Fix incorrect bounds check in amd64 assembly version of bn_mul_mont();

noticed and fix by Fedor Indutny of Joyent
( https://github.com/joyent/node/issues/7704 )

2 files changed, 4 insertions, 4 deletions

diff --git a/lib/libssl/src/crypto/bn/asm/x86_64-mont.pl b/lib/libssl/src/crypto/bn/asm/x86_64-mont.pl
index 90c717f1152..c35493e80ad 100755
--- a/lib/libssl/src/crypto/bn/asm/x86_64-mont.pl
+++ b/lib/libssl/src/crypto/bn/asm/x86_64-mont.pl
@@ -138,7 +138,7 @@ $code.=<<___;
 
 	mulq	$m1			# np[j]*m1
 	cmp	$num,$j
-	jne	.L1st
+	jl	.L1st
 
 	add	%rax,$hi1
 	mov	($ap),%rax		# ap[0]
@@ -204,7 +204,7 @@ $code.=<<___;
 
 	mulq	$m1			# np[j]*m1
 	cmp	$num,$j
-	jne	.Linner
+	jl	.Linner
 
 	add	%rax,$hi1
 	mov	($ap),%rax		# ap[0]
diff --git a/lib/libssl/src/crypto/bn/asm/x86_64-mont5.pl b/lib/libssl/src/crypto/bn/asm/x86_64-mont5.pl
index dae0fe24531..9c88884d424 100755
--- a/lib/libssl/src/crypto/bn/asm/x86_64-mont5.pl
+++ b/lib/libssl/src/crypto/bn/asm/x86_64-mont5.pl
@@ -181,7 +181,7 @@ $code.=<<___;
 
 	mulq	$m1			# np[j]*m1
 	cmp	$num,$j
-	jne	.L1st
+	jl	.L1st
 
 	movq	%xmm0,$m0		# bp[1]
 
@@ -264,7 +264,7 @@ $code.=<<___;
 
 	mulq	$m1			# np[j]*m1
 	cmp	$num,$j
-	jne	.Linner
+	jl	.Linner
 
 	movq	%xmm0,$m0		# bp[i+1]