commit 9137b9c5879f521346289384aff2aeced35bf2a6
author Hanno Becker <hanno.becker@arm.com> Tue Apr 12 10:51:54 2022 +0100
committer Hanno Becker <hanno.becker@arm.com> Tue Apr 12 11:01:58 2022 +0100
tree a94b36d0c3fc71dee71842d6a8a605a19154fc76
parent 808e666eeef4097ddf22618c0f54f37953033441

Note alternative implementation strategy in mbedtls_mpi_mul_int()

Signed-off-by: Hanno Becker <hanno.becker@arm.com>

library/bignum.c

diff --git a/library/bignum.c b/library/bignum.c
index b177707..acdb230 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1504,7 +1504,10 @@
      * making the call to grow() unconditional causes slightly fewer
      * calls to calloc() in ECP code, presumably because it reuses the
      * same mpi for a while and this way the mpi is more likely to directly
-     * grow to its final size. */
+     * grow to its final size.
+     *
+     * Note that calculating A*b as 0 + A*b doesn't work as-is because
+     * A,X can be the same. */
     MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, A->n + 1 ) );
     MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) );
     mbedtls_mpi_core_mla( X->p, X->n, A->p, A->n, b - 1 );