2 files changed, 8 insertions, 5 deletions

diff --git a/src/lib/libcrypto/bn/bn_add.c b/src/lib/libcrypto/bn/bn_add.c
index c5bc024f3f..cfc04fd032 100644
--- a/src/lib/libcrypto/bn/bn_add.c
+++ b/src/lib/libcrypto/bn/bn_add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_add.c,v 1.19 2023/01/23 10:34:21 jsing Exp $ */
+/* $OpenBSD: bn_add.c,v 1.20 2023/01/31 05:16:52 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -291,6 +291,10 @@ BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
         rp = r->d;
 
         borrow = bn_sub_words(rp, ap, bp, min);
+        if (dif == 0 && borrow > 0) {
+                BNerror(BN_R_ARG2_LT_ARG3);
+                return 0;
+        }
         ap += min;
         rp += min;
 
diff --git a/src/lib/libcrypto/man/BN_add.3 b/src/lib/libcrypto/man/BN_add.3
index c87514721a..a06b8af31c 100644
--- a/src/lib/libcrypto/man/BN_add.3
+++ b/src/lib/libcrypto/man/BN_add.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: BN_add.3,v 1.17 2022/11/16 14:19:22 schwarze Exp $
+.\" $OpenBSD: BN_add.3,v 1.18 2023/01/31 05:16:52 jsing Exp $
 .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
 .\"
 .\" This file is a derived work.
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 16 2022 $
+.Dd $Mdocdate: January 31 2023 $
 .Dt BN_ADD 3
 .Os
 .Sh NAME
@@ -318,8 +318,7 @@ It requires the absolute value of
 .Fa a
 to be greater than the absolute value of
 .Fa b ;
-otherwise, it will sometimes fail
-and sometimes silently produce wrong results.
+otherwise it will fail.
 .Fa r
 may be the same
 .Vt BIGNUM