diff --git a/x25519.c b/x25519.c
index 5033b97..991b800 100644
--- a/x25519.c
+++ b/x25519.c
@@ -91,12 +91,12 @@ static void add(fe out, const fe a, const fe b) {
 
 static void sub(fe out, const fe a, const fe b) {
     unsigned i;
-    sdlimb_t carry = -38;
+    sdlimb_t carry = -76;
     for (i=0; i<NLIMBS; i++) {
         out[i] = carry = carry + a[i] - b[i];
         carry >>= X25519_WBITS;
     }
-    propagate(out,1+carry);
+    propagate(out,2+carry);
 }
 
 static void __attribute__((unused))
@@ -117,7 +117,7 @@ swapout(uint8_t *out, limb_t *x) {
     memcpy(out,x,sizeof(fe));
 }
 
-static void mul(fe out, const fe a, const fe b, unsigned nb) {
+static void mul(fe out, const fe a, const limb_t b[], unsigned nb) {
     /* GCC at least produces pretty decent asm for this, so don't need to have dedicated asm. */
     limb_t accum[2*NLIMBS] = {0};
     unsigned i,j;