Add another round in the Koblitz reduction
The addition can result in an overflow so another round is needed in the reduction. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
This commit is contained in:
parent
e06d863267
commit
dcaf99ebb8
1 changed files with 1 additions and 1 deletions
|
@ -5571,7 +5571,7 @@ static inline int ecp_mod_koblitz(mbedtls_mpi_uint *X,
|
|||
mask = ((mbedtls_mpi_uint) 1 << shift) - 1;
|
||||
}
|
||||
|
||||
for (size_t pass = 0; pass < 2; pass++) {
|
||||
for (size_t pass = 0; pass < 3; pass++) {
|
||||
/* Copy A1 */
|
||||
memcpy(A1, X + P_limbs - adjust, P_limbs * ciL);
|
||||
|
||||
|
|
Loading…
Reference in a new issue