Merge #229: musig: Fix nits left open in #211

a0b51af musig: VERIFY_CHECK preconditions of _musig_keyaggcoef_internal() (Tim Ruffing)
da77028 extrakeys: Clarify comparison order of compare/sort functions (Tim Ruffing)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK a0b51af

Tree-SHA512: ad509d7a55c6f832a25b896b0fe38e259b79864b2a8d1fb337b9d9b4a5e1950a9d579040285465c89d815becc6e49af4129ab2d904d32ac98cef74357a440c89

include/secp256k1_extrakeys.h

@@ -242,7 +242,8 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_xonly_tweak_add
  const unsigned char *tweak32
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
 
-/** Compare two public keys using lexicographic order
+/** Compare two public keys using lexicographic order of their compressed
+ * serialization.
  *
  * Returns: <0 if the first public key is less than the second
  * >0 if the first public key is greater than the second
@@ -257,7 +258,8 @@ SECP256K1_API int secp256k1_pubkey_cmp(
  const secp256k1_pubkey* pk2
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
 
-/** Sorts public keys using lexicographic order
+/** Sort public keys using lexicographic order of their compressed
+ * serialization.
  *
  * Returns: 0 if the arguments are invalid. 1 otherwise.
  *

src/modules/musig/keyagg_impl.h

@@ -166,6 +166,12 @@ static void secp256k1_musig_keyaggcoef_sha256(secp256k1_sha256 *sha) {
 static void secp256k1_musig_keyaggcoef_internal(secp256k1_scalar *r, const unsigned char *pk_hash, secp256k1_ge *pk, const secp256k1_ge *second_pk) {
  secp256k1_sha256 sha;
 
+ VERIFY_CHECK(!secp256k1_ge_is_infinity(pk));
+#ifdef VERIFY
+ VERIFY_CHECK(pk->x.normalized && pk->y.normalized);
+ VERIFY_CHECK(secp256k1_ge_is_infinity(second_pk) || (second_pk->x.normalized && second_pk->y.normalized));
+#endif
+
  if (!secp256k1_ge_is_infinity(second_pk)
  && secp256k1_fe_equal(&pk->x, &second_pk->x)
  && secp256k1_fe_is_odd(&pk->y) == secp256k1_fe_is_odd(&second_pk->y)) {