From 0d14184dcde1700fb9a3c644bd11fe5bd5acd347 Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Tue, 7 Mar 2023 09:35:55 +0000
Subject: [PATCH] Slightly rework bn_mulw_addtw().

Call bn_mulw_addw() rather than doing bn_mulw() follow by bn_addw(). This
simplifies the code slightly, plus on some platforms bn_mulw_addw() can
be optimised (and bn_mulw_addtw() will then benefit from such an
optimisation).

ok tb@
---
 lib/libcrypto/bn/bn_internal.h | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/lib/libcrypto/bn/bn_internal.h b/lib/libcrypto/bn/bn_internal.h
index 4f4d1c31f5e..8a729b8e44c 100644
--- a/lib/libcrypto/bn/bn_internal.h
+++ b/lib/libcrypto/bn/bn_internal.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bn_internal.h,v 1.10 2023/03/07 05:57:01 jsing Exp $ */
+/*	$OpenBSD: bn_internal.h,v 1.11 2023/03/07 09:35:55 jsing Exp $ */
 /*
  * Copyright (c) 2023 Joel Sing <jsing@openbsd.org>
  *
@@ -347,11 +347,9 @@ static inline void
 bn_mulw_addtw(BN_ULONG a, BN_ULONG b, BN_ULONG c2, BN_ULONG c1, BN_ULONG c0,
     BN_ULONG *out_r2, BN_ULONG *out_r1, BN_ULONG *out_r0)
 {
-	BN_ULONG carry, r2, r1, r0, x1, x0;
+	BN_ULONG carry, r2, r1, r0, x1;
 
-	bn_mulw(a, b, &x1, &x0);
-	bn_addw(c0, x0, &carry, &r0);
-	x1 += carry;
+	bn_mulw_addw(a, b, c0, &x1, &r0);
 	bn_addw(c1, x1, &carry, &r1);
 	r2 = c2 + carry;
 
-- 
2.20.1