Unnecessary call to secp256k1_sha256_initialize

[Coding-Enthusiast]

When computing tagged-hashes for Schnorr sigs the 3 methods (challenge, aux, nonce) first call secp256k1_sha256_initialize that sets the hashstate (ie. s[0] to s[7] and bytes) to their default SHA256 values then they each immediately change all those values to the precomputed "midstate" values. The first call to secp256k1_sha256_initialize seems wasteful.

bitcoin/src/secp256k1/src/modules/schnorrsig/main_impl.h

Lines 16 to 28 in 7386da7

	static void secp256k1_nonce_function_bip340_sha256_tagged(secp256k1_sha256 *sha) {
	secp256k1_sha256_initialize(sha);
	sha->s[0] = 0x46615b35ul;
	sha->s[1] = 0xf4bfbff7ul;
	sha->s[2] = 0x9f8dc671ul;
	sha->s[3] = 0x83627ab3ul;
	sha->s[4] = 0x60217180ul;
	sha->s[5] = 0x57358661ul;
	sha->s[6] = 0x21a29e54ul;
	sha->s[7] = 0x68b07b4cul;
	sha->bytes = 64;
	}

bitcoin/src/secp256k1/src/hash_impl.h

Lines 31 to 41 in 7386da7

	static void secp256k1_sha256_initialize(secp256k1_sha256 *hash) {
	hash->s[0] = 0x6a09e667ul;
	hash->s[1] = 0xbb67ae85ul;
	hash->s[2] = 0x3c6ef372ul;
	hash->s[3] = 0xa54ff53aul;
	hash->s[4] = 0x510e527ful;
	hash->s[5] = 0x9b05688cul;
	hash->s[6] = 0x1f83d9abul;
	hash->s[7] = 0x5be0cd19ul;
	hash->bytes = 0;
	}

[fanquake]

This issue would be better opened / reported upstream: https://github.com/bitcoin-core/secp256k1, as the code here is a (semi-regularly updated) subtree of that repository.