BN_copy now propagates BN_FLG_CONSTTIME

[oweals/openssl.git] / crypto / ec / ecp_nistp224.c

diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c
index 9a59ef0c19e417666021467dbf0dc722d2fddc3a..d81cc9ce6b1a0dfade364f8089e781a2c99cee79 100644 (file)
--- a/crypto/ec/ecp_nistp224.c
+++ b/crypto/ec/ecp_nistp224.c
@@ -321,7 +321,7 @@ static void bin28_to_felem(felem out, const u8 in[28])
     out[0] = *((const uint64_t *)(in)) & 0x00ffffffffffffff;
     out[1] = (*((const uint64_t *)(in + 7))) & 0x00ffffffffffffff;
     out[2] = (*((const uint64_t *)(in + 14))) & 0x00ffffffffffffff;
-    out[3] = (*((const uint64_t *)(in + 21))) & 0x00ffffffffffffff;
+    out[3] = (*((const uint64_t *)(in+20))) >> 8;
 }
 
 static void felem_to_bin28(u8 out[28], const felem in)
@@ -1657,8 +1657,7 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
      */
     if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) {
         memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
-        ret = 1;
-        goto err;
+        goto done;
     }
     if ((!BN_to_felem(pre->g_pre_comp[0][1][0], &group->generator->X)) ||
         (!BN_to_felem(pre->g_pre_comp[0][1][1], &group->generator->Y)) ||
@@ -1736,6 +1735,7 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
     }
     make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_felems);
 
+ done:
     if (!EC_EX_DATA_set_data(&group->extra_data, pre, nistp224_pre_comp_dup,
                              nistp224_pre_comp_free,
                              nistp224_pre_comp_clear_free))