Commit 61387fd3 authored by Nicola Tuveri's avatar Nicola Tuveri
Browse files

[ec/ecp_nistp*.c] remove flip_endian() 



Replace flip_endian() by using the little endian specific
BN_bn2lebinpad() and BN_lebin2bn().

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
Reviewed-by: default avatarBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9511)

(cherry picked from commit e0b660c27d8d97b4ad9e2098cc957de26872c0ef)
parent 2432e129

crypto/ec/ecp_nistp224.c

+20 −28
Original line number Original line Diff line number Diff line
@@ -324,32 +324,21 @@ static void felem_to_bin28(u8 out[28], const felem in) 
    }

    }

}

}





/* To preserve endianness when using BN_bn2bin and BN_bin2bn */

static void flip_endian(u8 *out, const u8 *in, unsigned len)

{

    unsigned i;

    for (i = 0; i < len; ++i)

        out[i] = in[len - 1 - i];

}



/* From OpenSSL BIGNUM to internal representation */

/* From OpenSSL BIGNUM to internal representation */

static int BN_to_felem(felem out, const BIGNUM *bn)

static int BN_to_felem(felem out, const BIGNUM *bn)

{

{

    felem_bytearray b_in;

    felem_bytearray b_out;

    felem_bytearray b_out;

    unsigned num_bytes;

    int num_bytes;





    num_bytes = BN_num_bytes(bn);

    if (BN_is_negative(bn)) {

    if (num_bytes > sizeof(b_out)) {

        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);

        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);

        return 0;

        return 0;

    }

    }

    if (BN_is_negative(bn)) {

    num_bytes = BN_bn2lebinpad(bn, b_out, sizeof(b_out));

    if (num_bytes < 0) {

        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);

        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);

        return 0;

        return 0;

    }

    }

    num_bytes = BN_bn2binpad(bn, b_in, sizeof(b_in));

    flip_endian(b_out, b_in, num_bytes);

    bin28_to_felem(out, b_out);

    bin28_to_felem(out, b_out);

    return 1;

    return 1;

}

}
@@ -357,10 +346,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn) 
/* From internal representation to OpenSSL BIGNUM */

/* From internal representation to OpenSSL BIGNUM */

static BIGNUM *felem_to_BN(BIGNUM *out, const felem in)

static BIGNUM *felem_to_BN(BIGNUM *out, const felem in)

{

{

    felem_bytearray b_in, b_out;

    felem_bytearray b_out;

    felem_to_bin28(b_in, in);

    felem_to_bin28(b_out, in);

    flip_endian(b_out, b_in, sizeof(b_out));

    return BN_lebin2bn(b_out, sizeof(b_out), out);

    return BN_bin2bn(b_out, sizeof(b_out), out);

}

}





/******************************************************************************/

/******************************************************************************/
@@ -1400,8 +1388,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, 
    felem_bytearray *secrets = NULL;

    felem_bytearray *secrets = NULL;

    felem (*pre_comp)[17][3] = NULL;

    felem (*pre_comp)[17][3] = NULL;

    felem *tmp_felems = NULL;

    felem *tmp_felems = NULL;

    felem_bytearray tmp;

    int num_bytes;

    unsigned num_bytes;

    int have_pre_comp = 0;

    int have_pre_comp = 0;

    size_t num_points = num;

    size_t num_points = num;

    felem x_in, y_in, z_in, x_out, y_out, z_out;

    felem x_in, y_in, z_in, x_out, y_out, z_out;
@@ -1499,10 +1486,16 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, 
                        ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);

                        ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);

                        goto err;

                        goto err;

                    }

                    }

                    num_bytes = BN_bn2binpad(tmp_scalar, tmp, sizeof(tmp));

                    num_bytes = BN_bn2lebinpad(tmp_scalar,

                } else

                                               secrets[i], sizeof(secrets[i]));

                    num_bytes = BN_bn2binpad(p_scalar, tmp, sizeof(tmp));

                } else {

                flip_endian(secrets[i], tmp, num_bytes);

                    num_bytes = BN_bn2lebinpad(p_scalar,

                                               secrets[i], sizeof(secrets[i]));

                }

                if (num_bytes < 0) {

                    ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);

                    goto err;

                }

                /* precompute multiples */

                /* precompute multiples */

                if ((!BN_to_felem(x_out, p->X)) ||

                if ((!BN_to_felem(x_out, p->X)) ||

                    (!BN_to_felem(y_out, p->Y)) ||

                    (!BN_to_felem(y_out, p->Y)) ||
@@ -1545,10 +1538,9 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, 
                ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);

                ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);

                goto err;

                goto err;

            }

            }

            num_bytes = BN_bn2binpad(tmp_scalar, tmp, sizeof(tmp));

            num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret));

        } else

        } else

            num_bytes = BN_bn2binpad(scalar, tmp, sizeof(tmp));

            num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret));

        flip_endian(g_secret, tmp, num_bytes);

        /* do the multiplication with generator precomputation */

        /* do the multiplication with generator precomputation */

        batch_mul(x_out, y_out, z_out,

        batch_mul(x_out, y_out, z_out,

                  (const felem_bytearray(*))secrets, num_points,

                  (const felem_bytearray(*))secrets, num_points,

crypto/ec/ecp_nistp256.c

+21 −28
Original line number Original line Diff line number Diff line
@@ -146,32 +146,21 @@ static void smallfelem_to_bin32(u8 out[32], const smallfelem in) 
    *((u64 *)&out[24]) = in[3];

    *((u64 *)&out[24]) = in[3];

}

}





/* To preserve endianness when using BN_bn2bin and BN_bin2bn */

static void flip_endian(u8 *out, const u8 *in, unsigned len)

{

    unsigned i;

    for (i = 0; i < len; ++i)

        out[i] = in[len - 1 - i];

}



/* BN_to_felem converts an OpenSSL BIGNUM into an felem */

/* BN_to_felem converts an OpenSSL BIGNUM into an felem */

static int BN_to_felem(felem out, const BIGNUM *bn)

static int BN_to_felem(felem out, const BIGNUM *bn)

{

{

    felem_bytearray b_in;

    felem_bytearray b_out;

    felem_bytearray b_out;

    unsigned num_bytes;

    int num_bytes;





    num_bytes = BN_num_bytes(bn);

    if (BN_is_negative(bn)) {

    if (num_bytes > sizeof(b_out)) {

        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);

        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);

        return 0;

        return 0;

    }

    }

    if (BN_is_negative(bn)) {

    num_bytes = BN_bn2lebinpad(bn, b_out, sizeof(b_out));

    if (num_bytes < 0) {

        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);

        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);

        return 0;

        return 0;

    }

    }

    num_bytes = BN_bn2binpad(bn, b_in, sizeof(b_in));

    flip_endian(b_out, b_in, num_bytes);

    bin32_to_felem(out, b_out);

    bin32_to_felem(out, b_out);

    return 1;

    return 1;

}

}
@@ -179,10 +168,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn) 
/* felem_to_BN converts an felem into an OpenSSL BIGNUM */

/* felem_to_BN converts an felem into an OpenSSL BIGNUM */

static BIGNUM *smallfelem_to_BN(BIGNUM *out, const smallfelem in)

static BIGNUM *smallfelem_to_BN(BIGNUM *out, const smallfelem in)

{

{

    felem_bytearray b_in, b_out;

    felem_bytearray b_out;

    smallfelem_to_bin32(b_in, in);

    smallfelem_to_bin32(b_out, in);

    flip_endian(b_out, b_in, sizeof(b_out));

    return BN_lebin2bn(b_out, sizeof(b_out), out);

    return BN_bin2bn(b_out, sizeof(b_out), out);

}

}





/*-

/*-
@@ -2022,8 +2010,8 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, 
    felem_bytearray *secrets = NULL;

    felem_bytearray *secrets = NULL;

    smallfelem (*pre_comp)[17][3] = NULL;

    smallfelem (*pre_comp)[17][3] = NULL;

    smallfelem *tmp_smallfelems = NULL;

    smallfelem *tmp_smallfelems = NULL;

    felem_bytearray tmp;

    unsigned i;

    unsigned i, num_bytes;

    int num_bytes;

    int have_pre_comp = 0;

    int have_pre_comp = 0;

    size_t num_points = num;

    size_t num_points = num;

    smallfelem x_in, y_in, z_in;

    smallfelem x_in, y_in, z_in;
@@ -2126,10 +2114,16 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, 
                        ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);

                        ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);

                        goto err;

                        goto err;

                    }

                    }

                    num_bytes = BN_bn2binpad(tmp_scalar, tmp, sizeof(tmp));

                    num_bytes = BN_bn2lebinpad(tmp_scalar,

                } else

                                               secrets[i], sizeof(secrets[i]));

                    num_bytes = BN_bn2binpad(p_scalar, tmp, sizeof(tmp));

                } else {

                flip_endian(secrets[i], tmp, num_bytes);

                    num_bytes = BN_bn2lebinpad(p_scalar,

                                               secrets[i], sizeof(secrets[i]));

                }

                if (num_bytes < 0) {

                    ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);

                    goto err;

                }

                /* precompute multiples */

                /* precompute multiples */

                if ((!BN_to_felem(x_out, p->X)) ||

                if ((!BN_to_felem(x_out, p->X)) ||

                    (!BN_to_felem(y_out, p->Y)) ||

                    (!BN_to_felem(y_out, p->Y)) ||
@@ -2174,10 +2168,9 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, 
                ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);

                ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);

                goto err;

                goto err;

            }

            }

            num_bytes = BN_bn2binpad(tmp_scalar, tmp, sizeof(tmp));

            num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret));

        } else

        } else

            num_bytes = BN_bn2binpad(scalar, tmp, sizeof(tmp));

            num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret));

        flip_endian(g_secret, tmp, num_bytes);

        /* do the multiplication with generator precomputation */

        /* do the multiplication with generator precomputation */

        batch_mul(x_out, y_out, z_out,

        batch_mul(x_out, y_out, z_out,

                  (const felem_bytearray(*))secrets, num_points,

                  (const felem_bytearray(*))secrets, num_points,

crypto/ec/ecp_nistp521.c

+21 −28
Original line number Original line Diff line number Diff line
@@ -169,32 +169,21 @@ static void felem_to_bin66(u8 out[66], const felem in) 
    (*((limb *) & out[58])) = in[8];

    (*((limb *) & out[58])) = in[8];

}

}





/* To preserve endianness when using BN_bn2bin and BN_bin2bn */

static void flip_endian(u8 *out, const u8 *in, unsigned len)

{

    unsigned i;

    for (i = 0; i < len; ++i)

        out[i] = in[len - 1 - i];

}



/* BN_to_felem converts an OpenSSL BIGNUM into an felem */

/* BN_to_felem converts an OpenSSL BIGNUM into an felem */

static int BN_to_felem(felem out, const BIGNUM *bn)

static int BN_to_felem(felem out, const BIGNUM *bn)

{

{

    felem_bytearray b_in;

    felem_bytearray b_out;

    felem_bytearray b_out;

    unsigned num_bytes;

    int num_bytes;





    num_bytes = BN_num_bytes(bn);

    if (BN_is_negative(bn)) {

    if (num_bytes > sizeof(b_out)) {

        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);

        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);

        return 0;

        return 0;

    }

    }

    if (BN_is_negative(bn)) {

    num_bytes = BN_bn2lebinpad(bn, b_out, sizeof(b_out));

    if (num_bytes < 0) {

        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);

        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);

        return 0;

        return 0;

    }

    }

    num_bytes = BN_bn2binpad(bn, b_in, sizeof(b_in));

    flip_endian(b_out, b_in, num_bytes);

    bin66_to_felem(out, b_out);

    bin66_to_felem(out, b_out);

    return 1;

    return 1;

}

}
@@ -202,10 +191,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn) 
/* felem_to_BN converts an felem into an OpenSSL BIGNUM */

/* felem_to_BN converts an felem into an OpenSSL BIGNUM */

static BIGNUM *felem_to_BN(BIGNUM *out, const felem in)

static BIGNUM *felem_to_BN(BIGNUM *out, const felem in)

{

{

    felem_bytearray b_in, b_out;

    felem_bytearray b_out;

    felem_to_bin66(b_in, in);

    felem_to_bin66(b_out, in);

    flip_endian(b_out, b_in, sizeof(b_out));

    return BN_lebin2bn(b_out, sizeof(b_out), out);

    return BN_bin2bn(b_out, sizeof(b_out), out);

}

}





/*-

/*-
@@ -1864,8 +1852,8 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, 
    felem_bytearray *secrets = NULL;

    felem_bytearray *secrets = NULL;

    felem (*pre_comp)[17][3] = NULL;

    felem (*pre_comp)[17][3] = NULL;

    felem *tmp_felems = NULL;

    felem *tmp_felems = NULL;

    felem_bytearray tmp;

    unsigned i;

    unsigned i, num_bytes;

    int num_bytes;

    int have_pre_comp = 0;

    int have_pre_comp = 0;

    size_t num_points = num;

    size_t num_points = num;

    felem x_in, y_in, z_in, x_out, y_out, z_out;

    felem x_in, y_in, z_in, x_out, y_out, z_out;
@@ -1966,10 +1954,16 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, 
                        ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);

                        ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);

                        goto err;

                        goto err;

                    }

                    }

                    num_bytes = BN_bn2binpad(tmp_scalar, tmp, sizeof(tmp));

                    num_bytes = BN_bn2lebinpad(tmp_scalar,

                } else

                                               secrets[i], sizeof(secrets[i]));

                    num_bytes = BN_bn2binpad(p_scalar, tmp, sizeof(tmp));

                } else {

                flip_endian(secrets[i], tmp, num_bytes);

                    num_bytes = BN_bn2lebinpad(p_scalar,

                                               secrets[i], sizeof(secrets[i]));

                }

                if (num_bytes < 0) {

                    ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);

                    goto err;

                }

                /* precompute multiples */

                /* precompute multiples */

                if ((!BN_to_felem(x_out, p->X)) ||

                if ((!BN_to_felem(x_out, p->X)) ||

                    (!BN_to_felem(y_out, p->Y)) ||

                    (!BN_to_felem(y_out, p->Y)) ||
@@ -2012,10 +2006,9 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, 
                ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);

                ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);

                goto err;

                goto err;

            }

            }

            num_bytes = BN_bn2binpad(tmp_scalar, tmp, sizeof(tmp));

            num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret));

        } else

        } else

            num_bytes = BN_bn2binpad(scalar, tmp, sizeof(tmp));

            num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret));

        flip_endian(g_secret, tmp, num_bytes);

        /* do the multiplication with generator precomputation */

        /* do the multiplication with generator precomputation */

        batch_mul(x_out, y_out, z_out,

        batch_mul(x_out, y_out, z_out,

                  (const felem_bytearray(*))secrets, num_points,

                  (const felem_bytearray(*))secrets, num_points,