From: Andy Polyakov <appro@openssl.org>
Date: Sat, 21 Feb 2015 12:51:56 +0000 (+0100)
Subject: Avoid reading an unused byte after the buffer
X-Git-Tag: OpenSSL_1_1_0-pre1~1542
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9fbbdd73c58c29dc46cc314f7165e45e6d43fd60;p=openssl

Avoid reading an unused byte after the buffer

Other curves don't have this problem.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
---

diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c
index ffb50d848c..a0c7bec5db 100644
--- a/crypto/ec/ecp_nistp224.c
+++ b/crypto/ec/ecp_nistp224.c
@@ -316,7 +316,7 @@ static void bin28_to_felem(felem out, const u8 in[28])
     out[0] = *((const uint64_t *)(in)) & 0x00ffffffffffffff;
     out[1] = (*((const uint64_t *)(in + 7))) & 0x00ffffffffffffff;
     out[2] = (*((const uint64_t *)(in + 14))) & 0x00ffffffffffffff;
-    out[3] = (*((const uint64_t *)(in + 21))) & 0x00ffffffffffffff;
+    out[3] = (*((const uint64_t *)(in+20))) >> 8;
 }
 
 static void felem_to_bin28(u8 out[28], const felem in)