On Fri, Sep 13, 2024 at 09:59:22AM +0200, Sascha Hauer wrote:
> +++ b/crypto/ecc.c
[...]
> + for (i = min; i <= k && i < ndigits; i++) {
> + uint128_t product;
> +
> + product = mul_64_64(left[i], right[k - i]);
> +
> + r01 = add_128_128(r01, product);
> + r2 += (r01.m_high < product.m_high);
> + }
Heads-up, this barebox code was copy-pasted from the kernel,
which in turn copy-pasted it from Ken MacKay's micro-ecc
library. The kernel version has a bug in carry handling
which barebox inherited:
https://lore.kernel.org/r/[email protected]/
There might be further bugs that were fixed in the kernel but
not in barebox.
Thanks,
Lukas
