This pull request makes a small but important change to the handling of invalid private keys in the secp256k1_ellswift_xdh function. The update ensures that the overflow flag properly reflects both cases: when the scalar is invalid due to overflow and when it is zero.
- Improved private key validation logic: The overflow check now combines both overflow and zero checks using a bitwise OR, ensuring that invalid keys are consistently replaced with a safe default. (
src/secp256k1/src/modules/ellswift/main_impl.h, src/secp256k1/src/modules/ellswift/main_impl.hL567-R567)