]> granicus.if.org Git - openssl/commitdiff
Avoid reading an unused byte after the buffer
authorAndy Polyakov <appro@openssl.org>
Sat, 21 Feb 2015 12:51:56 +0000 (13:51 +0100)
committerKurt Roeckx <kurt@roeckx.be>
Sat, 14 Mar 2015 17:31:54 +0000 (18:31 +0100)
Other curves don't have this problem.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 9fbbdd73c58c29dc46cc314f7165e45e6d43fd60)

crypto/ec/ecp_nistp224.c

index 9a59ef0c19e417666021467dbf0dc722d2fddc3a..ed09f97ade683738a834d668091bc42fc12fdd3e 100644 (file)
@@ -321,7 +321,7 @@ static void bin28_to_felem(felem out, const u8 in[28])
     out[0] = *((const uint64_t *)(in)) & 0x00ffffffffffffff;
     out[1] = (*((const uint64_t *)(in + 7))) & 0x00ffffffffffffff;
     out[2] = (*((const uint64_t *)(in + 14))) & 0x00ffffffffffffff;
-    out[3] = (*((const uint64_t *)(in + 21))) & 0x00ffffffffffffff;
+    out[3] = (*((const uint64_t *)(in+20))) >> 8;
 }
 
 static void felem_to_bin28(u8 out[28], const felem in)