projects / BearSSL / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fixed carry propagation bug in m64 impl for P-256.
[BearSSL] / src / ec / ec_p256_m62.c
diff --git a/src/ec/ec_p256_m62.c b/src/ec/ec_p256_m62.c
index 3bcb95b..a431790 100644 (file)
--- a/src/ec/ec_p256_m62.c
+++ b/src/ec/ec_p256_m62.c
@@ -580,7 +580,7 @@ f256_final_reduce(uint64_t *a)
        w = t[2] - cc;
        t[2] = w & MASK52;
        cc = w >> 63;
-       w = t[3] - BIT(36);
+       w = t[3] - BIT(36) - cc;
        t[3] = w & MASK52;
        cc = w >> 63;
        t[4] -= cc;
The BearSSL library and tools.