X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=src%2Fec%2Fec_c25519_m31.c;h=95f127576f06c7bfd77e5c25d7de89b424e9138a;hp=b2496343cce1e3835e0d882f23b753b96f9d4945;hb=52a69fe3dee1c825ce2901043de3b4f600f36905;hpb=fd98320c82b02ded99cc8f01a7510366def3bbeb

diff --git a/src/ec/ec_c25519_m31.c b/src/ec/ec_c25519_m31.c
index b249634..95f1275 100644
--- a/src/ec/ec_c25519_m31.c
+++ b/src/ec/ec_c25519_m31.c
@@ -623,11 +623,11 @@ api_mul(unsigned char *G, size_t Glen,
 	memset(z3, 0, sizeof z3);
 	z3[0] = 1;
 
-	memcpy(k, kb, kblen);
-	memset(k + kblen, 0, (sizeof k) - kblen);
-	k[0] &= 0xF8;
-	k[31] &= 0x7F;
-	k[31] |= 0x40;
+	memset(k, 0, (sizeof k) - kblen);
+	memcpy(k + (sizeof k) - kblen, kb, kblen);
+	k[31] &= 0xF8;
+	k[0] &= 0x7F;
+	k[0] |= 0x40;
 
 	/* obsolete
 	print_int("x1", x1);
@@ -637,7 +637,7 @@ api_mul(unsigned char *G, size_t Glen,
 	for (i = 254; i >= 0; i --) {
 		uint32_t kt;
 
-		kt = (k[i >> 3] >> (i & 7)) & 1;
+		kt = (k[31 - (i >> 3)] >> (i & 7)) & 1;
 		swap ^= kt;
 		cswap(x2, x3, swap);
 		cswap(z2, z3, swap);