Merge bitcoin#533: Make sure we're not using an uninitialized variabl…

…e in secp256k1_wnaf_const(...)

248f046 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) (practicalswift)

Pull request description:

  Make sure we're not using an uninitialized variable in `secp256k1_wnaf_const(...)`:

  ```
  In file included from src/secp256k1.c:15:0,
                   from src/tests.c:17:
  src/ecmult_const_impl.h: In function ‘secp256k1_wnaf_const’:
  src/ecmult_const_impl.h:117:20: warning: ‘u’ may be used uninitialized in this function [-Wmaybe-uninitialized]
       wnaf[word] = u * global_sign;
                      ^
  ```

  **Note to reviewers:** Perhaps an `assert(…);` is a bit drastic. What would be a more graceful way to handle this? :-)

Tree-SHA512: 536cd7cc5b87a84fbaac578cecbba81b8d82e4672a30a2db9a674b82856132e79b0158a6a88609bc24942ebdbf1fcd2c4399a4c31ab0654b88ace9c0e6f1eaf3

src/ecmult_const_impl.h

@@ -61,6 +61,10 @@ static int secp256k1_wnaf_const(int *wnaf, const secp256k1_scalar *scalar, int w
     int bit;
     secp256k1_scalar s;
     int not_neg_one;
+
+    VERIFY_CHECK(w > 0);
+    VERIFY_CHECK(size > 0);
+
     /* Note that we cannot handle even numbers by negating them to be odd, as is
      * done in other implementations, since if our scalars were specified to have
      * width < 256 for performance reasons, their negations would have width 256
@@ -94,7 +98,7 @@ static int secp256k1_wnaf_const(int *wnaf, const secp256k1_scalar *scalar, int w
 
     /* 4 */
     u_last = secp256k1_scalar_shr_int(&s, w);
-    while (word * w < size) {
+    do {
         int sign;
         int even;
 
@@ -110,7 +114,7 @@ static int secp256k1_wnaf_const(int *wnaf, const secp256k1_scalar *scalar, int w
         wnaf[word++] = u_last * global_sign;
 
         u_last = u;
-    }
+    } while (word * w < size);
     wnaf[word] = u * global_sign;
 
     VERIFY_CHECK(secp256k1_scalar_is_zero(&s));