crypto: ecc - Add special case for NIST P521 in ecc_point_mult

In ecc_point_mult use the number of bits of the NIST P521 curve + 2. The
change is required specifically for NIST P521 to pass mathematical tests
on the public key.

Tested-by: Lukas Wunner <lukas@wunner.de>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/crypto/ecc.c b/crypto/ecc.c
index 8914e437f94b8bc136b93206b32b89172514a24f..d15ef0747a7679ed0b66ad43d41d8768d01db407 100644 (file)
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -1320,7 +1320,10 @@ static void ecc_point_mult(struct ecc_point *result,
        carry = vli_add(sk[0], scalar, curve->n, ndigits);
        vli_add(sk[1], sk[0], curve->n, ndigits);
        scalar = sk[!carry];
-       num_bits = sizeof(u64) * ndigits * 8 + 1;
+       if (curve->nbits == 521)        /* NIST P521 */
+               num_bits = curve->nbits + 2;
+       else
+               num_bits = sizeof(u64) * ndigits * 8 + 1;
 
        vli_set(rx[1], point->x, ndigits);
        vli_set(ry[1], point->y, ndigits);