Add another round in the Koblitz reduction The addition can result in an overflow so another round is needed in the reduction. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>

commit: dcaf99ebb82f74e9371abcf9521fec428c14d405 [log] [tgz]
author: Gabor Mezei <gabor.mezei@arm.com> Tue May 02 13:59:57 2023 +0200
committer: Gabor Mezei <gabor.mezei@arm.com> Fri May 12 12:34:05 2023 +0200
tree: c72052ff499bf03b3ea0d73ef3e6fa464fd1a1d9
parent: e06d8632677b4c90af99f4da285577e56b67da5c [diff]
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index db35e96..47f1b34 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c

@@ -5571,7 +5571,7 @@
         mask  = ((mbedtls_mpi_uint) 1 << shift) - 1;
     }
 
-    for (size_t pass = 0; pass < 2; pass++) {
+    for (size_t pass = 0; pass < 3; pass++) {
         /* Copy A1 */
         memcpy(A1, X + P_limbs - adjust, P_limbs * ciL);
commit	dcaf99ebb82f74e9371abcf9521fec428c14d405	[log] [tgz]
author	Gabor Mezei <gabor.mezei@arm.com>	Tue May 02 13:59:57 2023 +0200
committer	Gabor Mezei <gabor.mezei@arm.com>	Fri May 12 12:34:05 2023 +0200
tree	c72052ff499bf03b3ea0d73ef3e6fa464fd1a1d9
parent	e06d8632677b4c90af99f4da285577e56b67da5c [diff]