1 files changed, 13 insertions, 10 deletions
diff --git a/src/lib/libcrypto/bn/bn_mont.c b/src/lib/libcrypto/bn/bn_mont.c
index 314d683782..ed49ec83eb 100644
--- a/src/lib/libcrypto/bn/bn_mont.c
+++ b/src/lib/libcrypto/bn/bn_mont.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_mont.c,v 1.51 2023/03/07 06:28:36 jsing Exp $ */
+/* $OpenBSD: bn_mont.c,v 1.52 2023/03/07 09:42:09 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -345,19 +345,22 @@ void
 bn_montgomery_multiply_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
    const BN_ULONG *np, BN_ULONG *tp, BN_ULONG n0, int n_len)
 {
-        BN_ULONG carry, mask;
+        BN_ULONG carry1, carry2, mask, w, x;
-        int i;
+        int i, j;
-        for (i = 0; i < n_len * 2 + 2; i++)
+        for (i = 0; i <= n_len; i++)
                tp[i] = 0;
        for (i = 0; i < n_len; i++) {
-                carry = bn_mul_add_words(tp, ap, n_len, bp[i]);
+                /* Compute new t[0] * n0, as we need it inside the loop. */
-                bn_addw(tp[n_len], carry, &tp[n_len + 1], &tp[n_len]);
+                w = (ap[0] * bp[i] + tp[0]) * n0;
+        
-                carry = bn_mul_add_words(tp, np, n_len, tp[0] * n0);
+                carry1 = carry2 = 0;
-                bn_addw(tp[n_len], carry, &carry, &tp[n_len]);
+                for (j = 0; j < n_len; j++) {
-                bn_addw(tp[n_len + 1], carry, &carry, &tp[n_len + 1]);
+                        bn_mulw_addw_addw(ap[j], bp[i], tp[j], carry1, &carry1, &x);
+                        bn_mulw_addw_addw(np[j], w, x, carry2, &carry2, &tp[j]);
+                }
+                bn_addw_addw(carry1, carry2, tp[n_len], &tp[n_len + 1], &tp[n_len]);
                tp++;
        }

diff --git a/src/lib/libcrypto/bn/bn_mont.c b/src/lib/libcrypto/bn/bn_mont.c index 314d683782..ed49ec83eb 100644 --- a/src/lib/libcrypto/bn/bn_mont.c +++ b/src/lib/libcrypto/bn/bn_mont.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: bn_mont.c,v 1.51 2023/03/07 06:28:36 jsing Exp $ */	1	/* $OpenBSD: bn_mont.c,v 1.52 2023/03/07 09:42:09 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -345,19 +345,22 @@ void
345	bn_montgomery_multiply_words(BN_ULONG rp, const BN_ULONG ap, const BN_ULONG *bp,	345	bn_montgomery_multiply_words(BN_ULONG rp, const BN_ULONG ap, const BN_ULONG *bp,
346	const BN_ULONG np, BN_ULONG tp, BN_ULONG n0, int n_len)	346	const BN_ULONG np, BN_ULONG tp, BN_ULONG n0, int n_len)
347	{	347	{
348	BN_ULONG carry, mask;	348	BN_ULONG carry1, carry2, mask, w, x;
349	int i;	349	int i, j;
350		350
351	for (i = 0; i < n_len * 2 + 2; i++)	351	for (i = 0; i <= n_len; i++)
352	tp[i] = 0;	352	tp[i] = 0;
353		353
354	for (i = 0; i < n_len; i++) {	354	for (i = 0; i < n_len; i++) {
355	carry = bn_mul_add_words(tp, ap, n_len, bp[i]);	355	/* Compute new t[0] * n0, as we need it inside the loop. */
356	bn_addw(tp[n_len], carry, &tp[n_len + 1], &tp[n_len]);	356	w = (ap[0] * bp[i] + tp[0]) * n0;
357		357
358	carry = bn_mul_add_words(tp, np, n_len, tp[0] * n0);	358	carry1 = carry2 = 0;
359	bn_addw(tp[n_len], carry, &carry, &tp[n_len]);	359	for (j = 0; j < n_len; j++) {
360	bn_addw(tp[n_len + 1], carry, &carry, &tp[n_len + 1]);	360	bn_mulw_addw_addw(ap[j], bp[i], tp[j], carry1, &carry1, &x);
		361	bn_mulw_addw_addw(np[j], w, x, carry2, &carry2, &tp[j]);
		362	}
		363	bn_addw_addw(carry1, carry2, tp[n_len], &tp[n_len + 1], &tp[n_len]);
361		364
362	tp++;	365	tp++;
363	}	366	}