Re: [PATCH v2] crypto: ecc - Fix carry overflow in vli multiplication

Next message: Muchun Song: "[PATCH v2 65/69] mm/mm_init: Make __init_single_page() static"
Previous message: Steven Price: "[PATCH v14 08/44] arm64: RMI: Ensure that the RMM has GPT entries for memory"
In reply to: David Laight: "Re: [PATCH v2] crypto: ecc - Fix carry overflow in vli multiplication"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Lukas Wunner

Date: Wed May 13 2026 - 10:36:40 EST

On Wed, May 13, 2026 at 01:57:40PM +0300, Anastasia Tishchenko wrote:
> The carry flag calculation fails when r01.m_high is saturated
> (0xFFFFFFFFFFFFFFFF) and addition of lower bits overflows.
>
> The condition (r01.m_high < product.m_high) doesn't handle the case
> where r01.m_high == product.m_high and an additional carry exists
> from lower-bit overflow.
>
> When commit 3c4b23901a0c ("crypto: ecdh - Add ECDH software support")
> introduced crypto/ecc.c, it split the muladd() function in the
> micro-ecc library into separate mul_64_64() and add_128_128() helpers.
> It seems the check got lost in translation.
>
> Add proper handling for this boundary by accounting for the carry
> from the lower addition.
>
> Fixes: 3c4b23901a0c ("crypto: ecdh - Add ECDH software support")
> Signed-off-by: Anastasia Tishchenko <sv3iry@xxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx # v4.8+

Reviewed-by: Lukas Wunner <lukas@xxxxxxxxx>