1 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/libcrypto/ec/ecp_smpl.c b/src/lib/libcrypto/ec/ecp_smpl.c
index c64c41130a..3957bd154c 100644
--- a/src/lib/libcrypto/ec/ecp_smpl.c
+++ b/src/lib/libcrypto/ec/ecp_smpl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_smpl.c,v 1.28 2018/11/06 07:02:33 tb Exp $ */
+/* $OpenBSD: ecp_smpl.c,v 1.29 2018/11/15 05:53:31 tb Exp $ */
 /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
 * for the OpenSSL project.
 * Includes code written by Bodo Moeller for the OpenSSL project.
@@ -1556,8 +1556,8 @@ ec_GFp_simple_mul_ct(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
         */
        cardinality_bits = BN_num_bits(cardinality);
        group_top = cardinality->top;
-        if ((bn_wexpand(k, group_top + 1) == NULL) ||
+        if ((bn_wexpand(k, group_top + 2) == NULL) ||
-            (bn_wexpand(lambda, group_top + 1) == NULL))
+            (bn_wexpand(lambda, group_top + 2) == NULL))
                goto err;
        if (!BN_copy(k, scalar))
@@ -1584,7 +1584,7 @@ ec_GFp_simple_mul_ct(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
         * k := scalar + 2*cardinality
         */
        kbit = BN_is_bit_set(lambda, cardinality_bits);
-        if (!BN_swap_ct(kbit, k, lambda, group_top + 1))
+        if (!BN_swap_ct(kbit, k, lambda, group_top + 2))
                goto err;
        group_top = group->field.top;

diff --git a/src/lib/libcrypto/ec/ecp_smpl.c b/src/lib/libcrypto/ec/ecp_smpl.c index c64c41130a..3957bd154c 100644 --- a/src/lib/libcrypto/ec/ecp_smpl.c +++ b/src/lib/libcrypto/ec/ecp_smpl.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ecp_smpl.c,v 1.28 2018/11/06 07:02:33 tb Exp $ */	1	/* $OpenBSD: ecp_smpl.c,v 1.29 2018/11/15 05:53:31 tb Exp $ */
2	/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>	2	/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
3	* for the OpenSSL project.	3	* for the OpenSSL project.
4	* Includes code written by Bodo Moeller for the OpenSSL project.	4	* Includes code written by Bodo Moeller for the OpenSSL project.
@@ -1556,8 +1556,8 @@ ec_GFp_simple_mul_ct(const EC_GROUP group, EC_POINT r, const BIGNUM *scalar,
1556	*/	1556	*/
1557	cardinality_bits = BN_num_bits(cardinality);	1557	cardinality_bits = BN_num_bits(cardinality);
1558	group_top = cardinality->top;	1558	group_top = cardinality->top;
1559	if ((bn_wexpand(k, group_top + 1) == NULL) \|\|	1559	if ((bn_wexpand(k, group_top + 2) == NULL) \|\|
1560	(bn_wexpand(lambda, group_top + 1) == NULL))	1560	(bn_wexpand(lambda, group_top + 2) == NULL))
1561	goto err;	1561	goto err;
1562		1562
1563	if (!BN_copy(k, scalar))	1563	if (!BN_copy(k, scalar))
@@ -1584,7 +1584,7 @@ ec_GFp_simple_mul_ct(const EC_GROUP group, EC_POINT r, const BIGNUM *scalar,
1584	* k := scalar + 2*cardinality	1584	* k := scalar + 2*cardinality
1585	*/	1585	*/
1586	kbit = BN_is_bit_set(lambda, cardinality_bits);	1586	kbit = BN_is_bit_set(lambda, cardinality_bits);
1587	if (!BN_swap_ct(kbit, k, lambda, group_top + 1))	1587	if (!BN_swap_ct(kbit, k, lambda, group_top + 2))
1588	goto err;	1588	goto err;
1589		1589
1590	group_top = group->field.top;	1590	group_top = group->field.top;