Fix infinity point assertion failure in secp256k1_dleq_verify

[Copilot]

secp256k1_dleq_verify can compute R points at infinity when given corrupted inputs (e.g., bit-flipped adaptor signatures), which then hits the VERIFY_CHECK(!secp256k1_ge_is_infinity(elem)) assertion in secp256k1_eckey_pubkey_serialize33.

Reproducible with:

./tests --iterations=32 --seed=4995849ad225b70b66ea227c59c8574b

• Add infinity check for r[0] and r[1] after secp256k1_ge_set_all_gej_var but before secp256k1_dleq_challenge, returning 0 (verification failure) early

This is the correct semantic: a valid DLEQ proof never produces infinity R points during verification.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>src/eckey_impl.h:39: test condition failed: !secp256k1_ge_is_infinity(elem)</issue_title>
<issue_description>Damn, one CI job failed after #332 when CI was running again on master: https://github.com/BlockstreamResearch/secp256k1-zkp/actions/runs/22623023778/job/65552515242#step:4:1110 ...

I can reproduce this locally via:

./configure --enable-experimental=yes --with-test-override-wide-multiply=auto --with-asm=no --with-ecmult-window=2 --with-ecmult-gen-kb=2 --enable-module-ecdh=yes --enable-module-recovery=yes --enable-module-ellswift=yes --enable-module-extrakeys=yes --enable-module-ecdsa-s2c=yes --enable-module-bppp=yes --enable-module-rangeproof=yes --enable-module-whitelist=yes --enable-module-generator=yes --enable-module-schnorrsig=yes --enable-module-ecdsa-adaptor=yes --enable-module-musig=yes --enable-module-schnorrsig-halfagg=yes --enable-examples=yes --with-valgrind=no --host=
make
./tests --iterations=32 --seed=4995849ad225b70b66ea227c59c8574b

Here's a backtrace:

Starting program: [...]/tests --iterations=32 --seed=4995849ad225b70b66ea227c59c8574b
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Tests running silently. Use '-log=1' to enable detailed logging
iterations = 32
jobs = 0. Sequential execution.
random seed = 4995849ad225b70b66ea227c59c8574b
src/eckey_impl.h:39: test condition failed: !secp256k1_ge_is_infinity(elem)

Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, 
    no_tid=no_tid@entry=0) at pthread_kill.c:44
44	     return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0;
(gdb) 
(gdb) bt
BlockstreamResearch/secp256k1-zkp#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, 
    no_tid=no_tid@entry=0) at pthread_kill.c:44
BlockstreamResearch/secp256k1-zkp#1  0x00007ffff7e2eaf3 in __pthread_kill_internal (threadid=<optimized out>, signo=6)
    at pthread_kill.c:89
BlockstreamResearch/secp256k1-zkp#2  0x00007ffff7dd41a0 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
BlockstreamResearch/secp256k1-zkp#3  0x00007ffff7dbb5fe in __GI_abort () at abort.c:77
BlockstreamResearch/secp256k1-zkp#4  0x000055555555915c in secp256k1_eckey_pubkey_serialize33 (
    elem=elem@entry=0x7fffffffa0f0, 
    pub33=pub33@entry=0x7fffffff9b80 "\003c=V\253\356o6\346\a\306\004,h\264\t\276O=V:Q{ʕ\346\331H\036\225\320\326\306s\004\202\261I") at src/field_impl.h:250
BlockstreamResearch/secp256k1-zkp#5  0x000055555558e0d5 in secp256k1_dleq_hash_point (sha=0x7fffffff9b10, p=0x7fffffffa0f0)
    at src/modules/ecdsa_adaptor/dleq_impl.h:27
BlockstreamResearch/secp256k1-zkp#6  secp256k1_dleq_challenge (e=e@entry=0x7fffffffa430, gen2=gen2@entry=0x7fffffffa7a0, 
    r1=r1@entry=0x7fffffffa0f0, r2=r2@entry=0x7fffffffa158, p1=p1@entry=0x7fffffffa848, 
    p2=p2@entry=0x7fffffffa8b0) at src/modules/ecdsa_adaptor/dleq_impl.h:69
BlockstreamResearch/secp256k1-zkp#7  0x0000555555573c52 in secp256k1_dleq_verify (s=s@entry=0x7fffffffa9c0, 
    e=e@entry=0x7fffffffa9a0, p1=p1@entry=0x7fffffffa848, gen2=gen2@entry=0x7fffffffa7a0, 
    p2=p2@entry=0x7fffffffa8b0) at src/modules/ecdsa_adaptor/dleq_impl.h:150
BlockstreamResearch/secp256k1-zkp#8  0x0000555555573355 in secp256k1_ecdsa_adaptor_verify (ctx=0x555555662010, 
    adaptor_sig162=adaptor_sig162@entry=0x7fffffffb030 "\003c=V\253\356o6\346\a\306\004,h\264\t\276O=V:Q{ʕ\346\331H\036\225\320\326\306\003\221f\302\211\271\371\005\345_\236=\371\366\235\1775kJ\"\t_\211OG\025qJ\244\265f\006\257\204@\262\2034\366t\030\330=\\\334\024\n\253\"+\031\025\023\303]\234\274m\211\034\2658t\260\316_4נ\251\211z\031Ew\275_\0171\330;P\306*M\317Mˑq\214f\256\270\342\032\001e\005-\223s\227\267f\304\353#\215;U\242=\370\216V\204\207\020v\030\302\3505\371N*)\262 \240", pubkey=pubkey@entry=0x7fffffffb410, 
    msg32=msg32@entry=0x7fffffffb3f0 "8\234C{7\273ot\t=i>=\233Oǝߩ39\214\220\003\225-g\315ٙ\334U\276\355!X#w|`\333/E\350\024\223| \036\r\272\376rV\254\252\354j\262jP\331\026\345\266d$\255\235\310\373\302Hk\221\247\254\374I\321\023.R?\002\375\365Y\017\371\307v\205\367\225B\022\333'3Q=\331\337j<Z\354<\251\365ڧ>\264aȻ\022\267Ԫ\365\232\351勷\001", 
    enckey=enckey@entry=0x7fffffffb390) at src/modules/ecdsa_adaptor/main_impl.h:252
BlockstreamResearch/secp256k1-zkp#9  0x00005555555ee87a in adaptor_tests_internal ()
    at src/modules/ecdsa_adaptor/tests_impl.h:963
BlockstreamResearch/secp256k1-zkp#10 adaptor_tests () at src/modules/ecdsa_adaptor/tests_impl.h:1119
BlockstreamResearch/secp256k1-zkp#11 0x000055555557f58c in run_sequential (tf=0x7fffffffb520) at src/unit_test.c:275
BlockstreamResearch/secp256k1-zkp#12 tf_run (tf=<optimized out>) at src/unit_test.c:464
BlockstreamResearch/secp256k1-zkp#13 main (argc=<optimized out>, argv=<optimized out>) at src/tests.c:8068
```</issue_descripti...

</details>



<!-- START COPILOT CODING AGENT SUFFIX -->

- Fixes BlockstreamResearch/secp256k1-zkp#335

<!-- START COPILOT CODING AGENT TIPS -->
---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. [Learn more about Advanced Security.](https://gh.io/cca-advanced-security)

[real-or-random]

Closing in favor of #339