Fixed carry propagation bug in P-256 'm62' implementation (found by Auke Zeilstra...

[BearSSL] / src / rsa / rsa_i15_keygen.c

diff --git a/src/rsa/rsa_i15_keygen.c b/src/rsa/rsa_i15_keygen.c
index 0f4435f..e8da419 100644 (file)
--- a/src/rsa/rsa_i15_keygen.c
+++ b/src/rsa/rsa_i15_keygen.c
@@ -318,9 +318,9 @@ mkprime(const br_prng_class **rng, uint16_t *x, uint32_t esize,
                        continue;
                }
                if ((pubexp == 3 && m3 == 1)
-                       || (pubexp == 5 && m5 == 5)
-                       || (pubexp == 7 && m5 == 7)
-                       || (pubexp == 11 && m5 == 11))
+                       || (pubexp == 5 && m5 == 1)
+                       || (pubexp == 7 && m7 == 1)
+                       || (pubexp == 11 && m11 == 1))
                {
                        continue;
                }
@@ -435,8 +435,8 @@ bufswap(void *b1, void *b2, size_t len)
 /* see bearssl_rsa.h */
 uint32_t
 br_rsa_i15_keygen(const br_prng_class **rng,
-       br_rsa_private_key *sk, unsigned char *kbuf_priv,
-       br_rsa_public_key *pk, unsigned char *kbuf_pub,
+       br_rsa_private_key *sk, void *kbuf_priv,
+       br_rsa_public_key *pk, void *kbuf_pub,
        unsigned size, uint32_t pubexp)
 {
        uint32_t esize_p, esize_q;