build: fix clang -Wshorten-64-to-32 warnings

src/hash_impl.h

@@ -148,8 +148,8 @@ static void secp256k1_sha256_finalize(secp256k1_sha256 *hash, unsigned char *out
     int i;
     /* The maximum message size of SHA256 is 2^64-1 bits. */
     VERIFY_CHECK(hash->bytes < ((uint64_t)1 << 61));
-    secp256k1_write_be32(&sizedesc[0], hash->bytes >> 29);
-    secp256k1_write_be32(&sizedesc[4], hash->bytes << 3);
+    secp256k1_write_be32(&sizedesc[0], (uint32_t)(hash->bytes >> 29));
+    secp256k1_write_be32(&sizedesc[4], (uint32_t)(hash->bytes << 3));
     secp256k1_sha256_write(hash, pad, 1 + ((119 - (hash->bytes % 64)) % 64));
     secp256k1_sha256_write(hash, sizedesc, 8);
     for (i = 0; i < 8; i++) {

src/modinv64_impl.h

@@ -240,7 +240,7 @@ static int64_t secp256k1_modinv64_divsteps_62_var(int64_t eta, uint64_t f0, uint
     /* Transformation matrix; see comments in secp256k1_modinv64_divsteps_62. */
     uint64_t u = 1, v = 0, q = 0, r = 1;
     uint64_t f = f0, g = g0, m;
-    uint32_t w;
+    uint64_t w;
     int i = 62, limit, zeros;
 
     for (;;) {
@@ -326,7 +326,7 @@ static int64_t secp256k1_modinv64_posdivsteps_62_var(int64_t eta, uint64_t f0, u
     /* Transformation matrix; see comments in secp256k1_modinv64_divsteps_62. */
     uint64_t u = 1, v = 0, q = 0, r = 1;
     uint64_t f = f0, g = g0, m;
-    uint32_t w;
+    uint64_t w;
     int i = 62, limit, zeros;
     int jac = *jacp;
 

src/scalar_4x64_impl.h

@@ -92,7 +92,7 @@ SECP256K1_INLINE static int secp256k1_scalar_reduce(secp256k1_scalar *r, unsigne
 }
 
 static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) {
-    int overflow;
+    uint64_t overflow;
     secp256k1_uint128 t;
     SECP256K1_SCALAR_VERIFY(a);
     SECP256K1_SCALAR_VERIFY(b);
@@ -111,10 +111,10 @@ static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a,
     r->d[3] = secp256k1_u128_to_u64(&t); secp256k1_u128_rshift(&t, 64);
     overflow = secp256k1_u128_to_u64(&t) + secp256k1_scalar_check_overflow(r);
     VERIFY_CHECK(overflow == 0 || overflow == 1);
-    secp256k1_scalar_reduce(r, overflow);
+    secp256k1_scalar_reduce(r, (unsigned int)overflow);
 
     SECP256K1_SCALAR_VERIFY(r);
-    return overflow;
+    return (int)overflow;
 }
 
 static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag) {
@@ -634,7 +634,7 @@ static void secp256k1_scalar_reduce_512(secp256k1_scalar *r, const uint64_t *l)
     sumadd_fast(n3);
     extract_fast(m5);
     VERIFY_CHECK(c0 <= 1);
-    m6 = c0;
+    m6 = (uint32_t)c0;
 
     /* Reduce 385 bits into 258. */
     /* p[0..4] = m[0..3] + m[4..6] * SECP256K1_N_C. */
@@ -654,7 +654,8 @@ static void secp256k1_scalar_reduce_512(secp256k1_scalar *r, const uint64_t *l)
     muladd_fast(m6, SECP256K1_N_C_1);
     sumadd_fast(m5);
     extract_fast(p3);
-    p4 = c0 + m6;
+    VERIFY_CHECK(c0 <= 2);
+    p4 = (uint32_t)c0 + m6;
     VERIFY_CHECK(p4 <= 2);
 
     /* Reduce 258 bits into 256. */
@@ -674,7 +675,8 @@ static void secp256k1_scalar_reduce_512(secp256k1_scalar *r, const uint64_t *l)
 #endif
 
     /* Final reduction of r. */
-    secp256k1_scalar_reduce(r, c + secp256k1_scalar_check_overflow(r));
+    VERIFY_CHECK(c <= 1);
+    secp256k1_scalar_reduce(r, (unsigned int)c + secp256k1_scalar_check_overflow(r));
 }
 
 static void secp256k1_scalar_mul_512(uint64_t *l8, const secp256k1_scalar *a, const secp256k1_scalar *b) {