ELLSWIFT: yes}
+    - env: {WIDEMUL: int128,  RECOVERY: yes,            SCHNORRSIG: yes, ELLSWIFT: yes}
     - env: {WIDEMUL: int128,                 ECDH: yes, SCHNORRSIG: yes}
-    - env: {WIDEMUL: int128,  ASM: x86_64}
+    - env: {WIDEMUL: int128,  ASM: x86_64                              , ELLSWIFT: yes}
     - env: {                  RECOVERY: yes,            SCHNORRSIG: yes}
     - env: {CTIMETESTS: no,    RECOVERY: yes, ECDH: yes, SCHNORRSIG: yes, CPPFLAGS: -DVERIFY}
     - env: {BUILD: distcheck, WITH_VALGRIND: no, CTIMETESTS: no, BENCH: no}
@@ -154,6 +155,7 @@ task:
     ECDH: yes
     RECOVERY: yes
     SCHNORRSIG: yes
+    ELLSWIFT: yes
     CTIMETESTS: no
   << : *MERGE_BASE
   test_script:
@@ -173,6 +175,7 @@ task:
     ECDH: yes
     RECOVERY: yes
     SCHNORRSIG: yes
+    ELLSWIFT: yes
     CTIMETESTS: no
   matrix:
     - env: {}
@@ -193,6 +196,7 @@ task:
     ECDH: yes
     RECOVERY: yes
     SCHNORRSIG: yes
+    ELLSWIFT: yes
     CTIMETESTS: no
   << : *MERGE_BASE
   test_script:
@@ -210,6 +214,7 @@ task:
     ECDH: yes
     RECOVERY: yes
     SCHNORRSIG: yes
+    ELLSWIFT: yes
     CTIMETESTS: no
   << : *MERGE_BASE
   test_script:
@@ -247,6 +252,7 @@ task:
     RECOVERY: yes
     EXPERIMENTAL: yes
     SCHNORRSIG: yes
+    ELLSWIFT: yes
     CTIMETESTS: no
     # Use a MinGW-w64 host to tell ./configure we're building for Windows.
     # This will detect some MinGW-w64 tools but then make will need only
@@ -286,6 +292,7 @@ task:
     ECDH: yes
     RECOVERY: yes
     SCHNORRSIG: yes
+    ELLSWIFT: yes
     CTIMETESTS: no
   matrix:
     - name: "Valgrind (memcheck)"
@@ -361,6 +368,7 @@ task:
     ECDH: yes
     RECOVERY: yes
     SCHNORRSIG: yes
+    ELLSWIFT: yes
   << : *MERGE_BASE
   test_script:
     - ./ci/cirrus.sh
@@ -397,13 +405,13 @@ task:
     - PowerShell -NoLogo -Command if ($env:CIRRUS_PR -ne $null) { git fetch $env:CIRRUS_REPO_CLONE_URL pull/$env:CIRRUS_PR/merge; git reset --hard FETCH_HEAD; }
   configure_script:
     - '%x64_NATIVE_TOOLS%'
-    - cmake -G "Visual Studio 17 2022" -A x64 -S . -B build -DSECP256K1_ENABLE_MODULE_RECOVERY=ON -DSECP256K1_BUILD_EXAMPLES=ON
+    - cmake -E env CFLAGS="/WX" cmake -G "Visual Studio 17 2022" -A x64 -S . -B build -DSECP256K1_ENABLE_MODULE_RECOVERY=ON -DSECP256K1_BUILD_EXAMPLES=ON
   build_script:
     - '%x64_NATIVE_TOOLS%'
     - cmake --build build --config RelWithDebInfo -- -property:UseMultiToolTask=true;CL_MPcount=5
   check_script:
     - '%x64_NATIVE_TOOLS%'
-    - ctest --test-dir build -j 5
+    - ctest -C RelWithDebInfo --test-dir build -j 5
     - build\src\RelWithDebInfo\bench_ecmult.exe
     - build\src\RelWithDebInfo\bench_internal.exe
     - build\src\RelWithDebInfo\bench.exe
@@ -59,5 +59,7 @@ build-aux/compile
 build-aux/test-driver
 libsecp256k1.pc
 
+### CMake
+/CMakeUserPresets.json
 # Default CMake build directory.
 /build
@@ -1,16 +1,33 @@
 cmake_minimum_required(VERSION 3.13)
 
-if(CMAKE_VERSION VERSION_GREATER 3.14)
+if(CMAKE_VERSION VERSION_GREATER_EQUAL 3.15)
   # MSVC runtime library flags are selected by the CMAKE_MSVC_RUNTIME_LIBRARY abstraction.
   cmake_policy(SET CMP0091 NEW)
   # MSVC warning flags are not in CMAKE_<LANG>_FLAGS by default.
   cmake_policy(SET CMP0092 NEW)
 endif()
 
-# The package (a.k.a. release) version is based on semantic versioning 2.0.0 of
-# the API. All changes in experimental modules are treated as
-# backwards-compatible and therefore at most increase the minor version.
-project(libsecp256k1 VERSION 0.3.2 LANGUAGES C)
+project(libsecp256k1
+  # The package (a.k.a. release) version is based on semantic versioning 2.0.0 of
+  # the API. All changes in experimental modules are treated as
+  # backwards-compatible and therefore at most increase the minor version.
+  VERSION 0.3.2
+  DESCRIPTION "Optimized C library for ECDSA signatures and secret/public key operations on curve secp256k1."
+  HOMEPAGE_URL "https://github.com/bitcoin-core/secp256k1"
+  LANGUAGES C
+)
+
+if(CMAKE_VERSION VERSION_LESS 3.21)
+  get_directory_property(parent_directory PARENT_DIRECTORY)
+  if(parent_directory)
+    set(PROJECT_IS_TOP_LEVEL OFF CACHE INTERNAL "Emulates CMake 3.21+ behavior.")
+    set(${PROJECT_NAME}_IS_TOP_LEVEL OFF CACHE INTERNAL "Emulates CMake 3.21+ behavior.")
+  else()
+    set(PROJECT_IS_TOP_LEVEL ON CACHE INTERNAL "Emulates CMake 3.21+ behavior.")
+    set(${PROJECT_NAME}_IS_TOP_LEVEL ON CACHE INTERNAL "Emulates CMake 3.21+ behavior.")
+  endif()
+  unset(parent_directory)
+endif()
 
 # The library version is based on libtool versioning of the ABI. The set of
 # rules for updating the version can be found here:
@@ -26,36 +43,43 @@ set(CMAKE_C_EXTENSIONS OFF)
 
 list(APPEND CMAKE_MODULE_PATH ${PROJECT_SOURCE_DIR}/cmake)
 
-# We do not use CMake's BUILD_SHARED_LIBS option.
-option(SECP256K1_BUILD_SHARED "Build shared library." ON)
-option(SECP256K1_BUILD_STATIC "Build static library." ON)
-if(NOT SECP256K1_BUILD_SHARED AND NOT SECP256K1_BUILD_STATIC)
-  message(FATAL_ERROR "At least one of SECP256K1_BUILD_SHARED and SECP256K1_BUILD_STATIC must be enabled.")
+option(BUILD_SHARED_LIBS "Build shared libraries." ON)
+option(SECP256K1_DISABLE_SHARED "Disable shared library. Overrides BUILD_SHARED_LIBS." OFF)
+if(SECP256K1_DISABLE_SHARED)
+  set(BUILD_SHARED_LIBS OFF)
 endif()
 
+option(SECP256K1_INSTALL "Enable installation." ${PROJECT_IS_TOP_LEVEL})
+
 option(SECP256K1_ENABLE_MODULE_ECDH "Enable ECDH module." ON)
 if(SECP256K1_ENABLE_MODULE_ECDH)
-  add_definitions(-DENABLE_MODULE_ECDH=1)
+  add_compile_definitions(ENABLE_MODULE_ECDH=1)
 endif()
 
 option(SECP256K1_ENABLE_MODULE_RECOVERY "Enable ECDSA pubkey recovery module." OFF)
 if(SECP256K1_ENABLE_MODULE_RECOVERY)
-  add_definitions(-DENABLE_MODULE_RECOVERY=1)
+  add_compile_definitions(ENABLE_MODULE_RECOVERY=1)
 endif()
 
 option(SECP256K1_ENABLE_MODULE_EXTRAKEYS "Enable extrakeys module." ON)
 option(SECP256K1_ENABLE_MODULE_SCHNORRSIG "Enable schnorrsig module." ON)
 if(SECP256K1_ENABLE_MODULE_SCHNORRSIG)
   set(SECP256K1_ENABLE_MODULE_EXTRAKEYS ON)
-  add_definitions(-DENABLE_MODULE_SCHNORRSIG=1)
+  add_compile_definitions(ENABLE_MODULE_SCHNORRSIG=1)
 endif()
 if(SECP256K1_ENABLE_MODULE_EXTRAKEYS)
-  add_definitions(-DENABLE_MODULE_EXTRAKEYS=1)
+  add_compile_definitions(ENABLE_MODULE_EXTRAKEYS=1)
 endif()
 
+option(SECP256K1_ENABLE_MODULE_ELLSWIFT "Enable ElligatorSwift module." ON)
+if(SECP256K1_ENABLE_MODULE_ELLSWIFT)
+  add_definitions(-DENABLE_MODULE_ELLSWIFT=1)
+endif()
+
+
 option(SECP256K1_USE_EXTERNAL_DEFAULT_CALLBACKS "Enable external default callback functions." OFF)
 if(SECP256K1_USE_EXTERNAL_DEFAULT_CALLBACKS)
-  add_definitions(-DUSE_EXTERNAL_DEFAULT_CALLBACKS=1)
+  add_compile_definitions(USE_EXTERNAL_DEFAULT_CALLBACKS=1)
 endif()
 
 set(SECP256K1_ECMULT_WINDOW_SIZE "AUTO" CACHE STRING "Window size for ecmult precomputation for verification, specified as integer in range [2..24]. \"AUTO\" is a reasonable setting for desktop machines (currently 15). [default=AUTO]")
@@ -65,22 +89,22 @@ check_string_option_value(SECP256K1_ECMULT_WINDOW_SIZE)
 if(SECP256K1_ECMULT_WINDOW_SIZE STREQUAL "AUTO")
   set(SECP256K1_ECMULT_WINDOW_SIZE 15)
 endif()
-add_definitions(-DECMULT_WINDOW_SIZE=${SECP256K1_ECMULT_WINDOW_SIZE})
+add_compile_definitions(ECMULT_WINDOW_SIZE=${SECP256K1_ECMULT_WINDOW_SIZE})
 
 set(SECP256K1_ECMULT_GEN_PREC_BITS "AUTO" CACHE STRING "Precision bits to tune the precomputed table size for signing, specified as integer 2, 4 or 8. \"AUTO\" is a reasonable setting for desktop machines (currently 4). [default=AUTO]")
 set_property(CACHE SECP256K1_ECMULT_GEN_PREC_BITS PROPERTY STRINGS "AUTO" 2 4 8)
 check_string_option_value(SECP256K1_ECMULT_GEN_PREC_BITS)
 if(SECP256K1_ECMULT_GEN_PREC_BITS STREQUAL "AUTO")
   set(SECP256K1_ECMULT_GEN_PREC_BITS 4)
 endif()
-add_definitions(-DECMULT_GEN_PREC_BITS=${SECP256K1_ECMULT_GEN_PREC_BITS})
+add_compile_definitions(ECMULT_GEN_PREC_BITS=${SECP256K1_ECMULT_GEN_PREC_BITS})
 
 set(SECP256K1_TEST_OVERRIDE_WIDE_MULTIPLY "OFF" CACHE STRING "Test-only override of the (autodetected by the C code) \"widemul\" setting. Legal values are: \"OFF\", \"int128_struct\", \"int128\" or \"int64\". [default=OFF]")
 set_property(CACHE SECP256K1_TEST_OVERRIDE_WIDE_MULTIPLY PROPERTY STRINGS "OFF" "int128_struct" "int128" "int64")
 check_string_option_value(SECP256K1_TEST_OVERRIDE_WIDE_MULTIPLY)
 if(SECP256K1_TEST_OVERRIDE_WIDE_MULTIPLY)
   string(TOUPPER "${SECP256K1_TEST_OVERRIDE_WIDE_MULTIPLY}" widemul_upper_value)
-  add_definitions(-DUSE_FORCE_WIDEMUL_${widemul_upper_value}=1)
+  add_compile_definitions(USE_FORCE_WIDEMUL_${widemul_upper_value}=1)
 endif()
 mark_as_advanced(FORCE SECP256K1_TEST_OVERRIDE_WIDE_MULTIPLY)
 
@@ -89,13 +113,13 @@ set_property(CACHE SECP256K1_ASM PROPERTY STRINGS "AUTO" "OFF" "x86_64" "arm")
 check_string_option_value(SECP256K1_ASM)
 if(SECP256K1_ASM STREQUAL "arm")
   enable_language(ASM)
-  add_definitions(-DUSE_EXTERNAL_ASM=1)
+  add_compile_definitions(USE_EXTERNAL_ASM=1)
 elseif(SECP256K1_ASM)
   include(Check64bitAssembly)
   check_64bit_assembly()
   if(HAS_64BIT_ASM)
     set(SECP256K1_ASM "x86_64")
-    add_definitions(-DUSE_ASM_X86_64=1)
+    add_compile_definitions(USE_ASM_X86_64=1)
   elseif(SECP256K1_ASM STREQUAL "AUTO")
     set(SECP256K1_ASM "OFF")
   else()
@@ -118,7 +142,7 @@ if(SECP256K1_VALGRIND)
   if(Valgrind_FOUND)
     set(SECP256K1_VALGRIND ON)
     include_directories(${Valgrind_INCLUDE_DIR})
-    add_definitions(-DVALGRIND)
+    add_compile_definitions(VALGRIND)
   elseif(SECP256K1_VALGRIND STREQUAL "AUTO")
     set(SECP256K1_VALGRIND OFF)
   else()
@@ -165,42 +189,47 @@ mark_as_advanced(
   CMAKE_SHARED_LINKER_FLAGS_COVERAGE
 )
 
-if(CMAKE_CONFIGURATION_TYPES)
-  set(CMAKE_CONFIGURATION_TYPES "RelWithDebInfo" "Release" "Debug" "MinSizeRel" "Coverage")
-endif()
-
-get_property(cached_cmake_build_type CACHE CMAKE_BUILD_TYPE PROPERTY TYPE)
-if(cached_cmake_build_type)
+get_property(is_multi_config GLOBAL PROPERTY GENERATOR_IS_MULTI_CONFIG)
+set(default_build_type "RelWithDebInfo")
+if(is_multi_config)
+  set(CMAKE_CONFIGURATION_TYPES "${default_build_type}" "Release" "Debug" "MinSizeRel" "Coverage" CACHE STRING
+    "Supported configuration types."
+    FORCE
+  )
+else()
   set_property(CACHE CMAKE_BUILD_TYPE PROPERTY
-    STRINGS "RelWithDebInfo" "Release" "Debug" "MinSizeRel" "Coverage"
+    STRINGS "${default_build_type}" "Release" "Debug" "MinSizeRel" "Coverage"
   )
+  if(NOT CMAKE_BUILD_TYPE)
+    message(STATUS "Setting build type to \"${default_build_type}\" as none was specified")
+    set(CMAKE_BUILD_TYPE "${default_build_type}" CACHE STRING
+      "Choose the type of build."
+      FORCE
+    )
+  endif()
 endif()
 
-set(default_build_type "RelWithDebInfo")
-if(NOT CMAKE_BUILD_TYPE AND NOT CMAKE_CONFIGURATION_TYPES)
-  message(STATUS "Setting build type to \"${default_build_type}\" as none was specified")
-  set(CMAKE_BUILD_TYPE "${default_build_type}" CACHE STRING "Choose the type of build." FORCE)
-endif()
-
-include(TryAddCompileOption)
+include(TryAppendCFlags)
 if(MSVC)
-  try_add_compile_option(/W2)
-  try_add_compile_option(/wd4146)
+  # Keep the following commands ordered lexicographically.
+  try_append_c_flags(/W2) # Moderate warning level.
+  try_append_c_flags(/wd4146) # Disable warning C4146 "unary minus operator applied to unsigned type, result still unsigned".
 else()
-  try_add_compile_option(-pedantic)
-  try_add_compile_option(-Wall)
-  try_add_compile_option(-Wcast-align)
-  try_add_compile_option(-Wcast-align=strict)
-  try_add_compile_option(-Wconditional-uninitialized)
-  try_add_compile_option(-Wextra)
-  try_add_compile_option(-Wnested-externs)
-  try_add_compile_option(-Wno-long-long)
-  try_add_compile_option(-Wno-overlength-strings)
-  try_add_compile_option(-Wno-unused-function)
-  try_add_compile_option(-Wreserved-identifier)
-  try_add_compile_option(-Wshadow)
-  try_add_compile_option(-Wstrict-prototypes)
-  try_add_compile_option(-Wundef)
+  # Keep the following commands ordered lexicographically.
+  try_append_c_flags(-pedantic)
+  try_append_c_flags(-Wall) # GCC >= 2.95 and probably many other compilers.
+  try_append_c_flags(-Wcast-align) # GCC >= 2.95.
+  try_append_c_flags(-Wcast-align=strict) # GCC >= 8.0.
+  try_append_c_flags(-Wconditional-uninitialized) # Clang >= 3.0 only.
+  try_append_c_flags(-Wextra) # GCC >= 3.4, this is the newer name of -W, which we don't use because older GCCs will warn about unused functions.
+  try_append_c_flags(-Wnested-externs)
+  try_append_c_flags(-Wno-long-long) # GCC >= 3.0, -Wlong-long is implied by -pedantic.
+  try_append_c_flags(-Wno-overlength-strings) # GCC >= 4.2, -Woverlength-strings is implied by -pedantic.
+  try_append_c_flags(-Wno-unused-function) # GCC >= 3.0, -Wunused-function is implied by -Wall.
+  try_append_c_flags(-Wreserved-identifier) # Clang >= 13.0 only.
+  try_append_c_flags(-Wshadow)
+  try_append_c_flags(-Wstrict-prototypes)
+  try_append_c_flags(-Wundef)
 endif()
 
 set(CMAKE_C_VISIBILITY_PRESET hidden)
@@ -225,13 +254,19 @@ message("\n")
 message("secp256k1 configure summary")
 message("===========================")
 message("Build artifacts:")
-message("  shared library ...................... ${SECP256K1_BUILD_SHARED}")
-message("  static library ...................... ${SECP256K1_BUILD_STATIC}")
+if(BUILD_SHARED_LIBS)
+  set(library_type "Shared")
+else()
+  set(library_type "Static")
+endif()
+
+message("  library type ........................ ${library_type}")
 message("Optional modules:")
 message("  ECDH ................................ ${SECP256K1_ENABLE_MODULE_ECDH}")
 message("  ECDSA pubkey recovery ............... ${SECP256K1_ENABLE_MODULE_RECOVERY}")
 message("  extrakeys ........................... ${SECP256K1_ENABLE_MODULE_EXTRAKEYS}")
 message("  schnorrsig .......................... ${SECP256K1_ENABLE_MODULE_SCHNORRSIG}")
+message("  ElligatorSwift ...................... ${SECP256K1_ENABLE_MODULE_ELLSWIFT}")
 message("Parameters:")
 message("  ecmult window size .................. ${SECP256K1_ECMULT_WINDOW_SIZE}")
 message("  ecmult gen precision bits ........... ${SECP256K1_ECMULT_GEN_PREC_BITS}")
@@ -268,15 +303,15 @@ message("CFLAGS ................................ ${CMAKE_C_FLAGS}")
 get_directory_property(compile_options COMPILE_OPTIONS)
 string(REPLACE ";" " " compile_options "${compile_options}")
 message("Compile options ....................... " ${compile_options})
-if(DEFINED CMAKE_BUILD_TYPE)
+if(NOT is_multi_config)
   message("Build type:")
   message(" - CMAKE_BUILD_TYPE ................... ${CMAKE_BUILD_TYPE}")
   string(TOUPPER "${CMAKE_BUILD_TYPE}" build_type)
   message(" - CFLAGS ............................. ${CMAKE_C_FLAGS_${build_type}}")
   message(" - LDFLAGS for executables ............ ${CMAKE_EXE_LINKER_FLAGS_${build_type}}")
   message(" - LDFLAGS for shared libraries ....... ${CMAKE_SHARED_LINKER_FLAGS_${build_type}}")
 else()
-  message("Available configurations .............. ${CMAKE_CONFIGURATION_TYPES}")
+  message("Supported configurations .............. ${CMAKE_CONFIGURATION_TYPES}")
   message("RelWithDebInfo configuration:")
   message(" - CFLAGS ............................. ${CMAKE_C_FLAGS_RELWITHDEBINFO}")
   message(" - LDFLAGS for executables ............ ${CMAKE_EXE_LINKER_FLAGS_RELWITHDEBINFO}")
 
@@ -0,0 +1,19 @@
+{
+  "cmakeMinimumRequired": {"major": 3, "minor": 21, "patch": 0}, 
+  "version": 3,
+  "configurePresets": [
+    {
+      "name": "dev-mode",
+      "displayName": "Development mode (intended only for developers of the library)",
+      "cacheVariables": {
+        "SECP256K1_EXPERIMENTAL": "ON",
+        "SECP256K1_ENABLE_MODULE_RECOVERY": "ON",
+        "SECP256K1_BUILD_EXAMPLES": "ON"
+      },
+      "warnings": {
+        "dev": true,
+        "uninitialized": true
+      }
+    }
+  ]
+}