In ecc_point_mult query for the number of bits when using NIST P521 and add '2'. The change is required specifically for NIST P521 to pass mathematical tests on the public key. Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx> --- crypto/ecc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/crypto/ecc.c b/crypto/ecc.c index ea7b28b5e00e..89ad45cf2404 100644 --- a/crypto/ecc.c +++ b/crypto/ecc.c @@ -1326,7 +1326,10 @@ static void ecc_point_mult(struct ecc_point *result, carry = vli_add(sk[0], scalar, curve->n, ndigits); vli_add(sk[1], sk[0], curve->n, ndigits); scalar = sk[!carry]; - num_bits = sizeof(u64) * ndigits * 8 + 1; + if (ndigits == 9 && !strcmp(curve->name, "nist_521")) + num_bits = ecc_curve_get_nbits(curve) + 2; + else + num_bits = sizeof(u64) * ndigits * 8 + 1; vli_set(rx[1], point->x, ndigits); vli_set(ry[1], point->y, ndigits); -- 2.43.0