bn_nist.c: remove unreachable BN_BITS2 == 64

The block in BN_nist_mod_224() is gated by

  #if defined(NIST_INT64) && BN_BITS2 != 64

so the #if

  #if BN_BITS2 == 64
          rp[7] = carry;
  #endif

is unreachable. Remove it.

The code is actualy relic of an earlier design where the NIST_INT64
accumulator path was meant 64-bit too.

Disabling 64-bit path above with BN_BITS2 != 64 resulted in
#if BN_BITS2 == 64 was left unreachable

The outer condition is correct, it is meant to be 32bit only,
otherwise it would need to introduce load_u32/store_lo32 as in other
functions to avoid clang strict-aliasing optimizer issues.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Thu May  7 20:11:12 2026
(Merged from https://github.com/openssl/openssl/pull/31076)

diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c
index aa084996e47beaa6259c4f9d3d2a2fd07fe46c94..a4cea81adc4e81d113271124827ae93886a75058 100644 (file)
--- a/crypto/bn/bn_nist.c
+++ b/crypto/bn/bn_nist.c
@@ -585,9 +585,6 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         rp[6] = (unsigned int)acc;
 
         carry = (int)(acc >> 32);
-#if BN_BITS2 == 64
-        rp[7] = carry;
-#endif
     }
 #else
     {