Fix accumulated index comments in felem_inv for p521

Comments in felem_inv refer to the logarithm with respect to in of the element that has just been computed. The last two such annotations are incorrect. By Fermat's last theorem, we hope to compute in^(p-2) in GF(2^521-1), as such we expect the final index we reach to be 2^521-3. CLA: Trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19765)
author: Rohan McLure <rmclure@linux.ibm.com> 2022-11-25 14:42:12 +1100
committer: Hugo Landau <hlandau@openssl.org> 2022-11-28 09:53:00 +0000
commit: 055d029610712a281aed0c23ddd3c8f4dbf40f80 (patch)
tree: e209067bb929f577f697342b6e2499a87a35a717 /crypto/ec
parent: d5e1fe9c04c7eb28e21070e3dfe0d2242504a9bc (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c
index 484c42eac9..cc2243a8b3 100644
--- a/crypto/ec/ecp_nistp521.c
+++ b/crypto/ec/ecp_nistp521.c
@@ -843,9 +843,9 @@ static void felem_inv(felem out, const felem in)
         felem_reduce(ftmp3, tmp); /* 2^521 - 2^9 */
     }
     felem_mul(tmp, ftmp3, ftmp4);
-    felem_reduce(ftmp3, tmp);   /* 2^512 - 2^2 */
+    felem_reduce(ftmp3, tmp);   /* 2^521 - 2^2 */
     felem_mul(tmp, ftmp3, in);
-    felem_reduce(out, tmp);     /* 2^512 - 3 */
+    felem_reduce(out, tmp);     /* 2^521 - 3 */
 }
 
 /* This is 2^521-1, expressed as an felem */
author	Rohan McLure <rmclure@linux.ibm.com>	2022-11-25 14:42:12 +1100
committer	Hugo Landau <hlandau@openssl.org>	2022-11-28 09:53:00 +0000
commit	055d029610712a281aed0c23ddd3c8f4dbf40f80 (patch)
tree	e209067bb929f577f697342b6e2499a87a35a717 /crypto/ec
parent	d5e1fe9c04c7eb28e21070e3dfe0d2242504a9bc (diff)