4570     ecp_mpi_load(&grp->N, n, nlen);  in ecp_group_load()
4577     grp->nbits = mbedtls_mpi_bitlen(&grp->N);  in ecp_group_load()
4678     MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&grp->N,  in ecp_use_curve25519()
4680     MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&grp->N, 252, 1));  in ecp_use_curve25519()
4738     MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&grp->N, 446, 1));  in ecp_use_curve448()
4741     MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&grp->N, &grp->N, &Ns));  in ecp_use_curve448()
4901 #define A(i)      N->p + (i) * WIDTH
4909 static int ecp_mod_p192(mbedtls_mpi *N)  in ecp_mod_p192()  argument
4916     MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, 6 * WIDTH));  in ecp_mod_p192()
4918     p = N->p;  in ecp_mod_p192()
4919     end = p + N->n;  in ecp_mod_p192()
4959 #define MAX32       N->n
4960 #define A(j)      N->p[j]
4961 #define STORE32     N->p[i] = cur;
4965 #define MAX32       N->n * 2
4966 #define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \
4967     (uint32_t) (N->p[(j)/2])
4970         N->p[i/2] &= 0x00000000FFFFFFFF;          \
4971         N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32;        \
4973         N->p[i/2] &= 0xFFFFFFFF00000000;          \
4974         N->p[i/2] |= (mbedtls_mpi_uint) cur;                \
5007     MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, (b) * 2 / biL + 1));      \
5022     if (c < 0) mbedtls_ecp_fix_negative(N, c, bits);
5028 static void mbedtls_ecp_fix_negative(mbedtls_mpi *N, signed char c, size_t bits)  in mbedtls_ecp_fix_negative()  argument
5036         N->p[i] = ~(mbedtls_mpi_uint) 0 - N->p[i];  in mbedtls_ecp_fix_negative()
5041         ++N->p[i];  in mbedtls_ecp_fix_negative()
5042     } while (N->p[i++] == 0 && i <= bits / 8 / sizeof(mbedtls_mpi_uint));  in mbedtls_ecp_fix_negative()
5045     N->s = -1;  in mbedtls_ecp_fix_negative()
5055     N->p[bits / 8 / sizeof(mbedtls_mpi_uint)] += msw;  in mbedtls_ecp_fix_negative()
5062 static int ecp_mod_p224(mbedtls_mpi *N)  in ecp_mod_p224()  argument
5083 static int ecp_mod_p256(mbedtls_mpi *N)  in ecp_mod_p256()  argument
5120 static int ecp_mod_p384(mbedtls_mpi *N)  in ecp_mod_p384()  argument
5193 static int ecp_mod_p521(mbedtls_mpi *N)  in ecp_mod_p521()  argument
5203     if (N->n < P521_WIDTH) {  in ecp_mod_p521()
5209     M.n = N->n - (P521_WIDTH - 1);  in ecp_mod_p521()
5214     memcpy(Mp, N->p + P521_WIDTH - 1, M.n * sizeof(mbedtls_mpi_uint));  in ecp_mod_p521()
5218     N->p[P521_WIDTH - 1] &= P521_MASK;  in ecp_mod_p521()
5219     for (i = P521_WIDTH; i < N->n; i++) {  in ecp_mod_p521()
5220         N->p[i] = 0;  in ecp_mod_p521()
5224     MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));  in ecp_mod_p521()
5245 static int ecp_mod_p255(mbedtls_mpi *N)  in ecp_mod_p255()  argument
5250     mbedtls_mpi_uint * const NT_p = N->p + P255_WIDTH;  in ecp_mod_p255()
5251     const size_t NT_n = N->n - P255_WIDTH;  in ecp_mod_p255()
5252     if (N->n <= P255_WIDTH) {  in ecp_mod_p255()
5264     mbedtls_mpi_core_mla(N->p, P255_WIDTH + 1,  in ecp_mod_p255()
5295 static int ecp_mod_p448(mbedtls_mpi *N)  in ecp_mod_p448()  argument
5302     if (N->n <= P448_WIDTH) {  in ecp_mod_p448()
5308     M.n = N->n - (P448_WIDTH);  in ecp_mod_p448()
5315     memcpy(Mp, N->p + P448_WIDTH, M.n * sizeof(mbedtls_mpi_uint));  in ecp_mod_p448()
5318     for (i = P448_WIDTH; i < N->n; i++) {  in ecp_mod_p448()
5319         N->p[i] = 0;  in ecp_mod_p448()
5323     MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M));  in ecp_mod_p448()
5330     MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &Q));  in ecp_mod_p448()
5342     MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M));  in ecp_mod_p448()
5361 static inline int ecp_mod_koblitz(mbedtls_mpi *N, const mbedtls_mpi_uint *Rp, size_t p_limbs,  in ecp_mod_koblitz()  argument
5369     if (N->n < p_limbs) {  in ecp_mod_koblitz()
5383     M.n = (unsigned short) (N->n - (p_limbs - adjust));  in ecp_mod_koblitz()
5388     memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));  in ecp_mod_koblitz()
5396         N->p[p_limbs - 1] &= mask;  in ecp_mod_koblitz()
5398     for (i = p_limbs; i < N->n; i++) {  in ecp_mod_koblitz()
5399         N->p[i] = 0;  in ecp_mod_koblitz()
5404     MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));  in ecp_mod_koblitz()
5409     M.n = (unsigned short) (N->n - (p_limbs - adjust));  in ecp_mod_koblitz()
5414     memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));  in ecp_mod_koblitz()
5422         N->p[p_limbs - 1] &= mask;  in ecp_mod_koblitz()
5424     for (i = p_limbs; i < N->n; i++) {  in ecp_mod_koblitz()
5425         N->p[i] = 0;  in ecp_mod_koblitz()
5430     MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));  in ecp_mod_koblitz()
5444 static int ecp_mod_p192k1(mbedtls_mpi *N)  in ecp_mod_p192k1()  argument
5451     return ecp_mod_koblitz(N, Rp, 192 / 8 / sizeof(mbedtls_mpi_uint), 0, 0,  in ecp_mod_p192k1()
5461 static int ecp_mod_p224k1(mbedtls_mpi *N)  in ecp_mod_p224k1()  argument
5469     return ecp_mod_koblitz(N, Rp, 4, 1, 32, 0xFFFFFFFF);  in ecp_mod_p224k1()
5471     return ecp_mod_koblitz(N, Rp, 224 / 8 / sizeof(mbedtls_mpi_uint), 0, 0,  in ecp_mod_p224k1()
5483 static int ecp_mod_p256k1(mbedtls_mpi *N)  in ecp_mod_p256k1()  argument
5489     return ecp_mod_koblitz(N, Rp, 256 / 8 / sizeof(mbedtls_mpi_uint), 0, 0,  in ecp_mod_p256k1()