build: fix clang -Wshorten-64-to-32 warnings #1801

pull csjones wants to merge 4 commits into bitcoin-core:master from 21-DOT-DEV:CLANG-WARN-WSHORTEN-64-TO-32 changing 3 files +12 −10
  1. csjones commented at 0:58 am on January 15, 2026: none

    Addressing most of the remaining build warnings from issue thread #1617.

     0cmake -B build \
 1  -DCMAKE_C_COMPILER=clang \
 2  -DSECP256K1_ENABLE_MODULE_ECDH=ON \
 3  -DSECP256K1_ENABLE_MODULE_RECOVERY=ON \
 4  -DSECP256K1_ENABLE_MODULE_EXTRAKEYS=ON \
 5  -DSECP256K1_ENABLE_MODULE_SCHNORRSIG=ON \
 6  -DSECP256K1_ENABLE_MODULE_MUSIG=ON \
 7  -DSECP256K1_ENABLE_MODULE_ELLSWIFT=ON \
 8  -DSECP256K1_BUILD_TESTS=OFF \
 9  -DSECP256K1_BUILD_EXHAUSTIVE_TESTS=OFF \
10  -DSECP256K1_BUILD_CTIME_TESTS=OFF \
11  -DSECP256K1_BUILD_BENCHMARK=OFF \
12  -DSECP256K1_BUILD_EXAMPLES=OFF \
13  -DCMAKE_C_FLAGS="-Wall -Wextra -Wshorten-64-to-32 -Werror=shorten-64-to-32"
14  
15cmake --build build --verbose

     0/Users/csjones/Developer/secp256k1/src/modinv64_impl.h:279:39: error: implicit conversion loses integer precision: 'uint64_t' (aka 'unsigned long long') to 'uint32_t' (aka 'unsigned int') [-Werror,-Wshorten-64-to-32]
 1  279 |             w = (f * g * (f * f - 2)) & m;
 2      |               ~ ~~~~~~~~~~~~~~~~~~~~~~^~~
 3/Users/csjones/Developer/secp256k1/src/modinv64_impl.h:289:19: error: implicit conversion loses integer precision: 'uint64_t' (aka 'unsigned long long') to 'uint32_t' (aka 'unsigned int') [-Werror,-Wshorten-64-to-32]
 4  289 |             w = f + (((f + 1) & 4) << 1);
 5      |               ~ ~~^~~~~~~~~~~~~~~~~~~~~~
 6/Users/csjones/Developer/secp256k1/src/modinv64_impl.h:290:26: error: implicit conversion loses integer precision: 'uint64_t' (aka 'unsigned long long') to 'uint32_t' (aka 'unsigned int') [-Werror,-Wshorten-64-to-32]
 7  290 |             w = (-w * g) & m;
 8      |               ~ ~~~~~~~~~^~~
 9/Users/csjones/Developer/secp256k1/src/modinv64_impl.h:370:39: error: implicit conversion loses integer precision: 'uint64_t' (aka 'unsigned long long') to 'uint32_t' (aka 'unsigned int') [-Werror,-Wshorten-64-to-32]
10  370 |             w = (f * g * (f * f - 2)) & m;
11      |               ~ ~~~~~~~~~~~~~~~~~~~~~~^~~
12/Users/csjones/Developer/secp256k1/src/modinv64_impl.h:380:19: error: implicit conversion loses integer precision: 'uint64_t' (aka 'unsigned long long') to 'uint32_t' (aka 'unsigned int') [-Werror,-Wshorten-64-to-32]
13  380 |             w = f + (((f + 1) & 4) << 1);
14      |               ~ ~~^~~~~~~~~~~~~~~~~~~~~~
15/Users/csjones/Developer/secp256k1/src/modinv64_impl.h:381:26: error: implicit conversion loses integer precision: 'uint64_t' (aka 'unsigned long long') to 'uint32_t' (aka 'unsigned int') [-Werror,-Wshorten-64-to-32]
16  381 |             w = (-w * g) & m;
17      |               ~ ~~~~~~~~~^~~
18In file included from /Users/csjones/Developer/secp256k1/src/secp256k1.c:28:
19In file included from /Users/csjones/Developer/secp256k1/src/scalar_impl.h:20:
20/Users/csjones/Developer/secp256k1/src/scalar_4x64_impl.h:112:42: error: implicit conversion loses integer precision: 'uint64_t' (aka 'unsigned long long') to 'int' [-Werror,-Wshorten-64-to-32]
21  112 |     overflow = secp256k1_u128_to_u64(&t) + secp256k1_scalar_check_overflow(r);
22      |              ~ ~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
23/Users/csjones/Developer/secp256k1/src/scalar_4x64_impl.h:637:10: error: implicit conversion loses integer precision: 'uint64_t' (aka 'unsigned long long') to 'uint32_t' (aka 'unsigned int') [-Werror,-Wshorten-64-to-32]
24  637 |     m6 = c0;
25      |        ~ ^~
26/Users/csjones/Developer/secp256k1/src/scalar_4x64_impl.h:657:13: error: implicit conversion loses integer precision: 'uint64_t' (aka 'unsigned long long') to 'uint32_t' (aka 'unsigned int') [-Werror,-Wshorten-64-to-32]
27  657 |     p4 = c0 + m6;
28      |        ~ ~~~^~~~
29/Users/csjones/Developer/secp256k1/src/scalar_4x64_impl.h:677:34: error: implicit conversion loses integer precision: 'uint64_t' (aka 'unsigned long long') to 'unsigned int' [-Werror,-Wshorten-64-to-32]
30  677 |     secp256k1_scalar_reduce(r, c + secp256k1_scalar_check_overflow(r));
31      |     ~~~~~~~~~~~~~~~~~~~~~~~    ~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
32In file included from /Users/csjones/Developer/secp256k1/src/secp256k1.c:30:
33/Users/csjones/Developer/secp256k1/src/ecmult_impl.h:536:21: error: implicit conversion loses integer precision: 'size_t' (aka 'unsigned long') to 'int' [-Werror,-Wshorten-64-to-32]
34  536 |     for (i = n_wnaf - 1; i >= 0; i--) {
35      |            ~ ~~~~~~~^~~
36/Users/csjones/Developer/secp256k1/src/ecmult_impl.h:580:52: error: implicit conversion loses integer precision: 'long' to 'int' [-Werror,-Wshorten-64-to-32]
37  580 |         for(j = ECMULT_TABLE_SIZE(bucket_window+2) - 1; j > 0; j--) {
38      |               ~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~
39In file included from /Users/csjones/Developer/secp256k1/src/secp256k1.c:32:
40In file included from /Users/csjones/Developer/secp256k1/src/ecmult_gen_impl.h:14:
41/Users/csjones/Developer/secp256k1/src/hash_impl.h:151:52: error: implicit conversion loses integer precision: 'uint64_t' (aka 'unsigned long long') to 'uint32_t' (aka 'unsigned int') [-Werror,-Wshorten-64-to-32]
42  151 |     secp256k1_write_be32(&sizedesc[0], hash->bytes >> 29);
43      |     ~~~~~~~~~~~~~~~~~~~~               ~~~~~~~~~~~~^~~~~
44/Users/csjones/Developer/secp256k1/src/hash_impl.h:152:52: error: implicit conversion loses integer precision: 'uint64_t' (aka 'unsigned long long') to 'uint32_t' (aka 'unsigned int') [-Werror,-Wshorten-64-to-32]
45  152 |     secp256k1_write_be32(&sizedesc[4], hash->bytes << 3);
46      |     ~~~~~~~~~~~~~~~~~~~~               ~~~~~~~~~~~~^~~~
4714 errors generated.

    I applied most of the suggested fixes from #1617 (comment) and used an explicit cast of (uint32_t) in scalar_4x64_impl.h for the two warnings not mentioned in the original issue thread. The warnings in ecmult_impl.h were skipped.

    0/Users/csjones/Developer/secp256k1/src/ecmult_impl.h:536:21: error: implicit conversion loses integer precision: 'size_t' (aka 'unsigned long') to 'int' [-Werror,-Wshorten-64-to-32]
1  536 |     for (i = n_wnaf - 1; i >= 0; i--) {
2      |            ~ ~~~~~~~^~~
3/Users/csjones/Developer/secp256k1/src/ecmult_impl.h:580:52: error: implicit conversion loses integer precision: 'long' to 'int' [-Werror,-Wshorten-64-to-32]
4  580 |         for(j = ECMULT_TABLE_SIZE(bucket_window+2) - 1; j > 0; j--) {
5      |               ~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~
62 errors generated.

    EDIT: Investigating failing CI Fixed.

  2. fix: change w variable type from uint32_t to uint64_t in modinv64 implementation 66452d4825
  3. fix: use explicit casts for 'implicit conversion loses integer precision' warnings in scalar_4x64_impl.h 3ddc5bedef
  4. real-or-random added the label tweak/refactor on Jan 21, 2026
  5. real-or-random commented at 4:12 pm on January 21, 2026: contributor
    Can you squash the last two commits?
  6. fix: use explicit casts for 'implicit conversion loses integer precision' warnings in hash_impl.h 
    fix: correct cast placement in hash_impl.h to preserve full 64-bit shift operations
    4a84fb7e43
  7. csjones force-pushed on Jan 21, 2026
  8. csjones commented at 4:55 pm on January 21, 2026: none
    @real-or-random just pushed the squashed commit.
  9. in src/scalar_4x64_impl.h:112 in 3ddc5bedef 
    108@@ -109,7 +109,7 @@ static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a,
109     secp256k1_u128_accum_u64(&t, a->d[3]);
110     secp256k1_u128_accum_u64(&t, b->d[3]);
111     r->d[3] = secp256k1_u128_to_u64(&t); secp256k1_u128_rshift(&t, 64);
112-    overflow = secp256k1_u128_to_u64(&t) + secp256k1_scalar_check_overflow(r);
113+    overflow = (int)secp256k1_u128_to_u64(&t) + secp256k1_scalar_check_overflow(r);
    real-or-random commented at 7:28 pm on January 21, 2026:
    This changes the addition from a uint64_t addition to a (signed) int addition. I think I’d rather make overflow an uint64_t and cast to (unsigned int) explicitly when passing it to secp256k1_scalar_reduce and to (int) when returning, both after the VERIFY_CHECK.
    csjones commented at 5:31 am on January 22, 2026:
    Appreciate the feedback, I pushed the change.
  10. in src/scalar_4x64_impl.h:658 in 4a84fb7e43 
    653@@ -654,7 +654,7 @@ static void secp256k1_scalar_reduce_512(secp256k1_scalar *r, const uint64_t *l)
654     muladd_fast(m6, SECP256K1_N_C_1);
655     sumadd_fast(m5);
656     extract_fast(p3);
657-    p4 = c0 + m6;
658+    p4 = (uint32_t)c0 + m6;
659     VERIFY_CHECK(p4 <= 2);
    real-or-random commented at 7:32 pm on January 21, 2026: 
    0    VERIFY_CHECK(c0 <= 1 && m6 <= 1);
1    p4 = (uint32_t)c0 + m6;
    csjones commented at 5:30 am on January 22, 2026:
    Change made
    csjones commented at 6:29 am on January 22, 2026:
    I ended up removing m6 <= 1 because it’s already verified at line 637. The CI failed with c0 <= 1 and after running the ci script locally a few times, I changed it to c0 <= 2, which is consistent with the original p4 <= 2 check (since p4 = c0 + m6 and m6 <= 1). I also restored the p4 <= 2 check.
    real-or-random commented at 8:11 am on January 22, 2026:

    Hm, I see. I have no idea how the algorithm works. Still, this is a bit surprising to me because that means m6 == 0 always (but then it probably wouldn’t be there in the first place) or m6 == 0 iff c0 == 2, and I don’t see why the latter should hold.

    Perhaps @sipa can provide some insights..

  11. in src/scalar_4x64_impl.h:677 in 4a84fb7e43 outdated 
    673@@ -674,7 +674,7 @@ static void secp256k1_scalar_reduce_512(secp256k1_scalar *r, const uint64_t *l)
674 #endif
675 
676     /* Final reduction of r. */
677-    secp256k1_scalar_reduce(r, c + secp256k1_scalar_check_overflow(r));
678+    secp256k1_scalar_reduce(r, (unsigned int)c + secp256k1_scalar_check_overflow(r));
    real-or-random commented at 7:37 pm on January 21, 2026: 
    0    VERIFY_CHECK(c <= 1);
1    secp256k1_scalar_reduce(r, (unsigned int)c + secp256k1_scalar_check_overflow(r));
    csjones commented at 5:30 am on January 22, 2026:
    Added!
  12. real-or-random commented at 7:37 pm on January 21, 2026: contributor
    cc @sipa for the w change… Is this correct even? Even if it’s correct, do we want to keep the smaller uint32_t?
  13. refactor: preserve unsigned arithmetic and add VERIFY_CHECKs before casts in scalar_4x64_impl.h da9db68bc9
  14. csjones force-pushed on Jan 22, 2026


csjones real-or-random

Labels
tweak/refactor

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-01-27 09:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me