f address some of tim's comments

include/secp256k1.h

@@ -86,9 +86,9 @@ typedef struct {
  * secp256k1_s2c_commit_context_create the context can be given to a signing
  * algorithm via the nonce data argument.
  *
- * This structure is not opaque, but it is strongly discouraged to copy it or read
- * or write to it directly. Use the secp256k1_s2c_commit_* instead to access a
- * sign-to-contract context.
+ * This structure is not opaque, but it is strongly discouraged to read or write to
+ * it directly. Use the secp256k1_s2c_commit_* instead to access a sign-to-contract
+ * context.
  *
  * The exact representation of data inside is implementation defined and not
  * guaranteed to be portable between different platforms or versions. It is however

src/modules/schnorrsig/tests_impl.h

@@ -763,6 +763,8 @@ void test_schnorrsig_s2c_commit_verify(void) {
 
  CHECK(secp256k1_s2c_commit_get_original_nonce(ctx, &s2c_original_nonce, &s2c_ctx) == 1);
  CHECK(secp256k1_schnorrsig_verify_s2c_commit(ctx, &sig, data32, &s2c_original_nonce, nonce_is_negated) == 1);
+ /* verify_s2c_commit fails if nonce_is_negated is wrong */
+ CHECK(secp256k1_schnorrsig_verify_s2c_commit(ctx, &sig, data32, &s2c_original_nonce, !nonce_is_negated) == 0);
 
  {
  /* verify_s2c_commit fails if given data does not match committed data */

src/tests.c

@@ -2352,15 +2352,11 @@ void test_ec_commit(void) {
  secp256k1_pubkey commitment;
  unsigned char data[32];
 
- /* Create random keypair */
+ /* Create random keypair and data */
  secp256k1_rand256(seckey);
  CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, seckey));
- /* Create random data */
- {
- secp256k1_scalar d;
- random_scalar_order_test(&d);
- secp256k1_scalar_get_b32(data, &d);
- }
+ secp256k1_rand256_test(data);
+
  /* Commit to data and verify */
  CHECK(secp256k1_ec_commit(ctx, &commitment, &pubkey, data, 32));
  CHECK(secp256k1_ec_commit_verify(ctx, &commitment, &pubkey, data, 32));