5197     mbedtls_mpi M;  in ecp_mod_p521()  local
5208     M.s = 1;  in ecp_mod_p521()
5209     M.n = N->n - (P521_WIDTH - 1);  in ecp_mod_p521()
5210     if (M.n > P521_WIDTH + 1) {  in ecp_mod_p521()
5211         M.n = P521_WIDTH + 1;  in ecp_mod_p521()
5213     M.p = Mp;  in ecp_mod_p521()
5214     memcpy(Mp, N->p + P521_WIDTH - 1, M.n * sizeof(mbedtls_mpi_uint));  in ecp_mod_p521()
5215     MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, 521 % (8 * sizeof(mbedtls_mpi_uint))));  in ecp_mod_p521()
5224     MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));  in ecp_mod_p521()
5299     mbedtls_mpi M, Q;  in ecp_mod_p448()  local
5307     M.s = 1;  in ecp_mod_p448()
5308     M.n = N->n - (P448_WIDTH);  in ecp_mod_p448()
5309     if (M.n > P448_WIDTH) {  in ecp_mod_p448()
5313     M.p = Mp;  in ecp_mod_p448()
5315     memcpy(Mp, N->p + P448_WIDTH, M.n * sizeof(mbedtls_mpi_uint));  in ecp_mod_p448()
5323     MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M));  in ecp_mod_p448()
5326     Q = M;  in ecp_mod_p448()
5336     for (i = P224_WIDTH_MAX; i < M.n; ++i) {  in ecp_mod_p448()
5339     MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&M, &M, &Q));  in ecp_mod_p448()
5340     M.n = P448_WIDTH + 1; /* Make room for shifted carry bit from the addition */  in ecp_mod_p448()
5341     MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&M, 224));  in ecp_mod_p448()
5342     MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M));  in ecp_mod_p448()
5366     mbedtls_mpi M, R;  in ecp_mod_koblitz()  local
5379     M.s = 1;  in ecp_mod_koblitz()
5380     M.p = Mp;  in ecp_mod_koblitz()
5383     M.n = (unsigned short) (N->n - (p_limbs - adjust));  in ecp_mod_koblitz()
5384     if (M.n > p_limbs + adjust) {  in ecp_mod_koblitz()
5385         M.n = (unsigned short) (p_limbs + adjust);  in ecp_mod_koblitz()
5388     memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));  in ecp_mod_koblitz()
5390         MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));  in ecp_mod_koblitz()
5392     M.n += R.n; /* Make room for multiplication by R */  in ecp_mod_koblitz()
5403     MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R));  in ecp_mod_koblitz()
5404     MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));  in ecp_mod_koblitz()
5409     M.n = (unsigned short) (N->n - (p_limbs - adjust));  in ecp_mod_koblitz()
5410     if (M.n > p_limbs + adjust) {  in ecp_mod_koblitz()
5411         M.n = (unsigned short) (p_limbs + adjust);  in ecp_mod_koblitz()
5414     memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));  in ecp_mod_koblitz()
5416         MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));  in ecp_mod_koblitz()
5418     M.n += R.n; /* Make room for multiplication by R */  in ecp_mod_koblitz()
5429     MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R));  in ecp_mod_koblitz()
5430     MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));  in ecp_mod_koblitz()