Fix number of loop iterations in mbedtls_deduce_primes

The number of loop iterations per candidate in `mbedtls_deduce_primes` was off by one. This commit corrects this and removes a toy non-example from the RSA test suite, as it seems difficult to have the function fail on small values of N even if D,E are corrupted.
2017-10-11 15:53:02 +01:00 · 2017-10-11 15:53:02 +01:00 · 7643d4e30c
commit 7643d4e30c
parent 14a00c0578
2 changed files with 1 additions and 4 deletions
--- a/library/rsa_internal.c
+++ b/library/rsa_internal.c
@ -148,7 +148,7 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N,
                             Q /* temporarily use Q for storing Montgomery
                                * multiplication helper values */ ) );

-        for( iter = 1; iter < order; ++iter )
+        for( iter = 1; iter <= order; ++iter )
        {
            MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &K, &K, 1 ) );
            MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) );