From e4dc3bf0bde70b038df61eff6384e55edae8e4c7 Mon Sep 17 00:00:00 2001
From: dkostic <dkostic@amazon.com>
Date: Mon, 2 Oct 2023 15:23:48 -0700
Subject: [PATCH] Add constant_time_declassify to p384/521 as well

---
 crypto/fipsmodule/ec/p384.c | 4 ++--
 crypto/fipsmodule/ec/p521.c | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/crypto/fipsmodule/ec/p384.c b/crypto/fipsmodule/ec/p384.c
index 40b0090943..42f1ee4399 100644
--- a/crypto/fipsmodule/ec/p384.c
+++ b/crypto/fipsmodule/ec/p384.c
@@ -454,7 +454,7 @@ static void p384_point_add(p384_felem x3, p384_felem y3, p384_felem z3,
   p384_limb_t is_nontrivial_double = constant_time_is_zero_w(xneq | yneq) &
                                     ~constant_time_is_zero_w(z1nz) &
                                     ~constant_time_is_zero_w(z2nz);
-  if (is_nontrivial_double) {
+  if (constant_time_declassify_w(is_nontrivial_double)) {
     p384_point_double(x3, y3, z3, x1, y1, z1);
     return;
   }
@@ -502,7 +502,7 @@ static int ec_GFp_nistp384_point_get_affine_coordinates(
     const EC_GROUP *group, const EC_JACOBIAN *point,
     EC_FELEM *x_out, EC_FELEM *y_out) {
 
-  if (ec_GFp_simple_is_at_infinity(group, point)) {
+  if (constant_time_declassify_w(ec_GFp_simple_is_at_infinity(group, point))) {
     OPENSSL_PUT_ERROR(EC, EC_R_POINT_AT_INFINITY);
     return 0;
   }
diff --git a/crypto/fipsmodule/ec/p521.c b/crypto/fipsmodule/ec/p521.c
index b467284790..ea5982c26e 100644
--- a/crypto/fipsmodule/ec/p521.c
+++ b/crypto/fipsmodule/ec/p521.c
@@ -461,7 +461,7 @@ static void p521_point_add(p521_felem x3, p521_felem y3, p521_felem z3,
   p521_limb_t is_nontrivial_double = constant_time_is_zero_w(xneq | yneq) &
                                     ~constant_time_is_zero_w(z1nz) &
                                     ~constant_time_is_zero_w(z2nz);
-  if (is_nontrivial_double) {
+  if (constant_time_declassify_w(is_nontrivial_double)) {
     p521_point_double(x3, y3, z3, x1, y1, z1);
     return;
   }
@@ -509,7 +509,7 @@ static int ec_GFp_nistp521_point_get_affine_coordinates(
     const EC_GROUP *group, const EC_JACOBIAN *point,
     EC_FELEM *x_out, EC_FELEM *y_out) {
 
-  if (ec_GFp_simple_is_at_infinity(group, point)) {
+  if (constant_time_declassify_w(ec_GFp_simple_is_at_infinity(group, point))) {
     OPENSSL_PUT_ERROR(EC, EC_R_POINT_AT_INFINITY);
     return 0;
   }