1 files changed, 27 insertions, 27 deletions
diff --git a/src/lib/libcrypto/ec/ecp_methods.c b/src/lib/libcrypto/ec/ecp_methods.c
index 50607ea216..8f04a24e28 100644
--- a/src/lib/libcrypto/ec/ecp_methods.c
+++ b/src/lib/libcrypto/ec/ecp_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_methods.c,v 1.13 2024/12/06 15:49:37 tb Exp $ */
+/* $OpenBSD: ecp_methods.c,v 1.14 2024/12/12 10:00:15 tb Exp $ */
 /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
 * for the OpenSSL project.
 * Includes code written by Bodo Moeller for the OpenSSL project.
@@ -87,7 +87,7 @@
 static int
 ec_group_init(EC_GROUP *group)
 {
-        BN_init(&group->field);
+        BN_init(&group->p);
        BN_init(&group->a);
        BN_init(&group->b);
        group->a_is_minus3 = 0;
@@ -97,7 +97,7 @@ ec_group_init(EC_GROUP *group)
 static void
 ec_group_finish(EC_GROUP *group)
 {
-        BN_free(&group->field);
+        BN_free(&group->p);
        BN_free(&group->a);
        BN_free(&group->b);
 }
@@ -105,7 +105,7 @@ ec_group_finish(EC_GROUP *group)
 static int
 ec_group_copy(EC_GROUP *dest, const EC_GROUP *src)
 {
-        if (!bn_copy(&dest->field, &src->field))
+        if (!bn_copy(&dest->p, &src->p))
                return 0;
        if (!bn_copy(&dest->a, &src->a))
                return 0;
@@ -132,7 +132,7 @@ ec_decode_scalar(const EC_GROUP *group, BIGNUM *bn, const BIGNUM *x, BN_CTX *ctx
 static int
 ec_encode_scalar(const EC_GROUP *group, BIGNUM *bn, const BIGNUM *x, BN_CTX *ctx)
 {
-        if (!BN_nnmod(bn, x, &group->field, ctx))
+        if (!BN_nnmod(bn, x, &group->p, ctx))
                return 0;
        if (group->meth->field_encode != NULL)
@@ -145,7 +145,7 @@ static int
 ec_encode_z_coordinate(const EC_GROUP *group, BIGNUM *bn, int *is_one,
    const BIGNUM *z, BN_CTX *ctx)
 {
-        if (!BN_nnmod(bn, z, &group->field, ctx))
+        if (!BN_nnmod(bn, z, &group->p, ctx))
                return 0;
        *is_one = BN_is_one(bn);
@@ -176,9 +176,9 @@ ec_group_set_curve(EC_GROUP *group,
        if ((a_plus_3 = BN_CTX_get(ctx)) == NULL)
                goto err;
-        if (!bn_copy(&group->field, p))
+        if (!bn_copy(&group->p, p))
                goto err;
-        BN_set_negative(&group->field, 0);
+        BN_set_negative(&group->p, 0);
        if (!ec_encode_scalar(group, &group->a, a, ctx))
                goto err;
@@ -187,7 +187,7 @@ ec_group_set_curve(EC_GROUP *group,
        if (!BN_set_word(a_plus_3, 3))
                goto err;
-        if (!BN_mod_add(a_plus_3, a_plus_3, a, &group->field, ctx))
+        if (!BN_mod_add(a_plus_3, a_plus_3, a, &group->p, ctx))
                goto err;
        group->a_is_minus3 = BN_is_zero(a_plus_3);
@@ -205,7 +205,7 @@ ec_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
    BN_CTX *ctx)
 {
        if (p != NULL) {
-                if (!bn_copy(p, &group->field))
+                if (!bn_copy(p, &group->p))
                        return 0;
        }
        if (!ec_decode_scalar(group, a, &group->a, ctx))
@@ -219,7 +219,7 @@ ec_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
 static int
 ec_group_get_degree(const EC_GROUP *group)
 {
-        return BN_num_bits(&group->field);
+        return BN_num_bits(&group->p);
 }
 static int
@@ -375,7 +375,7 @@ ec_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
                goto done;
        }
-        if (BN_mod_inverse_ct(Z_1, z, &group->field, ctx) == NULL) {
+        if (BN_mod_inverse_ct(Z_1, z, &group->p, ctx) == NULL) {
                ECerror(ERR_R_BN_LIB);
                goto err;
        }
@@ -384,7 +384,7 @@ ec_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
                if (!group->meth->field_sqr(group, Z_2, Z_1, ctx))
                        goto err;
        } else {
-                if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx))
+                if (!BN_mod_sqr(Z_2, Z_1, &group->p, ctx))
                        goto err;
        }
@@ -402,7 +402,7 @@ ec_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
                        if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx))
                                goto err;
                } else {
-                        if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx))
+                        if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->p, ctx))
                                goto err;
                }
@@ -427,7 +427,7 @@ static int
 ec_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
    const BIGNUM *in_x, int y_bit, BN_CTX *ctx)
 {
-        const BIGNUM *p = &group->field, *a = &group->a, *b = &group->b;
+        const BIGNUM *p = &group->p, *a = &group->a, *b = &group->b;
        BIGNUM *w, *x, *y;
        int ret = 0;
@@ -500,7 +500,7 @@ ec_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
                ECerror(EC_R_INVALID_COMPRESSION_BIT);
                goto err;
        }
-        if (!BN_usub(y, &group->field, y))
+        if (!BN_usub(y, &group->p, y))
                goto err;
        if (y_bit != BN_is_odd(y)) {
@@ -540,7 +540,7 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
        field_mul = group->meth->field_mul;
        field_sqr = group->meth->field_sqr;
-        p = &group->field;
+        p = &group->p;
        BN_CTX_start(ctx);
@@ -718,7 +718,7 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
        field_mul = group->meth->field_mul;
        field_sqr = group->meth->field_sqr;
-        p = &group->field;
+        p = &group->p;
        BN_CTX_start(ctx);
@@ -845,7 +845,7 @@ ec_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
                /* point is its own inverse */
                return 1;
-        return BN_usub(&point->Y, &group->field, &point->Y);
+        return BN_usub(&point->Y, &group->p, &point->Y);
 }
 static int
@@ -862,7 +862,7 @@ ec_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
        field_mul = group->meth->field_mul;
        field_sqr = group->meth->field_sqr;
-        p = &group->field;
+        p = &group->p;
        BN_CTX_start(ctx);
@@ -1130,7 +1130,7 @@ ec_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[],
         * Now use a single explicit inversion to replace every non-zero
         * points[i]->Z by its inverse.
         */
-        if (!BN_mod_inverse_nonct(tmp, prod_Z[num - 1], &group->field, ctx)) {
+        if (!BN_mod_inverse_nonct(tmp, prod_Z[num - 1], &group->p, ctx)) {
                ECerror(ERR_R_BN_LIB);
                goto err;
        }
@@ -1214,13 +1214,13 @@ static int
 ec_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
    BN_CTX *ctx)
 {
-        return BN_mod_mul(r, a, b, &group->field, ctx);
+        return BN_mod_mul(r, a, b, &group->p, ctx);
 }
 static int
 ec_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
 {
-        return BN_mod_sqr(r, a, &group->field, ctx);
+        return BN_mod_sqr(r, a, &group->p, ctx);
 }
 /*
@@ -1228,7 +1228,7 @@ ec_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
 *
 *      (X, Y, Z) = (lambda^2 * X, lambda^3 * Y, lambda * Z)
 *
- * where lambda is in the interval [1, group->field).
+ * where lambda is in the interval [1, p).
 */
 static int
 ec_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx)
@@ -1243,8 +1243,8 @@ ec_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx)
        if ((tmp = BN_CTX_get(ctx)) == NULL)
                goto err;
-        /* Generate lambda in [1, group->field). */
+        /* Generate lambda in [1, p). */
-        if (!bn_rand_interval(lambda, 1, &group->field))
+        if (!bn_rand_interval(lambda, 1, &group->p))
                goto err;
        if (group->meth->field_encode != NULL &&
@@ -1392,7 +1392,7 @@ ec_mul_ct(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
        if (!BN_swap_ct(kbit, k, lambda, group_top + 2))
                goto err;
-        group_top = group->field.top;
+        group_top = group->p.top;
        if (!bn_wexpand(&s->X, group_top) ||
            !bn_wexpand(&s->Y, group_top) ||
            !bn_wexpand(&s->Z, group_top) ||

diff --git a/src/lib/libcrypto/ec/ecp_methods.c b/src/lib/libcrypto/ec/ecp_methods.c index 50607ea216..8f04a24e28 100644 --- a/src/lib/libcrypto/ec/ecp_methods.c +++ b/src/lib/libcrypto/ec/ecp_methods.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ecp_methods.c,v 1.13 2024/12/06 15:49:37 tb Exp $ */	1	/* $OpenBSD: ecp_methods.c,v 1.14 2024/12/12 10:00:15 tb Exp $ */
2	/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>	2	/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
3	* for the OpenSSL project.	3	* for the OpenSSL project.
4	* Includes code written by Bodo Moeller for the OpenSSL project.	4	* Includes code written by Bodo Moeller for the OpenSSL project.
@@ -87,7 +87,7 @@
87	static int	87	static int
88	ec_group_init(EC_GROUP *group)	88	ec_group_init(EC_GROUP *group)
89	{	89	{
90	BN_init(&group->field);	90	BN_init(&group->p);
91	BN_init(&group->a);	91	BN_init(&group->a);
92	BN_init(&group->b);	92	BN_init(&group->b);
93	group->a_is_minus3 = 0;	93	group->a_is_minus3 = 0;
@@ -97,7 +97,7 @@ ec_group_init(EC_GROUP *group)
97	static void	97	static void
98	ec_group_finish(EC_GROUP *group)	98	ec_group_finish(EC_GROUP *group)
99	{	99	{
100	BN_free(&group->field);	100	BN_free(&group->p);
101	BN_free(&group->a);	101	BN_free(&group->a);
102	BN_free(&group->b);	102	BN_free(&group->b);
103	}	103	}
@@ -105,7 +105,7 @@ ec_group_finish(EC_GROUP *group)
105	static int	105	static int
106	ec_group_copy(EC_GROUP dest, const EC_GROUP src)	106	ec_group_copy(EC_GROUP dest, const EC_GROUP src)
107	{	107	{
108	if (!bn_copy(&dest->field, &src->field))	108	if (!bn_copy(&dest->p, &src->p))
109	return 0;	109	return 0;
110	if (!bn_copy(&dest->a, &src->a))	110	if (!bn_copy(&dest->a, &src->a))
111	return 0;	111	return 0;
@@ -132,7 +132,7 @@ ec_decode_scalar(const EC_GROUP group, BIGNUM bn, const BIGNUM x, BN_CTX ctx
132	static int	132	static int
133	ec_encode_scalar(const EC_GROUP group, BIGNUM bn, const BIGNUM x, BN_CTX ctx)	133	ec_encode_scalar(const EC_GROUP group, BIGNUM bn, const BIGNUM x, BN_CTX ctx)
134	{	134	{
135	if (!BN_nnmod(bn, x, &group->field, ctx))	135	if (!BN_nnmod(bn, x, &group->p, ctx))
136	return 0;	136	return 0;
137		137
138	if (group->meth->field_encode != NULL)	138	if (group->meth->field_encode != NULL)
@@ -145,7 +145,7 @@ static int
145	ec_encode_z_coordinate(const EC_GROUP group, BIGNUM bn, int *is_one,	145	ec_encode_z_coordinate(const EC_GROUP group, BIGNUM bn, int *is_one,
146	const BIGNUM z, BN_CTX ctx)	146	const BIGNUM z, BN_CTX ctx)
147	{	147	{
148	if (!BN_nnmod(bn, z, &group->field, ctx))	148	if (!BN_nnmod(bn, z, &group->p, ctx))
149	return 0;	149	return 0;
150		150
151	*is_one = BN_is_one(bn);	151	*is_one = BN_is_one(bn);
@@ -176,9 +176,9 @@ ec_group_set_curve(EC_GROUP *group,
176	if ((a_plus_3 = BN_CTX_get(ctx)) == NULL)	176	if ((a_plus_3 = BN_CTX_get(ctx)) == NULL)
177	goto err;	177	goto err;
178		178
179	if (!bn_copy(&group->field, p))	179	if (!bn_copy(&group->p, p))
180	goto err;	180	goto err;
181	BN_set_negative(&group->field, 0);	181	BN_set_negative(&group->p, 0);
182		182
183	if (!ec_encode_scalar(group, &group->a, a, ctx))	183	if (!ec_encode_scalar(group, &group->a, a, ctx))
184	goto err;	184	goto err;
@@ -187,7 +187,7 @@ ec_group_set_curve(EC_GROUP *group,
187		187
188	if (!BN_set_word(a_plus_3, 3))	188	if (!BN_set_word(a_plus_3, 3))
189	goto err;	189	goto err;
190	if (!BN_mod_add(a_plus_3, a_plus_3, a, &group->field, ctx))	190	if (!BN_mod_add(a_plus_3, a_plus_3, a, &group->p, ctx))
191	goto err;	191	goto err;
192		192
193	group->a_is_minus3 = BN_is_zero(a_plus_3);	193	group->a_is_minus3 = BN_is_zero(a_plus_3);
@@ -205,7 +205,7 @@ ec_group_get_curve(const EC_GROUP group, BIGNUM p, BIGNUM a, BIGNUM b,
205	BN_CTX *ctx)	205	BN_CTX *ctx)
206	{	206	{
207	if (p != NULL) {	207	if (p != NULL) {
208	if (!bn_copy(p, &group->field))	208	if (!bn_copy(p, &group->p))
209	return 0;	209	return 0;
210	}	210	}
211	if (!ec_decode_scalar(group, a, &group->a, ctx))	211	if (!ec_decode_scalar(group, a, &group->a, ctx))
@@ -219,7 +219,7 @@ ec_group_get_curve(const EC_GROUP group, BIGNUM p, BIGNUM a, BIGNUM b,
219	static int	219	static int
220	ec_group_get_degree(const EC_GROUP *group)	220	ec_group_get_degree(const EC_GROUP *group)
221	{	221	{
222	return BN_num_bits(&group->field);	222	return BN_num_bits(&group->p);
223	}	223	}
224		224
225	static int	225	static int
@@ -375,7 +375,7 @@ ec_point_get_affine_coordinates(const EC_GROUP group, const EC_POINT point,
375	goto done;	375	goto done;
376	}	376	}
377		377
378	if (BN_mod_inverse_ct(Z_1, z, &group->field, ctx) == NULL) {	378	if (BN_mod_inverse_ct(Z_1, z, &group->p, ctx) == NULL) {
379	ECerror(ERR_R_BN_LIB);	379	ECerror(ERR_R_BN_LIB);
380	goto err;	380	goto err;
381	}	381	}
@@ -384,7 +384,7 @@ ec_point_get_affine_coordinates(const EC_GROUP group, const EC_POINT point,
384	if (!group->meth->field_sqr(group, Z_2, Z_1, ctx))	384	if (!group->meth->field_sqr(group, Z_2, Z_1, ctx))
385	goto err;	385	goto err;
386	} else {	386	} else {
387	if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx))	387	if (!BN_mod_sqr(Z_2, Z_1, &group->p, ctx))
388	goto err;	388	goto err;
389	}	389	}
390		390
@@ -402,7 +402,7 @@ ec_point_get_affine_coordinates(const EC_GROUP group, const EC_POINT point,
402	if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx))	402	if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx))
403	goto err;	403	goto err;
404	} else {	404	} else {
405	if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx))	405	if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->p, ctx))
406	goto err;	406	goto err;
407	}	407	}
408		408
@@ -427,7 +427,7 @@ static int
427	ec_set_compressed_coordinates(const EC_GROUP group, EC_POINT point,	427	ec_set_compressed_coordinates(const EC_GROUP group, EC_POINT point,
428	const BIGNUM in_x, int y_bit, BN_CTX ctx)	428	const BIGNUM in_x, int y_bit, BN_CTX ctx)
429	{	429	{
430	const BIGNUM p = &group->field, a = &group->a, *b = &group->b;	430	const BIGNUM p = &group->p, a = &group->a, *b = &group->b;
431	BIGNUM w, x, *y;	431	BIGNUM w, x, *y;
432	int ret = 0;	432	int ret = 0;
433		433
@@ -500,7 +500,7 @@ ec_set_compressed_coordinates(const EC_GROUP group, EC_POINT point,
500	ECerror(EC_R_INVALID_COMPRESSION_BIT);	500	ECerror(EC_R_INVALID_COMPRESSION_BIT);
501	goto err;	501	goto err;
502	}	502	}
503	if (!BN_usub(y, &group->field, y))	503	if (!BN_usub(y, &group->p, y))
504	goto err;	504	goto err;
505		505
506	if (y_bit != BN_is_odd(y)) {	506	if (y_bit != BN_is_odd(y)) {
@@ -540,7 +540,7 @@ ec_add(const EC_GROUP group, EC_POINT r, const EC_POINT a, const EC_POINT b,
540		540
541	field_mul = group->meth->field_mul;	541	field_mul = group->meth->field_mul;
542	field_sqr = group->meth->field_sqr;	542	field_sqr = group->meth->field_sqr;
543	p = &group->field;	543	p = &group->p;
544		544
545	BN_CTX_start(ctx);	545	BN_CTX_start(ctx);
546		546
@@ -718,7 +718,7 @@ ec_dbl(const EC_GROUP group, EC_POINT r, const EC_POINT a, BN_CTX ctx)
718		718
719	field_mul = group->meth->field_mul;	719	field_mul = group->meth->field_mul;
720	field_sqr = group->meth->field_sqr;	720	field_sqr = group->meth->field_sqr;
721	p = &group->field;	721	p = &group->p;
722		722
723	BN_CTX_start(ctx);	723	BN_CTX_start(ctx);
724		724
@@ -845,7 +845,7 @@ ec_invert(const EC_GROUP group, EC_POINT point, BN_CTX *ctx)
845	/* point is its own inverse */	845	/* point is its own inverse */
846	return 1;	846	return 1;
847		847
848	return BN_usub(&point->Y, &group->field, &point->Y);	848	return BN_usub(&point->Y, &group->p, &point->Y);
849	}	849	}
850		850
851	static int	851	static int
@@ -862,7 +862,7 @@ ec_is_on_curve(const EC_GROUP group, const EC_POINT point, BN_CTX *ctx)
862		862
863	field_mul = group->meth->field_mul;	863	field_mul = group->meth->field_mul;
864	field_sqr = group->meth->field_sqr;	864	field_sqr = group->meth->field_sqr;
865	p = &group->field;	865	p = &group->p;
866		866
867	BN_CTX_start(ctx);	867	BN_CTX_start(ctx);
868		868
@@ -1130,7 +1130,7 @@ ec_points_make_affine(const EC_GROUP group, size_t num, EC_POINT points[],
1130	* Now use a single explicit inversion to replace every non-zero	1130	* Now use a single explicit inversion to replace every non-zero
1131	* points[i]->Z by its inverse.	1131	* points[i]->Z by its inverse.
1132	*/	1132	*/
1133	if (!BN_mod_inverse_nonct(tmp, prod_Z[num - 1], &group->field, ctx)) {	1133	if (!BN_mod_inverse_nonct(tmp, prod_Z[num - 1], &group->p, ctx)) {
1134	ECerror(ERR_R_BN_LIB);	1134	ECerror(ERR_R_BN_LIB);
1135	goto err;	1135	goto err;
1136	}	1136	}
@@ -1214,13 +1214,13 @@ static int
1214	ec_field_mul(const EC_GROUP group, BIGNUM r, const BIGNUM a, const BIGNUM b,	1214	ec_field_mul(const EC_GROUP group, BIGNUM r, const BIGNUM a, const BIGNUM b,
1215	BN_CTX *ctx)	1215	BN_CTX *ctx)
1216	{	1216	{
1217	return BN_mod_mul(r, a, b, &group->field, ctx);	1217	return BN_mod_mul(r, a, b, &group->p, ctx);
1218	}	1218	}
1219		1219
1220	static int	1220	static int
1221	ec_field_sqr(const EC_GROUP group, BIGNUM r, const BIGNUM a, BN_CTX ctx)	1221	ec_field_sqr(const EC_GROUP group, BIGNUM r, const BIGNUM a, BN_CTX ctx)
1222	{	1222	{
1223	return BN_mod_sqr(r, a, &group->field, ctx);	1223	return BN_mod_sqr(r, a, &group->p, ctx);
1224	}	1224	}
1225		1225
1226	/*	1226	/*
@@ -1228,7 +1228,7 @@ ec_field_sqr(const EC_GROUP group, BIGNUM r, const BIGNUM a, BN_CTX ctx)
1228	*	1228	*
1229	* (X, Y, Z) = (lambda^2 * X, lambda^3 * Y, lambda * Z)	1229	* (X, Y, Z) = (lambda^2 * X, lambda^3 * Y, lambda * Z)
1230	*	1230	*
1231	* where lambda is in the interval [1, group->field).	1231	* where lambda is in the interval [1, p).
1232	*/	1232	*/
1233	static int	1233	static int
1234	ec_blind_coordinates(const EC_GROUP group, EC_POINT p, BN_CTX *ctx)	1234	ec_blind_coordinates(const EC_GROUP group, EC_POINT p, BN_CTX *ctx)
@@ -1243,8 +1243,8 @@ ec_blind_coordinates(const EC_GROUP group, EC_POINT p, BN_CTX *ctx)
1243	if ((tmp = BN_CTX_get(ctx)) == NULL)	1243	if ((tmp = BN_CTX_get(ctx)) == NULL)
1244	goto err;	1244	goto err;
1245		1245
1246	/* Generate lambda in [1, group->field). */	1246	/* Generate lambda in [1, p). */
1247	if (!bn_rand_interval(lambda, 1, &group->field))	1247	if (!bn_rand_interval(lambda, 1, &group->p))
1248	goto err;	1248	goto err;
1249		1249
1250	if (group->meth->field_encode != NULL &&	1250	if (group->meth->field_encode != NULL &&
@@ -1392,7 +1392,7 @@ ec_mul_ct(const EC_GROUP group, EC_POINT r, const BIGNUM *scalar,
1392	if (!BN_swap_ct(kbit, k, lambda, group_top + 2))	1392	if (!BN_swap_ct(kbit, k, lambda, group_top + 2))
1393	goto err;	1393	goto err;
1394		1394
1395	group_top = group->field.top;	1395	group_top = group->p.top;
1396	if (!bn_wexpand(&s->X, group_top) \|\|	1396	if (!bn_wexpand(&s->X, group_top) \|\|
1397	!bn_wexpand(&s->Y, group_top) \|\|	1397	!bn_wexpand(&s->Y, group_top) \|\|
1398	!bn_wexpand(&s->Z, group_top) \|\|	1398	!bn_wexpand(&s->Z, group_top) \|\|