Fixed carry propagation bug in P-256 'm62' implementation (found by Auke Zeilstra...

[BearSSL] / src / int / i15_modpow2.c

diff --git a/src/int/i15_modpow2.c b/src/int/i15_modpow2.c
index 37073a4..4b32118 100644 (file)
--- a/src/int/i15_modpow2.c
+++ b/src/int/i15_modpow2.c
@@ -134,11 +134,11 @@ br_i15_modpow_opt(uint16_t *x,
                        br_i15_zero(t2, m[0]);
                        base = t2 + mwlen;
                        for (u = 1; u < ((uint32_t)1 << k); u ++) {
-                               uint32_t m;
+                               uint32_t mask;
 
-                               m = -EQ(u, bits);
+                               mask = -EQ(u, bits);
                                for (v = 1; v < mwlen; v ++) {
-                                       t2[v] |= m & base[v];
+                                       t2[v] |= mask & base[v];
                                }
                                base += mwlen;
                        }