From dcaf99ebb82f74e9371abcf9521fec428c14d405 Mon Sep 17 00:00:00 2001
From: Gabor Mezei <gabor.mezei@arm.com>
Date: Tue, 2 May 2023 13:59:57 +0200
Subject: [PATCH] Add another round in the Koblitz reduction

The addition can result in an overflow so another round is needed
in the reduction.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
---
 library/ecp_curves.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index db35e966cd..47f1b347d1 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -5571,7 +5571,7 @@ static inline int ecp_mod_koblitz(mbedtls_mpi_uint *X,
         mask  = ((mbedtls_mpi_uint) 1 << shift) - 1;
     }
 
-    for (size_t pass = 0; pass < 2; pass++) {
+    for (size_t pass = 0; pass < 3; pass++) {
         /* Copy A1 */
         memcpy(A1, X + P_limbs - adjust, P_limbs * ciL);