1 files changed, 66 insertions, 5 deletions
diff --git a/src/lib/libcrypto/bn/bn_mul.c b/src/lib/libcrypto/bn/bn_mul.c
index bdeb9b0fe8..70f6534b8f 100644
--- a/src/lib/libcrypto/bn/bn_mul.c
+++ b/src/lib/libcrypto/bn/bn_mul.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_mul.c,v 1.39 2023/07/08 12:21:58 beck Exp $ */
+/* $OpenBSD: bn_mul.c,v 1.42 2025/08/05 15:06:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -57,6 +57,7 @@
 */
 #include <assert.h>
+#include <limits.h>
 #include <stdio.h>
 #include <string.h>
@@ -73,7 +74,7 @@
 */
 #ifndef HAVE_BN_MUL_COMBA4
 void
-bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+bn_mul_comba4(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b)
 {
        BN_ULONG c0, c1, c2;
@@ -103,13 +104,73 @@ bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
 #endif
 /*
+ * bn_mul_comba6() computes r[] = a[] * b[] using Comba multiplication
+ * (https://everything2.com/title/Comba+multiplication), where a and b are both
+ * six word arrays, producing a 12 word array result.
+ */
+#ifndef HAVE_BN_MUL_COMBA6
+void
+bn_mul_comba6(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b)
+{
+        BN_ULONG c0, c1, c2;
+        bn_mulw_addtw(a[0], b[0],  0,  0,  0, &c2, &c1, &r[0]);
+        bn_mulw_addtw(a[0], b[1],  0, c2, c1, &c2, &c1, &c0);
+        bn_mulw_addtw(a[1], b[0], c2, c1, c0, &c2, &c1, &r[1]);
+        bn_mulw_addtw(a[2], b[0],  0, c2, c1, &c2, &c1, &c0);
+        bn_mulw_addtw(a[1], b[1], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[0], b[2], c2, c1, c0, &c2, &c1, &r[2]);
+        bn_mulw_addtw(a[0], b[3],  0, c2, c1, &c2, &c1, &c0);
+        bn_mulw_addtw(a[1], b[2], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[2], b[1], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[3], b[0], c2, c1, c0, &c2, &c1, &r[3]);
+        bn_mulw_addtw(a[4], b[0],  0, c2, c1, &c2, &c1, &c0);
+        bn_mulw_addtw(a[3], b[1], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[2], b[2], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[1], b[3], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[0], b[4], c2, c1, c0, &c2, &c1, &r[4]);
+        bn_mulw_addtw(a[0], b[5],  0, c2, c1, &c2, &c1, &c0);
+        bn_mulw_addtw(a[1], b[4], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[2], b[3], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[3], b[2], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[4], b[1], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[5], b[0], c2, c1, c0, &c2, &c1, &r[5]);
+        bn_mulw_addtw(a[5], b[1],  0, c2, c1, &c2, &c1, &c0);
+        bn_mulw_addtw(a[4], b[2], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[3], b[3], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[2], b[4], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[1], b[5], c2, c1, c0, &c2, &c1, &r[6]);
+        bn_mulw_addtw(a[2], b[5],  0, c2, c1, &c2, &c1, &c0);
+        bn_mulw_addtw(a[3], b[4], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[4], b[3], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[5], b[2], c2, c1, c0, &c2, &c1, &r[7]);
+        bn_mulw_addtw(a[5], b[3],  0, c2, c1, &c2, &c1, &c0);
+        bn_mulw_addtw(a[4], b[4], c2, c1, c0, &c2, &c1, &c0);
+        bn_mulw_addtw(a[3], b[5], c2, c1, c0, &c2, &c1, &r[8]);
+        bn_mulw_addtw(a[4], b[5],  0, c2, c1, &c2, &c1, &c0);
+        bn_mulw_addtw(a[5], b[4], c2, c1, c0, &c2, &c1, &r[9]);
+        bn_mulw_addtw(a[5], b[5],  0, c2, c1, &c2, &r[11], &r[10]);
+}
+#endif
+/*
 * bn_mul_comba8() computes r[] = a[] * b[] using Comba multiplication
 * (https://everything2.com/title/Comba+multiplication), where a and b are both
 * eight word arrays, producing a 16 word array result.
 */
 #ifndef HAVE_BN_MUL_COMBA8
 void
-bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+bn_mul_comba8(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b)
 {
        BN_ULONG c0, c1, c2;
@@ -338,9 +399,9 @@ BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
        if (rr == NULL)
                goto err;
-        rn = a->top + b->top;
+        if (a->top > INT_MAX - b->top)
-        if (rn < a->top)
                goto err;
+        rn = a->top + b->top;
        if (!bn_wexpand(rr, rn))
                goto err;

diff --git a/src/lib/libcrypto/bn/bn_mul.c b/src/lib/libcrypto/bn/bn_mul.c index bdeb9b0fe8..70f6534b8f 100644 --- a/src/lib/libcrypto/bn/bn_mul.c +++ b/src/lib/libcrypto/bn/bn_mul.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: bn_mul.c,v 1.39 2023/07/08 12:21:58 beck Exp $ */	1	/* $OpenBSD: bn_mul.c,v 1.42 2025/08/05 15:06:13 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -57,6 +57,7 @@
57	*/	57	*/
58		58
59	#include <assert.h>	59	#include <assert.h>
		60	#include <limits.h>
60	#include <stdio.h>	61	#include <stdio.h>
61	#include <string.h>	62	#include <string.h>
62		63
@@ -73,7 +74,7 @@
73	*/	74	*/
74	#ifndef HAVE_BN_MUL_COMBA4	75	#ifndef HAVE_BN_MUL_COMBA4
75	void	76	void
76	bn_mul_comba4(BN_ULONG r, BN_ULONG a, BN_ULONG *b)	77	bn_mul_comba4(BN_ULONG r, const BN_ULONG a, const BN_ULONG *b)
77	{	78	{
78	BN_ULONG c0, c1, c2;	79	BN_ULONG c0, c1, c2;
79		80
@@ -103,13 +104,73 @@ bn_mul_comba4(BN_ULONG r, BN_ULONG a, BN_ULONG *b)
103	#endif	104	#endif
104		105
105	/*	106	/*
		107	* bn_mul_comba6() computes r[] = a[] * b[] using Comba multiplication
		108	* (https://everything2.com/title/Comba+multiplication), where a and b are both
		109	* six word arrays, producing a 12 word array result.
		110	*/
		111	#ifndef HAVE_BN_MUL_COMBA6
		112	void
		113	bn_mul_comba6(BN_ULONG r, const BN_ULONG a, const BN_ULONG *b)
		114	{
		115	BN_ULONG c0, c1, c2;
		116
		117	bn_mulw_addtw(a[0], b[0], 0, 0, 0, &c2, &c1, &r[0]);
		118
		119	bn_mulw_addtw(a[0], b[1], 0, c2, c1, &c2, &c1, &c0);
		120	bn_mulw_addtw(a[1], b[0], c2, c1, c0, &c2, &c1, &r[1]);
		121
		122	bn_mulw_addtw(a[2], b[0], 0, c2, c1, &c2, &c1, &c0);
		123	bn_mulw_addtw(a[1], b[1], c2, c1, c0, &c2, &c1, &c0);
		124	bn_mulw_addtw(a[0], b[2], c2, c1, c0, &c2, &c1, &r[2]);
		125
		126	bn_mulw_addtw(a[0], b[3], 0, c2, c1, &c2, &c1, &c0);
		127	bn_mulw_addtw(a[1], b[2], c2, c1, c0, &c2, &c1, &c0);
		128	bn_mulw_addtw(a[2], b[1], c2, c1, c0, &c2, &c1, &c0);
		129	bn_mulw_addtw(a[3], b[0], c2, c1, c0, &c2, &c1, &r[3]);
		130
		131	bn_mulw_addtw(a[4], b[0], 0, c2, c1, &c2, &c1, &c0);
		132	bn_mulw_addtw(a[3], b[1], c2, c1, c0, &c2, &c1, &c0);
		133	bn_mulw_addtw(a[2], b[2], c2, c1, c0, &c2, &c1, &c0);
		134	bn_mulw_addtw(a[1], b[3], c2, c1, c0, &c2, &c1, &c0);
		135	bn_mulw_addtw(a[0], b[4], c2, c1, c0, &c2, &c1, &r[4]);
		136
		137	bn_mulw_addtw(a[0], b[5], 0, c2, c1, &c2, &c1, &c0);
		138	bn_mulw_addtw(a[1], b[4], c2, c1, c0, &c2, &c1, &c0);
		139	bn_mulw_addtw(a[2], b[3], c2, c1, c0, &c2, &c1, &c0);
		140	bn_mulw_addtw(a[3], b[2], c2, c1, c0, &c2, &c1, &c0);
		141	bn_mulw_addtw(a[4], b[1], c2, c1, c0, &c2, &c1, &c0);
		142	bn_mulw_addtw(a[5], b[0], c2, c1, c0, &c2, &c1, &r[5]);
		143
		144	bn_mulw_addtw(a[5], b[1], 0, c2, c1, &c2, &c1, &c0);
		145	bn_mulw_addtw(a[4], b[2], c2, c1, c0, &c2, &c1, &c0);
		146	bn_mulw_addtw(a[3], b[3], c2, c1, c0, &c2, &c1, &c0);
		147	bn_mulw_addtw(a[2], b[4], c2, c1, c0, &c2, &c1, &c0);
		148	bn_mulw_addtw(a[1], b[5], c2, c1, c0, &c2, &c1, &r[6]);
		149
		150	bn_mulw_addtw(a[2], b[5], 0, c2, c1, &c2, &c1, &c0);
		151	bn_mulw_addtw(a[3], b[4], c2, c1, c0, &c2, &c1, &c0);
		152	bn_mulw_addtw(a[4], b[3], c2, c1, c0, &c2, &c1, &c0);
		153	bn_mulw_addtw(a[5], b[2], c2, c1, c0, &c2, &c1, &r[7]);
		154
		155	bn_mulw_addtw(a[5], b[3], 0, c2, c1, &c2, &c1, &c0);
		156	bn_mulw_addtw(a[4], b[4], c2, c1, c0, &c2, &c1, &c0);
		157	bn_mulw_addtw(a[3], b[5], c2, c1, c0, &c2, &c1, &r[8]);
		158
		159	bn_mulw_addtw(a[4], b[5], 0, c2, c1, &c2, &c1, &c0);
		160	bn_mulw_addtw(a[5], b[4], c2, c1, c0, &c2, &c1, &r[9]);
		161
		162	bn_mulw_addtw(a[5], b[5], 0, c2, c1, &c2, &r[11], &r[10]);
		163	}
		164	#endif
		165
		166	/*
106	* bn_mul_comba8() computes r[] = a[] * b[] using Comba multiplication	167	* bn_mul_comba8() computes r[] = a[] * b[] using Comba multiplication
107	* (https://everything2.com/title/Comba+multiplication), where a and b are both	168	* (https://everything2.com/title/Comba+multiplication), where a and b are both
108	* eight word arrays, producing a 16 word array result.	169	* eight word arrays, producing a 16 word array result.
109	*/	170	*/
110	#ifndef HAVE_BN_MUL_COMBA8	171	#ifndef HAVE_BN_MUL_COMBA8
111	void	172	void
112	bn_mul_comba8(BN_ULONG r, BN_ULONG a, BN_ULONG *b)	173	bn_mul_comba8(BN_ULONG r, const BN_ULONG a, const BN_ULONG *b)
113	{	174	{
114	BN_ULONG c0, c1, c2;	175	BN_ULONG c0, c1, c2;
115		176
@@ -338,9 +399,9 @@ BN_mul(BIGNUM r, const BIGNUM a, const BIGNUM b, BN_CTX ctx)
338	if (rr == NULL)	399	if (rr == NULL)
339	goto err;	400	goto err;
340		401
341	rn = a->top + b->top;	402	if (a->top > INT_MAX - b->top)
342	if (rn < a->top)
343	goto err;	403	goto err;
		404	rn = a->top + b->top;
344	if (!bn_wexpand(rr, rn))	405	if (!bn_wexpand(rr, rn))
345	goto err;	406	goto err;
346		407