Fix accumulated index comments in felem_inv for p521

Comments in felem_inv refer to the logarithm with respect to in of the
element that has just been computed. The last two such annotations are
incorrect. By Fermat's last theorem, we hope to compute in^(p-2) in
GF(2^521-1), as such we expect the final index we reach to be 2^521-3.

CLA: Trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19765)

diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c
index 484c42eac9ec0c8624f9b8f2c58c2a1b17ee98f7..cc2243a8b33797e4c2e3937a9c835f56af92bd3b 100644 (file)
--- a/crypto/ec/ecp_nistp521.c
+++ b/crypto/ec/ecp_nistp521.c
@@ -843,9 +843,9 @@ static void felem_inv(felem out, const felem in)
         felem_reduce(ftmp3, tmp); /* 2^521 - 2^9 */
     }
     felem_mul(tmp, ftmp3, ftmp4);
-    felem_reduce(ftmp3, tmp);   /* 2^512 - 2^2 */
+    felem_reduce(ftmp3, tmp);   /* 2^521 - 2^2 */
     felem_mul(tmp, ftmp3, in);
-    felem_reduce(out, tmp);     /* 2^512 - 3 */
+    felem_reduce(out, tmp);     /* 2^521 - 3 */
 }
 
 /* This is 2^521-1, expressed as an felem */