Fixed carry propagation bug in P-256 'm62' implementation (found by Auke Zeilstra...

[BearSSL] / src / rsa / rsa_i31_modulus.c

diff --git a/src/rsa/rsa_i31_modulus.c b/src/rsa/rsa_i31_modulus.c
index c469cf3..f5f997f 100644 (file)
--- a/src/rsa/rsa_i31_modulus.c
+++ b/src/rsa/rsa_i31_modulus.c
@@ -28,7 +28,7 @@
 size_t
 br_rsa_i31_compute_modulus(void *n, const br_rsa_private_key *sk)
 {
-       uint32_t tmp[2 * ((BR_MAX_RSA_SIZE + 30) / 31) + 5];
+       uint32_t tmp[4 * (((BR_MAX_RSA_SIZE / 2) + 30) / 31) + 5];
        uint32_t *t, *p, *q;
        const unsigned char *pbuf, *qbuf;
        size_t nlen, plen, qlen, tlen;