2 files changed, 63 insertions, 2 deletions
diff --git a/src/lib/libcrypto/bn/bn_local.h b/src/lib/libcrypto/bn/bn_local.h
index af280ebfce..39e996bca7 100644
--- a/src/lib/libcrypto/bn/bn_local.h
+++ b/src/lib/libcrypto/bn/bn_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_local.h,v 1.52 2025/08/05 15:01:13 jsing Exp $ */
+/* $OpenBSD: bn_local.h,v 1.53 2025/08/05 15:06:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -241,6 +241,7 @@ BN_ULONG bn_sub(BN_ULONG *r, int r_len, const BN_ULONG *a, int a_len,
 void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb);
 void bn_mul_comba4(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b);
+void bn_mul_comba6(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b);
 void bn_mul_comba8(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b);
 void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a);
diff --git a/src/lib/libcrypto/bn/bn_mul.c b/src/lib/libcrypto/bn/bn_mul.c
index ebf34bb413..70f6534b8f 100644
--- a/src/lib/libcrypto/bn/bn_mul.c
+++ b/src/lib/libcrypto/bn/bn_mul.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_mul.c,v 1.41 2025/08/05 15:01:13 jsing Exp $ */
+/* $OpenBSD: bn_mul.c,v 1.42 2025/08/05 15:06:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -104,6 +104,66 @@ bn_mul_comba4(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b)
 #endif
 /*
+ * bn_mul_comba6() computes r[] = a[] * b[] using Comba multiplication
+ * (https://everything2.com/title/Comba+multiplication), where a and b are both
+ * six word arrays, producing a 12 word array result.
+ */
+#ifndef HAVE_BN_MUL_COMBA6
+void
+bn_mul_comba6(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b)
+{
+        BN_ULONG c0, c1, c2;
+        bn_mulw_addtw(a[0], b[0],  0,  0,  0, &c2, &c1, &r[0]);
+        bn_mulw_addtw(a[0], b[1],  0, c2, c1, &c2, &c1, &c0);
+        bn_mulw_addtw(a[1], b[0], c2, c1, c0, &c2, &c1, &r[1]);
+        bn_mulw_addtw(a[2], b[0],  0, c2, c1, &c2, &c1, &c0);
+        bn_mulw_addtw(a[1], b[1], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[0], b[2], c2, c1, c0, &c2, &c1, &r[2]);
+        bn_mulw_addtw(a[0], b[3],  0, c2, c1, &c2, &c1, &c0);
+        bn_mulw_addtw(a[1], b[2], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[2], b[1], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[3], b[0], c2, c1, c0, &c2, &c1, &r[3]);
+        bn_mulw_addtw(a[4], b[0],  0, c2, c1, &c2, &c1, &c0);
+        bn_mulw_addtw(a[3], b[1], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[2], b[2], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[1], b[3], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[0], b[4], c2, c1, c0, &c2, &c1, &r[4]);
+        bn_mulw_addtw(a[0], b[5],  0, c2, c1, &c2, &c1, &c0);
+        bn_mulw_addtw(a[1], b[4], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[2], b[3], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[3], b[2], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[4], b[1], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[5], b[0], c2, c1, c0, &c2, &c1, &r[5]);
+        bn_mulw_addtw(a[5], b[1],  0, c2, c1, &c2, &c1, &c0);
+        bn_mulw_addtw(a[4], b[2], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[3], b[3], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[2], b[4], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[1], b[5], c2, c1, c0, &c2, &c1, &r[6]);
+        bn_mulw_addtw(a[2], b[5],  0, c2, c1, &c2, &c1, &c0);
+        bn_mulw_addtw(a[3], b[4], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[4], b[3], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[5], b[2], c2, c1, c0, &c2, &c1, &r[7]);
+        bn_mulw_addtw(a[5], b[3],  0, c2, c1, &c2, &c1, &c0);
+        bn_mulw_addtw(a[4], b[4], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[3], b[5], c2, c1, c0, &c2, &c1, &r[8]);
+        bn_mulw_addtw(a[4], b[5],  0, c2, c1, &c2, &c1, &c0);
+        bn_mulw_addtw(a[5], b[4], c2, c1, c0, &c2, &c1, &r[9]);
+        bn_mulw_addtw(a[5], b[5],  0, c2, c1, &c2, &r[11], &r[10]);
+}
+#endif
+/*
 * bn_mul_comba8() computes r[] = a[] * b[] using Comba multiplication
 * (https://everything2.com/title/Comba+multiplication), where a and b are both
 * eight word arrays, producing a 16 word array result.

diff --git a/src/lib/libcrypto/bn/bn_local.h b/src/lib/libcrypto/bn/bn_local.h index af280ebfce..39e996bca7 100644 --- a/src/lib/libcrypto/bn/bn_local.h +++ b/src/lib/libcrypto/bn/bn_local.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: bn_local.h,v 1.52 2025/08/05 15:01:13 jsing Exp $ */	1	/* $OpenBSD: bn_local.h,v 1.53 2025/08/05 15:06:13 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -241,6 +241,7 @@ BN_ULONG bn_sub(BN_ULONG r, int r_len, const BN_ULONG a, int a_len,
241		241
242	void bn_mul_normal(BN_ULONG r, BN_ULONG a, int na, BN_ULONG *b, int nb);	242	void bn_mul_normal(BN_ULONG r, BN_ULONG a, int na, BN_ULONG *b, int nb);
243	void bn_mul_comba4(BN_ULONG r, const BN_ULONG a, const BN_ULONG *b);	243	void bn_mul_comba4(BN_ULONG r, const BN_ULONG a, const BN_ULONG *b);
		244	void bn_mul_comba6(BN_ULONG r, const BN_ULONG a, const BN_ULONG *b);
244	void bn_mul_comba8(BN_ULONG r, const BN_ULONG a, const BN_ULONG *b);	245	void bn_mul_comba8(BN_ULONG r, const BN_ULONG a, const BN_ULONG *b);
245		246
246	void bn_sqr_comba4(BN_ULONG r, const BN_ULONG a);	247	void bn_sqr_comba4(BN_ULONG r, const BN_ULONG a);


diff --git a/src/lib/libcrypto/bn/bn_mul.c b/src/lib/libcrypto/bn/bn_mul.c index ebf34bb413..70f6534b8f 100644 --- a/src/lib/libcrypto/bn/bn_mul.c +++ b/src/lib/libcrypto/bn/bn_mul.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: bn_mul.c,v 1.41 2025/08/05 15:01:13 jsing Exp $ */	1	/* $OpenBSD: bn_mul.c,v 1.42 2025/08/05 15:06:13 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -104,6 +104,66 @@ bn_mul_comba4(BN_ULONG r, const BN_ULONG a, const BN_ULONG *b)
104	#endif	104	#endif
105		105
106	/*	106	/*
		107	* bn_mul_comba6() computes r[] = a[] * b[] using Comba multiplication
		108	* (https://everything2.com/title/Comba+multiplication), where a and b are both
		109	* six word arrays, producing a 12 word array result.
		110	*/
		111	#ifndef HAVE_BN_MUL_COMBA6
		112	void
		113	bn_mul_comba6(BN_ULONG r, const BN_ULONG a, const BN_ULONG *b)
		114	{
		115	BN_ULONG c0, c1, c2;
		116
		117	bn_mulw_addtw(a[0], b[0], 0, 0, 0, &c2, &c1, &r[0]);
		118
		119	bn_mulw_addtw(a[0], b[1], 0, c2, c1, &c2, &c1, &c0);
		120	bn_mulw_addtw(a[1], b[0], c2, c1, c0, &c2, &c1, &r[1]);
		121
		122	bn_mulw_addtw(a[2], b[0], 0, c2, c1, &c2, &c1, &c0);
		123	bn_mulw_addtw(a[1], b[1], c2, c1, c0, &c2, &c1, &c0);
		124	bn_mulw_addtw(a[0], b[2], c2, c1, c0, &c2, &c1, &r[2]);
		125
		126	bn_mulw_addtw(a[0], b[3], 0, c2, c1, &c2, &c1, &c0);
		127	bn_mulw_addtw(a[1], b[2], c2, c1, c0, &c2, &c1, &c0);
		128	bn_mulw_addtw(a[2], b[1], c2, c1, c0, &c2, &c1, &c0);
		129	bn_mulw_addtw(a[3], b[0], c2, c1, c0, &c2, &c1, &r[3]);
		130
		131	bn_mulw_addtw(a[4], b[0], 0, c2, c1, &c2, &c1, &c0);
		132	bn_mulw_addtw(a[3], b[1], c2, c1, c0, &c2, &c1, &c0);
		133	bn_mulw_addtw(a[2], b[2], c2, c1, c0, &c2, &c1, &c0);
		134	bn_mulw_addtw(a[1], b[3], c2, c1, c0, &c2, &c1, &c0);
		135	bn_mulw_addtw(a[0], b[4], c2, c1, c0, &c2, &c1, &r[4]);
		136
		137	bn_mulw_addtw(a[0], b[5], 0, c2, c1, &c2, &c1, &c0);
		138	bn_mulw_addtw(a[1], b[4], c2, c1, c0, &c2, &c1, &c0);
		139	bn_mulw_addtw(a[2], b[3], c2, c1, c0, &c2, &c1, &c0);
		140	bn_mulw_addtw(a[3], b[2], c2, c1, c0, &c2, &c1, &c0);
		141	bn_mulw_addtw(a[4], b[1], c2, c1, c0, &c2, &c1, &c0);
		142	bn_mulw_addtw(a[5], b[0], c2, c1, c0, &c2, &c1, &r[5]);
		143
		144	bn_mulw_addtw(a[5], b[1], 0, c2, c1, &c2, &c1, &c0);
		145	bn_mulw_addtw(a[4], b[2], c2, c1, c0, &c2, &c1, &c0);
		146	bn_mulw_addtw(a[3], b[3], c2, c1, c0, &c2, &c1, &c0);
		147	bn_mulw_addtw(a[2], b[4], c2, c1, c0, &c2, &c1, &c0);
		148	bn_mulw_addtw(a[1], b[5], c2, c1, c0, &c2, &c1, &r[6]);
		149
		150	bn_mulw_addtw(a[2], b[5], 0, c2, c1, &c2, &c1, &c0);
		151	bn_mulw_addtw(a[3], b[4], c2, c1, c0, &c2, &c1, &c0);
		152	bn_mulw_addtw(a[4], b[3], c2, c1, c0, &c2, &c1, &c0);
		153	bn_mulw_addtw(a[5], b[2], c2, c1, c0, &c2, &c1, &r[7]);
		154
		155	bn_mulw_addtw(a[5], b[3], 0, c2, c1, &c2, &c1, &c0);
		156	bn_mulw_addtw(a[4], b[4], c2, c1, c0, &c2, &c1, &c0);
		157	bn_mulw_addtw(a[3], b[5], c2, c1, c0, &c2, &c1, &r[8]);
		158
		159	bn_mulw_addtw(a[4], b[5], 0, c2, c1, &c2, &c1, &c0);
		160	bn_mulw_addtw(a[5], b[4], c2, c1, c0, &c2, &c1, &r[9]);
		161
		162	bn_mulw_addtw(a[5], b[5], 0, c2, c1, &c2, &r[11], &r[10]);
		163	}
		164	#endif
		165
		166	/*
107	* bn_mul_comba8() computes r[] = a[] * b[] using Comba multiplication	167	* bn_mul_comba8() computes r[] = a[] * b[] using Comba multiplication
108	* (https://everything2.com/title/Comba+multiplication), where a and b are both	168	* (https://everything2.com/title/Comba+multiplication), where a and b are both
109	* eight word arrays, producing a 16 word array result.	169	* eight word arrays, producing a 16 word array result.