From 6bb81f9294cbdf8799751745a9d91bfd2cbfaa4f Mon Sep 17 00:00:00 2001
From: Jessica Clarke <jrtc27@jrtc27.com>
Date: Sat, 14 Jun 2025 22:53:40 +0100
Subject: [PATCH] armv*-mont.pl: Correct a carry flag comment

On Arm, C is a true carry flag, unlike x86 where CF is a borrow flag for
subtraction. That is, for subtraction, it is set if Rn + ~Rm + 1 carries
in unsigned arithmetic, and so for subtracting 0, i.e. adding ~0 + 1, it
always sets the carry flag. Correct the comment to document what this is
actually doing.

CLA: trivial

Fixes: d1671f4f1a39 ("bn/asm/armv4-mont.pl: add NEON code path.")
Fixes: 10646160125a ("Optimize RSA on armv8")

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27826)
---
 crypto/bn/asm/armv4-mont.pl | 2 +-
 crypto/bn/asm/armv8-mont.pl | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl
index 017aa7cddff..ab24ce8de57 100644
--- a/crypto/bn/asm/armv4-mont.pl
+++ b/crypto/bn/asm/armv4-mont.pl
@@ -684,7 +684,7 @@ $code.=<<___;
 
 	vst1.32	{${temp}[0]}, [$toutptr, :32]		@ top-most bit
 	sub	$nptr,$nptr,$num,lsl#2			@ rewind $nptr
-	subs	$aptr,sp,#0				@ clear carry flag
+	subs	$aptr,sp,#0				@ set carry flag
 	add	$bptr,sp,$num,lsl#2
 
 .LNEON_sub:
diff --git a/crypto/bn/asm/armv8-mont.pl b/crypto/bn/asm/armv8-mont.pl
index b69df520352..f1692caae70 100755
--- a/crypto/bn/asm/armv8-mont.pl
+++ b/crypto/bn/asm/armv8-mont.pl
@@ -587,7 +587,7 @@ $code.=<<___;
 
 	st1	{$temp.s}[0], [$toutptr],#4	// top-most bit
 	sub	$nptr,$nptr,$num,lsl#2		// rewind $nptr
-	subs	$aptr,sp,#0			// clear carry flag
+	subs	$aptr,sp,#0			// set carry flag
 	add	$bptr,sp,$num,lsl#2
 
 .LNEON_sub:
-- 
2.47.3